# Malicious browser extension detected Endpoint: POST malicious-browser-extension-detected-event Version: v1 Security: X-Signature ## Header parameters: - `X-Signature` (string, required) Example: "X-Signature: t=1492774577,v1=5257a869..." ## Request fields (application/json): - `version` (string) The version of the event. Example: "1" - `id` (string) The unique identifier for the event. This can be used as an idempotency key. Example: "c478966c-f927-411c-b919-179832d3d50c" - `timestamp` (integer) When the event occurred, formatted as a UNIX timestamp (in seconds). Example: 1698604061 - `category` (string) The category of the event. Enum: "CONTROL" - `description` (string) The description of the event. Note: this is subject to change and should not be used to match on this object. Example: "user@example.com attempted to install and use malicious extension dljjddkmmcminffjbcmeccgfbjlhmhlm, but was blocked." - `object` (string) The object that was created. Enum: "MALICIOUS_BROWSER_EXTENSION_DETECTED" - `friendlyName` (string) The friendly name of this object. Note: this is subject to change and should not be used to match on this object. Example: "Malicious browser extension detected" - `new` (object) This object represents a malicious browser extension detected event, indicating an employee installed, enabled or attempted to use a browser extension that was identified as malicious. - `new.employee` (object) This object represents an employee in your organization. - `new.employee.id` (string) Unique identifier for the employee Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0" - `new.employee.email` (string) Primary email address of the employee Example: "john.hill@example.com" - `new.employee.firstName` (string) First name of the employee Example: "John" - `new.employee.lastName` (string) Last name of the employee Example: "Hill" - `new.employee.department` (string) Department - as provided by connected API integrations Example: "Security Engineering" - `new.employee.location` (string) Location - as provided by connected API integrations Example: "New York" - `new.employee.licensed` (boolean) Whether the employee is licensed on the Push platform Example: true - `new.employee.creationTimestamp` (integer) When this employee was created, formatted as a UNIX timestamp (in seconds) Example: 1698669223 - `new.employee.chatopsEnabled` (boolean) Whether the employee has ChatOps enabledDeprecation notice: this value no longer does anything unless you still have access to the legacy Employee chat topics functionality on your account. It will be removed in the next API version. Example: true - `new.extensionId` (string) ID of the malicious browser extension Example: "dljjddkmmcminffjbcmeccgfbjlhmhlm" - `new.extensionName` (string,null) Name of the browser extension that was observed/blocked (only populated if the browser extension has been previously observed) Example: "Example Extension" - `new.browserExtensionBlocked` (object,null) Details about the browser extension block (only present for block events) - `new.browserExtensionBlocked.title` (string) The title of the malicious extension block page Example: "Extension Blocked" - `new.browserExtensionBlocked.subtext` (string) The subtext of the malicious extension block page Example: "This extension has been blocked by your administrator" - `new.trigger` (string,null) Enum describing the trigger for the block action (only present for block events) Enum: "DISABLED_ON_INSTALL", "DISABLED_ON_USER_ENABLE", "DISABLED_ON_FIRST_SEEN", "BLOCKED_ON_STORE_VISIT" - `new.sourceIpAddress` (string) The IP address of the user Example: "8.158.25.38" - `new.browser` (any) The browser used by the employee Enum: "CHROME", "FIREFOX", "EDGE", "SAFARI", "OPERA", "BRAVE", "ARC", "ISLAND", "PRISMA_ACCESS", "UNKNOWN" - `new.os` (any) The OS used by the employee Enum: "MACOS", "WINDOWS", "LINUX", "CHROME_OS", "IOS", "ANDROID", "UNKNOWN" - `new.userAgent` (string) The user agent string reported by the browser Example: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299" ## Response 2XX fields