Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

1 alert match the current filters. tactic: TA0009 ✕ technique: T1217 ✕

Show ATT&CK heatmap
  • Unusual process accessed a web browser history file Low 1 variation

    An unusual process has accessed a web browser history file.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    N/A (single event)
    Deduplication:
    1 Day
    ATT&CK tactics: Discovery (TA0007) Collection (TA0009)
    ATT&CK techniques: Browser Information Discovery (T1217) Data from Local System (T1005) Automated Collection (T1119)
    Required data: XDR Agent with eXtended Threat Hunting (XTH)
    Detector tags: Sensitive Information Stealing Analytics
    Attacker's goals: Obtain access to the user's browsing history and steal their contents.
    Investigative actions: Determine whether it is legitimate for the process to access web browser history. Analyze the process/application that accessed the file. Check for any other suspicious actions that were performed by the process. Look for unusual access of resources using credentials that may be stored in the above file.

    Variations

    Unusual process accessed a web browser history file on Linux

    Low overridden

    An unusual process has accessed a web browser history file. overridden