docs: Improve documentation with enhanced links and clarifications across multiple sections

Author: cipp-ashe

docs/README.md

@@ -50,12 +50,12 @@ Nothing. We're not even kidding, we don't collect any data at all. You can set u
 
 ## How does it look?
 
-When a user gets the plugin added, a new icon will appear, this icon is brandable to customize it to your own logo and name.
+When a user gets the plugin added, a new icon will appear, this icon is [brandable](settings/branding.md) to customize it to your own logo and name.
 
 <figure><img src=".gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
 
 When visiting a page that is suspect, but our certainty if the page is phishing is too low we'll show a banner on the page to warn users, if we're sure about the page being an AITM or phishing attack, we'll block the page entirely:
 
 <figure><img src=".gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
 
-This too is completely brandable, and can be made to match company colours. The Contact Admin button is a mailto: link that contains the information about what page the user tried to visit, including a defanged URL.
+This too is completely [brandable](settings/branding.md), and can be made to match company colours. The Contact Admin button is a mailto: link that contains the information about what page the user tried to visit, including a defanged URL.

docs/advanced/creating-detection-rules.md

@@ -1,6 +1,6 @@
 # Creating Detection Rules
 
-The extension uses a rule-driven architecture where all detection logic is defined in `rules/detection-rules.json`. This file contains:
+The extension uses a rule-driven architecture where all detection logic is defined in [`rules/detection-rules.json`](https://github.com/CyberDrain/Check/blob/main/rules/detection-rules.json). This file contains:
 
 - **Trusted domain patterns** - Microsoft domains that are always trusted
 - **Exclusion system** - Domains that should never be scanned
@@ -13,16 +13,16 @@ Each of these rules has their own schema. You can create a custom rules file and
 
 **Important:** After updating rules via the UI or changing custom URLs, reload any open tabs for changes to take effect on those pages. The extension loads rules at startup and on the configured interval.
 
-Contributions to our rules can be done via [https://github.com/CyberDrain/Check/blob/main/rules/detection-rules.json](../../rules/detection-rules.json)
+Contributions to our rules can be done via [https://github.com/CyberDrain/Check/blob/main/rules/detection-rules.json](https://github.com/CyberDrain/Check/blob/main/rules/detection-rules.json)
 
 ## Rule Configuration and Updates
 
-Rules are managed by the `DetectionRulesManager` class in `scripts/modules/detection-rules-manager.js`. The manager:
+Rules are managed by the [`DetectionRulesManager`](https://github.com/CyberDrain/Check/blob/main/scripts/modules/detection-rules-manager.js) class. It's job is to:
 
-- Loads rules at extension startup
-- Checks for updates based on the configured interval (default: 24 hours)
-- Caches rules locally in browser storage for offline use
-- Falls back to local rules (`rules/detection-rules.json`) if remote fetch fails
+- Load rules at extension startup
+- Check for updates based on the configured interval (default: 24 hours)
+- Cache rules locally in browser storage for offline use
+- Fall back to local rules ([`rules/detection-rules.json`](https://github.com/CyberDrain/Check/blob/main/rules/detection-rules.json)) if remote fetch fails
 
 **Update Process:**
 
@@ -33,6 +33,10 @@ Rules are managed by the `DetectionRulesManager` class in `scripts/modules/detec
 
