Analytics Alerts
Browse the Cortex analytics alert reference.
2 alerts match the current filters. tactic: TA0007 ✕ technique: T1217 ✕
Show ATT&CK heatmapBrowser bookmark files accessed by a rare non-browser process Informational
Browser bookmark files accessed by a rare non-browser process.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 1 Day
ATT&CK tactics: Discovery (TA0007)ATT&CK techniques: Browser Information Discovery (T1217)Required data: XDR Agent with eXtended Threat Hunting (XTH)Attacker's goals: Accessing these files is done by attackers to collect information about the endpoint.Investigative actions: Investigate the actor process to determine if it was used for legitimate purposes or malicious activity.Unusual process accessed a web browser history file Low 1 variation
An unusual process has accessed a web browser history file.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 1 Day
ATT&CK tactics: Discovery (TA0007) Collection (TA0009)ATT&CK techniques: Browser Information Discovery (T1217) Data from Local System (T1005) Automated Collection (T1119)Required data: XDR Agent with eXtended Threat Hunting (XTH)Detector tags: Sensitive Information Stealing AnalyticsAttacker's goals: Obtain access to the user's browsing history and steal their contents.Investigative actions: Determine whether it is legitimate for the process to access web browser history. Analyze the process/application that accessed the file. Check for any other suspicious actions that were performed by the process. Look for unusual access of resources using credentials that may be stored in the above file.Variations
Unusual process accessed a web browser history file on Linux
Low overridden
An unusual process has accessed a web browser history file. overridden