Whether it is for threat analysis or a due diligence process, analysts and researchers alike face similar challenges during complex investigations, especially when it comes to establishing streamlined workflows, and decreasing the amount of manual work involved.
Maltego Machines tackle these exact pain points—challenge to collect and map data manually—for investigators. As built-in feature in Maltego to automate standard or repetitive investigative steps, Maltego Machines allow users to speed through the process of data collection and allocate more time to analyzing an automatically populated graph.
To introduce Maltego Machines in detail, we will guide you through a series of articles that not only explain the functionality of Machines, but also showcase their functions.Maltego Machines: A Blog Series 🔗︎
In this article, we will give you an overview of what Maltego Machines are and how to use them to simplify and automate complex investigations.
What are Maltego Machines? 🔗︎
Simply put, Maltego Machines represent the automation of the Transform running process.
Maltego Machines are macros in the Maltego Desktop Client that run multiple Transforms on a data set. These macros are written using the Maltego Scripting Language—a custom scripting language developed to allow any user to create their own Machines.
Depending on the script, Machines can run Transforms both in parallel and sequentially. Users can run multiple Transforms on the same data Entity or run a series of Transforms from one data output to another—or do both at the same time.
Take the Footprint L1 Machine for example. As one of Maltego’s pre-installed network footprint Machines, this Machine runs a sequence of Transforms that are typically used to conduct a level one network footprint on a target domain. With just a click on the start button, the Machine will populate the graph automatically, returning data output like DNS names, IP addresses, netblocks, and AS numbers.
Benefits of Automating Standardized Processes with Machines 🔗︎
Maltego Machines are best used to simplify and automate repetitive or standardized investigation processes, specifically the process of data collection and data mapping.
This automation provides two main advantages:
- Saving Time
- Lowering the Investigation Barrier
Machines Save Time 🔗︎
Let’s assume that you are a cybersecurity analyst and one of your routine tasks is to perform infrastructure footprinting to analyze and identify potential indicators of compromise (IoCs) in the organization’s network. If you must manually run over a dozen Transforms each time you create a network footprint, the task will not only become time-consuming, but tedious.
This is when Machines come in. Machines like the Footprint L1 Machine mentioned above are created to automate this type of standardized processes. As the Machine does its work, investigators can utilize the time for other tasks and preparation. After the Machine is done, an investigator can come back to a fully populated graph and begin analyzing the results.
By standardizing processes and implementing automations, both large investigative teams and individual analysts can allocate their time more efficiently and establish more streamlined workflows.
Machines Lower the Barrier for Non-Technical Investigators 🔗︎
Another advantage that Maltego Machines provide is lowering the barrier of investigation for non-technical investigators and newcomers to the analyst profession.
It is common to have a mixture of technical and non-technical investigators with varying degrees of experience working together in analyst teams. Although Maltego is designed for all types of investigators, a fast-onboarding process depends largely on elements such as the maturity and size of the team.
By setting up Machines for standardized processes, investigation teams can ensure that their novice as well as advanced members are able to conduct important data mapping and link analysis tasks easily and independently.
Which Types of Machines are Available in Maltego? 🔗︎
There are three types of Machines available in the Maltego Desktop Client:
- Pre-Installed OSINT Machines
- Third-Party Machines
- Custom Machines
1. Pre-Installed OSINT Machines 🔗︎
Maltego comes with a set of pre-installed Machines that are built with Maltego Standard Transforms. These Machines are free to use for all Maltego users and they query OSINT data to perform tasks like network footprinting.
We will discuss more about the pre-installed Machines and their individual functions in Part 2 of this blog series.
2. Third-Party Machines 🔗︎
Besides the pre-installed Machines, Maltego integrates with a variety of third-party free and paid data sources. Some of these data integrations—RiskIQ PassiveTotal and Farsight DNSDB, and many more—come with Machines created by the integration developers.
Those who have API keys or subscriptions to the data integrations will be able to access these Machines upon installation of the Hub items.
3. Custom Machines 🔗︎
Finally, Maltego allows users to create their own Machines. With just a few lines of code, investigators can easily build Machines for their standardized investigative processes.
In Part 3 of this blog series, we will walk you through the process of creating a custom Machine. You can also check out our online documentation to get started.
Start Using Maltego Machines to Simplify and Automate Your Investigations! 🔗︎
Maltego Machines are great tools to streamline and speed up complex investigations. We hope this overview provides you with inspiration on how to implement Machines in your own use cases.
Stay tuned for Part 2 of the blog series, where we dive into pre-installed OSINT Machines and how to use them.
Don’t forget to follow us on Twitter and LinkedIn and sign up to our email newsletter, so you don’t miss out on updates and news!
Happy investigating!