“Decoding Political Violence with OSINT and Lessons from the Frontline”

Join deep dive: Wed, Dec 18, 16:00 CET
01 Feb 2023

Investigator Toolkit January 2023: Cheat Sheets for Faster and Spot-on Workflows

Maltego Team

Since June 2022, Maltego has launched a new social media campaign that provides Maltego users and investigators with cheat sheets showing how to best use our Hub items for certain workflows. Check out the Investigator Toolkit January roundup in this article!

Investigator Toolkit: Quick Starts to Using Maltego Hub Items in Real-life Investigations πŸ”—︎

Presented to you by Maltego, the Investigator Toolkit series showcases each Maltego Transform Hub item with a sample workflow applicable to certain types of investigations. This series aims to help you quickly learn how to include a particular Hub item in your existing workflows.

Where to Find the Investigator Toolkit? πŸ”—︎

You can find the Investigator Toolkit series on our Twitter and LinkedIn channels, with the hashtags #MaltegoMonday and #InvestigatorToolkit. Every Monday, each Investigator Toolkit post comes with a workflow cheat sheet and a blog article or webinar as an additional demonstration.

All Previous Investigator Toolkit Roundups πŸ”—︎

Investigator Toolkit January Roundup πŸ”—︎

In January, we featured the following five Hub items and their use cases in the Investigator Toolkit series:

Let’s dive straight into how to use these Hub items for supply chain attack intelligence, SIEM Investigation, threat monitoring, disinformation investigation, or information gathering!

VirusTotal Public API: Supply Chain Attack Intelligence πŸ”—︎

VirusTotal Public API: Supply Chain Attack Intelligence

With VirusTotal‘s intelligence collections, investigators are able to identify and monitor attacks, to better understand what is being distributed by threat actors. Check out our joint webinar with VirusTotal to learn how we pull out dependencies of a certain data repository, examine known CVEs, and investigate supply chain attacks. Obtain attack insights with Maltego now!

Splunk: SIEM Investigation πŸ”—︎

Splunk: SIEM Investigation

To spot potential security threats and reduce the underlying risks, run the Splunk Transforms in Maltego to gather real-time cybersecurity operational data, identify potential threats, and pinpoint malicious activities! SIEM-plify your investigations with Splunk by gaining insights into potential threats and creating a security incident to start the remediation process now!

Silobreaker: Threat Monitoring πŸ”—︎

Silobreaker: Threat Monitoring

To efficiently monitor threats and respond rapidly, investigators can take advantage of the Silobreaker Transforms to gather real-time data on a wide range of topics. With Silobreaker, we are able to look into the baking trojans aiming at LATAM banks from a Phrase Entity and retrieve malware, company, region, and other relevant data in just a few clicks. Boost your risk management now!

Echosec: Disinformation Investigation πŸ”—︎

Echosec: Disinformation Investigation

Nowadays disinformation campaigns spread rapidly and widely, Echosec Systems can easily pull data from various social networks, monitor events worldwide, and quickly pinpoint threat actors behind these campaigns. In September 2022, our Subject Matter Expert, Mathieu Gaucheler, along with the Echosec System crew demonstrated how to unmask malicious users behind certain disinformation campaigns using the geo-reference function.

RegEx Library: Information Gathering πŸ”—︎

RegEx Library: Information Gathering

With the newly added Regex Library Transforms, investigators can extract matching objects from webpages with pre-defined or customized regex patterns. Simply drag-and-drop a URL Entity and try it out now!

Check out the Investigator Toolkit series now! πŸ”—︎

In the following months, we will continue digging into different Hub items available in Maltego and providing best practice tips for investigators.

Follow us on Twitter and LinkedIn now to make sure you don’t miss any updates!

Happy Investigating!

By clicking on "Subscribe", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.