Overview
ZeroFOX’s patented SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, HipChat, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains and more.
ZeroFOX Transforms for Maltego enable analysts to visualize and pivot between ZeroFOX’s protected social media Entities, alerts, rules, and identified perpetrators.
Benefits
- With 40+ Transforms, search and enrich context for cyber-attacks stemming from social media and digital channels
- Visualize ZeroFOX social media threat intelligence and custom alerts
To read more about ZeroFox click here.
[ZF] Get Rules
| ZeroFOX API Key | string | DefaultValue | True | True | False |
Variants
| zfRuleGroup2Rule | zf.ruleGroup | Retrieves all of the rules that fall under the selected threat rule group. |
| zfAssetRules | zf.Asset | Retrieves the configured threat rules for the selected entity/ies(asset/s). |
[ZF] Get Alert Actions
Description
Retrieves all of the Takedown-as-a-Service™ actions statuses, including the date-time, that correspond to the selected alert/s.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Alert Actions |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfAlertActions |
| Input Entities | zf.Alert |
| Output Entities | Phrase |
| Short Description | Retrieves all of the Takedown-as-a-Service™ actions statuses, including the date-time, that correspond to the selected alert/s. |
[ZF] Get All Entities
Description
Retrieves all of the configured entities(assets).
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get All Entities |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfAllAssets |
| Input Entities | zf.ZeroFox |
| Output Entities | Phrase |
| Short Description | Retrieves all of the configured entities(assets). |
[ZF] Get Entity Alerts
Description
Retrieves identified threat alerts, related to the selected network entity/ies(asset/s).
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Entity Alerts |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfAssetAlerts |
| Input Entities | zf.Asset |
| Output Entities | Phrase |
| Short Description | Retrieves identified threat alerts, related to the selected network entity/ies(asset/s). |
[ZF] Get Perpetrators
| ZeroFOX API Key | string | DefaultValue | True | True | False |
Variants
| zfAlertPerps | zf.Alert | Retrieves social media intelligence of all the perpetrators related to the selected threat alert/s. |
| zfAssetPerp | zf.Asset | Retrieves social media intelligence of all the perpetrators related to the selected entity/ies(asset/s). |
| zfRuleGroup2Perp | zf.ruleGroup | Retrieves social media intelligence of all the perpetrators related to the selected threat rule group/s. |
[ZF] Get All Rules
Description
Retrieves all of the configured threat rules.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get All Rules |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfAllRules |
| Input Entities | zf.ZeroFox |
| Output Entities | Phrase |
| Short Description | Retrieves all of the configured threat rules. |
[ZF] Get All Rule Groups
Description
Retrieves all of the configured threat rule groups.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get All Rule Groups |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfAllRuleGroups |
| Input Entities | zf.ZeroFox |
| Output Entities | Phrase |
| Short Description | Retrieves all of the configured threat rule groups. |
[ZF] Get Rule Groups
| ZeroFOX API Key | string | DefaultValue | True | True | False |
Variants
| zfStatusGroups | zf.Status | Retrieves the configured threat rule groups that have alerts containing the selected status/es. |
| zfPerpGroup | maltego.Alias | Retrieves the configured threat rule groups relevant to the identified threat alerts triggered by the selected perpetrator/s violations. |
| zfPageGroup | maltego.URL | Retrieves the configured threat rule groups for the selected page/s. |
| zfNetworkGroup | zf.SocialNetwork | Retrieves the configured threat rule groups for the selected social network/s. |
| zfAssetGroup | zf.Asset | Retrieves the configured threat rule groups for the selected entity/ies(asset/s. |
[ZF] Get Alert Status
| ZeroFOX API Key | string | DefaultValue | True | True | False |
Variants
| zfNetworkStatus | zf.SocialNetwork | Retrieves the status/es of identified threat alerts, relevant to the selected social network/s. |
| zfRuleStatus | zf.Rule | Retrieves the status(es) of identified threat alerts that fall under the selected threat rule/s configured. |
| zfPerpStatus | maltego.Alias | Retrieves the status(es) of identified threat alerts triggered by the selected perpetrator/s violations. |
| zfPageStatus | maltego.URL | Retrieves the status(es) of identified threat alerts, relevant to the selected page/s. |
| zfStatus | zf.ZeroFox | Retrieves all possible statuses of an identified threat alert. |
| zfAssetStat | zf.Asset | Retrieves the status(es) of identified threat alerts, relevant to the selected entitie/s(asset/s). |
| zfRuleGroup2Stat | zf.ruleGroup | Retrieves the status(es) of identified threat alerts that fall under the selected threat rule/s group/s configured. |
[ZF] Get Social Networks
| ZeroFOX API Key | string | DefaultValue | True | True | False |
Variants
| zfRuleNet | zf.Rule | Retrieves the social networks that are related with a selected threat rule group. |
| zfStatusNet | zf.Status | Retrieves the social networks that have alerts containing the selected status/es. |
| zfAssetNetworks | zf.Asset | Retrieves the social networks of the selected entity/ies(asset/s). |
| zfRuleGroup2Net | zf.ruleGroup | Retrieves the social networks that are related with a selected threat rule group. |
