Featured Image: Transforming Threat Intelligence with Maltego + HYAS

Hyas Blog | Transforming Threat Intelligence with Maltego + HYAS

Maltego is a popular data visualization tool that links data together in relationship graphs. The graphs are composed of entities that have unique properties. There are many link analysis tools capable of representing relationships in data, but a major benefit of Maltego is that users can seamlessly integrate data from disparate sources into an investigation by running Maltego Transforms that fetch new data and plot it on the graph as Entities. There are many fantastic sources of data that can be combined, accessible via the Maltego Transform Hub.

HYAS Insight is present in the Maltego Transform Hub, and Maltego users that have a Maltego commercial license (Maltego One – Pro or Enterprise, Classic, XL) can easily install the Transforms from the hub, add their API key, and begin using HYAS Insight in Maltego. Maltego CE and Casefile users will not be able to install the HYAS Insight Transforms from the Hub, but can open graphs made with HYAS Insight data. HYAS Insight Transforms can be installed manually in Maltego CE, but users are limited to 12 Entities that can be returned when running a Transform; this might be helpful for testing but isn’t very practical for regular and professional use.

Blog Post Image Transforming Threat Intelligence with Maltego + HYAS

Installation

HYAS Insight users must have an API key to use the Maltego Transforms. HYAS Insight API keys are different from other API keys and should have four dashes (legacy HYAS keys did not have dashes). Right-clicking a graph Entity to open the Run Transforms context menu. The available Transforms are specific to the selected Entity. Domain Transforms will not appear when an IP address is selected for example.

HYAS-Insight-Maltego-blog2 

If a graph contains a large number of selected Entities, the user may find it difficult to right-click to open the context menu. Choosing Windows -> Run View provides a sidebar menu with all available Transform options.

HYAS-Insight-Maltego-blog3

Available Transforms 

  • [HYAS] Expand whois details to new graph entities
  • [HYAS] Get C2 Insights from Email
  • [HYAS] Get C2 Insights from Domain
  • [HYAS] Get C2 Insights from IPV4
  • [HYAS] Get C2 Insights from SHA-256
  • [HYAS] Get Domains from Email
  • [HYAS] Get Registration Details from IPv4
  • [HYAS] Get Entities from Tag
  • [HYAS] Get IPs from BSSID
  • [HYAS] Get Mobile Location from IPv4
  • [HYAS] Get Mobile Location from IPv6
  • [HYAS] Get ISP and ASN from IPv4
  • [HYAS] Get Passive DNS for IPv4
  • [HYAS] Get Passive DNS IPs from DNS Name
  • [HYAS] Get Passive DNS for Domain
  • [HYAS] Get Samples from Domain
  • [HYAS] Get Samples from IPv4
  • [HYAS] Get Tags from Domain
  • [HYAS] Get Tags from Email
  • [HYAS] Get Tags from Hash
  • [HYAS] Get Tags from IPv4
  • [HYAS] Get Whois from Domain
  • [HYAS] Get Whois from Name or Alias
  • [HYAS] Get Whois from Phone Number

Maltego Transforms may only return a single generation of Entities. HYAS developed a Maltego Machine to tie together two Transforms that take a Domain input Entity to the Registrar and associated contact details.

Blog Post Image Transforming Threat Intelligence with Maltego + HYAS

Conclusion

The HYAS Insight data works well in Maltego and pivots into many other types of Transforms that you may already use. The new Insight Transforms were developed with the input of analysts who use both Insight and Maltego on a daily basis. We are eager to receive feedback that will make the HYAS Insight Transforms more useful in Maltego. If you’re a HYAS Insight user that has an idea for a new Transform or want to improve an existing one, please contact HYAS Support to provide your feedback.

Enjoy accelerating your threat and fraud investigations with Maltego Transforms for HYAS Insight! To learn more about HYAS Insight and how it can help you to speed investigations and improve analyst productivity, please request a demo (we LOVE giving demos!).