Eric Partington

Context Menu - Investigate IP from DNS

Blog Post created by Eric Partington Employee on Jan 3, 2017

This context menu allows a right click pivot from DNS traffic (alias.ip) to any equivalent HTTP traffic (ip.dest) allowing analysts to quickly move between DNS traffic to HTTP traffic without the ctrl+c ctrl+v dance.

 

You will need to update the investigation url to match your NW installation (change the number)

/investigation/2/navigate/query/ip.dst%3d{0}

 

{
    "displayName": "[Pivot to ip.dst from DNS Request]",
    "cssClasses": [
        "alias-ip",
        "alias.ip"
    ],
    "description": "Update your SA server and ID",
    "type": "UAP.common.contextmenu.actions.URLContextAction",
    "version": "Custom",
    "modules": [
        "investigation"
    ],
    "local": "false",
    "groupName": "investigationGroup",
    "urlFormat": "/investigation/2/navigate/query/ip.dst%3d{0}",
    "disabled": "",
    "id": "NavigateHostAliasIp",
    "moduleClasses": [
        "UAP.investigation.navigate.view.NavigationPanel",
        "UAP.investigation.events.view.EventGrid"
    ],
    "openInNewTab": "true"
}

 

Attachments

Outcomes