Default Entities

V2/V3 Confusion

With the release of Maltego version 3 (around 2010) a new data model was developed. This was done to ensure scalability of entities. Where Maltego v2 just knew about a ‘Person’ we started to understand that other users would want to perhaps create their own Person entity. Thus – we moved to ‘maltego.Person’. The same principle was applied to properties. Where we had ‘firstname’ in V2 we now understood that we should have ‘person.firstname’. Furthermore the model was built in such a way that entities could have any number of properties but that there would be a mapping between any of these properties and what’s displayed underneath the entity in the graph (the display value). A good example of this is the maltego.Document entity – it makes more sense to display the title of the document rather than the URL where the document is located. As such the display value for a Document entity is the title. This can be easily seen on the ‘Display Settings’ when editing an entity within the Maltego client. Here the maltego.Document entity’s Display Settings is shown:



In the same way the value that’s edited when the user clicks on the entity and the IconURL can be mapped to any property of the entity.

Calculated properties

Another concept that was introduced in version 3 was the use of calculated properties. A person’s fullname for instance is calculated by the concatenation of the firstnames and the lastname. This is exposed in the Maltego client:



The only entities that use calculated properties are:
  • maltego.Person
  • maltego.Location
  • maltego.PhoneNumber

Inheritance

CaseFile offered many more entities than Maltego. In CaseFile you can have a Judge, Criminal and Officer that are essentially all Persons. When importing a graph made in CaseFile into Maltego you would want to be able to run the Person transforms on all of these but the early data model did not support it.

We added the concept of inheritance – for the standard Maltego installation this meant that the MXRecord, NSRecord and Website entities were really just specialized DNSNames. The upside of it is that one transform (DNSName 2 IPAddress) worked on all of them – this saved a lot of transform configuration. For example - if you specify on the TDS that a transform will run on a DNSName it will also run on all entities down the ‘family tree’ – MXRecord, Website and NSRecord.

At the top of the tree is ‘maltego.Unknown’. This means that if you configure a transform to run on this base entity type – it will be available when you right click … on any entity.

Why are we stuck with V2 properties?

The trouble with this new data model was that the server was still expecting the old property names for incoming values and was still supplying the old property names as results. With many different versions of Maltego in the wild changing the server to use the new properties would mean that many clients would have a non-functional Maltego client.

As such a conversion layer was implemented that mapped the old property names internally to the new names. It meant that when setting the value of a property it would internally be setting a specific property of the entity. It also meant that when the GUI supplied entities to the server it would convert the properties to the old names.

This worked fine until other developers started to code transforms. The Maltego GUI exposed the internal property names and there was no way to know what these properties translated to when it was supplied to the transforms. That is – unless you followed the specification - that was last updated in 2009.

As such we provide here both the internal (V3) property names as well as their V2 equivalents. When coding transforms it is best to stick with the V2 equivalents. It would be trivial to change the server (CTAS) to use the new properties but it will almost certainly result in some clients stuck with a non-functional GUI. It seems that these legacy properties are here to stay.

When working with your own custom entities this legacy problem is a non-issue of course. It only comes into play when you want to leverage the transforms that are located on the CTAS – then you need to make sure you are mapping to the right V2 equivalent properties.



Entity reference guide

maltego.Domain

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
fqdn string Domain Name Value
whois-info string Whois Info whois

maltego.DNSName

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
fqdn string DNS Name Value

maltego.MXRecord

Inherits from: maltego.DNSName

 
Property Name Type Display Name V2 Equivalent
fqdn string MX Record Value
mxrecord.priority integer Priority mxrecord.priority

maltego.NSRecord

Inherits from: maltego.DNSName

 
Property Name Type Display Name V2 Equivalent
fqdn string NS Record Value

maltego.IPv4Address

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
ipv4-address string IP Address Value
ipaddress.internal boolean internal ipaddress.internal

maltego.Netblock

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
ipv4-address string IP Range Value

maltego.AS

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
as.number integer AS Number Value

maltego.Website

Inherits from: maltego.DNSName

 
Property Name Type Display Name V2 Equivalent
fqdn string Website Value
website.ssl-enabled boolean SSL Enabled website.ssl-enabled
ports int [] Ports ports

maltego.URL

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
short-title string Short Title Value
url URL Value theurl
title string Title fulltitle

maltego.Phrase

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
text string Text Value

maltego.Document

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
url string URL link
title string Title Value
document.meta-data string Meta-Data metainfo

maltego.Person

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
person.fullname* string Full Name Value
person.firstnames+ string First Names firstname
person.lastname+ string Surname lastname

maltego.EMailAddress

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
email string Email Address Value

maltego.Location

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
location.name* string Name Value
country+ string Country country
city+ string City city
location.area string Area area
countrycode string Country Code countrysc
longitude float Longitude long
latitude float Latitude lat

maltego.PhoneNumber

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
Phonenumber* string Phone Number Value
phonenumber.countrycode+ string Country Code countrycode
phonenumber.citycode+ string City Code citycode
phonenumber.lastnumbers+ string Area Code areacode
phonenumber.lastnumbers+ string Last Digits lastnumbers

maltego.Alias

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
alias string Alias Value

maltego.Image

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
description string Description Value
url URL Value url

maltego.Twit

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
twit.name string Twit Value
id string Twit ID id
author string Author author
author_uri string Author URI author_uri
content string Content content
img_link string Image Link img_link
pubdate string Date published pubdate
title string Title title

maltego.affiliation.Twitter

Inherits from: maltego.Unknown

 
Property Name Type Display Name V2 Equivalent
person.name string Name Value
affiliation.network string Network network
affiliation.uid string UID uid
affiliation.profile-url string Profile URL affiliation.profile-url
twitter.number int Twitter Number twitter.number
twitter.screen-name string Screen Name twitter.screen-name
twitter.friendcount int Friend Count twitter.friendcount
person.fullname string Real Name person.fullname