BrowserTools 1.0.0.0147 en
Introduction: Index
Tanium Browser Tools is a solution that supports reading the browser history data from the following web browsers: Internet Explorer/Edge, Chrome, Firefox, and Safari. The solution also includes a number of sensors for returning information of installed browsers.
Download Location
This content is available at: https://content.tanium.com/files/published/BrowserTools/2016-12-23_05-08-09_1.0.0.0147-g1ce7f70/BrowserTools.xml
Usage
Questions
Browser History Tools Status
Get Has Browser History Tools and Is Windows and Is Mac and Is Linux from all machines
The Browser History Tools Status saved question is used to target the installation of the BrowserHistorySearch binary.
Packages
Distribute Browser History Viewer
The Distribute Browser History Viewer package is used to install the BrowserHistorySearch.exe and the TaniumExecWrapper.exe on targeted Windows Systems. This package is used in the "Deploy Distribute Browser History Viewer" scheduled action.
This package contains 3 files and 0 sensors.
Additional Properties:
- Command Line: cmd /c cscript copy-to-tanium-dir.vbs "Tools\BrowserTools"
- Command Line Timeout: 60
Files:
- TaniumExecWrapper.exe
- BrowserHistorySearch.exe
- copy-to-tanium-dir.vbs
Distribute Browser History Viewer for Mac
The Distribute Browser History Viewer package is used to install the BrowserHistorySearch binary on targeted OS/X Systems. This package is used in the "Deploy Distribute Browser History Viewer for Mac" scheduled action.
This package contains 2 files and 0 sensors.
Additional Properties:
- Command Line: /bin/sh install-browser-history-search.sh
- Command Line Timeout: 60
Files:
- BrowserHistorySearch
- install-browser-history-search.sh
Remove Browser Tools
The Remove Browser Tools package is used to remove the BrowserHistorySearch binary and related files on targeted Windows Systems.
This package contains 1 files and 0 sensors.
Additional Properties:
- Command Line: cmd /c cscript //T:300 Remove-BrowserTools.vbs
- Command Line Timeout: 300
Files:
- Remove-BrowserTools.vbs
Remove Browser Tools For Mac
The Remove Browser Tools for Mac package is used to remove the BrowserHistorySearch binary and related files on targeted OS/X Systems.
This package contains 1 files and 0 sensors.
Additional Properties:
- Command Line: /bin/sh Remove-BrowserTools.sh
- Command Line Timeout: 60
Files:
- Remove-BrowserTools.sh
Sensors
Browser History Tool Details
The Browser History Tool Details sensor will return the details of the BrowserHistorySearch executable. This executable is required to return the Browser History from each machine.
Retrieves the following details of the browser history tools:
Exe Exists | Exe Version
Columns
Name Type Description Exe Exists Text Exe Version Text
Browser History Domains - Specific URL
The Browser History Domains - Specific URL sensor will return the specific URLs visited from the browser history from each targeted system. The tool will detail the full URL visited and therefore requires that you target specific domains as part of the search criteria.
Returns browser history domains for IE 10+, Edge, Chrome, Firefox, and Safari (Mac OS X).
Deploy the Distribute Browser History Tools package prior to running this sensor.
Columns
Name Type Description URL Domain Text Parameters
Name Description Type Possible / Default Values LoadIE Internet Explorer Checkbox Disabled LoadFirefox Firefox Checkbox Disabled LoadChrome Chrome Checkbox Disabled LoadSafari Safari Checkbox Disabled VisitTimeFilterType Search Type Selection Days
Hours
Date Range
VisitTimeFilterValue Search period Numeric VisitTimeFilterRange Date Range Date/Time Range IncludedURLs URLs to include Text
Browser History - Specific URL
The Browser History - Specific URL sensor will return the browser history of individual users from each targeted system. The tool will detail the full URL visited by each user and therefore requires that you target specific domains as part of the search criteria.
Returns browser history for IE 10+, Edge, Chrome, Firefox, and Safari (Mac OS X).
Deploy the Distribute Browser History Tools package prior to running this sensor.
Columns
Name Type Description User Text Browser Text URL Domain Text Date Text Time Visited Numeric Parameters
Name Description Type Possible / Default Values LoadIE Internet Explorer Checkbox Disabled LoadFirefox Firefox Checkbox Disabled LoadChrome Chrome Checkbox Disabled LoadSafari Safari Checkbox Disabled VisitTimeFilterType Search Type Selection Days
Hours
Date Range
VisitTimeFilterValue Search period Numeric VisitTimeFilterRange Date Range Date/Time Range IncludedURLs URLs to include Text
Browser History
The Browser History sensor will return the browser history of individual users from each targeted system. The tool will summerize the data to include the domains that are visited by each user.
Returns browser history for IE 10+, Edge, Chrome, Firefox, and Safari (Mac OS X).
Deploy the Distribute Browser History Tools package prior to running this sensor.
