Adding external engines to "External lookup" option
Right-Clicking on an IP address allowing me to choose the option of "External lookup".
I would like to add/remove some of the engines listed in there. do I have the option to do so?
some of them lead to non-relevant links.
you can change them using this path:
Admin > System > Context Menu Actions
Also which of the items that you have looked at are not relevant? please add them here so we can get them removed from future releases.
I will take a look at the links you have attached.
follow to what you have asked:
1. BFK Passive DNS Collection - leads to 404 error (The requested URL /bfk_dnslogger.html was not found on this server)
2. Malware Domain List - Leads to the right page, but not loading the tested IP automatically
3. ThreatExpert Search - Leads to Symantec page (Symantec - Global Leader In Next-Generation Cyber Security | Symantec )... does it supposed to? where can i see the IP check results?
Have created internal ticket to get those either fixed or removed from the next build.
You can disable or remove those context items in the mean time so they do not confuse any analysts that are attempting to use them.
Also, as of v126.96.36.199 (I believe that's correct), you can now create custom Lookup Group Names as well. The RSA NW dev team changed the Group Name dropdown to allow you to type Free-form text. The first time you do this, it will create the new group name. From there on, it will be available as a drop-down item. This is super helpful, as you can start grouping lookups based on tools/types (Splunk lookups, IP enrichment, Domain enrichment, OSINT, etc).