This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Transform Descriptions
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Tools
- Maltego for AutoFocus
- Maltego Articles
- Transform Descriptions
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Printer Friendly Page
tlancaster
L3 Networker
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
on 05-17-2017 02:48 AM - edited on 10-24-2019 08:51 AM by Retired Member
100% helpful
(1/1)
The table lists the transforms available in Maltego, the entity type they operate on, what they return, and notes on how each one works logically.
| Transform | Operates On | Returns | Notes | Inbuilt filters (customer view) |
| AutoFocus - Explode Tags (All) | maltego.Hash | maltego.Tag | Takes a file hash and returns any tags in AutoFocus associated with the file | None |
| AutoFocus - Explode Tags (U42) | maltego.Hash | maltego.Tag | Takes a file hash and returns any Unit42 Scope tags in AutoFocus associated with the file | None |
| AutoFocus - Explode Tags (Malware) | maltego.Hash | maltego.Tag | Takes a file hash and returns any Malware Class tags in AutoFocus associated with the file | None |
| AutoFocus - Explode Tags (Campaign) | maltego.Hash | maltego.Tag | Takes a file hash and returns any Campaign Class tags in AutoFocus associated with the file | None |
| AutoFocus - Explode Tags (Actor) | maltego.Hash | maltego.Tag | Takes a file hash and returns any Actor Class tags in AutoFocus associated with the file | None |
| AutoFocus - Fetch File Metadata | maltego.Hash | maltego.Hash | Takes a file hash and returns metadata about that file back to the same entity | None |
| AutoFocus - Get C2 By Sample | maltego.Hash | maltego.Domain maltego.IPv4Address |
Takes a file hash and identifies C2 addresses associated with the samples in the DNS Activity and Connection Activity tabs | No Private IP addresses included; Some background noise domains excluded; |
| AutoFocus - Get Sample by Mutex | maltego.Mutex | maltego.Hash | Takes a mutex and identifies samples whose Mutex Activity contains that Mutex | None |
| AutoFocus - Get Sample by IP | maltego.IPv4Address | maltego.Hash | Takes an IP Address and identifies files whose Connection Activity includes the IP Address | None |
| AutoFocus - Get Sample by Hostname | maltego.Domain | maltego.Hash | Takes a hostname/domain and identifies files whose DNS activity includes the hostname/domain. | None |
| AutoFocus - Get Sample by Query | PaloAltoNetworks.AFQuery | maltego.Hash | Takes a query exported from AutoFocus and retrieves file hashes matching that query | None |
| AutoFocus - Get Sample by Tag | PaloAltoNetworks.Tag | maltego.Hash | Takes a tag (note that tags must include the fullname of the tag) and identifies associated files. | None |
| AutoFocus - Get Sample by URL | maltego.URL | maltego.Hash | Takes a full URL and searches for samples that communicate with that URL (e.g. www.google.com/images.php) | None |
| AutoFocus - Get Sample by URL Path | maltego.URL | maltego.Hash | Takes a full or partial URL and searches for samples that communicate with the PATH component of the URL, e.g. (www.google.com/images.php --> images.php) | None |
| AutoFocus - Get URLS by sample | maltego.Hash | maltego.URL | Takes a file hash and identifies full URLs the malware communicates with | None |
| AutoFocus - Get Mutex By Sample | maltego.Hash | maltego.Mutex | Takes a file hash and identifies associated mutexes | Mutexes which appear in more than 5000 samples are tuned out |
| AutoFocus - Get Service created by Sample | maltego.Hash | maltego.ServiceName | Takes a file hash and identifies created Service Names | None |
| AutoFocus - Get Imphash by Sample | maltego.Hash | maltego.Imphash | Takes a file hash and identifies the associated importhash | None |
| AutoFocus - Get Sample by Imphash | maltego.Imphash | maltego.Hash | Takes an importhash and finds files which have the same importhash | None |
| AutoFocus - Get Sample by Service | maltego.ServiceName | maltego.Hash | Takes a service name and searches for files which include the servicename | None |
