There are a few important concepts in Maltego that need to be understood before using the tool.
CaseFile
Use Maltego completely offline as a mind-mapping tool for offline viewing.
Collaboration
Collaborate with your team on the same graph and share access to different datasets live.
Data Subscription
Maltego data subscriptions are a subscription-based model to allow investigators to purchase usage-based access to third-party data directly in the Maltego web-shop.
Desktop Client / Client / Maltego Desktop Client
References to Maltego software used on the desktop is referred to as the Desktop Client, the Client or the Maltego Desktop Client. The Desktop Client editions available are Community Edition (CE), Classic, XL and One.
Entity / Entities
What are Maltego Entities? An Entity is a piece of information shown as a node on the graph. Different Entity types are used to differentiate between the different pieces of information that can be represented in Maltego.
Entities can be anything from a DNS name, Person name, Phone number, etc. The Maltego Desktop Client comes pre-loaded with numerous Entities targeted for use in online investigations, however, you can create your own custom Entities.
You can read more about Maltego Entities here.
Hub Item
Transforms and the Entity types that they query need to be stored on a server that can be accessed by the Maltego Client.
Hub items allow Maltego users to install combinations of Transforms, Entities and Machines from a server. By default, Maltego installs the Hub item called Standard Transforms which contains the Transforms, Entities and Machines that are developed and maintained by the developers of Maltego.
Additional Hub items can be installed to get 3rd party functionality built by the community.
Machine
Machines are the Maltego equivalent of macros. Machines allow you to chain together multiple Transforms, filters and actions in order to automate common and tedious tasks. Use Machines to automatically execute pre-defined sequences of Transforms or define your Transform sequences to run queries automatically and speed up your investigation process.
Matches
A match can be defined as a unit of measurement for the Transform quota purchased by a customer as part of a data subscription. Matches are specific to the Pipl data integration and cannot be transferred to other data integrations.
Paid Connector
A paid connector is an option to access data in Maltego, following a two-step process of getting an API key from the data partner and Hub item access from Maltego. To get access or learn more, simply reach out to us using the contact form on the data source detail page, e.g. here for Orbis data.
Servers
Run Transforms over Maltego’s public server or purchase a private server to host your own infrastructure.
Standard OSINT Transforms
Work with Maltego Standard Transforms to enrich your investigations with OSINT data. Read more here.
Transform
What is a Maltego Transform? A Transform is a piece of code that searches for information related to an Entity on the graph. Transforms allow you to query an API or database to show related info on the graph.
Transforms are pieces of code that take a bit of information (in the form of an Entity) as input, and then return related information in the form of more Entities as an output.
The idea is that we are "transforming" one type of information into another type. For example we could have the website "www.maltego.com" and transform it into the IP address "104.248.60.43".
By default Maltego has Transforms that can query information from data sources like DNS servers, search engines, social networks, WHOIS information, etc.
Transforms can also be written by Maltego users, providing the flexibility to connect to their own data.
Read more about writing your own Transforms here.
Transform Hub
Access paid and free data from a variety of public sources (OSINT) as well as over 80 data partners.
Transform Run
A Transform runs on a Transform server which is hosted by either Maltego (for Maltego Standard Transforms) or by one of our Data Partners. Transforms are the mechanism that enable exploratory link analysis from within the Maltego Desktop Client application.
Whenever a user runs a Transform on an input Entity, it is counted as a "Transform run". A Transform run is counted irrespective of the number of results it yields.