Skip to main content

Visual link analysis with Splunk (or SQL) and Maltego using the MDS

We're finally ready to release a public beta of the Maltego Data Server (MDS). The MDS is a server that allows you to trivially easy visualize data kept in SQL databases or indexes (such as Splunk) in Maltego - as a graph.

In the most simplest form you only need to write a query (SQL/Splunk) and a tell the MDS how to map the resultant data back to nodes on the graph.


In the most complex form you can write Python code around the query, mapping and nodes as well as use (global) replacement variables anywhere within the items above. With this we mean to say that the MDS can be as easy or as complex as you'd like it to become. The system can grow with your abilities and is very flexible.

With the very basic knowledge of SQL/Splunk and Maltego you can almost immediately get massive insight into the most mundane of logs. With two (basic AF) Splunk-based transforms and three of the standard OSINT transforms that ship with Maltego we can spot fake Googlebots almost instantly in our web server logs:


Keep in mind that the power of the existing Threat Intelligence transforms available in the Transform Hub is at your fingertips - making it possible to enrich your internal data to the max.


If you are interested to test drive the MDS *today* you can simply email us at mds-beta@paterva.com and we'll send you the server as an OVA to experiment with. You can read the comprehensive documentation for the MDS [here] right now. 

We love to get your feedback on our new project.

RT

PS: the commercial people just told us we should include that we're going to be selling this in future. Don't know why that's important...but ye.

Comments