Documentation Home Maltego Academy Maltego Blog Contact Us
Welcome
Login
Open navigation

AlienVault OTX

Modified on: Tue, 8 Oct, 2024 at 8:38 AM

Overview

Maltego AlienVault OTX Transforms bring AT&T's Open Threat Exchange integration to Maltego.


AlienVault Open Threat Exchange® (OTX™) is an open information sharing and analysis network where anyone can provide OTX Pulses.


OTX Pulses provide a summary of the threat, a view into the software targeted, and the related indicators of compromise (IOC) that can be used to detect the threats.


The OTX Transforms provide a means to query Pulses and the following IOCs:

  • IP Addresses
  • Domains
  • Hostnames (subdomains)
  • Email
  • URL/URI
  • File Hashes: MD5, SHA1, SHA256, PEHASH, IMPHASH
  • CIDR Rules
  • File Paths
  • MUTEX name
  • CVE number


Founded by AlienVault (now AT&T Cybersecurity), the Open Threat Exchange (OTX) offers a place for thousands of threat researchers and security professionals to share and discuss the latest threats and the indicators linked to them. With more than 140,000 participants from 140 countries, OTX receives more than 19 million indicators daily.


The new AlienVault OTX Transforms in Maltego allow users to harness this power for free and query threat intelligence using Maltego.


Access

Registration is free. Users will need to register using their email address. Following successful registration, users will be provided with an API key which is required to fully exploit the OTX Data Hub item.


Sign up for an account here: https://otx.alienvault.com/


Updates

12 October 2022

AlienVault Pagination Timeout Update:

A Pagination Timeout setting was added which takes in seconds. 

  • This timeout is used by Transforms when fetching API results from AlienVault. 
  • This is a time-consuming process and to avoid requests hanging and customers losing transform results, Transforms will return the collected data when the pagination timeout elapses. 
  • The default value is 60 seconds and  the maximum that can be set is 120 seconds.

 

Affected Transforms:

  • dnsNameToUrlSectionUrl
  • domainToUrlSectionUrl
  • ipv4AddressToUrlSectionUrl
  • ipv6AddressToUrlSectionUrl
  • urlToUrlListSectionIpAddress


Additional Resources

For an interesting walk-through of the new AlienVault OTX Data Hub item check out our blog post, Combining the power of AlienVault OTX and Maltego to bolster your investigations.


Read more about AlienVault OTX on our website here.

AlienVault OTX Transforms

To IP Addresses (Passive DNS) [OTX].

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo IP Addresses (Passive DNS) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address

Variants

Transform NameInput EntitiesShort Description
alienvault.otx.domainToPassiveDnsSectionIpAddressmaltego.DomainReturns the IP addresses detected by OTX for the domain.
alienvault.otx.dnsNameToPassiveDnsSectionIpAddressmaltego.DNSNameReturns the IP addresses detected by OTX for the DNS name.

Description

Returns the related domains detected by OTX for the input domain.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Related Domains (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionRelations
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Domain
Short DescriptionReturns the related domains detected by OTX for the input domain.

To DNS Records (Passive DNS) [OTX].

Description

Returns the DNS records observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo DNS Records (Passive DNS) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.DNSName,maltego.NSRecord,maltego.MXRecord,maltego.ARecord,maltego.AAAARecord, maltego.Phrase
Short DescriptionReturns the DNS records observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.ipv4ToPassiveDnsSectionDnsRecordsmaltego.IPv4Address
alienvault.otx.domainToPassiveDnsSectionDnsRecordsmaltego.Domain
alienvault.otx.ipv6ToPassiveDnsSectionDnsRecordsmaltego.IPv6Address

To Service Banner [OTX].

Description

Returns the service banner observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Service Banner [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.dnsNameToHttpScanSectionService
Input Entitiesmaltego.DNSName
Output Entitiesmaltego.Service
Short DescriptionReturns the service banner observed by OTX for the input Entity.

To GPS [OTX].

