Integration Overview: Team Cymru Connector for Maltego Graph
Team Cymru’s connector for Maltego Graph enhances investigation capabilities by providing real-time threat intelligence through Team Cymru's Pure Signal™ platform. This integration allows investigators to collect, normalize, and analyze threat intelligence data, facilitating the identification of suspicious activities and hidden connections within Maltego Graph’s visualization environment.
Use Cases
Discover and Visualize Your Attack Surface & Vulnerabilities
Provides attack surface management intelligence, identification of hidden assets and vulnerabilities and third-party and supply chain assets and their risks.
Conduct and Visualize Domain Research & Security Investigations
Provides Maltego with powerful IP and domain insights. Team Cymru's Scout Insight offers detailed IP address relationships, including communication patterns, open ports, passive DNS data, X.509 certificates, fingerprints, and WHOIS information.
Parsing, Normalizing, &
Analyzing Logs
With the Team Cymru + Maltego integration you can ingest assets, vulnerabilities, applications and related threats. This enables you to visualize and understand your edge and allows you to integrate your threat intelligence so you can conduct a more thorough investigation with greater context.
Normalization: The connector applies standardized fields to log records, allowing for consistent attribute names and facilitating data correlation across multiple sources.
Analysis Tools: Utilize Maltego Graph functionalities, also in conjunction with other integrations to investigate your normalized logs for suspicious activities or vulnerabilities.
.jpg)
Built-In: Easily Customizable Detections
The Team Cymru transform provides pre-built detections for Scout Insight and also for Maltego - both are easy, out-of-the-box integrations, offering immediate value for monitoring common indicators of compromise (IoCs) and threats.
Pre-built Detections: Access default detections tailored for common threats and loCs.
Custom Detections: Leverage Maltego’s powerful Transform capabilities to create custom detection logic, allowing you to define rules specific to your organization’s needs.
Configuring Alerts
The app generates alerts based on your configured detection rules and policies. These alerts can be integrated with various destinations for intuitive management and remediation.
Severity Levels: Alerts are categorized into different severity levels -- Info, Low, Medium, High, and Critical. Customize these levels based on specific log event attributes.
Alert Destinations: Integrate alerts with Maltego's alert actions to send notifications to email, Slack, or other SOAR platforms
Getting Started: Onboarding Team Cymru Data in Maltego
Integrating Team Cymru with Maltego is straightforward. Follow these steps
Install the Maltego Transform
Install the Team Cymru Connector from the Maltego Transform Hub
Configure Data Inputs
Set up data inputs to collect logs from Team Cymru. Navigate
to the appropriate settings and configure the necessary parameters
API key setup
Obtain your API Key from Team Cymru and configure it within the connector settings
Verify data collection
Ensure that logs are being ingested correctly and that threat intelligence data is being applied
Team Cymru + Maltego = A Winning Combination
Team Cymru and Maltego integrate to provide a robust solution for comprehensive threat intelligence and investigative capabilities. Team Cymru's actionable threat intelligence feeds and extensive data on IP address relationships, combined with Maltego's powerful data integration and visualization capabilities, create a powerful synergy.
Maltego's ability to merge, mine, and map essential intelligence is complemented by Team Cymru's real-time threat intelligence, enabling investigators to uncover hidden connections and respond to threats swiftly and effectively.
Gain deeper insights into your investigative activities, identify and mitigate potential risks, and maintain a proactive security posture with Team Cymru + Maltego. By leveraging the strengths of both platforms, SOC and investigation teams can streamline their workflows, enhance their threat detection and response capabilities, and ultimately protect their digital assets more efficiently.
