Entities Tab


Entities – Tab

The Entities tab allows you to manage the entities that are available your Maltego client, add new entities and create your own entities.

Figure 165: Entities tab

Creating New Entities

The first button under the Entities panel allows you to create a New Entity Type. Clicking the dropdown opens two new entity options:

Figure 166: New entity type dropdown menu

The New Entity Type (Advanced) will provide more options when creating a new entity.

Clicking New Entity Type (Advanced) opens a wizard that will guide you through the process of creating a new custom entity. The first step of the New Entity Wizard is shown in the image below:

Figure 167: New Entity Wizard - Step 1

  • Display name – this is the name of the entity that will be shown in the entity palette.

  • Short description – this field must describe the new in one sentence. This description will also be shown in the entity palette.

  • Unique type name – this is a unique identifier for your new entity and must be unique. Unique type names are prefixed with the creator’s alias. For example, all entities that come with Maltego have a Unique type name prefixed by “maltego.”

  • Inheritance – Transforms are designed to run only on a specific type of entity. E.g. The 'To MX Record' transform runs on a Domain, but not a person. Sometimes however you do want transforms to run on additional entities that might extend base entities. In Maltego inheritance allows you to inherit transforms from a base entity. If the new custom entity inherits from another entity (the parent entity), then all the transforms that run on the parent entity will also run on the new custom. This is useful when creating a more specific type of an already existing entity. For example, if a “police officer” was created it would inherit from a person entity as a police officer is a type of person and it would be useful to have all the transforms for a person also run on the new police officer entity.

    Note: Transforms that are built to run on the child entity (the entity inheriting) will not run on the parent entity.

  • Icons - An entity icon must then be chosen for the new entity type. The Maltego client comes with standard entity icons that can be chosen from. More icons can also be added under Manage Icons which will be explained later.

Figure 168: New Entity Wizard - Step 1 – Complete

After clicking Next>, the main property for the new entity can be configured.

Figure 169: New Entity Wizard - Step 2

The main property (also called the entity value) is the property of the entity that is going to be shown on the graph. This step allows for the configuration of this main property:

  • Property display name – This is the property name that will be displayed in the property view.

  • Short description – This provides a description of the property in one sentence.

  • Unique property name – this name uniquely identifies this property and should not be re-used.

  • Data type – this allows you to specify the type of information that the property is representing. The data type can be selected between: string, date, integer or double.

  • Sample value – the sample value will be the default value for this entity type when a new entity is dragged onto a graph from the entity palette.

Once these fields have been completed click Next> to continue to the next step of the wizard.

The next step simply allows you to choose which category the new entity type should be found under:

Figure 170: Choose the entity category - Step 3

The Personal category is chosen for the new Police Officer entity.

Clicking Next> will lead to the Additional Properties section of the wizard:

Properties for an entity describe the extra fields that an entity contains. Several entities contain just a single field such as a DNS Name and for most entities creating a single field is enough.

From the Additional Properties step, you can add additional properties for your entity to represent pieces of information that is commonly found with the new entity type. At this stage, it is important to consider whether additional information relating to the new entity type should be made as a property of the new entity or an entirely new entity on its own.

Figure 171: Additional properties - Step 4

By default, there will be one property populated which is the main property (entity value) that was configured in step 2.

To add new properties clicking the Add property… button in the top left-hand corner of the wizard window. This will open a new window where the new property can be configured. In this case, a “badge number” will be added for the new “Police Officer” entity:

Figure 172: Adding a new property

For the new property, the following fields must be completed:

  • Name – this name uniquely identifies the property

  • Display name – this is the name that will be shown in the Property View in the Maltego UI

  • Type – this allows you to specify the data type that the property will be representing. There is a range of data types to choose from the dropdown menu.

Once these three fields have been chosen, clicking OK will add the new property to the entity. From the main wizard window, additional configurations can be made to the new property:

Figure 173: New entity property

  • Required - If this is checked then this property cannot be left blank when adding this entity type to your graph.

  • Read only – If this is checked then the property cannot be set by you. It can only be set by transforms

  • Description – This field can be used to set a short description for the property.

  • Default value – This is the default value of the property.

  • Sample value – This is the value of the property when it is dragged onto a graph from the entity palette.

The next step in the wizard allows you to set Display Settings for the new entity. The display settings allow you to set which property is displayed on the graph.

Figure 174: Display settings - Step 5

Display Settings determine three different properties for an entity: what is edited when changing the value on the graph, what value is displayed on the graph and what icon should be used in place of the default icon. It might seem very strange to have a different property edited to what is displayed but as an example to illustrate this look at the URL entity. Whilst you still need the actual URL of a page (that could be very long) you do not want that displayed on the graph, but rather something like the title of the page.

  • Edit Value - This property determines which field is edited when you double click on the entity text by default.

  • Display Value - The property that is displayed on the graph.

  • Large Image - If a property is a URL to an image you can use this to replace the icon on the graph (useful for showing things like a thumbnail of a website where it is different for each website entity).

