Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Browser bookmark files accessed by a rare non-browser process.
Attacker's Goals
Accessing these files is done by attackers to collect information about the endpoint.
Investigative actions
Investigate the actor process to determine if it was used for legitimate purposes or malicious activity.