 ## Exclusions
 
+{% hint style="info" %}
+**For simple exclusions:** Most users should use the [Settings → Detection Rules](../settings/detection-rules.md#url-allowlist-regex-or-url-with-wildcards) UI field, which supports both wildcards and regex patterns. This section is for advanced users creating custom rule files.
+{% endhint %}
+
 To exclude domains from all scanning (complete bypass), add them to the `exclusion_system.domain_patterns` array:
 
 ```json

docs/settings/about.md

@@ -41,5 +41,5 @@ The About section provides quick access to essential resources:
 
 ### Development and Support
 
-- **GitHub Repository** - View source code, report issues, and contribute to the project
-- **CyberDrain Website** - Learn more about CyberDrain's solutions and services
+- **[GitHub Repository](https://github.com/CyberDrain/Check)** - View source code, report issues, and contribute to the project
+- **[CyberDrain Website](https://cyberdrain.com)** - Learn more about CyberDrain's solutions and services

docs/settings/activity-logs.md

@@ -103,7 +103,7 @@ You tried to log into Office 365 but got blocked. Looking at logs:​Timestamp:
 1. Check "Enable Debug Logging"
 2. Reproduce the problem
 3. Export logs (see below)
-4. Send logs to support
+4. Send logs to support (see [Common Issues](../troubleshooting/common-issues.md) for additional troubleshooting steps)
 5. Uncheck debug logging when done (saves storage space)
 
 **For admins wanting to simulate end-user experience**
@@ -147,12 +147,12 @@ You tried to log into Office 365 but got blocked. Looking at logs:​Timestamp:
 2. Go to Activity Logs
 3. Look for "Threat Blocked" entries around that time
 4. Click the entry to see why it was blocked
-5. If you think it was blocked incorrectly, contact support with the log details
+5. If you think it was blocked incorrectly, contact support with the log details or check [Common Issues](../troubleshooting/common-issues.md) for known problems
 
 **Scenario 3: Preparing for support**
 
 1. Enable debug logging
 2. Try to reproduce the problem
 3. Export logs immediately after the problem occurs
 4. Disable debug logging
-5. Send the exported file to support
+5. Send the exported file to support or check [Common Issues](../troubleshooting/common-issues.md) first

docs/settings/detection-rules.md

@@ -33,11 +33,32 @@ Controls how often Check fetches updated detection rules. The default is 24 hour
 
 ### **URL Allowlist (Regex or URL with wildcards)**
 
-Add URLs or patterns that should be excluded from phishing detection. This is useful for internal company sites or trusted third-party services that might trigger false positives. You can use:
+{% hint style="info" %}
+**Need to allowlist a phishing training service?**
+
+MSPs and IT departments commonly need to exclude phishing training platforms (like KnowBe4, Proofpoint, etc.) from detection. Check [Advanced → Creating Detection Rules](../advanced/creating-detection-rules.md#exclusions) for technical details.
+{% endhint %}
+
+Add URLs or patterns that should be excluded from phishing detection. This is useful for internal company sites or trusted third-party services that might trigger false positives.
+
+**How it works:** Your allowlist patterns are **added to** (not replacing) the default CyberDrain exclusions, providing additional protection without losing baseline coverage.
+
+You can use:
 
 - **Simple URLs with wildcards:** `https://google.com/*` or `https://*.microsoft.com/*`
 - **Advanced regex patterns:** `^https://trusted\.example\.com/.*`
 
+**Copy-paste examples (based on existing default exclusions):**
+
+```
+https://*.google.com/*
+https://*.auth0.com/*
+https://*.amazon.com/*
+https://*.facebook.com/*
+https://training.your-company.com/*
+https://*.internal-domain.com/*
+```
+
 Enter one pattern per line. These patterns are added to the exclusion rules without replacing the entire ruleset from your Config URL.
 
 ### Updating Rules Manually

docs/settings/general.md

@@ -14,6 +14,8 @@ This is Check's main job - blocking dangerous websites. When this is turned on (
 
 CIPP is a system that IT professionals use to monitor security across multiple organizations. Enabling CIPP monitoring allows you to send detection information from Check directly to CIPP, thus allowing you to alert and report on what's happening with your endpoints. When enabled, you would configure the CIPP Server URL and Tenant ID/Domain below.
 
+View CIPP reporting activity in the [Activity Logs](activity-logs.md) section.
+
 ### **CIPP Server URL**
 
 Enter the base URL of your CIPP server for reporting Microsoft 365 logon detections. This should be the full URL to your CIPP instance (e.g., `https://your-cipp-server.com`). This field is only active when CIPP Reporting is enabled.
@@ -24,6 +26,8 @@ Enter your tenant identifier to include with CIPP alerts for multi-tenant enviro
 
 {% hint style="info" %}
 Currently, CIPP displays these alerts in the logbook. Future updates to CIPP are planned to provide additional functionality. Keep an eye on the CIPP release notes for more updates!
+
+You can monitor CIPP reporting status and activity in [Activity Logs](activity-logs.md).
 {% endhint %}
 
 ## User Interface

docs/troubleshooting/common-issues.md

@@ -4,29 +4,33 @@
 
 <summary>Policies not appearing in Group Policy Management Console</summary>
 
-* Verify ADMX/ADML files are in correct location
+- Verify ADMX/ADML files are in correct location (see [Windows deployment docs](../deployment/chrome-edge-deployment-instructions/windows/README.md))
 
-- Ensure files are not blocked (right-click > Properties > Unblock)
-- Refresh Group Policy Editor
+* Ensure files are not blocked (right-click > Properties > Unblock)
+* Refresh Group Policy Editor
+
+For complete deployment instructions, see [Domain Deployment guide](../deployment/chrome-edge-deployment-instructions/windows/domain-deployment.md).
 
 </details>
 
 <details>
 
 <summary>Policies not applying to extension</summary>
 
-* Check registry values are present
-* Restart browser after policy changes
-* Verify extension has necessary permissions
+- Check registry values are present (see [Manual Deployment guide](../deployment/chrome-edge-deployment-instructions/windows/manual-deployment.md))
+- Restart browser after policy changes
+- Verify extension has necessary permissions
+
+For troubleshooting policy deployment, consult the [Windows deployment documentation](../deployment/chrome-edge-deployment-instructions/windows/README.md).
 
 </details>
 
 <details>
 
 <summary>Custom branding not working</summary>
 
-* Verify URLs are accessible via HTTPS
-* Check image formats are supported (PNG, JPG, SVG)
-* Ensure color codes are valid hex format
+- Verify URLs are accessible via HTTPS
+- Check image formats are supported (PNG, JPG, SVG)
+- Ensure color codes are valid hex format
 
 </details>

docs/troubleshooting/testing-check.md

@@ -6,6 +6,4 @@ Whether you are contributing to the Check repo, developing your own detection ru
 We greatly caution against sharing phishing links. There is a security risk with client-side code being run from some phish kits in circulation. 
 {% endhint %}
 
-Instructions for how to spin up Evilginx 3.0 can be found via this blog post from Jan Bakker.
-
-[https://janbakker.tech/running-evilginx-3-0-on-windows/](https://janbakker.tech/running-evilginx-3-0-on-windows/)
+Instructions for how to spin up Evilginx 3.0 can be found via [this blog post from Jan Bakker](https://janbakker.tech/running-evilginx-3-0-on-windows/).