[ZF] Get Entities
| ZeroFOX API Key | string | DefaultValue | True | True | False |
Variants
| zfNetworkAsset | zf.SocialNetwork | Retrieves the configured entities(assets) of the selected social network(s). |
| zfRuleAsset | zf.Rule | Retrieves the entities(assets) affected by violations that fall under the selected rule. |
| zfStatusAsset | zf.Status | Retrieves the entities(assets) that have identified threat alerts containing the selected status/es. |
| zfPerpAsset | maltego.Alias | Retrieves the entities(assets) which are affected by the selected perpetrator/s violations. |
| zfRuleGroup2Asset | zf.ruleGroup | Retrieves the entities(assets) affected by violations that fall under the selected rule. |
| zfPageAsset | maltego.URL | Retrieves the configured entities(assets) of the selected page/s. |
[ZF] Get Rule Alerts
Description
Retrieves identified threat alerts based on the selected rule/s configured.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Rule Alerts |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfRuleAlerts |
| Input Entities | zf.Rule |
| Output Entities | Phrase |
| Short Description | Retrieves identified threat alerts based on the selected rule/s configured. |
[ZF] List Social Networks
Description
Retrieves all social networks.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] List Social Networks |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfNets |
| Input Entities | zf.ZeroFox |
| Output Entities | Phrase |
| Short Description | Retrieves all social networks. |
[ZF] Get Alerts
| ZeroFOX API Key | string | DefaultValue | True | True | False |
Variants
| zfNetworkAlerts | zf.SocialNetwork | Retrieves identified threat alerts, that are relevant to the selected social network/s. |
| zfStatusAlert | zf.Status | Retrieves all identified threat alerts containing the selected status/es. |
| zfRuleGroup2Alert | zf.ruleGroup | Retrieves identified threat alerts based on the selected rule group/s configured. |
[ZF] Get Perpetrator Alerts
Description
Retrieves identified threat alerts, relevant to the violations commited by the selected perpetrator.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Perpetrator Alerts |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfPerpAlert |
| Input Entities | maltego.Alias |
| Output Entities | Phrase |
| Short Description | Retrieves identified threat alerts, relevant to the violations commited by the selected perpetrator. |
[ZF] Get Page Alerts
Description
Retrieves the identified threat alerts, relevant to the selected page/s.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Page Alerts |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfPageAlert |
| Input Entities | maltego.URL |
| Output Entities | Phrase |
| Short Description | Retrieves the identified threat alerts, relevant to the selected page/s. |
[ZF] Get Rules by Status
Description
Retrieves the configured threat rules that have alerts containing the selected status/es.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Rules by Status |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfStatusRule |
| Input Entities | zf.Status |
| Output Entities | Phrase |
| Short Description | Retrieves the configured threat rules that have alerts containing the selected status/es. |
[ZF] Get Perpetrator Rules
Description
Retrieves the configured threat rules relevant to the identified threat alerts triggered by the selected perpetrator/s violations.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Perpetrator Rules |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfPerpRule |
| Input Entities | maltego.Alias |
| Output Entities | Phrase |
| Short Description | Retrieves the configured threat rules relevant to the identified threat alerts triggered by the selected perpetrator/s violations. |
[ZF] Get Page Rules
Description
Retrieves the configured threat rules for the selected page/s.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Page Rules |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfPageRule |
| Input Entities | maltego.URL |
| Output Entities | Phrase |
| Short Description | Retrieves the configured threat rules for the selected page/s. |
[ZF] Get Network Rules
Description
Retrieves the configured threat rule groups for the selected social network/s.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Network Rules |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfNetworkRules |
| Input Entities | zf.SocialNetwork |
| Output Entities | Phrase |
| Short Description | Retrieves the configured threat rule groups for the selected social network/s. |
[ZF] Get Network Perpetrators
Description
Retrieves social media intelligence of all the perpetrators related to the selected social network/s.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Network Perpetrators |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfNetworkPerpetrator |
| Input Entities | zf.SocialNetwork |
| Output Entities | Phrase |
| Short Description | Retrieves social media intelligence of all the perpetrators related to the selected social network/s. |
[ZF] Get Rule Perpetrators
Description
Retrieves social media intelligence of all the perpetrators related to the selected threat rule/s.
| ZeroFOX API Key | string | DefaultValue | True | True | False |
| Display Name | [ZF] Get Rule Perpetrators |
| Owner | Maltego Transforms |
| Author | maltegotransforms@maltego.com |
| Data Source | ZF |
| Transform Name | zfRulePerp |
| Input Entities | zf.Rule |
| Output Entities | Phrase |
| Short Description | Retrieves social media intelligence of all the perpetrators related to the selected threat rule/s. |