KQL Search

Query Details

HomeAI ToolsDevice Query

Classifying Browser Extension By Type And Risk Severity

Query

**Classifying Browser Extension by Type and risk severity**

This query is oriented to identify and classify browser extensions by group and risk severity based on a well-known list of browser extension.
```
let Browser_Extension_info = externaldata(browser_extension:string ,metadata_category:string ,metadata_type:string ,metadata_link:string ,metadata_comment:string)[@"https://raw.githubusercontent.com/mthcht/awesome-lists/refs/heads/main/Lists/Browser%20Extensions/browser_extensions_list.csv"] with (format="csv", ignoreFirstRecord=True);
Browser_Extension_info
| join kind= inner (DeviceTvmBrowserExtensions) on $left.browser_extension == $right.ExtensionName
| project metadata_type, Extension_Group= browser_extension, Severity= metadata_link, metadata_comment, DeviceId, ExtensionDescription, ExtensionVersion
```

Explanation

This query is designed to identify and classify browser extensions installed on devices by their type and risk severity. Here's a simplified breakdown of what the query does:

  1. Data Source: It starts by loading a list of browser extensions from an external CSV file hosted on GitHub. This file contains information about each extension, including its name, category, type, a link indicating its risk severity, and additional comments.

  2. Data Joining: The query then performs an inner join between this external list and another dataset called DeviceTvmBrowserExtensions, which contains information about the browser extensions installed on devices. The join is based on matching the extension names from both datasets.

  3. Data Projection: After joining, the query selects specific columns to display:

    • metadata_type: The type of the browser extension.
    • Extension_Group: The name of the browser extension.
    • Severity: A link indicating the risk severity of the extension.
    • metadata_comment: Additional comments about the extension.
    • DeviceId: The identifier of the device where the extension is installed.
    • ExtensionDescription: A description of the extension.
    • ExtensionVersion: The version of the extension.

In summary, this query helps in identifying browser extensions installed on devices, classifying them by type, and assessing their risk severity using a predefined list.

Details

Sergio Albea profile picture

Sergio Albea

Released: December 2, 2024

Tables

DeviceTvmBrowserExtensions

Keywords

BrowserExtensionDeviceSeverityMetadataExtensionGroupExtensionDescriptionExtensionVersion

Operators

letexternaldatawithjoinonproject

Actions