a chrome_history table, huh

Did I miss something? Is this being proposed as a new table?

Nah it’s from the link right above from the spell folks

Thanks, I see it now....

The tables are configurable. Data visibility from edr platforms should not be available for misuse. Organizations have been deploying web proxy solutions with full visibility into per user browsing.

it was discussed earlier too... https://github.com/facebook/osquery/issues/1691

@spell - rajesh personally I don't buy the "just because its been done before makes it ok" argument, but again, its just personal opinion. I hate web proxies for the exact same reason 🙂

The majority of customer's we've talked to would be opposed to this table. The security value is minimal and the privacy concerns are immense. I mean, if you're going to inspect user's web traffic, then you mine as well look at the entire HTTP request and not just the browser history. At least then you have data that can be applied for real security use-cases - with the same level of privacy degradation.

thanks. Taking note of how community feels. Will talk internally about disabling some of these tables by default. In fact we have tables for all major browsers now. Since we come from FireEye / Mandiant background we try to bring in what IR tools collect during triages.