PolySwarm
By Maltego Technologies
Gain malware insights from file hash, domain, or IP addresses.
Data Subscriptions for Maltego
Simplified Data Access for Maltego Customers
PolySwarm Transforms for Maltego
The PolySwarm integration for Maltego allows users to pivot and right-click on any file hash, domain, or IP address to gain insights into the malware behind it. Users may pivot on enrichments to discover related intelligence for a given malware campaign. Users may also subscribe to a feed of the freshest malware seen by PolySwarm for detection/blocking. PolySwarm provides users with the option to upload, scan and sandbox any malware sample on demand.
- Simple right-click insights into any malware file hash or malware infrastructure
- Feeds of brand-new and first-seen malware variants for automated detection and blocking
- High-speed analysis of new suspicious file samples through sandboxing and specialized niche analysis engines
- Create a centralized knowledge repository to maintain investigative intelligence
The Polyswarm integration includes the following types of Transforms:
- Scan Transforms
- Hash Transforms
- Metadata Transforms
To learn more about these Transform types, check out our FAQ.
Typical Users of PolySwarm Data
- Threat Intelligence Teams
- Cyber and Digital Forensics Teams
- Security and Intelligence Analysts
- Red, Blue, and Purple Teams
- Vulnerability Attack Surface Teams
- Security Operations and CERT
- Anti-Money Laundering Analysts
Integration Benefits
Quick Insights into Malware Samples
PolySwarm provides organizations with simple right-click insights into malware samples, file hashes, or network infrastructure, from its global network of malware sensors and cloud-based analysis platform.
Actionable Malware Feeds and Enrichments
PolySwarm’s platform provides SOC teams with easily-actionable malware feeds and enrichments, whilst providing intelligence teams with powerful and detailed malware analysis.
Accurate Analysis Based on Crypto-driven Marketplace
PolySwarm’s unique multi-engine platform uses cutting-edge research engines by independent and corporate research teams who compete to give the most accurate analysis based on a cryptocurrency-driven marketplace, collated using machine-learning algorithms into a simple, single PolyScore.
Speed Up Security Automation for SOC and CTI Teams
PolyScore makes file or URL analysis valuable to add speed security automation for both SOC and CTI teams, TIPS, SIEMS, Orchestration. The appropriate automated response can be tuned based on the PolyScore.
Leverage PolySwarm Data for
Threat Intelligence
PolySwarm Data can be used in Maltego to analyze and visualize threat actor activity, including the distribution of malware, indicators of compromise (IOCs), and other threat intelligence data. This information can be used to better understand the tactics, techniques, and procedures (TTPs) of threat actors and to improve the organization’s defenses against them.
Incident Response
PolySwarm Transforms empower analysts to quickly enrich and connect unknown hashes, domains, IPs, and URLs to global threat intelligence, providing real-time insight into the threat campaign and its impact. With the ability to pivot and explore PolySwarm’s interconnections, security teams can effortlessly identify Indicators of Compromise (IoCs) and take action to neutralize the attack and prevent its spread. Visualizing the data in this way enhances the efficiency and accuracy of the incident response process.
Digital Forensics
Analyze digital evidence in support of a criminal investigation. For example, find the relationships between a suspect’s crypto wallet, IP addresses, and file hashes to identify potential criminal activity.
Pricing & Access
Community Hub
Users with Maltego Community Edition.
Click-and-Run (CE)
Simply install and start using the Hub item with a data allowance of 50 Transform runs per month.
Commercial Hub
Users with a Maltego One license have the following purchase options.
Click-and-Run
Simply install and start using the Hub item with the following data allowances:
- Maltego Pro: 250 Transform runs per month.
- Maltego Enterprise: 500 Transform runs per day.
Data Subscriptions
Purchase a flexible and affordable data subscription on our webshop, starting from €900 for 100 metadata Transform runs per month per user.
Bring Your Own Key
Plug in your own API key and start using the Hub item on Maltego.
Data subscriptions for Maltego
Simplified Data Access for Maltego Customers
What is Scan Transform in Polyswarm?
Scan Transforms allow you to submit artifacts to Polyswarm and get real-time analysis results. Find these transforms in Lookup Scan Transforms set when pivoting from Hash entity.
What is Hash Search Transform in Polyswarm?
Hash Search Transforms allow you to find previously submitted artifacts by their hashes. Find these transforms in Perform Scan Transforms set when pivoting from IP Address, Domain or URL entities.
What is a Metadata Transform in Polyswarm?
Metadata Transforms allow you to find previously submitted artifacts according to their metadata. Find these transforms in Search Metadata Transforms set when pivoting from IP Address, Domain, URL, TTP or Tag entities.
Contact
Reach out to us to learn more about this data integration and how to access it.
About PolySwarm
A first-of-its-kind cybersecurity marketplace that helps organizations combat emerging threats by amplifying and delivering actionable malware intelligence with unprecedented speed and accuracy. With a global force of security experts and antivirus companies combining at a single access point, accuracy and early detection are rewarded, and enterprises get better intel and detection. For more information, please visit https://polyswarm.io/ or try PolySwarm for free at https://polyswarm.network/.
