With the release of Maltego version 3 (around 2010) a new data model was developed. This was done to ensure scalability of entities. Where Maltego v2 just knew about a ‘Person’ we started to understand that other users would want to perhaps create their own Person entity. Thus – we moved to ‘maltego.Person’. The same principle was applied to properties. Where we had ‘firstname’ in V2 we now understood that we should have ‘person.firstname’. Furthermore the model was built in such a way that entities could have any number of properties but that there would be a mapping between any of these properties and what’s displayed underneath the entity in the graph (the display value). A good example of this is the maltego.Document entity – it makes more sense to display the title of the document rather than the URL where the document is located. As such the display value for a Document entity is the title. This can be easily seen on the ‘Display Settings’ when editing an entity within the Maltego client. Here the maltego.Document entity’s Display Settings is shown:
In the same way the value that’s edited when the user clicks on the entity and the IconURL can be mapped to any property of the entity.
Another concept that was introduced in version 3 was the use of calculated properties. A person’s fullname for instance is calculated by the concatenation of the firstnames and the lastname. This is exposed in the Maltego client:
The only entities that use calculated properties are:
CaseFile offered many more entities than Maltego. In CaseFile you can have a Judge, Criminal and Officer that are essentially all Persons. When importing a graph made in CaseFile into Maltego you would want to be able to run the Person transforms on all of these but the early data model did not support it.
We added the concept of inheritance – for the standard Maltego installation this meant that the MXRecord, NSRecord and Website entities were really just specialized DNSNames. The upside of it is that one transform (DNSName 2 IPAddress) worked on all of them – this saved a lot of transform configuration. For example - if you specify on the TDS that a transform will run on a DNSName it will also run on all entities down the ‘family tree’ – MXRecord, Website and NSRecord.
At the top of the tree is ‘maltego.Unknown’. This means that if you configure a transform to run on this base entity type – it will be available when you right click … on any entity.
Why are we stuck with V2 properties?
The trouble with this new data model was that the server was still expecting the old property names for incoming values and was still supplying the old property names as results. With many different versions of Maltego in the wild changing the server to use the new properties would mean that many clients would have a non-functional Maltego client.
As such a conversion layer was implemented that mapped the old property names internally to the new names. It meant that when setting the value of a property it would internally be setting a specific property of the entity. It also meant that when the GUI supplied entities to the server it would convert the properties to the old names.
This worked fine until other developers started to code transforms. The Maltego GUI exposed the internal property names and there was no way to know what these properties translated to when it was supplied to the transforms. That is – unless you followed the specification - that was last updated in 2009.
As such we provide here both the internal (V3) property names as well as their V2 equivalents. When coding transforms it is best to stick with the V2 equivalents. It would be trivial to change the server (CTAS) to use the new properties but it will almost certainly result in some clients stuck with a non-functional GUI. It seems that these legacy properties are here to stay.
When working with your own custom entities this legacy problem is a non-issue of course. It only comes into play when you want to leverage the transforms that are located on the CTAS – then you need to make sure you are mapping to the right V2 equivalent properties.