This detection rule identifies anomalous behavior where a web browser process, specifically Chrome or Microsoft Edge, is spawned by an unusual or unknown parent process. This is potentially indicative of malicious activities such as malware attempting to steal sensitive information from the browser. The rule utilizes EQL (Event Query Language) to query various log sources, including Windows Security Event Logs and Endpoint protection data, to recognize instances where the aforementioned conditions are met. The rule is designed to catch suspicious command-line arguments commonly associated with remote debugging, which could suggest that the browser is being manipulated for malicious purposes. A thorough investigation process is recommended, calling for the review of process details, command line arguments, and correlation with threat intelligence, aiming to confirm whether the activity is indeed indicative of credential theft or other malicious intents. It also includes steps for false positive analysis and outlines a response plan for incident remediation.