Description

Returns the GPS observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo GPS [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.GPS
Short DescriptionReturns the GPS observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.domainToGeoSectionGpsmaltego.Domain
alienvault.otx.dnsNameToGeoSectionGpsmaltego.DNSName
alienvault.otx.ipv4AddressToGeoSectionGpsmaltego.IPv4Address

To WhoisRecord [OTX].

Description

Returns the Whois record for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo WhoisRecord [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionWhoisRecord
Input Entitiesmaltego.Domain
Output Entitiesmaltego.WhoisRecord
Short DescriptionReturns the Whois record for the input Entity.

To Domains sharing Email (Whois) [OTX].

Description

Returns the related domains sharing the same email detected by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Domains sharing Email (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionDomainSharingEmail
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Domain
Short DescriptionReturns the related domains sharing the same email detected by OTX for the input Entity.

To Malware Hashes [OTX].

Description

Returns the malware hashes observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Malware Hashes [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.Hash
Short DescriptionReturns the malware hashes observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.ipv6AddressToMalwareSectionHashmaltego.IPv6Address
alienvault.otx.dnsNameToMalwareSectionHashmaltego.DNSName
alienvault.otx.domainToMalwareSectionHashmaltego.Domain
alienvault.otx.ipv4AddressToMalwareSectionHashmaltego.IPv4Address

To linking IP Addresses (Whois) [OTX].

Description

Returns the related IP addressees linking to the input domain.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo linking IP Addresses (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionLinkingIps
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Ipv4Address
Short DescriptionReturns the related IP addressees linking to the input domain.

To Domains observed on IP Address [OTX].

Description

Returns the domains observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Domains observed on IP Address [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.ipv4AddressToUrlListSectionDomain
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.Domain
Short DescriptionReturns the domains observed by OTX for the input Entity.

To Location [OTX].

Description

Returns the Location observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Location [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.Location
Short DescriptionReturns the Location observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.ipv4AddressToGeoSectionLocationmaltego.IPv4Address
alienvault.otx.domainToGeoSectionLocationmaltego.Domain
alienvault.otx.dnsNameToGeoSectionLocationmaltego.DNSName

To Domains sharing Nameserver (Whois) [OTX].

Description

Returns the related domains sharing the same name server detected by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Domains sharing Nameserver (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionDomainSharingNameServer
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Domain
Short DescriptionReturns the related domains sharing the same name server detected by OTX for the input Entity.

To URLs [OTX].

Description

Returns the URLs observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo URLs [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.URL
Short DescriptionReturns the URLs observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.ipv4AddressToUrlSectionUrlmaltego.IPv4Address
alienvault.otx.dnsNameToUrlSectionUrlmaltego.DNSName
alienvault.otx.domainToUrlSectionUrlmaltego.Domain
alienvault.otx.ipv6AddressToUrlSectionUrlmaltego.IPv6Address

To Ports [OTX].

Description

Returns the ports observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Ports [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.ipv4AddressToHttpScanSectionPort
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.Port
Short DescriptionReturns the ports observed by OTX for the input Entity.

To linking URLs (Whois) [OTX].

Description

Returns the related URLs link to the input domain.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo linking URLs (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionLinkingUrls
Input Entitiesmaltego.Domain
Output Entitiesmaltego.URL
Short DescriptionReturns the related URLs link to the input domain.

To Domains (To change name) [OTX].

Description

Returns the domains observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Domains (To change name) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.ipv6AddressToUrlListSectionDomain
Input Entitiesmaltego.IPv6Address
Output Entitiesmaltego.Domain
Short DescriptionReturns the domains observed by OTX for the input Entity.

To DNS Name (Passive DNS) [OTX].

Description

Returns the DNS names observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo DNS Name (Passive DNS) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.DNSName
Short DescriptionReturns the DNS names observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.ipv6ToPassiveDnsSectionDnsNamesmaltego.IPv6Address
alienvault.otx.ipv4ToPassiveDnsSectionDnsNamesmaltego.IPv4Address

To As Number (Passive DNS) [OTX].