The last step in the New Entity Wizard is the Advanced Settings page.

Figure 175: Advanced settings - Step 6

The Advanced Settings page allows you to specify the following fields:

  • Plural display name - allows you to set the plural options for when multiple entities are described in the tool.

  • Palette item – this allows you to choose whether the new entity type will be displayed in the entity palette. By default, this option is checked. If an entity type should only be returned a transform and not ever be added to the graph manually by you, then this field should be un-checked.

  • Use regex converter – This checkbox allows you to choose whether a regular expression is used to automatically identify an entity when text is pasted onto a graph from the clipboard.

  • Conversion order – The priority given to this entity, when pasted text matches multiple regex expressions.

  • Regular expression – The image below describes the regular expression used for matching a domain entity with the tool, essentially when you paste into the graph the tool will compare the text pasted to the regular expression and if matched automagically create an entity of that type. The regular expression for a domain is as follows:

    [-\w]{1,120}\.[-\w]{1,4}\.*[-\w]{0,4}

Figure 176: Regular expression for a domain entity

  • Group to property mapping – Apart from matching you can also populate specific fields within the tool. An example of this is the person entity which when pasting will automatically populate the first name and last name fields of the entity if you paste something such as "Andrew MacPherson" into the tool. The regular expression for this is as follows:

    ([A-Z]{1,15}[a-z]{0,15}) ([A-Z]{0,15}[a-z]{0,15} *[A-Z]{0,15}[a-z]{0,15} *[A-Z]{0,15}[a-z]{0,15})

Figure 177: Group to property mapping - person entity

In the current “Police Officer” example, both the Regular expression and Group to property mapping fields are left blank.

Clicking finish will complete the wizard. The new entity type can be found in the entity palette under the Personal category:

Figure 178: New entity type in the entity palette

Managing Entities

Figure 179: Manage entities

Clicking the Manage Entities button will open the Entity Manager window:

Figure 180: Entity manager

The Entity Manager list all entities currently in the Maltego client and allows you to edit or delete entities.

  • Delete entity – clicking the delete entity button will open a confirmation dialog box before the entity is removed:

Figure 181: Delete entity confirmation

  • Edit entity – Clicking the ellipsis button on the right of the entity line item will open another window that allows you to edit the entity:

Figure 182: Editing an entity

From the entity editor window, you can change any of the settings and properties that were made to the entity when the entity was first created.

Importing and Exporting Entities

Custom entities can easily be shared between users by exporting and importing them. It’s also possible to share entities by simply saving a graph containing custom entities and loading it in another (clean) Maltego.

Exporting Entities

Figure 183: Export entities

Clicking the Export Entities button will open the Export Wizard. The first step in this wizard is to decide if you want to export all entities in your Maltego client or export a custom selection:

After clicking Next>, entities which are to be exported can be selected. In this example, only the custom police officer entity will be exported:

Figure 184: Select entities to be exported

Next the filename and folder directory must be chosen for where the entities will be exported to. The file extension for all Maltego configuration files is .mtz.

There is also an option to encrypt the entity file with AES-128:

Figure 185: Choose file location

If the encryption option is checked, the next page will allow you to choose a password for the file.

Figure 186: Choose encryption password

After choosing the password and clicking next a final summary page will appear showing a summary of what was exported:

Figure 187: Export summary

The Finish can be clicked to exit the export wizard.

Importing Entities

Figure 188: Import entities

Now that the custom entity has been exported to an .mtz file, it can be shared with other Maltego users by using the Import Wizard in the Maltego client.

Clicking Import Entities will open the Import Wizard. In the first step of the Import Wizard the .mtz file can be selected:

Figure 189: Select the required .mtz file

If the file was encrypted, then you will need to enter the encryption password:

Figure 190: Enter password

The next step shows the contents of the configuration file and allows you select what they which items to import. In this case, there is only the single Police Officer entity that already exists in this Maltego client:

Figure 191: Select entities to be imported

Clicking next will go to a summary page of what was imported:

Figure 192: Import summary

Clicking Finish will close the Import Wizard.

Entity Palette

Figure 193: Entity palette

Clicking the Entity Palette button will simply open the Entity Palette again if it has been closed.

Manage Icons

Figure 194: Manage Icons

Clicking the Manage Icon button will open the Icon Manage for entity icons.

Figure 195: Icon Manager

In the Icon Manager, the built-in icons are categorized and can be browsed through or searched for using the search input field at the top of the window.

It is also possible to add new icons that can be used for new entities that are created. To add a new entity icon, click the plus (+) button in the top left-hand corner of the Icon Manager window. This will open another window where the image file for the new icon can be chosen:

Figure 196: Select image file for new icon

Once the image file has been chosen, the category for the icon must be selected:

Figure 197: Choosing a category for the new icon

Clicking OK will add the new entity icon to your Maltego client.

Continue to the Collections Tab page.



© Copyright 2017, Paterva PTY Limited