Transforms

Support

Support for business applications

Transforms for Maltego

Using Kaspersky Transforms for Maltego

Transforms

August 12, 2021

ID 218412

This section contains information on the transforms provided by Kaspersky Transforms for Maltego. The transforms can be run on different entities, including IP addresses, hashes, domains, and URLs. The transforms provide information about entities that are contained in Kaspersky Threat Intelligence Portal.

Transforms on a URL entity

The transforms that can be run on a URL entity and the corresponding result types are provided in the following table.

Transforms that can be run on a URL entity

Transform	Resulting entity	Description
`getUrlAccessedHashes`	A set of `Hash` entities with additional fields.	Get the list of files related to this URL.
`getUrlHost`	An `IPv4 Address` or `DNS Name` entity.	Get the IP address of the host.
`getUrlDownloadedHashes`	A set of `Hash` entities with additional fields.	Get a list of hashes of the files downloaded from this URL.
`getUrlReferrals`	A set of `URL` entities with additional fields.	Get the list of URLs that referred to this URL.
`getUrlReferredTo`	A set of `URL` entities.	Get the list of URLs this URL referred to.
`getUrlReports`	A set of `Document` entities.	Get the list of APT Intelligence reports and Financial Threat Intelligence reports this URL is related to.
`getUrlInfo`	The initial entity enriched with zone info, a set of `KL.Category` entities, a `URL`, `Domain`, and `Document` entities. For information about zones, see section "About zones and statuses" in Kaspersky Threat Intelligence Portal online help.	Get the general information about this URL.
`getUrlDomainWhois`	A `Domain` entity with additional fields, `Email Address` and `DNS Name` entities.	Get the WHOIS information about the URL.
`getUrlDomainDnsResolutions`	An `IP` entity with additional fields.	Get the information about the DNS resolutions for this URL.

Transforms on a Domain entity

The transforms that can be run on a Domain entity and the corresponding result types are provided in the following table.

Transforms that can be run on a Domain entity

Transform	Resulting entity	Description
`getDomainInfo`	The initial entity enriched with zone info, a set of `KL.Category` entities, and `Domain` and `Document` entities. For information about zones, see section "About zones and statuses" in Kaspersky Threat Intelligence Portal online help.	Get the general information about this domain.
`getDomainReports`	A set of `Document` entities.	Get the list of APT Intelligence reports and Financial Threat Intelligence reports this domain is related to.
`getDomainDnsResolutions`	An `IP` entity with additional fields.	Get the information about the DNS resolutions for this domain.
`getDomainAccessedHashes`	A set of `Hash` entities with additional fields.	Get the list of hashes of the files that access this domain.
`getDomainDownloadedHashes`	A set of `Hash` entities with additional fields.	Get the list of hashes of the files downloaded from this domain.
`getDomainSubdomains`	A set of `Domain` entities with additional fields.	Get the list of subdomains.
`getDomainReferrals`	A set of `URL` entities with additional fields.	Get the list of URLs that referred to this domain.
`getDomainReferredTo`	A set of `URL` entities with additional fields.	Get the list of URLs this domain referred to.
`getDomainWhois`	A `Domain` entity with additional fields, `Email Address`, and `DNS Name` entities.	Get the WHOIS information about the domain.

Transforms on a Website entity

The transforms that can be run on a Website entity and the corresponding result types are provided in the following table.

Transforms that can be run on a Website entity

Transform	Resulting entity	Description
`getWebsiteInfo`	The initial entity enriched with zone info, a set of `KL.Category` entities, and `Domain` and `Document` entities. For information about zones, see section "About zones and statuses" in Kaspersky Threat Intelligence Portal online help.	Get the general information about this website.
`getWebsiteResolutions`	An `IP` entity with additional fields.	Get the information about the DNS resolutions for this website.
`getWebsiteAccessedHashes`	A set of `Hash` entities with additional fields.	Get the list of hashes of the files that access this website.
`getWebsiteDownloadedHashes`	A set of `Hash` entities with additional fields.	Get the list of hashes of the files downloaded from this website.
`getWebsiteSubdomains`	A set of `Domain` entities with additional fields.	Get the list of subdomains.
`getWebsiteParentDomain`	A `Domain` entity.	Get the parent domain for the website.
`getWebsiteReferrals`	A set of `URL` entities with additional fields.	Get the list of URLs that referred to this website.
`getWebsiteReferredTo`	A set of `URL` entities with additional fields.	Get the list of URLs this website referred to.
`getWebsiteReports`	A set of `Document` entities.	Get the list of APT Intelligence reports and Financial Threat Intelligence reports this website is related to.
`getWebsiteWhois`	A `Domain` entity with additional fields, `Email Address` and `DNS Name` entities.	Get the WHOIS information about the website.

