Seeds

Overview

Seeds - Seeds are small pieces of XML that tell the Maltego client where it should look (at which servers) for transforms. Seeds can be thought of as something like the index of a book where you can use that to see where the relevant content is located. Seeds are defined within the iTDS and require no manual editing to create these files. You can view an example of creating a seed in the building your own TDS transforms tutorial in the getting started guide.

Advanced

Seeds can also be manually created to allow them to chain together or have a single seed that points to multiple different transform application servers (TAS).
Discovery / Running transforms
Before discussing manually creating your own seed what is referred to in the client as the "discovery process" needs to be covered. This process is the means in which Maltego discovers transforms and registers them in the client. It works in the following steps:
  1. A seed is added to the Maltego client that points to an XML file like the one listed above
  2. The Maltego client then browses to each of the TransformApplication URL and prepends the text "?Command=_TRANSFORMS" which tells that server to list all the transforms available for that seed
  3. Each of these Transforms are then registered within the client for that particular seed. This includes the display name (listed in the context menu) as well as transform name which is used when running a transform. Transforms can also have additional settings such as transform settings and OAuth configurations.

Seeds are added to your Maltego client from the Transform Hub by clicking on the last transform hub item which is a green plus (+) button as shown below:



After clinking the green plus (+) button the Add Transform Seed window will open as shown below. Here you can add your seed URL as well as other details about the transform seed:



After entering your trasform seed URL and the other fields for the seed you can click "OK" and then "Install" as shown below. The Transforms from this seed will then be installed to your Maltego client.



Seed XML
An example of a basic seed is as follows (this is one used for the movie database set of transforms):

 
 
 
	 
	 
 
 


		

When an analyst executes a transform either by right clicking on an entity and using the context menu or within a machine the following is sent to the Transform Application Server (TAS) described during discovery as the URL parameter of the TransformApplication field. The entity description ( Type, Value, Properties ) as well as the Transform Name

This is a basic format for the XML and does not need to be changed much if you wish to host your own manual seed. The registrationURL parameter is legacy and does not need to modified. Transform seeds can either point to Transform Application Servers or additional seeds. As you can see from the above example we link to just a single TAS.

If you wish to link Multiple TAS' within a single seed you can merely extend the XML to include multiple TransformApplication sections. This can be seen in the standard commercial seed XML used within Maltego and is as follows:

 
 
 
 



 
 
 


	



From the above example the following Transform Application Servers will be discovered if the Maltego client was initially pointed to that XML would be:
  • https://alpine.paterva.com/CTAS31/MaltegoRunner
  • https://cetas.paterva.com/TDS/runner/TAS/Infrastructure31
  • https://cetas.paterva.com/TDS/runner/TAS/SocialMedia
  • https://bark.paterva.com:8081/iTDSRunner/runner/TAS/TweetAnalyzer

The client will then run through browsing to each of these with "?Command=_TRANSFORMS" and store the transforms and their settings within Maltego. This section will not go into the XML used during transform discovery as that is not needed at this time and is completely automated by the various servers.