← Back to Explore
kqlHunting
Top 100 critical browser extensions with the most permissions required
----
Detection Query
DeviceTvmBrowserExtensions
| where ExtensionRisk == "Critical"
| summarize TotalExtentions = count(), ExtentionNames = make_set(ExtensionName) by DeviceId
| join kind=leftouter DeviceInfo on DeviceId
| project DeviceName, TotalExtentions, ExtentionNames
| top 100 by TotalExtentionsData Sources
DeviceInfo
Platforms
windowsmicrosoft-defender
Tags
vulnerability-management
Raw Content
# Top 100 critical browser extensions with the most permissions required
----
## Defender XDR
```KQL
DeviceTvmBrowserExtensions
| where ExtensionRisk == "Critical"
| summarize TotalExtentions = count(), ExtentionNames = make_set(ExtensionName) by DeviceId
| join kind=leftouter DeviceInfo on DeviceId
| project DeviceName, TotalExtentions, ExtentionNames
| top 100 by TotalExtentions
```