Open navigation

Cybersixgill

Modified on: Mon, 13 Jun, 2022 at 1:17 PM

Overview

Cybersixgill's CTI solutions are powered by the most extensive, automated collection of threat intelligence from the cybercriminal underground, providing exclusive and real- time access to the largest database of deep, dark and clear web activity on the market.


Maltego users can now enrich their investigation by enriching data regarding IOCs or search specific keywords and get important context and essential explanations to connect the dots in their investigation, enabling them to take the correct action.


Cybersixgill is a fully automated threat intelligence solution that helps organizations protect their critical assets, reduce fraud and data breaches, protect their brand, and minimize attack surface. It delivers contextual threat intelligence in real-time that is highly accurate, comprehensive, and covert.


Integrating Cybersixgill’s unique data with Maltego provides users with unparalleled collection capabilities from the deep and dark web, and the ability to display it in Maltego’s graphical link analysis. Threat intelligence and SOC analysts, incident responders, and other cybersecurity teams will be able to accelerate the process of their investigations, obtain a visual understanding of the threat landscape, and gain actionable insights.


Don't miss our blog post, Gain Visibility into Cybercriminal Chatter with Cybersixgill! for more details about the Cybersixgill integration and an interesting use case.


You can also read more about the Cybersixgill integration on our website here.


Pricing and Access

The Cybersixgill Transforms for Maltego are only available to users with a commercial license.


Users with a Maltego One, Classic, or XL license have the following purchase options.


Data Subscriptions

Simply purchase a data subscription for Cybersixgill on an annual subscription basis in our web shop .


Enterprise Data Allowance

Maltego Enterprise users can access and install the Cybersixgill Hub item directly in the Maltego Desktop Client. Each Enterprise user has the allowance to run 10 Cybersixgill Transforms per month.


Bring Your Own Key

If you are an existing Cybersixgill customer, reach out to your contact person at Cybersixgill to gain access to the Hub item. If you are not yet a Cybersixgill customer, please reach out to Maltego by emailing support@maltego.com.



Cybersixgill Transforms

To Domains [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo Domains [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortodomainmaltego.AliasEnriching information from a threat actor and receiving all the domains that it mentioned
posttodomaincybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the domains mentioned in that post

To mentioned Hashes [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo mentioned Hashes [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortohashmaltego.AliasEnriching information from a threat actor and receiving all the hashes that it mentioned
posttohashcybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the hashes mentioned in that post

To IP Address [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo IP Address [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortoipmaltego.AliasEnriching information from a threat actor and receiving all the IP addresses that it mentioned
posttoipcybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the IP addresses mentioned in that post

To Intel Item Post [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo Intel Item Post [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortopostmaltego.AliasEnriching information from a threat actor and receiving all intel item post IDs, to enable you to see the complete posts on Cybersixgill’s investigative portal or enrich the data on a specific post to find other related IOCs
domaintopostmaltego.DomainEnriching information from a domain and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs
hashtopostmaltego.HashEnriching information from a hash and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs
iptopostmaltego.IPv4AddressEnriching information from an IP address and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs
urltopostmaltego.URLEnriching information from a URL and recieving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs

To Threat Source [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo Threat Source [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortosourcemaltego.AliasEnriching information from a threat actor and receiving all the threat sources that it mentioned
domaintosourcemaltego.DomainEnriching information from a domain and receiving all the threat sources that mentioned it
hashtosourcemaltego.HashEnriching information from a hash and receiving all the threat sources that mentioned it
iptosourcemaltego.IPv4AddressEnriching information from an IP address and recieving all the threat sources that mentioned it
posttosourcecybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the threat sources mentioned in that post

To URLs [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo URLs [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortourlmaltego.AliasEnriching information from a threat actor and receiving all the URLs that it mentioned
posttourlcybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the URLs mentioned in that post

All of these words [Cybersixgill]

Description

Example: what’s happening - contains both ‘what’s’ and ‘happening’


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display Nameall of these words [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Transform Nameallofthesewords
Input Entitiesmaltego.Phrase
Output EntitiesPhrase
Short DescriptionExample: what’s happening - contains both ‘what’s’ and ‘happening’

Any of these words [Cybersixgill]

Description

Example: cats dogs hour - contains either ‘cats’ or ‘dogs’ (or both)


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameAny of these words [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Transform Nameanyofthesewords
Input Entitiesmaltego.Phrase
Output EntitiesPhrase
Short DescriptionExample: cats dogs hour - contains either ‘cats’ or ‘dogs’ (or both)

To Threat Actors [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo Threat Actors [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
domaintoactormaltego.DomainEnriching information from a domain and receiving all the threat actors that mentioned it
hashtoactormaltego.HashEnriching information from a hash and receiving all the threat actors that mentioned it
iptoactormaltego.IPv4AddressEnriching information from an IP address and recieving all the threat actors that mentioned it
urltoactormaltego.URLEnriching information from a URL and recieving all the threat actors that mentioned it

To Threat Actor [Cybersixgill]

Description

Enriching information from an intel item post ID, and receiving all the threat actors mentioned in that post


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo Threat Actor [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Transform Nameposttoactor
Input Entitiescybersixgill.IntelPost
Output EntitiesPhrase
Short DescriptionEnriching information from an intel item post ID, and receiving all the threat actors mentioned in that post

This exact phrase [Cybersixgill]

Description

Example: happy hour - contains the exact phrase ‘happy hour’


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameThis exact phrase [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Transform Namethisexactphrase
Input Entitiesmaltego.Phrase
Output EntitiesPhrase
Short DescriptionExample: happy hour - contains the exact phrase ‘happy hour’

To Threat Sources [Cybersixgill]

Description

Enriching information from a URL and recieving all the threat sources that mentioned it


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring TrueFalsefalse
Cybersixgill’s Client Secretstring TrueFalsefalse

Transform Meta Info

InformationValue
Display NameTo Threat Sources [Cybersixgill]
OwnerCybersixgill
AuthorTamar <tamar@@cybersixgill.com>
Data SourceCybersixgill
Transform Nameurltosource
Input Entitiesmaltego.URL
Output EntitiesPhrase
Short DescriptionEnriching information from a URL and recieving all the threat sources that mentioned it

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.