iTDS Transforms

An iTDS allows you to combine Maltego transforms, entities and their configurations into a single item that can be distributed and installed by different Maltego users. This makes it easy to share custom transforms and configurations amongst a team of analysts or, should you choose so, with the rest of the world by joining the transform hub. The iTDS is configured and managed using a web-interface and allows you to configure transforms in a single location, and they are automatically updated for anyone using them in their Maltego clients. Continue reading below to find more advantages of using an iTDS. 

Why Use an iTDS

There are several ways to add custom transforms to Maltego. One option is to use local transforms. Local transforms are an easy way to get going but has several drawbacks in the long term. Using an iTDS overcomes a lot of the issues that you face when working with local transforms. This page details motivation for using a iTDS over local transforms.

1. Code base needs to be installed on local machine.  

a. In many cases this means installing the development environment on local machine (think Python, PHP, PERL and all library dependencies).

b. This makes it difficult to install on the client PC and means more moving parts.

c. Every transform needs to be manually registered on the Maltego GUI or Maltego configuration files needs to be patched. While this is feasible it might not be backward compatible with future releases of Maltego.

d. The code needs to be maintained for every installation of Maltego. A change in the transform code means it has to be re-installed on each Maltego client..

2. Limited functionality / access to Maltego features. The following features are not exposed to local transforms:

a. Slider value – the user cannot limit how many results are returned.

b. Transform settings – cannot access any transform settings. Transform settings are the pop-ups asking the user to configure a transform prior to running it.

c. Notes / link labels / bookmarking. Access to these fields will likely be removed from local transforms in future.

d. Meta data such as disclaimers etc.

3. When transforms depend on 3rd party software these need to be installed and maintained across all clients. It is not always feasible to install this type of software on each type of platform (e.g. if their Operating Systems are different).

4. No access control or auditing. Future releases of the iTDS will include access control and auditing.

5. With local transforms it's more difficult for transform writers to offer their transforms as a service. iTDS transforms can be added to the transform hub which makes it easy for users to install them.

6. Hard to control intellectual property. As transforms run locally on the client it becomes difficult to protect the code against reverse engineering.

7. Paterva currently has no plans to provide future enhancements to local transforms.

Most of these limitations can be somehow bypassed – but these shortcuts are clunky, hardly maintainable and not elegant at all. Having said that - local transforms have the advantage that:

1. They are simple to write in any language.

2. They can interact with software that requires the use of a GUI. Think here of Skype that’s difficult to use head-less.

3. Is infrastructure-less – it can run straight off your workstation.

4. Data does not travel over the wire – everything is contained in a single workstation.

Local transforms are a good start for proof of concept code, rapid development or where interaction with GUI based software is required but in enterprise models or more serious deployments it does not scale well or provide the necessary control mechanisms. These limitations of local transforms are well known to Paterva. The more elegant solution to the problem would be to centralize the transforms on a server and provide access to run them remotely, similar to running the built-in transforms. Such a solution has been implemented using the internal Transform Distribution Server iTDS. 

Public vs. Private iTDS

The public iTDS is located on the Internet and is free for all to use. It’s a convenient way to immediately start writing remote transforms. Since this server is located on Paterva’s infrastructure data will be flowing from the Maltego GUI to this server and finally to your transform code hosted on a web server of your choice. The server interface can be reached here.

For those dealing with sensitive internal data that cannot go over the Internet or over Paterva’s infrastructure we offer a private iTDS. The iTDS provide the same functionality as Paterva’s public iTDS however it can be hosted internally on your own infrastructure.

Where to Next

The links below provide details on setting up your own transform host server as well as code examples for iTDS transforms. The code examples use Paterva's standard PHP and Python transform libraries.

© Copyright 2017, Paterva PTY Limited