This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Context Menus - OOTB Options

EricPartington
Employee
Employee
‎2017-08-21 01:42 PM

Context menus are a way to shorten the time that analysts spend in the copy, alt+tab, paste cycle to allow right click integrations with a default set of websites that bring additional context to an investigation.  These are the default integrations that come with RSA NetWitness Suite.  You can locate the existing ones as well as add custom sites by locating this path:

Admin > System > Context Menu Actions

 

These Right click actions can be found in investigator and events view when right clicking on the appropriate metakey to locate the dropdown menu of actions

pastedImage_6.png

 

Additional Context Menu actions can be found here:

https://community.rsa.com/search.jspa?q=context+menu&place=%2Fplaces%2F1875&depth=ALL 

 

The following is a summary list of the default actions for external sites that exist in the RSA NW platform:

 

NameActive on metakeysURL
Googlefile.hash,  alias.hosthttp://www.google.com/search?q={0}
Robtex DNSalias.host,  domain.dsthttp://www.robtex.com/dns/{0}
SANS IP Historyip.src, ip.dst,  ipv6.dst, ipv6.src, orig_iphttp://isc.sans.org/ipinfo.html?ip={0}
Google Malware Dignostic for IPS and Hostnamesip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://www.google.com/safebrowsing/diagnostic?site={0}
BFK Passive DNS Collectionip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://www.bfk.de/bfk_dnslogger.html?query={0}
Malwaredomainlist.com Searchip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://www.malwaredomainlist.com/mdl.php?search={0}&colsearch=All&quantity=50
Malwaredomains.com Searchip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://www.google.com/search?q={0}+site%3Awww.malwaredomains.com
SamSpade Searchip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://samspade.org/whois/{0}
UrlVoid Searchalias.host, domain.dsthttp://www.urlvoid.com/scan/{0}
McAfee SiteAdvisor for Hostnamesip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://www.siteadvisor.com/sites/{0}
Robtex IP Searchip.src, ip.dst, ipv6.src, ipv6.dst, orig_iphttp://www.robtex.com/ip/{0}.html
CentralOps Whois for Ips and Hostnamesip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://centralops.net/co/DomainDossier.aspx?addr={0}&dom_whois=true&dom_dns=true&net_whois=true
ThreatExpert Searchip.src, ip.dst, ipv6.src, ipv6.dst, orig_ip, alias.host, domain.dsthttp://www.threatexpert.com/reports.aspx?find={0}
© 2022 RSA Security LLC or its affiliates. All rights reserved.