Knogin
[Developers]

Maltego Domain

Teams switching from standalone Maltego installations to the Argus platform do not need to rebuild their existing work from scratch. The Maltego domain reads MTZ archive files, extracts the entities and relationships ins

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsgeospatial

Overview#

Teams switching from standalone Maltego installations to the Argus platform do not need to rebuild their existing work from scratch. The Maltego domain reads MTZ archive files, extracts the entities and relationships inside them, and maps everything to native platform profile types, so analysts can pick up where they left off inside a full investigation environment.

Key Features#

  • MTZ file parsing and entity extraction
  • Entity type mapping from Maltego format to platform entity types
  • New investigation creation from imported Maltego data
  • Adding extracted entities to existing investigations
  • Support for standard Maltego entity types and properties

Use Cases#

Relevant sectors include financial crime investigation, law enforcement, and intelligence agencies.

  • Migrating existing Maltego investigations into the platform
  • Importing Maltego analysis results to enrich ongoing investigations
  • Converting Maltego entity graphs into platform-native entity profiles
  • Preserving Maltego workflow outputs within the platform ecosystem

Integration#

The Maltego domain integrates with Investigation for case creation, Entity for profile mapping, and the intelligence service for entity enrichment.

Open Standards#

  • MTZ / MTGL (Maltego graph interchange formats): The capability ingests Maltego's .mtz archive files and exports .mtgl XML graph files, preserving the entity and relationship model used across Maltego installations.
  • ZIP (ISO/IEC 21320-1): MTZ files are standard ZIP archives; the parser opens them as such to extract the embedded CSV data files.
  • CSV (RFC 4180): Entities and relationships inside an MTZ archive are encoded as comma-separated values, consumed row-by-row during extraction.
  • XML 1.0 (W3C Recommendation): MTGL graph exports are serialised as XML documents with an explicit XML declaration, allowing re-import into Maltego clients.
  • GraphQL (June 2018 Specification): All upload, query, and mutation operations are exposed through a GraphQL API, including multipart file upload support.
  • OAuth 2.0 Bearer Token (RFC 6750): Requests to a Maltego Transform Distribution Server are authenticated using a Bearer token passed in the HTTP Authorization header.
  • JSON (RFC 8259): Transform results retrieved from the Maltego TDS API and intermediate data payloads are exchanged as JSON objects.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.