Maltego Improvements, September 2018
The following updates to the Maltego transforms are available as of September 24, 2018.
Besides a few bug fixes, the major changes with this update include:
- Analyst Notes Support – transforms now permit expansion to and from analyst notes
- Revised API Credit model – calls to the Recorded Future API for Maltego transforms are now discounted; a single transform that hits the Recorded Future API 0.20 credits/call
- Riskier Hashes Returned – only malicious (or worse) hashes, with a risk score >= 65, are included in transforms that return hashes.
Analyst Notes support
Added transforms that fetch Analyst Notes for the following entity types:
(note: only notes written by the Insikt Group are available in these transforms).
- IP
- Domain
- Hash
- Vulnerability
- Malware
- NS Server
- MX Server
- URL
Transforms have also been added that fetches the following entity types from an Analyst Note:
- Attack Vector
- Domain
- Filename
- Hash
- IP
- Malware Signature
- Malware
- Malware Category
- Registry Key
- URL
- Vulnerability
Revised API crediting model
Because transforms can result in an unexpectedly large number of Connect/RAW API requests, we are pleased to introduce a reduced cost API crediting model. In particular, every successful API only costs 0.2 credits per API request. Some transforms are composed of several requests and may cost up to a credit.
Return only risky hashes
Transforms that return hashes filter the resulting hashes to those with a risk score greater than or equal to 65; this reduces noise.
Minor changes
- Added Malware to Email transform
- The type for hashes has been changed from malformity.Hash to maltego.Hash
- Added edge weight based on risk score for for entities with risk score
- Add NVD info to Vulnerabilities
- Return triggered risk rules
- Major transform speed ups
Bug fixes
- Fix media type filters for Malware/Vulnerability Technical reporting
- Add missing details to IP to Location transform
- Fix broken IP to Organization transform