We are currently observing multiple “Compromised Website” alerts in Netskope for several local news websites and some insurance company websites that users frequently access.
These appear to be legitimate websites, but Netskope is flagging them as compromised or malicious. We would like to understand:
-
What threat intelligence source/classification is being used for these detections?
-
Has anyone else experienced similar alerts with legitimate local news websites?
-
Could this be related to shared hosting reputation or a temporary website compromise?
-
What is the best approach to validate whether these are true positives or false positives?
We are trying to determine whether the websites are genuinely compromised or if additional tuning/exclusions may be required.
Any guidance or similar experiences would be appreciated.
