PassiveTotal + Maltego

PassiveTotal strives to simplify threat infrastructure analysis, reduce analyst assessment time, and provide relevant information to assist in analysis, no matter how you access our data set. Brandon and I realize that a significant amount of our user base conducts threat infrastructure analysis using Paterva’s graph-based analysis tool, Maltego. Maltego assists analysts in visualizing threat infrastructure through link/node connections and allows for multiple data sources to be combined into a single interactive graph. This tool can be especially helpful when analyzing a complex infrastructure by visually aiding analysts in connecting disparate data sets.

With the above goals in mind, today we release a new set of transforms to go along with our new API via our partner, Malformity Labs. These transforms are available through the Paterva hub and should work on both community and enterprise versions of Maltego.

Within our updated transform set, users have the same data access as available in our API, but with some extra benefits, such as transforms to identify SSL certificates. These filters allow an analysts to target their transform query to avoid unnecessarily cluttering of their Maltego graph with data that is not relevant to their investigation.

Finally, we’ve now included the ability for analysts to push data back into PassiveTotal directly from their Maltego chart without opening a browser. Analysts can persist classifications and tag values on any domain or IP address simply by running the appropriate transform. Brandon and I consider the feedback loop to be one of the biggest values to PassiveTotal as it builds a repository of analysis that continues to show up alongside new research efforts.