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo As Number (Passive DNS) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.AS

Variants

Transform NameInput EntitiesShort Description
alienvault.otx.ipv4ToPassiveDnsSectionAsNumbermaltego.IPv4AddressReturns the the autonomous system number observed by OTX for the input Entity.
alienvault.otx.dnsNameToPassiveDnsSectionAsNumbermaltego.DNSNameReturns the autonomous system number detected by OTX for the DNS name.
alienvault.otx.ipv6ToPassiveDnsSectionAsNumbermaltego.IPv6AddressReturns the autonomous system number observed by OTX for the input Entity.

To Service Banners [OTX].

Description

Returns the service banners observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Service Banners [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.Service
Short DescriptionReturns the service banners observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.ipv4AddressToHttpScanSectionServicemaltego.IPv4Address
alienvault.otx.domainToHttpScanSectionServicemaltego.Domain

To AS Number [OTX].

Description

Returns the Autonomous System Number observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo AS Number [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Output Entitiesmaltego.AS
Short DescriptionReturns the Autonomous System Number observed by OTX for the input Entity.

Variants

Transform NameInput Entities
alienvault.otx.domainToGeoSectionAsNumbermaltego.Domain
alienvault.otx.ipv4AddressToToGeoSectionAsNumbermaltego.IPv4Address

To IP Address [OTX].

Description

Returns the IPv6 Addresses observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo IP Address [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.dnsNameToUrlListSectionIpAddress
Input Entitiesmaltego.DNSName
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address
Short DescriptionReturns the IPv6 Addresses observed by OTX for the input Entity.

To linking Domains (Whois) [OTX].

Description

Returns the related domains linking to the input domain.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo linking Domains (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionLinkingDomains
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Domain
Short DescriptionReturns the related domains linking to the input domain.

To As Number [OTX].

Description

Returns the Autonomous System Number observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo As Number [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.dnsNameToGeoSectionAsNumber
Input Entitiesmaltego.DNSName
Output Entitiesmaltego.AS
Short DescriptionReturns the Autonomous System Number observed by OTX for the input Entity.

To shared Email (Whois) [OTX].

Description

Returns the email shared by others domains as the input domain.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo shared Email (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionSharedEmail
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Domain
Short DescriptionReturns the email shared by others domains as the input domain.

To shared Nameservers (Whois) [OTX].

Description

Returns the related domains sharing same nameserver detected by OTX for the input domain.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo shared Nameservers (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionSharedNameservers
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Domain
Short DescriptionReturns the related domains sharing same nameserver detected by OTX for the input domain.

To IP Addresses [OTX].

Description

Returns the IP addresses observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo IP Addresses [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToUrlListSectionIpAddress
Input Entitiesmaltego.Domain
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address
Short DescriptionReturns the IP addresses observed by OTX for the input Entity.

To Subdomains (Passive DNS) [OTX].

Description

Returns the subdomains observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo Subdomains (Passive DNS) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToPassiveDnsSectionSubdomains
Input Entitiesmaltego.Domain
Output EntitiesmaltegoDNSName
Short DescriptionReturns the subdomains observed by OTX for the input Entity.

To DNS Names sharing SSL Certificate (Whois) [OTX].

Description

Returns the related DNS names sharing the same SSL Certificate observed by OTX for the input Entity.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsetrue

Transform Meta Info

InformationValue
Display NameTo DNS Names sharing SSL Certificate (Whois) [OTX].
Owner 
AuthorMaltego
Data SourceOTX
Transform Namealienvault.otx.domainToWhoisSectionDnsNameSharingSsl
Input Entitiesmaltego.Domain
Output Entitiesmaltego.DNSName
Short DescriptionReturns the related DNS names sharing the same SSL Certificate observed by OTX for the input Entity.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2024 by Maltego Technologies.