Overview
CrowdSec’s Maltego integration consists of 11 Transforms that allow analysts and investigators to gather malicious IP information and/or enrich IPs with information from CrowdSec’s CTI - a crowd-sourced database that consists of tens of thousands of malicious IPs updated in real-time.
CrowdSec is an open-source security stack that detects aggressive behaviors and prevents them from accessing your systems. Once an unwanted behavior is detected, it is automatically blocked.
The aggressive IP, scenario triggered, and the timestamp are sent for curation, to avoid poisoning and false positives. This IP is then redistributed to all CrowdSec users running the same scenario if verified.
You can read more about CrowdSec's Transforms for Maltego on our website here.
Pricing and Access
Community Hub
CrowdSec's Transforms for Maltego are only available for Maltego Commercial Plan users.
Commercial Hub
Users with a Maltego One license have the following access options:
- CLICK-AND-RUN LIMITED (ENTERPRISE)
- Simply install the Hub item and start using it with the following data allowances:
Maltego Enterprise: 50 Transform runs per day
- BRING YOUR OWN KEY
- Pro and Enterprise users can insert their CrowdSec API Keys to access the Transforms in Maltego.
Description
Adds AS entity for an IP by leveraging CrowdSec CTI data
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec AS Transform |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecas |
| Short Description | Adds AS entity for an IP by leveraging CrowdSec CTI data |
| Input Entities | maltego.IPv4Address |
| Output Entities | maltego.AS |
CrowdSec Activity Details
Description
Adds activity details properties to an IP using crowdsec data.
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Activity Details |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecactivity |
| Short Description | Adds activity details properties to an IP using crowdsec data. |
| Input Entities | maltego.IPv4Address |
| Output Entities | |
CrowdSec IP CTI
Description
Attaches CrowdSec CTI API response as a property to IP entity.
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec IP CTI |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecaddapiresp |
| Short Description | Attaches CrowdSec CTI API response as a property to IP entity. |
| Input Entities | maltego.IPv4Address |
| Output Entities | |
CrowdSec Behaviour
Description
Creates a behaviour entity for an IP by leveraging CrowdSec CTI data
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Behaviour |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecbehaviours |
| Short Description | Creates a behaviour entity for an IP by leveraging CrowdSec CTI data |
| Input Entities | maltego.IPv4Address |
| Output Entities | crowdsec.behaviour |
CrowdSec Classification
Description
Creates classification details entities for an IP using CrowdSec data.
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Classification |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecclassification |
| Short Description | Creates classification details entities for an IP using CrowdSec data. |
| Input Entities | maltego.IPv4Address |
| Output Entities | crowdsec.classification |
CrowdSec IP Range
Description
Creates an IP range entity for an IP by leveraging CrowdSec CTI data
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec IP Range |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdseciprange |
| Short Description | Creates an IP range entity for an IP by leveraging CrowdSec CTI data |
| Input Entities | maltego.IPv4Address |
| Output Entities | maltego.Netblock |
CrowdSec Location
Description
Adds location entities by leveraging CrowdSec CTI data.
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Location |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdseclocation |
| Short Description | Adds location entities by leveraging CrowdSec CTI data. |
| Input Entities | maltego.IPv4Address |
| Output Entities | maltego.Location |
CrowdSec Reverse DNS
Description
Creates Reverse DNS entity for an IP by leveraging CrowdSec CTI data
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Reverse DNS |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecreversedns |
| Short Description | Creates Reverse DNS entity for an IP by leveraging CrowdSec CTI data |
| Input Entities | maltego.IPv4Address |
| Output Entities | maltego.DNSName |
CrowdSec Scenario
Description
Creates entites for scenarios triggered by IP using CrowdSec CTI data.
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Scenario |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecscenarios |
| Short Description | Creates entites for scenarios triggered by IP using CrowdSec CTI data. |
| Input Entities | maltego.IPv4Address |
| Output Entities | crowdsec.scenario |
CrowdSec Score
Description
Adds score details for an IP by using CrowdSec CTI.
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Score |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsecscores |
| Short Description | Adds score details for an IP by using CrowdSec CTI. |
| Input Entities | maltego.IPv4Address |
| Output Entities | |
CrowdSec Target Country
Description
Links IP entity with countries most attacked by it, using CrowdSec data.
| global#crowdsec_api_cache_ttl_in_seconds | CrowdSec Cache | int | 120 | True | True | False |
| global#crowdsec_api_key | API Key | string | | True | True | False |
| Display Name | CrowdSec Target Country |
| Owner | Maltego Technologies |
| Author | Maltego Technologies support@maltego.com |
| Data Source | |
| Transform Name | crowdsectargetcountries |
| Short Description | Links IP entity with countries most attacked by it, using CrowdSec data. |
| Input Entities | maltego.IPv4Address |
| Output Entities | maltego.Country |
