We can learn more about these posts in the Detail View and Property View within Maltego. This will return to us the names of threads on which our threat actor has authored posts. To learn more about our threat actor’s activity on the forum, we can run the To Intel Item Post Transform. Our result tells us that our threat actor only appears to be active on the forum on which they are an admin. To learn which forums and other potentially criminal places this threat actor is active, we can run the To Threat Source Transform. Our starting point will be an Alias Entity with our threat actor’s name. In this case, we are interested in learning more a threat actor that administers a forum where leaked databases are shared and swapped. Combining the intelligence of Cybersixgill with other Transforms will enable investigators to get a comprehensive picture about that actor. One of the use cases of a typical investigator is to profile different threat actors that are involved in malicious activities against an organization, or ones that might pose a threat. From there, investigators can run Transforms to uncover information related to:
What Type of Information Can I Get from Cybersixgill? 🔗︎Īnalysts can begin their investigations using Cybersixgill and Maltego with an Alias, URL, Hash, Domain, or IPv4 Address. If you are not yet a Cybersixgill customer, please reach out to Maltego using the contact form here
Maltego license key install#
Enterprise Data Allowance: As a Maltego Enterprise user, you can access and install the Cybersixgill Hub item in the Maltego Desktop Client and directly try out the data.There are three ways to access Cybersixgill data within Maltego: In order to use Cybersixgill, you need a Cybersixgill Client ID, Cybersixgill Client Secret as well as a commercial Maltego license.
How Can I Start Using the Cybersixgill Transforms in Maltego? 🔗︎ Threat intelligence and SOC analysts, incident responders, and other cybersecurity teams will also be able to conduct dark web investigations to obtain a visual understanding of their threat landscape and accelerate incident response – in real-time.
Integrating Cybersixgill’s extensive data with Maltego empowers users with contextual and actionable insights, and the ability to display it in Maltego’s graphical link analysis. It delivers contextual threat intelligence in real-time that is highly accurate, comprehensive, and covert. Powered by the broadest automated collection from the deep, dark, and clear web, Cybersixgill is a fully automated threat intelligence solution that helps organizations protect their critical assets, reduce fraud and data breaches, protect their brand, and minimize their attack surface. That offers investigators the ability to covertly access closed sources and critical intelligence from the criminal underground. Today, we are introducing the Cybersixgill data integration in Maltego
0 kommentar(er)
