Maltego AlienVault OTX Transform
2 min read
Prerequisites:
- Maltego CE (Community Edition) or Maltego XL installed.
- AlienVault OTX account (sign up at https://otx.alienvault.com/signup if you don’t have one).
Step 1: Install Maltego Integration Hub (MIH)
To use the AlienVault OTX Maltego transform, you need to install the Maltego Integration Hub:
- Open Maltego.
- Go to the “Apps” tab on the left sidebar.
- In the “App Hub” section, click “Go to App Hub.”
- Search for “Maltego Integration Hub” and install it.
- Once installed, return to the “Apps” tab and click on the “Integration Hub.”
Step 2: Add AlienVault OTX Transform
Now, we’ll add the AlienVault OTX transform from the Integration Hub:
- In the Integration Hub, search for “AlienVault OTX.”
- Click on it and then click “Install.”
- Follow the prompts to configure the transform. You’ll need to enter your AlienVault OTX API key, which you can obtain by signing in to your AlienVault OTX account and creating an API key in the “API Key” section.
Step 3: Use the AlienVault OTX Transform
With the transform installed, you can use it to analyze indicators of compromise (IOCs) in Maltego:
- Open Maltego.
- Create a new graph or open an existing one.
- Right-click on an entity that represents an IOC (e.g., an IP address, domain, or hash).
- In the context menu, select “Run Transform.”
- Choose the “AlienVault OTX” transform from the list.
- Click “Run.”
The transform will query AlienVault OTX using the provided API key and retrieve information about the IOC.
Step 4: View AlienVault OTX Analysis Results
After running the transform, you can view the analysis results in your Maltego graph:
- Click on the IOC entity that you ran the transform on.
- You’ll see attributes and data retrieved from AlienVault OTX, such as related URLs, associated threats, and more.
Step 5: Include URLs
To include URLs in your analysis, you may need to gather additional data from other transforms or sources that link IOCs to URLs. You can use Maltego’s various transforms and data import options to expand your graph and add URLs associated with the IOCs you’re investigating.
Step 6: Save and Export
Once you have analyzed and visualized the data, you can save your Maltego graph and export it in various formats for reporting and sharing.
That’s it! You’ve successfully set up and used the AlienVault OTX Maltego transform to analyze IOCs and enrich your Maltego graphs with information from AlienVault OTX.
Please remember to handle your AlienVault OTX API key securely and consider any usage limitations or billing associated with your AlienVault OTX account.
