You need to test WSS accessibility in an agentless CASB-Only deployment to gather more information about the session. Although WSS offers a way to do that using a dedicated URL (pod.threatpulse.com), it needs some configuration changes in the environment.

• WSS CASB-Only tenants (lite)
• Proxy chaining deployment (agentless)
• Endpoints do not have an agent installed

The agentless deployment relies on the pre-defined domains shared by Cloudsoc, pod.threatpulse.com is not one of them. For this reason, the requests to an undefined domain get blocked since it is not part of the domain-of-interest list.

1. Add the WSS testing URLs to the proxy forwarding lists
   1. The general guidance on how to configure the proxy chaining for WSS CASB-Only is listed (here)
   2. Add "pod.threatpulse.com" to the domains of interest in the forwarding condition - the custom condition name in the KB article is: "CloudSOC_Forward_List" - 
2. Define a new custom gatelet with the WSS testing URLs
   1. Log in to the Cloudsoc admin console
   2. Define a new custom gatelet (Store > Gatelets > Custom Apps > click on "Create Custom Apps")
   3. Give the custom gatelet any name
   4. Add "pod.threatpulse.com" as a domain for the newly created custom gatelet
   5. Click "Save and Activate"
   6. Allow 5-10 minutes for the auto-sync between Cloudsoc and WSS to take place
3. Test the result on an endpoint
   1. on an agentless endpoint, browse https://pod.threatpulse.com or http://threatpulse.com
   2. the expected result is to get a response from WSS saying that "You are Protected!" with the details of the connection (Pod, IPs..etc)

This solution assumes that the custom gatelet license is purchased and valid.