search

allfro / canari

Local and Remote Maltego Rapid Transform Development Framework
http://www.canariproject.com
102 stars 27 forks source link

Linking entity's to other entity's then the starting one. #13

Closed NordicBlueNL closed 11 years ago

NordicBlueNL commented 11 years ago

Hello,

I am wondering, is it possible to output multiple levels of links towards Maltego? Following example: I run a search transform on a custom-made Company entity. The transform looks in multiple mysql databases for information. One of the databases is named: KVK

I want the Transform to create a new KVK entity when it finds a result there, and then I want the underlying results from that database linked to the KVK entity, not to the Company entity.

So you would get the following links: Company -> KVK -> Adress, Name, Phone number etc.

So in short: How do I tell my transform to hook new entitiy's to another entity then the one where the transform runs on?

Thanks in advance for answering!

Screenshot Just for clarification, I want to run a transform on Bedrijf and have the transform create the KVK phrase and the other 2 entities and have them linked as shown above.

mattnewham commented 11 years ago

Why not make entity types of say "kvx name" and give it a kvx name icon. Thats the way I have done a similar task. Also you could make a machine to run 2 transforms On 29 Mar 2013 10:54, "nielslelieveld" notifications@github.com wrote:

Hello,

I am wondering, is it possible to output multiple levels of links towards Maltego? Following example: I run a search transform on a custom-made Company entity. The transform looks in multiple mysql databases for information. One of the databases is named: KVK

I want the Transform to create a new KVK entity when it finds a result there, and then I want the underlying results from that database linked to the KVK entity, not to the Company entity.

So you would get the following links: Company -> KVK -> Adress, Name, Phone number etc.

So in short: How do I tell my transform to hook new entitiy's to another entity then the one where the transform runs on?

Thanks in advance for answering!

— Reply to this email directly or view it on GitHubhttps://github.com/allfro/canari/issues/13 .

NordicBlueNL commented 11 years ago

Hi Mattnewham,

Thanks for your response. The reason I want to have it this way is that the transform will look into multiple databases containing adresses and other information. We want to know which information came out of which database. We want to prevent the results from mixing up. Thats why we thought it would be handy to create a Phrase with some text, and linking the results from a certain database to that Phrase.

digital4rensics commented 11 years ago

As far as I know, there is no direct way to do exactly what you're trying to do. However, there are two ways that you could go about creating the functionality.

1.) In your company -> NewEntity transform, you could add the source domain as either a property of the new entities, or as a link label for all the relationships.

2.) As Matt stated, use a Machine to link multiple transforms. This probably wouldn't be the most efficient way because I don't think you'd be able to avoid doing 2 lookups on the DB for each entity. Also, I'm trying to think how you'd be able to do Company->DB->result for the machine, and I think it would be easier to do Company->result->DB. This still will isolate which results came from which DB, and IMO, it would graph better across multiple hits. More info can be found at www.paterva.com/MSL.pdf

Hope that helps!

NordicBlueNL commented 11 years ago

Hi Digital4rensics, Thanks for your response. I will use the property/link label for now. Though it would be nice if Maltego would be able to process such a request, I could think of more uses for this ability.

NordicBlueNL commented 11 years ago

I asked the question to Paterva and this is the reply I just received: Unfortunately at this stage the specification does not support returning a graph or branch of a tree. Instead you will have to have two transforms one which goes from company to person and one which goes from person to the additional entities. When we switch over to protocol 3 it will support graph in and graph out but I do not know whether it will be supported via local transforms, it will most likely only be available to TDS transforms. I also cannot give you a date on when that implementation will take place, so unfortunately I don’t have any definites for you, but as soon as we know we will put it out :)

allfro commented 11 years ago

Ah,

For once I am not the bearer of bad news ;). I was just about to post the same thing. I guess this answers your questions then?

NordicBlueNL commented 11 years ago

Yes, thanks for responding.