There are three ways to create a new, blank investigation graph in Maltego.
Once you have a new graph, you can drop your Entities (see Entity palette section below) and begin running Transforms on these Entities.
1: Click the plus (+) button in the top left corner of Maltego.
Once you have created a new graph you will be presented with a fresh page within a new tab, surrounded by a range of control windows as shown in the image below.
Entities in Maltego are used to represent different types of information and are represented as nodes on your graph. All the Entities that are available in your Maltego Client will be found in the Entity Palette which, by default, is found on the left-hand side of your graph. The Entities in the palette are categorized into groups with the main categories being Infrastructure and Personal.
There are three aspects of an Entity that should be understood before going forward:
- Type: The type of information that the Entity is representing.
- Value: The primary information field for an Entity, and it is always displayed on the graph.
- Properties: Additional information fields for the Entity.
Adding an Entity to your Graph
To add a new Entity to your graph, click and hold on the desired Entity and drag it onto the graph area as depicted below:
Once an Entity has been dragged onto a graph it becomes one of the nodes on the graph.
Editing an Entity Value
Double click on the Entity text on the Entity to edit the Entity’s value, the text will become highlighted, and you can quickly edit the value:
Entity Details Window
To open the full Entity Details window, you can double-click anywhere else on the Entity icon besides from the Entity’s value. The Entity Details window includes four separate tabs described below:
The Entity Summary tab will open first when the Entity Details window is opened. The tab contains a summary of all the information of the Entity that can be found in more detail in the subsequent tabs in the Entity Details window. `
The Attachments tab allows you to view a list of all the file attachments for the Entity.
New file attachments can be added by clicking the Attach button. This will open a dialog where a local file can be selected or a URL to a file can be specified which will be fetched by the Maltego client.
File attachments can also be added to an Entity by dragging and dropping it from your file manager onto an Entity on the graph.
On a Maltego graph, it is shown that an Entity has a file attached to it with a paper-clip icon that is displayed on the left-hand side of the Entity’s icon as shown in the image below:
The Notes tab includes a text area where a note for an Entity can be added or modified.
On a Maltego graph, Entities with notes can be identified by the yellow page icon on the right-hand side of the Entity icon as shown below. Double-clicking the yellow page icon will show the note in a dialog box on the graph as depicted below. This dialog can be closed again by clicking the [X] in the top right-hand corner of the dialog box.
The Properties tab in the Entity Details window shows a list of key-value pairs for the different properties that the Entity includes. The values for an Entity’s properties can also be edited from this window too.
Maltego Graph Tips: How to Use Two Different Layouts on the Same Maltego Graph
Maltego allows you to freeze the current layout of your graph, as well as add new data which can then be organized. This allows an analyst to view data in two different ways at the same time, essentially creating an 'anchor' with which you can compare and contrast your data.