Eric Partington

Context Menu - Investigate IP from DNS

Blog Post created by Eric Partington Employee on Jan 3, 2017

This context menu allows a right click pivot from DNS traffic (alias.ip) to any equivalent HTTP traffic (ip.dest) allowing analysts to quickly move between DNS traffic to HTTP traffic without the ctrl+c ctrl+v dance.


You will need to update the investigation url to match your NW installation (change the number)



    "displayName": "[Pivot to ip.dst from DNS Request]",
    "cssClasses": [
    "description": "Update your SA server and ID",
    "type": "UAP.common.contextmenu.actions.URLContextAction",
    "version": "Custom",
    "modules": [
    "local": "false",
    "groupName": "investigationGroup",
    "urlFormat": "/investigation/2/navigate/query/ip.dst%3d{0}",
    "disabled": "",
    "id": "NavigateHostAliasIp",
    "moduleClasses": [
    "openInNewTab": "true"