| AutoFocus - Get Sample by FileActivity | maltego.Filename | maltego.Hash | Takes a filename and returns files whose File Activity includes the supplied filename | None |
| AutoFocus - Get Sessions by Sample | maltego.Hash | PaloAltoNetworks.WildfireSession | Takes a given file hash and returns sessions observed using the same Hash | Sessions with no company data are excluded |
| AutoFocus - Get Sessions by Query | PaloAltoNetworks.AutoFocusQuery | PaloAltoNetworks.WildfireSession | Takes a given query exported from AutoFocus and returns associated sessions. | Sessions with no company data are excluded |
| AutoFocus - Get Sessions by URL Path | maltego.URL | PaloAltoNetworks.WildfireSession | Takes the supplied URL and returns sessions which whose ITW URL contains the supplied URL. | Sessions with no company data are excluded |
| AutoFocus - Get Sessions by Tag | PaloAltoNetworks.Tag | PaloAltoNetworks.WildfireSession | Takes a supplied tag and returns matching sessions | Sessions with no company data are excluded |
| AutoFocus - Get ITW data as metadata | maltego.Hash | maltego.Hash | Takes a file hash and returns metadata about that file back to the same entity | Sessions with no company data are excluded |
| AutoFocus - Get ITW URLs as entities | maltego.Hash | maltego.URL | Takes a file hash and returns associated ITW URLs back as URL entities | None |
| AutoFocus - Get ITW Host | maltego.Hash | maltego.Domain maltego.IPv4Address |
Takes a file hash and returns associated ITW URLs back as domain names and IP addresses. | No Private IP addresses included; Some background noise domains excluded; |
| AutoFocus - Get ITW Filename by Sample | maltego.Hash | maltego.Filename | Takes a file hash and returns associated ITW filenames with it | None |
| AutoFocus - Get Sample by Session | PaloAltoNetworks.WildfireSession | maltego.Hash | Takes a session and returns the File analysed as part of the session | Sessions with no company data are excluded |
| AutoFocus - Get ITW URL by Session | PaloAltoNetworks.WildfireSession | maltego.URL | Takes a session and returns the ITW URL observed as part of the session (if available) | Sessions with no company data are excluded |
| AutoFocus - Get ITW Host by Session | PaloAltoNetworks.WildfireSession | maltego.Domain maltego.IPv4Address |
Takes a session and returns associated ITW URLs back as domain names and IP addresses. | No Private IP addresses included; Some background noise domains excluded; |
| AutoFocus - Get ITW Filename by Session | PaloAltoNetworks.WildfireSession | maltego.Filename | Takes a session and returns associated ITW filenames with it | None |
| AutoFocus - Get Sample by ITW Filename | maltego.Filename | maltego.Hash | Takes an ITW filename and returns files seen with the same filename ITW | None |
| AutoFocus - Get Samples by ITW Hostname | maltego.Domain | maltego.Hash | Takes a hostname and finds files that have been spotted with the same hostname ITW | None |
| AutoFocus - Get Samples by ITW IP address | maltego.IPv4Address | maltego.Hash | Takes an IP Address and identifies files that have been spotted with the same hostname ITW | None |
| AutoFocus - Get Samples by ITW URL | maltego.URL | maltego.Hash | Takes a URL and finds files hosted at that URL ITW | None |
| AutoFocus - Get Digtial Signer By Sample | maltego.Hash | PaloAltoNetworks.DigitalCertificateCN | Takes a sample and returns the name of the listed signer (As shown in AutoFocus) | None |
| AutoFocus - Get Sample By Digital Signer | PaloAltoNetworks.DigitalCertificateCN | maltego.Hash | Takes a digital signer and returns samples in AutoFocus whose signer matches the provided one | None |
Labels:
Rate this article:
Related Content
Labels
-
autofocus
5 -
Bookmarks
1 -
Entities
1 -
Filtering
1 -
Maltego
6 -
Missing Samples
1 -
Red Bookmark
1 -
Reporting a Bug
1 -
SmartFiltering
1 -
Transforms
2 -
Visualisation
1
Version history
Last Updated:
10-24-2019
08:51 AM
Updated by:
Retired Member
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks