Feasibility of Monitoring Browser History via Wazuh
34 views
Skip to first unread message
Narasimha Naidu B
Dec 17, 2025, 12:16:03 PM12/17/25
to Wazuh | Mailing List
Hi Team,
I would like to understand whether it is possible to monitor end
users’ browser history using Wazuh. Could you please confirm if this
is feasible and advise on any limitations or prerequisites, if
applicable?
Looking forward to your guidance.
Regards,
Narasimha
--
***LEGAL DISCLAIMER****: By including any personal data in your response
to this email, you are freely consenting to this being used and stored by
us for the purpose of service delivery. Any email and files/attachments
transmitted with it may be confidential and are intended solely for the use
of the individual or entity to whom they are addressed. If this message has
been sent to you in error, you must not copy, distribute or disclose the
information it contains. Please notify us immediately and delete the
message from your system. 42Gears is committed to your privacy. To
understand more about how we collect, store, and process your personal
information, please take a look at our *Privacy Notice
<https://www.42gears.com/legal-and-privacy/privacy-policy/>.
I would like to understand whether it is possible to monitor end
users’ browser history using Wazuh. Could you please confirm if this
is feasible and advise on any limitations or prerequisites, if
applicable?
Looking forward to your guidance.
Regards,
Narasimha
--
***LEGAL DISCLAIMER****: By including any personal data in your response
to this email, you are freely consenting to this being used and stored by
us for the purpose of service delivery. Any email and files/attachments
transmitted with it may be confidential and are intended solely for the use
of the individual or entity to whom they are addressed. If this message has
been sent to you in error, you must not copy, distribute or disclose the
information it contains. Please notify us immediately and delete the
message from your system. 42Gears is committed to your privacy. To
understand more about how we collect, store, and process your personal
information, please take a look at our *Privacy Notice
<https://www.42gears.com/legal-and-privacy/privacy-policy/>.
Message has been deleted
Message has been deleted
Olamilekan Abdullateef Ajani
Dec 17, 2025, 4:31:47 PM12/17/25
to Wazuh | Mailing List
Hello Narasimha,
Bear in mind the script can be modified to suit your environment, as this was made to test the process.
The short answer is that Wazuh does not by default monitor the browser history because they are not just stored in a file, and Wazuh does not interact with the browser the way some applications do. In fact, this history is stored in an SQLite database, you will typically find it stored here for Windows systems: C:\Users\[Username]\AppData\Local\Google\Chrome\User Data\Default\History
The database is locked when the browser is active, so you can't interact with it. What you can do is copy it and extract the needed information from the DB.
I created a script that extracts the URLs from the database, parses the output into a JSON file, and configures the Wazuh agent to read from that file and forward the data to the Wazuh manager for decoding. Because it is in JSON, you do not need to write a decoder for this but a rule to trigger an alert from the logs. You can see the outcome from the screenshot shared.
On the Windows agent, you need to install sqlite3 to a folder, as this is how you read from the database.
Save the script and the log file to a path.
Bear in mind the script can be modified to suit your environment, as this was made to test the process.
So what to do:
Ensure you have sqlite3 active.
Save the script to a path as defined earlier, the test the script manually: powershell.exe -ExecutionPolicy Bypass -File C:\ProgramData\BrowserMonitor\chrome_history_monitor.ps1
Then the output would be written to the file defined in the script.
You can create a task scheduler to automate this so it runs periodically.
Then configure the Wazuh agent to read from the log file, in my case:
<localfile>
<location>C:\ProgramData\BrowserMonitor\chrome_history.jsonl</location>
<log_format>json</log_format>
</localfile>
<location>C:\ProgramData\BrowserMonitor\chrome_history.jsonl</location>
<log_format>json</log_format>
</localfile>
This is by no means a straightforward approach, but you can also test it out and see how it scales in your enterprise.
Please let me know if you require further clarification on this.
Olamilekan Abdullateef Ajani
Dec 23, 2025, 11:47:46 AM12/23/25
to Wazuh | Mailing List
Hello Narasimha,
To follow up on this, I found the blog below, which you can also use as a reference for the monitoring you require. It expands on what I have mentioned above regarding having a script to read from the browser DB.
You can check it out.
Regards,
Narasimha Naidu B
Jan 7, 2026, 12:14:34 AM (4 days ago) Jan 7
to Olamilekan Abdullateef Ajani, Wazuh | Mailing List
Hi Team,
It's working now. Thanks for the support.
It's working now. Thanks for the support.
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/5c89c8ff-7a2c-446a-a404-6dabf1f0d2c2n%40googlegroups.com.
Your Name: B Narasimha Naidu
Designation: Senior System Engineer
City: Bengaluru
Country: India
LEGAL DISCLAIMER: By including any personal data in your response to this email, you are freely consenting to this being used and stored by us for the purpose of service delivery. Any email and files/attachments transmitted with it may be confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose the information it contains. Please notify us immediately and delete the message from your system. 42Gears is committed to your privacy. To understand more about how we collect, store, and process your personal information, please take a look at our Privacy Notice.
Reply all
Reply to author
Forward
0 new messages