Overview
Cybersixgill's CTI solutions are powered by the most extensive, automated collection of threat intelligence from the cybercriminal underground, providing exclusive and real- time access to the largest database of deep, dark and clear web activity on the market.
Maltego users can now enrich their investigation by enriching data regarding IOCs or search specific keywords and get important context and essential explanations to connect the dots in their investigation, enabling them to take the correct action.
Cybersixgill is a fully automated threat intelligence solution that helps organizations protect their critical assets, reduce fraud and data breaches, protect their brand, and minimize attack surface. It delivers contextual threat intelligence in real-time that is highly accurate, comprehensive, and covert.
Integrating Cybersixgill’s unique data with Maltego provides users with unparalleled collection capabilities from the deep and dark web, and the ability to display it in Maltego’s graphical link analysis. Threat intelligence and SOC analysts, incident responders, and other cybersecurity teams will be able to accelerate the process of their investigations, obtain a visual understanding of the threat landscape, and gain actionable insights.
Don't miss our blog post, Gain Visibility into Cybercriminal Chatter with Cybersixgill! for more details about the Cybersixgill integration and an interesting use case.
You can also read more about the Cybersixgill integration on our website here.
Pricing and Access
The Cybersixgill Transforms for Maltego are only available to users with a commercial license.
Users with a Maltego One, Classic, or XL license have the following purchase options.
Data Subscriptions
Simply purchase a data subscription for Cybersixgill on an annual subscription basis in our web shop .
Enterprise Data Allowance
Maltego Enterprise users can access and install the Cybersixgill Hub item directly in the Maltego Desktop Client. Each Enterprise user has the allowance to run 10 Cybersixgill Transforms per month.
Bring Your Own Key
If you are an existing Cybersixgill customer, reach out to your contact person at Cybersixgill to gain access to the Hub item. If you are not yet a Cybersixgill customer, please reach out to Maltego by emailing support@maltego.com.
To Domains [Cybersixgill]
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To Domains [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Output Entities | Phrase |
Variants
| actortodomain | maltego.Alias | Enriching information from a threat actor and receiving all the domains that it mentioned |
| posttodomain | cybersixgill.IntelPost | Enriching information from an intel item post ID, and receiving all the domains mentioned in that post |
To mentioned Hashes [Cybersixgill]
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To mentioned Hashes [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Output Entities | Phrase |
Variants
| actortohash | maltego.Alias | Enriching information from a threat actor and receiving all the hashes that it mentioned |
| posttohash | cybersixgill.IntelPost | Enriching information from an intel item post ID, and receiving all the hashes mentioned in that post |
To IP Address [Cybersixgill]
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To IP Address [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Output Entities | Phrase |
Variants
| actortoip | maltego.Alias | Enriching information from a threat actor and receiving all the IP addresses that it mentioned |
| posttoip | cybersixgill.IntelPost | Enriching information from an intel item post ID, and receiving all the IP addresses mentioned in that post |
To Intel Item Post [Cybersixgill]
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To Intel Item Post [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Output Entities | Phrase |
Variants
| actortopost | maltego.Alias | Enriching information from a threat actor and receiving all intel item post IDs, to enable you to see the complete posts on Cybersixgill’s investigative portal or enrich the data on a specific post to find other related IOCs |
| domaintopost | maltego.Domain | Enriching information from a domain and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs |
| hashtopost | maltego.Hash | Enriching information from a hash and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs |
| iptopost | maltego.IPv4Address | Enriching information from an IP address and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs |
| urltopost | maltego.URL | Enriching information from a URL and recieving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs |
To Threat Source [Cybersixgill]
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To Threat Source [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development
|
| Data Source | Cybersixgill |
| Output Entities | Phrase |
Variants
| actortosource | maltego.Alias | Enriching information from a threat actor and receiving all the threat sources that it mentioned |
| domaintosource | maltego.Domain | Enriching information from a domain and receiving all the threat sources that mentioned it |
| hashtosource | maltego.Hash | Enriching information from a hash and receiving all the threat sources that mentioned it |
| iptosource | maltego.IPv4Address | Enriching information from an IP address and recieving all the threat sources that mentioned it |
| posttosource | cybersixgill.IntelPost | Enriching information from an intel item post ID, and receiving all the threat sources mentioned in that post |
To URLs [Cybersixgill]
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To URLs [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development
|
| Data Source | Cybersixgill |
| Output Entities | Phrase |
Variants
| actortourl | maltego.Alias | Enriching information from a threat actor and receiving all the URLs that it mentioned |
| posttourl | cybersixgill.IntelPost | Enriching information from an intel item post ID, and receiving all the URLs mentioned in that post |
All of these words [Cybersixgill]
Description
Example: what’s happening - contains both ‘what’s’ and ‘happening’
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | all of these words [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Transform Name | allofthesewords |
| Input Entities | maltego.Phrase |
| Output Entities | Phrase |
| Short Description | Example: what’s happening - contains both ‘what’s’ and ‘happening’ |
Any of these words [Cybersixgill]
Description
Example: cats dogs hour - contains either ‘cats’ or ‘dogs’ (or both)
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | Any of these words [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Transform Name | anyofthesewords |
| Input Entities | maltego.Phrase |
| Output Entities | Phrase |
| Short Description | Example: cats dogs hour - contains either ‘cats’ or ‘dogs’ (or both) |
To Threat Actors [Cybersixgill]
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To Threat Actors [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Output Entities | Phrase |
Variants
| domaintoactor | maltego.Domain | Enriching information from a domain and receiving all the threat actors that mentioned it |
| hashtoactor | maltego.Hash | Enriching information from a hash and receiving all the threat actors that mentioned it |
| iptoactor | maltego.IPv4Address | Enriching information from an IP address and recieving all the threat actors that mentioned it |
| urltoactor | maltego.URL | Enriching information from a URL and recieving all the threat actors that mentioned it |
To Threat Actor [Cybersixgill]
Description
Enriching information from an intel item post ID, and receiving all the threat actors mentioned in that post
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To Threat Actor [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Transform Name | posttoactor |
| Input Entities | cybersixgill.IntelPost |
| Output Entities | Phrase |
| Short Description | Enriching information from an intel item post ID, and receiving all the threat actors mentioned in that post |
This exact phrase [Cybersixgill]
Description
Example: happy hour - contains the exact phrase ‘happy hour’
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | This exact phrase [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Transform Name | thisexactphrase |
| Input Entities | maltego.Phrase |
| Output Entities | Phrase |
| Short Description | Example: happy hour - contains the exact phrase ‘happy hour’ |
To Threat Sources [Cybersixgill]
Description
Enriching information from a URL and recieving all the threat sources that mentioned it
| Cybersixgill’s Client ID | string | | True | False | false |
| Cybersixgill’s Client Secret | string | | True | False | false |
| Display Name | To Threat Sources [Cybersixgill] |
| Owner | Cybersixgill |
| Author | Cybersixgill Development |
| Data Source | Cybersixgill |
| Transform Name | urltosource |
| Input Entities | maltego.URL |
| Output Entities | Phrase |
| Short Description | Enriching information from a URL and receiving all the threat sources that mentioned it |