Cybersixgill

Modified on: Wed, 22 Sep, 2021 at 2:37 PM

Overview

Cybersixgill offers the most comprehensive enrichment solution on the market for deep and dark web content.


By enriching Indicators Of Compromise (IOCs), including domains, URLs, hashes, IP addresses, as well as actors and post IDs, users gain important context and essential explanations, allowing investigators to connect the dots and ultimately take the right action.


Maltego users can now intercept threats before they become incidents with exclusive access to underground sources as well as malicious IOCs based on the most comprehensive, automated collection from the deep, dark, and surface web.


Cybersixgill is a fully automated threat intelligence solution that helps organizations protect their critical assets, reduce fraud and data breaches, protect their brand, and minimize attack surface. It delivers contextual threat intelligence in real-time that is highly accurate, comprehensive, and covert.


Integrating Cybersixgill’s unique data with Maltego provides users with unparalleled collection capabilities from the deep and dark web, and the ability to display it in Maltego’s graphical link analysis. Threat intelligence and SOC analysts, incident responders, and other cybersecurity teams will be able to accelerate the process of their investigations, obtain a visual understanding of the threat landscape, and gain actionable insights.


Don't miss our blog post, Gain Visibility into Cybercriminal Chatter with Cybersixgill! for more details about the Cybersixgill integration and an interesting use case.


You can also read more about the Cybersixgill integration on our website here.


Pricing and Access

The Cybersixgill Transforms for Maltego are only available to users with a commercial license.


Users with a Maltego One, Classic, or XL license have the following purchase options.


Data Bundles

Simply purchase a data bundle for Cybersixgill on an annual subscription basis in our web shop .


Enterprise Data Allowance

Maltego Enterprise users can access and install the Cybersixgill Hub item directly in the Maltego Desktop Client. Each Enterprise user has the allowance to run 10 Cybersixgill Transforms per month.


Bring Your Own Key

If you are an existing Cybersixgill customer, reach out to your contact person at Cybersixgill to gain access to the Hub item. If you are not yet a Cybersixgill customer, please reach out to Maltego by emailing support@maltego.com.



Cybersixgill Transforms

To Domains [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo Domains [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortodomainmaltego.AliasEnriching information from a threat actor and receiving all the domains that were mentioned
posttodomaincybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the domains mentioned in that post

To Mentioned Hashes [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo mentioned Hashes [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortohashmaltego.AliasEnriching information from a threat actor and receiving all the hashes that it mentioned
posttohashcybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the hashes mentioned in that post

To IP Address [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo IP Address [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortoipmaltego.AliasEnriching information from a threat actor and receiving all the IP addresses that it mentioned
posttoipcybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the IP addresses mentioned in that post

To Intel Item Post [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo Intel Item Post [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortopostmaltego.AliasEnriching information from a threat actor and receiving all intel item post IDs, to enable you to see the complete posts on Cybersixgill’s investigative portal or enrich the data on a specific post to find other related IOCs
domaintopostmaltego.DomainEnriching information from a domain and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs
hashtopostmaltego.HashEnriching information from a hash and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs
iptopostmaltego.IPv4AddressEnriching information from an IP address and receiving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs
urltopostmaltego.URLEnriching information from a URL and recieving intel item post ID, to enable you to see the complete post on Cybersixgill’s investigative portal or enrich the data on that specific post to find other related IOCs

To Threat Source [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo Threat Source [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortosourcemaltego.AliasEnriching information from a threat actor and receiving all the threat sources that it mentioned
domaintosourcemaltego.DomainEnriching information from a domain and receiving all the threat sources that mentioned it
hashtosourcemaltego.HashEnriching information from a hash and receiving all the threat sources that mentioned it
iptosourcemaltego.IPv4AddressEnriching information from an IP address and recieving all the threat sources that mentioned it
posttosourcecybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the threat sources mentioned in that post

To URLs [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo URLs [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
actortourlmaltego.AliasEnriching information from a threat actor and receiving all the URLs that the threat actor has mentioned
posttourlcybersixgill.IntelPostEnriching information from an intel item post ID, and receiving all the URLs mentioned in that post

To Threat Actors [Cybersixgill]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo Threat Actors [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Output EntitiesPhrase

Variants

Transform NameInput EntitiesShort Description
domaintoactormaltego.DomainEnriching information from a domain and receiving all the threat actors that mentioned it
hashtoactormaltego.HashEnriching information from a hash and receiving all the threat actors that mentioned it
iptoactormaltego.IPv4AddressEnriching information from an IP address and recieving all the threat actors that mentioned it
urltoactormaltego.URLEnriching information from a URL and recieving all the threat actors that mentioned it

To Threat Actor [Cybersixgill]

Description

Enriching information from an intel item post ID, and receiving all the threat actors mentioned in that post


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo Threat Actor [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Transform Nameposttoactor
Input Entitiescybersixgill.IntelPost
Output EntitiesPhrase
Short DescriptionEnriching information from an intel item post ID, and receiving all the threat actors mentioned in that post

To Threat Sources [Cybersixgill]

Description

Enriching information from a threat actor and receiving all the threat sources where they have been active


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Cybersixgill’s Client IDstring FalseTrueFalse
Cybersixgill’s Client Secretstring FalseTrueFalse

Transform Meta Info

InformationValue
Display NameTo Threat Sources [Cybersixgill]
OwnerCybersixgill
AuthorTamar tamar@@cybersixgill.com
Data SourceCybersixgill
Transform Nameurltosource
Input Entitiesmaltego.URL
Output EntitiesPhrase
Short DescriptionEnriching information from a threat actor and receiving all the threat sources where they have been active

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.