Since June 2022, Maltego has launched a new social media campaign that provides Maltego users and investigators with cheat sheets showing how to best use our Hub items for certain workflows. Check out the Investigator Toolkit January roundup in this article!
Investigator Toolkit: Quick Starts to Using Maltego Hub Items in Real-life Investigations π︎
Presented to you by Maltego, the Investigator Toolkit series showcases each Maltego Transform Hub item with a sample workflow applicable to certain types of investigations. This series aims to help you quickly learn how to include a particular Hub item in your existing workflows.
Where to Find the Investigator Toolkit? π︎
You can find the Investigator Toolkit series on our Twitter and LinkedIn channels, with the hashtags #MaltegoMonday and #InvestigatorToolkit. Every Monday, each Investigator Toolkit post comes with a workflow cheat sheet and a blog article or webinar as an additional demonstration.
All Previous Investigator Toolkit Roundups π︎
- Investigator Toolkit July 2022
- Investigator Toolkit August 2022
- Investigator Toolkit September 2022
- Investigator Toolkit October 2022
- Investigator Toolkit November 2022
- Investigator Toolkit December 2022
Investigator Toolkit January Roundup π︎
In January, we featured the following five Hub items and their use cases in the Investigator Toolkit series:
Let’s dive straight into how to use these Hub items for supply chain attack intelligence, SIEM Investigation, threat monitoring, disinformation investigation, or information gathering!
VirusTotal Public API: Supply Chain Attack Intelligence π︎
With VirusTotal‘s intelligence collections, investigators are able to identify and monitor attacks, to better understand what is being distributed by threat actors. Check out our joint webinar with VirusTotal to learn how we pull out dependencies of a certain data repository, examine known CVEs, and investigate supply chain attacks. Obtain attack insights with Maltego now!
Splunk: SIEM Investigation π︎
To spot potential security threats and reduce the underlying risks, run the Splunk Transforms in Maltego to gather real-time cybersecurity operational data, identify potential threats, and pinpoint malicious activities! SIEM-plify your investigations with Splunk by gaining insights into potential threats and creating a security incident to start the remediation process now!
Silobreaker: Threat Monitoring π︎
To efficiently monitor threats and respond rapidly, investigators can take advantage of the Silobreaker Transforms to gather real-time data on a wide range of topics. With Silobreaker, we are able to look into the baking trojans aiming at LATAM banks from a Phrase Entity and retrieve malware, company, region, and other relevant data in just a few clicks. Boost your risk management now!
Echosec: Disinformation Investigation π︎
Nowadays disinformation campaigns spread rapidly and widely, Echosec Systems can easily pull data from various social networks, monitor events worldwide, and quickly pinpoint threat actors behind these campaigns. In September 2022, our Subject Matter Expert, Mathieu Gaucheler, along with the Echosec System crew demonstrated how to unmask malicious users behind certain disinformation campaigns using the geo-reference function.
RegEx Library: Information Gathering π︎
With the newly added Regex Library Transforms, investigators can extract matching objects from webpages with pre-defined or customized regex patterns. Simply drag-and-drop a URL Entity and try it out now!
Check out the Investigator Toolkit series now! π︎
In the following months, we will continue digging into different Hub items available in Maltego and providing best practice tips for investigators.
Follow us on Twitter and LinkedIn now to make sure you donβt miss any updates!
Happy Investigating!
