If you would like to create a new, custom Entity in Maltego, click the New Entity Type button in the top ribbon. Clicking the dropdown opens two new Entity options:
The New Entity Type (Advanced) option will provide more options when creating a new Entity.
Clicking New Entity Type (Advanced) opens the New Entity Wizard which will guide you through the process of creating a new custom Entity. The first step required by the New Entity Wizard is shown in the image below:
Basic Information
- Display name: The name of the Entity shown in the Entity palette.
- Short description: Describe the new Entity in one sentence. This description will also be shown in the Entity palette.
- Unique type name: Unique identifier for your new Entity. Unique type names are prefixed with the creator’s alias. For example, all Entities that come with Maltego have a Unique type name prefixed by “maltego.”
- Category: The Entity category refers to the Entity group with which an Entity might be associated. E.g. Entities that are related to computer network infrastructure would fall into the "Infrastructure" category and GPS coordinate Entities would fall under the "Location" category while electronic devices falls into the "Devices" category.
- Inheritance: Transforms are designed to run only on a specific type of Entity. E.g. The 'To MX Record' Transform runs on a Domain, but not a person. Sometimes you want Transforms to run on additional Entities that might extend base Entities. Maltego inheritance allows you to inherit Transforms from a base Entity. If the new custom Entity inherits from another Entity (the parent entity), then all the Transforms that run on the parent entity will also run on the new custom. This is useful when creating a more specific type of an already existing Entity. For example, if a “police officer” was created it would inherit from a Person Entity as a "police officer" is a type of person and it would be useful to have all the Transforms for a Person also run on the new police officer Entity.
Note: Transforms that are built to run on the child Entity (the Entity inheriting) will not run on the parent Entity.
- Icons: An Entity icon must then be chosen for the new Entity type. The Maltego client comes with standard Entity icons that can be chosen from. More icons can also be added under the Manage Icons window.
Main Property
After clicking Next>, the main property for the new Entity can be configured.
The main property (also called the Entity value) is the property of the Entity that is going to be shown on the graph. This step allows for the configuration of the main property:
- Property display name: Property name that will be displayed in the property view.
- Short description: This provides a description of the property in one sentence.
- Unique property name: Name that uniquely identifies this property.
- Data type: Allows you to specify the type of information that the property is representing. The data type can be selected between: string, date, integer or double.
- Sample value: the sample value will be the default value for this Entity type when a new Entity is dragged onto a graph from the Entity palette.
Once these fields have been completed click Next> to continue.
Additional Properties
Clicking Next> will open the Additional Properties section of the wizard:
Properties for an Entity describe the extra fields that an Entity contains. Several Entities contain just a single field such as a DNS Name and for most Entities creating a single field is enough.
From the Additional Properties step, you can add additional properties for your Entity to represent pieces of information that is commonly found with the new Entity type. At this stage, it is important to consider whether additional information relating to the new Entity type should be made as a property of the new Entity or an entirely new Entity on its own.
By default, there will be one property populated which is the main property (Entity value) that was configured in Step 2.
To add new properties clicking the Add property button in the top left-hand corner of the wizard window. This will open a new window where the new property can be configured. In this case, a “Country of Residence” will be added for the new “Person of Interest” Entity:
For the new property, the following fields must be completed:
- Name: The name that uniquely identifies the property
- Display name: The name that will be shown in the Property View in the Maltego UI
- Type: Type allows you to specify the data type that the property will be representing. There is a range of data types to choose from the dropdown menu.
Once these three fields have been chosen, clicking OK will add the new property to the Entity. From the main wizard window, additional configurations can be made to the new property:
- Required: If this is checked then this property cannot be left blank when adding this Entity type to your graph.
- Read only: If this is checked then the property cannot be set by you. It can only be set by Transforms
- Description: This field can be used to set a short description for the property.
- Default value: This is the default value of the property.
The next step in the wizard allows you to set Display Settings for the new Entity. The display settings allow you to set which property is displayed on the graph.
Display Settings
Display Settings determine three different properties for an Entity:
- what is edited when changing the value on the graph
- what value is displayed on the graph
- what icon should be used in place of the default icon.
It might seem strange to have a different property edited to what is displayed but as an example to illustrate this. look at the URL Entity. Whilst you still need the actual URL of a page you do not necessarily want that entire URL displayed on the graph, but rather something simple, like the title of the page.
- Edit Value: This property determines which field is edited when you double click on the Entity text by default.
- Display Value: The property that is displayed on the graph.
- Large Image: If a property is a URL to an image you can use this to replace the icon on the graph (useful for showing things like a thumbnail of a website where it is different for each website Entity).
Advanced Settings
The last step in the New Entity Wizard is the Advanced Settings page.
The Advanced Settings page allows you to specify the following fields:
- Plural display name: allows you to set the plural options for when multiple Entities are described in the tool.
- Palette item: this allows you to choose whether the new Entity type will be displayed in the Entity palette. By default, this option is checked. If an Entity type should only be returned a Transform and not ever be added to the graph manually by you, then this field should be un-checked.
- Use regex converter: This checkbox allows you to choose whether a regular expression is used to automatically identify an Entity when text is pasted onto a graph from the clipboard.
- Conversion order: The priority given to this Entity, when pasted text matches multiple regex expressions.
- Regular expression: The image below describes the regular expression used for matching a domain Entity with the tool, essentially when you paste into the graph the tool will compare the text pasted to the regular expression and if matched automatically create an Entity of that type. The regular expression for a domain is [-\w]{1,120}\.[-\w]{1,4}\.*[-\w]{0,4}
- Group to property mapping: Apart from matching you can also populate specific fields within the tool. An example of this is the person Entity which when pasting will automatically populate the first name and last name fields of the Entity if you paste something such as "Andrew MacPherson" into the tool. The regular expression for this is as follows: ([A-Z]{1,15}[a-z]{0,15}) ([A-Z]{0,15}[a-z]{0,15} *[A-Z]{0,15}[a-z]{0,15} *[A-Z]{0,15}[a-z]{0,15})
In the current “Person of Interest” example, both the Regular expression and Group to property mapping fields are left blank.
Clicking Finish will complete the wizard. The new Entity type can be found in the Entity palette under the Personal category: