Maltego RiskIQ PassiveTotal Transform

Prerequisites:

1. Maltego CE (Community Edition) or Maltego XL installed.
2. Access to RiskIQ PassiveTotal transforms from the Transform Hub.
3. Access to a RiskIQ PassiveTotal account (sign up at https://www.riskiq.com/ if you don’t have one).

Step 1: Install RiskIQ PassiveTotal Transforms

To install RiskIQ PassiveTotal transforms from the Transform Hub:

1. Open Maltego.
2. Go to the “Apps” tab on the left sidebar.
3. In the “Transform Hub” section, search for “RiskIQ PassiveTotal” or the specific transform package provided by RiskIQ.
4. Click on it and then click “Install.”

Step 2: Configure RiskIQ PassiveTotal Transforms

After installing the transforms, you’ll need to configure them with your RiskIQ PassiveTotal API credentials:

1. In Maltego, go to the “Manage” tab in the Transform Hub section.
2. Find the RiskIQ PassiveTotal transforms you installed and click on “Settings” or “Configure.”
3. Enter your RiskIQ PassiveTotal API key and any other required configuration details.
4. Save the configuration.

Step 3: Use RiskIQ PassiveTotal Transforms

Now that you’ve configured the RiskIQ PassiveTotal transforms, you can use them to query RiskIQ PassiveTotal data in Maltego:

1. Open Maltego.
2. Create a new graph or open an existing one.
3. Right-click on an entity that you want to query RiskIQ PassiveTotal data for (e.g., a domain name or an IP address).
4. In the context menu, select “Run Transform.”
5. Choose the relevant RiskIQ PassiveTotal transform from the list (e.g., “Passive DNS Search”).
6. Click “Run.”

The transform will use your configured API key to query RiskIQ PassiveTotal for data associated with the selected entity.

Step 4: View RiskIQ PassiveTotal Analysis Results

After running the transform, you can view the RiskIQ PassiveTotal analysis results in your Maltego graph:

1. Click on the entity (e.g., a domain or IP address) that you ran the transform on.
2. You’ll see attributes and data retrieved from RiskIQ PassiveTotal, including URLs if they are associated with the entity.

Step 5: Include URLs When Possible

To ensure URLs are included when possible, you should explore the relationships and data obtained from RiskIQ PassiveTotal within your Maltego graph. URLs may be associated with various entities like domains, IP addresses, or hash values.

Step 6: Save and Export

After performing your analysis and enriching your Maltego graph with RiskIQ PassiveTotal data (including URLs), you can save your graph and export it in various formats for reporting and sharing.

Please remember to handle your RiskIQ PassiveTotal API key securely and consider any usage limitations or billing associated with your RiskIQ PassiveTotal account.