Entities are used to describe types of information, while Maltego does come with a number of pre-configured entities there may be cases where you want to create your own entities. These cases could be because you are simply building up a mind map of offline information or that you have developed transforms for a type of information not covered by the default.
Before re-inventing the wheel by create entities that already exist, have a look at the Entity Reference Guide for all the standard entities that are included in the Maltego client.
CaseFile comes with a lot more entities than Maltego that are generally used in law enforcement type investigations. These entities do not come with any transforms but can still be installed to your Maltego client from the transform hub.
New entities can be created from the Maltego client and is explained in the following section of the Maltego User Guide.
Entity creation is one of the most important steps when implementing Maltego in your environment. There are a few things to remember when doing this. Initially we recommend creating a table of all the types of information that you have available and would like to integrate with on both the x and y axis and then determine where you will need transforms and if any of the information is a duplicate. Once you have completed this you should have just the information you are interested in representing in Maltego and can then create these entities.
Another concept that was introduced to Maltego was the use of calculated properties. A person’s fullname for instance is calculated by the concatenation of the firstnames and the lastname. This is exposed in the Maltego client:
The only entities that use calculated properties are:
CaseFile offered many more entities than Maltego. In CaseFile you can have a Judge, Criminal and Officer that are essentially all Persons. When importing a graph made in CaseFile into Maltego you would want to be able to run the Person transforms on all of these but the early data model did not support it.
We added the concept of inheritance – for the standard Maltego installation this meant that the MXRecord, NSRecord and Website entities were really just specialized DNSNames. The upside of it is that one transform (DNSName 2 IPAddress) worked on all of them – this saved a lot of transform configuration. For example - if you specify on the TDS that a transform will run on a DNSName it will also run on all entities down the ‘family tree’ – MXRecord, Website and NSRecord.
At the top of the tree is ‘maltego.Unknown’. This means that if you configure a transform to run on this base entity type – it will be available when you right click … on any entity.
One of the Pros of using a iTDS or MDS server is that it allows for the distribution of configurations which include entities as well as the icons associated with them. You can read more about it on the paired configuration page. Alternatively if you are not using a server or wish to simply share your entities with another Maltego client you can following the exporting guide below.
First setup your Maltego client with the various entities you would like to export. Once you have completed this you can export your custom entities by following the entity export guide found in our Maltego user guide. This will export your custom entities to a .mtz file that can be shared with other Maltego users.
© Copyright 2017, Paterva PTY Limited