The following updates to the Maltego transforms are available as of September 24, 2018.
Besides a few bug fixes, the major changes with this update include:
- Analyst Notes Support - transforms now permit expansion to and from analyst notes
- Revised API Credit model - calls to the Recorded Future API for Maltego transforms are now discounted; a single transform that hits the Recorded Future API 0.20 credits/call
- Riskier Hashes Returned - only malicious (or worse) hashes, with a risk score >= 65, are included in transforms that return hashes.
Analyst Notes support
Added transforms that fetch Analyst Notes for the following entity types:
(note: only notes written by the Insikt Group are available in these transforms).
- NS Server
- MX Server
Transforms have also been added that fetches the following entity types from an Analyst Note:
- Attack Vector
- Malware Signature
- Malware Category
- Registry Key
Revised API crediting model
Because transforms can result in an unexpectedly large number of Connect/RAW API requests, we are pleased to introduce a reduced cost API crediting model. In particular, every successful API only costs 0.2 credits per API request. Some transforms are composed of several requests and may cost up to a credit.
Return only risky hashes
Transforms that return hashes filter the resulting hashes to those with a risk score greater than or equal to 65; this reduces noise.
- Added Malware to Email transform
- The type for hashes has been changed from malformity.Hash to maltego.Hash
- Added edge weight based on risk score for for entities with risk score
- Add NVD info to Vulnerabilities
- Return triggered risk rules
- Major transform speed ups
- Fix media type filters for Malware/Vulnerability Technical reporting
- Add missing details to IP to Location transform
- Fix broken IP to Organization transform