Introduction:
If you're a security analyst or threat researcher, you may spend a lot of time reading reports/blogs or looking through SIEM.
It might get annoying to look for specific keywords/fields when looking through things, especially SIEM output. I know I had this issue.
I thought it'd be nice to have an extension that auto-highlighted things for me. While looking for such extension I found "Highlight This" extension. There are multiple extensions like that but this one took URL's of keywords so I thought it was perfect to pair it with Github as I may be adding/removing keywords.
Extension can be found here: https://chromewebstore.google.com/detail/highlight-this-finds-and/fgmbnmjmbjenlhbefngfibmjkpbcljaj?pli=1
Developers sites:
The extension developer does have an optional subscription service which gives you additional abilities. (https://highlightthis.net/Subscription.html )
Github repo I'm using this with is here: https://github.com/BoredHackerBlog/highlight_keywords
You should probably make your own list based on your needs.
Setup:
Download the extension and remove the default list. Activate subscription or activate free version (or try unlimited version for a limited time)
Add a new list. In my case, I'm pulling a list of keywords from Github so I can keep updating the list on Github in the future.
Add a list URL and customize all other options then start browsing!
I disabled "Only detect complete words" which can cause some bad highlighting, I'd recommend messing around and finding what works best for you.
The extension also gives you a report of the things it detected:
Results:
The DFIR Report page kinda looks like this:
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
Some XML sample logs
https://github.com/BoredHackerBlog/mitre_attack_xml_eventlogs/