Transforms on a DNS Name entity

The transforms that can be run on a DNS Name entity and the corresponding result types are provided in the following table.

Transforms that can be run on a DNS Name entity

Transform	Resulting entity	Description
`getDNSNameAccessedHashes`	A set of `Hash` entities with additional fields.	Get the list of hashes of the files that access the domain with this DNS name.
`getDNSNameDownloadedHashes`	A set of `Hash` entities with additional fields	Get the list of hashes of the files downloaded from the domain with this DNS name.
`getDNSNameResolutions`	An `IP` entity with additional fields.	Get the information about the DNS resolutions for the domain with this DNS name.
`getDNSNameParentDomain`	A `Domain` entity.	Get the parent domain for the domain with this DNS name.
`getDNSNameReports`	A set of `Document` entities.	Get the list of APT Intelligence reports and Financial Threat Intelligence reports the domain with this DNS name is related to.
`getDNSNameReferrals`	A set of `URL` entities with additional fields.	Get the list of URLs that referred to the domain with this DNS name.
`getDNSNameReferredTo`	A set of `URL` entities.	Get the list of URLs the domain with this DNS name referred to.
`getDNSNameInfo`	The initial entity enriched with zone info, `DNS Name`, `Domain`, and `Document` entities. For information about zones, see section "About zones and statuses" in Kaspersky Threat Intelligence Portal online help.	Get the general information about the domain with this DNS name.
`getDNSNameSubdomains`	A set of `Domain` entities with additional fields.	Get the list of subdomains.
`getDNSNameWhois`	A `Domain` entity with additional fields, `Email Address` and `DNS Name` entities.	Get the WHOIS information about the domain with this DNS name.

Transforms on a Hash entity

The transforms that can be run on a Hash entity and the corresponding result types are provided in the following table.

Transforms that can be run on a Hash entity

Transform	Resulting entity	Description
`getHashAccessedUrls`	A set of `URL` entities with additional fields.	Get the list of URLs the file with this hash accessed.
`getHashStartedBy`	A set of `Hash` entities with additional fields.	Get the list of files that launched the file with this hash.
`getHashDownloadedBy`	A set of `Hash` entities with additional fields.	Get the list of files that downloaded the file with this hash.
`getHashCertificates`	A set of `KL.CertificateInfo` entities with additional fields.	Get the list of signatures the file with this hash was signed with.
`getHashFileNames`	A set of `Phrase` entities.	Get the list of file names for the file with this hash.
`getHashFilePaths`	A set of `Phrase` entities.	Get the list of paths to the file with this hash.
`getHashDowloadedFromUrls`	A set of `URL` entities with additional fields.	Get the list of URLs from which the file with this hash was downloaded.
`getHashStartedFiles`	A set of `Hash` entities with additional fields.	Get the list of files that the file with this hash launched.
`getHashReports`	A set of `Document` entities.	Get the list of APT Intelligence reports and Financial Threat Intelligence reports the file with this hash is related to.
`getHashInfo`	The initial entity enriched with zone info, `Hash`, `KL.DetectionInfo`, and `Document` entities. For information about zones, see section "About zones and statuses" in Kaspersky Threat Intelligence Portal online help.	Get the general information about the file with this hash.
`getHashDownloadedFiles`	A set of `Hash` entities with additional fields.	Get the list of files that the file with this hash downloaded.
`getHashContainers`	A set of `KL`.CertificateInfo entities with additional fields.	Get the list of signatures that the container objects for the file with this hash were signed with.

Transforms on an IPv4 Address entity

The transforms that can be run on an IPv4 Address entity and the corresponding result types are provided in the following table.

Transforms that can be run on an IPv4 Address entity

Transform	Resulting entity	Description
`getIPCountry`	A `Phrase` entity.	Get the country code for this IP address.
`getIPDnsResolutions`	A `Domain` entity with additional fields.	Get the information about the DNS resolutions for this IP address.
`getIPDownloadedHashes`	A set of `Hash` entities with additional fields	Get the list of hashes of the files downloaded from this IP address.
`getIPHostedUrls`	A set of `URL` entities with additional fields.	Get the list of URLs that are related to this IP address.
`getIPReports`	A set of `Document` entities.	Get the list of APT Intelligence reports and Financial Threat Intelligence reports this IP address is related to.
`getIPInfo`	The initial entity enriched with zone info, `IP` and `Document` entities. For information about zones, see section "About zones and statuses" in Kaspersky Threat Intelligence Portal online help.	Get the general information about this IP address.
`getIPWhois`	`Email Address` entities.	Get the WHOIS information about this IP address.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.