https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/513245#M2741 <P>Hey Neelrohit,</P> <P>&nbsp;</P> <P>thank you for your information!&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Mon, 29 Aug 2022 12:56:06 GMT RFeyertag 2022-08-29T12:56:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/513183#M2733 <P>Hello dear community,&nbsp;</P> <P>&nbsp;</P> <P>I would like to see more rules which are containing everything about browser extensions. Like in chrome, "browser extension was created".</P> <P>&nbsp;</P> <P>I know to manage chrome via GPO, but there are not always Active Directories and I would like to get an alert, when a new extension is installed and also used (when it was already installed).&nbsp;</P> <P>&nbsp;</P> <P>I'm not sure, if malware extensions are blocked, because of that it would be nice to get more visibility on this attack vector.&nbsp;</P> <P><A href="https://www.hackread.com/malicious-chrome-extensions-steal-data-sync-feature/" target="_blank">https://www.hackread.com/malicious-chrome-extensions-steal-data-sync-feature/</A></P> <P>&nbsp;</P> <P>What do you say to my idea?</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 27 Aug 2022 22:22:37 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/513183#M2733 RFeyertag 2022-08-27T22:22:37Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/513192#M2735 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;,</P> <P>&nbsp;</P> <P>As of now, Cortex XDR does not work on detection and prevention of browser extensions. However, if any process activity or exploitation technique happens on the browser itself leveraging the extension, the browser activity should be blocked in that causality events.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Neel&nbsp;</P> Sun, 28 Aug 2022 01:57:07 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/513192#M2735 neelrohit 2022-08-28T01:57:07Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/513245#M2741 <P>Hey Neelrohit,</P> <P>&nbsp;</P> <P>thank you for your information!&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Mon, 29 Aug 2022 12:56:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/513245#M2741 RFeyertag 2022-08-29T12:56:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/593129#M6998 <P>Hi,<BR />Do you have any ideas or a developed approach to monitoring browsers or monitoring installed extensions?</P> <P>Maybe you have some XQL queries you can share or BIOC rules?</P> Fri, 26 Jul 2024 08:49:47 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/593129#M6998 arekf 2024-07-26T08:49:47Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/594544#M7053 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RFeyertag_0-1723232223588.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/61442i6C48AD4E3D9F5A04/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="RFeyertag_0-1723232223588.png" alt="RFeyertag_0-1723232223588.png" /></span></P> <P>NAME !=</P> <P>*{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi*|*uBlock0@raymondhill.net.xpi*|*dreamer-balanced-colorway@mozilla.org.xpi*|*innovator-bold-colorway@mozilla.org.xpi*</P> <P>PATH =</P> <P>*C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\*\extensions\*|*C:\Users\*\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\*|*C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\*|*C:\Users\*\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\*</P> <P>PATH != *ghbmnnjooekpmoecnnnilnnbdlolhkhi*|*efaidnbmnnnibpcajpcglclefindmkaj*|*extensions\temp*|*extensions\uBlock0@raymondhill.net.xpi*|*nmmhkkegccagdldgiimedpiccmgmieda*|*jid1-ZAdIEUB7XOzOJw@jetpack.xpi*|*dnssec-study@mozilla.org.xpi*|*cjpalhdlnbpafiamejdnhcphjbkeiagm*|*aapbdbdomjkkjkaonfhkkikfgjllcleb*|*felcaaldnbdncclmgdcncolpebgiejap*|*aapocclcgogkmnckokdopfmhonfmgoek*|*hmgmjopcicchpdmfindajdphmgbdnklh*|*ihcjicgdanjaechkgeegckofjjedodee*|*aohghmighlieiainnegkcijnfilokake*|*kjnlgbpnlangffmpnapcfdihmhhfnomg*|*ikhahkidgnljlniknmendeflkdlfhonj*</P> <P>&nbsp;</P> <P>Here you go</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Fri, 09 Aug 2024 19:40:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/browsers-extensions-alert/m-p/594544#M7053 RFeyertag 2024-08-09T19:40:04Z