This detection rule identifies when a browser is launched with remote debugging flags, a tactic that attackers may use to carry out browser injection attacks. The detection focuses on both Chromium-based browsers and Firefox, monitoring the process creation events for specific command line arguments that indicate remote debugging is active. For Chromium-based browsers, the presence of ‘--remote-debugging-’ in the command line arguments signals this behavior, while for Firefox, the rule flags any process that appends ‘-start-debugger-server’ to its options. By establishing these specific conditions, the rule aims to flag potential security risks associated with remote debug capabilities, enabling organizations to detect anomalous browser behavior that could lead to credential theft or other malicious actions.