Columns
Name Type Description User Text Browser Text URL Domain Text Date Text Times Visited Numeric Parameters
Name Description Type Possible / Default Values LoadIE Internet Explorer Checkbox Disabled LoadFirefox Firefox Checkbox Disabled LoadChrome Chrome Checkbox Disabled LoadSafari Safari Checkbox Disabled VisitTimeFilterType Search Type Selection Days
Hours
Date Range
VisitTimeFilterValue Search period Numeric VisitTimeFilterRange Date Range Date/Time Range IncludeURLs Include URLs Checkbox Disabled IncludedURLs URLs to include Text ExcludeURLs Exclude URLs Checkbox Disabled ExcludedURLs URLs to exclude Text
Browser Home Pages
The Browser Home Pages sensor will return the home pages for each user with a profile and each installed browser on the system.
Lists the homepages of each user for Internet Explorer, Firefox, and Chrome
username | browser | homepage
Columns
Name Type Description User Text Browser Text Homepage Text
Firefox Extensions
The Firefox Extensions sensor will return all of the Firefox Extensions installed on the system. Returns installed Extensions based on the contents of the addons.json file from each users Windows profile and each Firefox profile. Only searches local windows profiles.
Columns
Name Type Description Windows Profile Text Firefox Profile Text Extension Text Version Text
Browser History Domains
The Browser History Domains sensor will return the domains visited from the browser history from each targeted system. The tool will summerize the data to only include the domains that was visited but not the specific URL.
Returns the domains from browser history for IE 10+, Edge, Chrome, Firefox, and Safari (Mac OS X).
Deploy the Distribute Browser History Tools package prior to running this sensor.
Columns
Name Type Description URL Domain Text Parameters
Name Description Type Possible / Default Values LoadIE Internet Explorer Checkbox Disabled LoadFirefox Firefox Checkbox Disabled LoadChrome Chrome Checkbox Disabled LoadSafari Safari Checkbox Disabled VisitTimeFilterType Search Type Selection Days
Hours
Date Range
VisitTimeFilterValue Search period Numeric VisitTimeFilterRange Date Range Date/Time Range IncludeURLs Include URLs Checkbox Disabled IncludedURLs URLs to include Text ExcludeURLs Exclude URLs Checkbox Disabled ExcludedURLs URLs to exclude Text
Browser History - URL Exists
The Browser History - URL Exists sensor will return "True" or "False" if given terms are found in the browser history of individual users from each targeted system.
Returns whether a given search URL is in the browser history for IE 10+, Edge, Chrome, Firefox, and Safari (Mac OS X).
Deploy the Distribute Browser History Tools package prior to running this sensor.
Columns
Name Type Description Exists Text Parameters
Name Description Type Possible / Default Values LoadIE Internet Explorer Checkbox Disabled LoadFirefox Firefox Checkbox Disabled LoadChrome Chrome Checkbox Disabled LoadSafari Safari Checkbox Disabled VisitTimeFilterType Search Type Selection Days
Hours
Date Range
VisitTimeFilterValue Search period Numeric VisitTimeFilterRange Date Range Date/Time Range IncludedURLs URLs to include Text
Firefox Plugins
The Firefox Plugins sensor will return all of the Firefox plugins installed on the system as based on the following registry locations: "SOFTWARE\WOW6432Node\MozillaPlugins" and "SOFTWARE\MozillaPlugins".
Returns installed plugins based on the registry keys
SOFTWARE\WOW6432Node\MozillaPlugins and
SOFTWARE\MozillaPlugins
Columns
Name Type Description Name Text Version Text Path Text
User Default Web Browser
The User Default Browser sensor will return the default browser for each user and protocol on the targeted systems.
Returns the default browser for each user and each protocol.
User | Browser | Version | Protocol
Columns
Name Type Description User Text Browser Text Version Text Protocol Text
Chrome Extensions
The Chrome Extensions sensor will return all of the Chrome Extensions installed on the system. Returns installed Extensions based on an enumeration of each users Windows profile. Only searches local windows profiles.
Columns
Name Type Description Windows Profile Text Chrome Profile Text Extension Text Version Text
Has Browser History Tools
The Browser History Tools sensor will return if the BrowserHistorySearch binary is the correct version supported by the installed Browser Tools solution.
Determines if the endpoint has the BrowserHistorySearch binary and it is the version supported by the BrowserHistory sensor.
Returns "True", "False"
Actions
Deploy Distribute Browser History Viewer
The Deploy Distribute Browser History Viewer scheduled action is a policy action used to target Windows computers that do not have the BrowserHistorySearch.exe and install it. The scheduled action uses the Browser History Tools Status saved question.
Packages:
Deploy Distribute Browser History Viewer for Mac
The Deploy Distribute Browser History Viewer for Mac scheduled action is a policy action used to target OS/X computers that do not have the BrowserHistorySearch.exe and install it. The scheduled action uses the Browser History Tools Status saved question.
Packages: