Context menu actions have long been a part of the RSA NetWitness Platform. v11.2 brought a few nice touches to help manage the menu items as well extend the functions into more areas of the product.
See here for previous information on the External Lookup options:
https://community.rsa.com/community/products/netwitness/blog/2017/08/21/context-menus-ootb-options
And these for Custom Additions that are useful to Analysts:
https://community.rsa.com/community/products/netwitness/blog/2016/09/16/context-menu-splunk-pivot
https://community.rsa.com/community/products/netwitness/blog/2016/09/23/context-menu-cymonio
As always access to the administration location is located here:
Admin > System > Context Menu Actions
The first thing you will notice is there is a bit of a different look since a good bit of cleanup has been done in the UI.
Before we start trimming the menu items... here is what it looks before the changes:
Data Science/Scan for Malware/Live Lookup are all candidates for reduction.
When you open an existing action or create a new one you will also see some new improvements.
No longer just a large block of text that can be edited if you know what and where to change but a set of options to change to implement your custom action (or tweak existing ones)
You can switch to the advanced view to get back to the old freeform world if you want to.
Clean up
To clean up the menu for your analysts you might consider disabling these items if you don't have a warehouse from RSA installed
Sort by Group Name, Locate the Data Science group and disable all the rules for them (4)
Disable any of the External lookup items that are not used or not important for your analysts
Scan for Malware - are you logs only? Malware not needed, are you packets or endpoint but don't use Malware?
Live Lookup - mostly doesn't provide value to analysts
Now you should have a nice clean right click action menu available to investigators to do their job better and faster.
