CRX id
anheildjmkfdkdpgbndmpjnmkfliefga
anheildjmkfdkdpgbndmpjnmkfliefga
Description from extension meta
Citadel is a browser agent that detects malware and shadow IT by analyzing and logging security events in a privacy-respecting way
Image from store
Description from store
Citadel is a browser agent that detects malware and shadow IT by analyzing and logging browser security events to syslog and Windows Event Log a privacy-respecting way. It is meant to be used by CISO and CIO to secure staff laptops, increase situational awareness, verify application of IT policy and allow Digital Forensics and Incident Response (DFIR).
Citadel can download lists of known bad sites and URLs and block access to them.
The following browser security events are detected and reported:
• IP or URL is blacklisted
• the browser has blocked the navigation to the site
• user is using unencrypted protocols (e.g. FTP or HTTP)
• user is using non-standard port numbers (i.e. not 443)
• user is using URL with username or password in the URL
• user has downloaded a file
• the user is warned that the downloaded file is dangerous
• user has accepted downloading of dangerous file
• domain name does not match the SSL certificate
• SSL certificate authority invalid (e.g. self-signed or expired certificate)
• SSL protocol error
.. and many other security-sensitive errors and warnings.
It also reports on usage statistics of applications by counting visits and clicks on sites. These usage reports can be aggregated in your SIEM / EDR and used to detect unexpected applications or un-used licences.
Events and reports are written as syslog entries with a relevant level, and can then be consumed by a SIEM or EDR. Citadel comes pre-integrated with the Wazuh, the open source XDR.