Thursday, December 21, 2023

Speeding up report reading and security/SOC alert triaging by auto-highlighting keywords on webpages


If you're a security analyst or threat researcher, you may spend a lot of time reading reports/blogs or looking through SIEM. 

It might get annoying to look for specific keywords/fields when looking through things, especially SIEM output. I know I had this issue.

I thought it'd be nice to have an extension that auto-highlighted things for me. While looking for such extension I found "Highlight This" extension. There are multiple extensions like that but this one took URL's of keywords so I thought it was perfect to pair it with Github as I may be adding/removing keywords.

Extension can be found here:

Developers sites:

The extension developer does have an optional subscription service which gives you additional abilities. (

Github repo I'm using this with is here:

You should probably make your own list based on your needs.


Download the extension and remove the default list. Activate subscription or activate free version (or try unlimited version for a limited time)

Add a new list. In my case, I'm pulling a list of keywords from Github so I can keep updating the list on Github in the future.

Add a list URL and customize all other options then start browsing!

I disabled "Only detect complete words" which can cause some bad highlighting, I'd recommend messing around and finding what works best for you.

The extension also gives you a report of the things it detected:


The DFIR Report page kinda looks like this:

Some XML sample logs