Best Practices

Overview

Entity creation is one of the most important steps when implementing Maltego in your environment. There are a few things to remember when doing this. Initially we recommend creating a table of all the types of information that you have available and would like to integrate with on both the x and y axis and then determine where you will need transforms and if any of the information is a duplicate. Once you have completed this you should have just the information you are interested in representing in Maltego and can then create these entities.

Dead end entities
Dead end entities are entities which do not have any transforms that can be run on them. It is important to try and re-use the default entities or entities which you already have transforms built for.

Entity Inheritance
It is strongly recommended that if you have do have entities that could be related to entities pre-existing in the tool that you use entity inheritance to avoid having to duplicate transforms. An example of this is the website, NS record and MX record that all inherit from the DNS entity. This means that instead of having to recreate the 'to IP Address' transform for each type we create it only once for the DNS record entity and the transform will be available to all of the different types.

Entity Naming / Sharing
To avoid having entities recreated by multiple people within a team it is recommended that a naming schema is used to categorise as well as share entities across your organisation / team. This also applies for the properties of entities to avoid things like 'firstName', 'FIRSTNAME' and 'first.name' which will create a lot of confusion amongst the developers.