Analytics Alerts
Browse the Cortex analytics alert reference.
1 alert match the current filters. tactic: TA0007 ✕ technique: T1119 ✕
Show ATT&CK heatmapUnusual process accessed a web browser history file Low 1 variation
An unusual process has accessed a web browser history file.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 1 Day
ATT&CK tactics: Discovery (TA0007) Collection (TA0009)ATT&CK techniques: Browser Information Discovery (T1217) Data from Local System (T1005) Automated Collection (T1119)Required data: XDR Agent with eXtended Threat Hunting (XTH)Detector tags: Sensitive Information Stealing AnalyticsAttacker's goals: Obtain access to the user's browsing history and steal their contents.Investigative actions: Determine whether it is legitimate for the process to access web browser history. Analyze the process/application that accessed the file. Check for any other suspicious actions that were performed by the process. Look for unusual access of resources using credentials that may be stored in the above file.Variations
Unusual process accessed a web browser history file on Linux
Low overridden
An unusual process has accessed a web browser history file. overridden