This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Custom/Right-Click Actions

MichaelSconzo
Employee
Employee

‎2017-03-06 04:09 PM

Do you have any Custom/Right-Click actions that would be useful OOTB? Also, what changes would you make to the existing list?

5 REPLIES 5

JohnSnider
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2017-03-06 04:24 PM

First off, As for changes, I'd like to see the "investigation" and "external lookup" menus be the 2nd and 3rd entries in the menu after "copy", most of the other menu items are rarely used and at times you have to adjust where the meta key is on the page, so when you right click, move to "investigation" and then to one of the sub-actions it doesn't end up being "unpickable" due to being off-screen.

 

Secondly,

 

We need to update some of the sites to ones that provide better content, and outright remove a few others, "SamSpade" doesn't even work anymore.

 

I would add the following:

External lookups:

IPvoid search:

Network-Tools Search:

MS Event ID Lookup:

Internal Lookups:

Investigate Host:

Investigate_ip:

Investigate_ip.dst:

Investigate_ip.src:

IPVoidSearch.txt.zip
Investigate Host.txt.zip
MSeventIDlookup.txt.zip
investigate_ip-dst.txt.zip
investigate_ip.txt.zip
NetworkToolsSearch.txt.zip
investigate_ip-src.txt.zip

MichaelSconzo
Employee
Employee
In response to JohnSnider

‎2017-03-08 02:38 PM

Can you share the URLs for the ones we're missing?

JeffreyCarlson
Employee
Employee

‎2017-03-08 03:28 PM

I would like to see better documentation around the "right-click" behavior to make it easier for people to build their own extensions.  Right now there are some samples here on Link that can be tweaked to provide the desired functionality, but it would be good to have a comprehensive document or SDK that covers this topic.

0 Likes

EricPartington
Employee
Employee

‎2017-03-08 03:33 PM

Ability to disable the Datascience menu for those that do not have the Warehouse and associated models

 

Or by default leave the Datascience menu disabled and only enable it for those that specifically need it.

 

I agree with a simpler ability to create custom keys, to start with maybe a script to generate the correct syntax based on a few inputs but ideally it should be drop down driven in the UI

MichaelPochan
Beginner
Beginner

‎2017-03-13 10:51 AM

Here's a pretty helpful writeup on context actions for Splunk. I've also listed our OpenDNS lookup for IPs and domains. 

 

Splunk Integration Guide 

 

{
"displayName": "Pivot to OpenDNS - Lookup",
"cssClasses": [
"ip-src",
"ip.src",
"ip-dst",
"ip.dst",
"client-ip",
"client.ip",
"alias-host",
"alias.host"
],
"description": "OpenDNS IP lookup",
"type": "UAP.common.contextmenu.actions.URLContextAction",
"version": "Custom",
"modules": [
"investigation"
],
"local": "false",
"groupName": "externalLookupGroup",
"urlFormat": "http://investigate.opendns.com/ip-view/{0}",
"disabled": "",
"id": "OpenDNS_investigation",
"moduleClasses": [
"UAP.investigation.navigate.view.NavigationPanel",
"UAP.investigation.events.view.EventGrid"
],
"openInNewTab": "true"
}

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.