Knogin
[Investigation]

Investigation Maltego Integration

Many financial crime and intelligence teams have built deep expertise around Maltego's transform ecosystem.

Module metadata

Many financial crime and intelligence teams have built deep expertise around Maltego's transform ecosystem.

Back to All Modules

Source reference

content/modules/investigation-maltego-integration.md

Last Updated

Feb 5, 2026

Category

Investigation

Content checksum

96f184d575a5d002

Tags

investigationcomplianceblockchaingeospatial

Overview#

Many financial crime and intelligence teams have built deep expertise around Maltego's transform ecosystem. Their analysts know which transforms surface company directorships, which ones pull passport-linked social profiles, and which ones trace phone numbers through public records. Switching away from that toolkit is not practical, but working in two disconnected systems creates its own problems: findings get lost in translation, entity naming drifts between platforms, and investigation records end up incomplete.

The Maltego Integration module solves that by making the two environments work together. Investigators export subjects and entities to Maltego for enrichment, run whatever transforms their workflow demands, then import the enriched graph back into the investigation with entity context, risk scores, and relationship structures intact.

Diagram

flowchart TD
    A[Investigation Platform] -->|Export Entities| B[Maltego Transform Engine]
    B --> C[OSINT Transforms]
    B --> D[Blockchain Transforms]
    B --> E[Corporate Registry Transforms]
    B --> F[Social Media Transforms]
    C --> G[Enriched Maltego Graph]
    D --> G
    E --> G
    F --> G
    G -->|Import with Conflict Resolution| H[Investigation Platform]
    H --> I[Updated Entity Profiles]
    H --> J[Expanded Relationship Graph]
    H --> K[Investigation Timeline]

Key Features#

  • Bidirectional Entity Synchronization: Export investigation entities to Maltego for enrichment and import enriched Maltego graphs back into investigations with reliable entity mapping and attribute preservation.
  • Entity Type Mapping: Advanced mapping ensures cryptocurrency addresses, wallets, exchanges, and blockchain transactions integrate seamlessly with Maltego's entity model and transform ecosystem.
  • Transform Library Access: Investigators use Maltego's extensive transform library for entity enrichment, OSINT collection, and relationship discovery directly from investigation workflows.
  • Graph Fidelity Preservation: Lossless import and export maintains relationship structures, entity attributes, and graph layouts across platform boundaries without data loss.
  • Batch Entity Processing: High-performance processing handles large-scale entity imports and exports with progress tracking and error handling for complex investigation graphs.
  • Context Preservation: Complete attribute mapping maintains investigation integrity during cross-platform operations, ensuring risk scores, tags, and annotations transfer accurately.
  • Investigation-Aware Transforms: Custom transforms designed for financial crime investigation enrich entities with blockchain intelligence, sanctions screening, and adverse media data.
  • Session Management: Multiple concurrent Maltego integration sessions with state tracking enable investigators to manage parallel enrichment workflows across different case aspects.
  • Conflict Resolution: Intelligent merge strategies handle conflicting entity attributes when importing enriched data back into investigations, with analyst review for ambiguous cases.

Use Cases#

  • OSINT Entity Enrichment: Investigators export subjects to Maltego for open-source intelligence gathering, running transforms for social media analysis, domain research, and public records investigation before importing findings back into case files.
  • Network Expansion Analysis: Maltego's graph exploration capabilities extend investigation entity networks by discovering new connections through transform-based enrichment that would be difficult to find through transaction analysis alone.
  • Cryptocurrency Investigation Support: Blockchain-specific entity types flow between the investigation platform and Maltego, enabling investigators to combine blockchain analytics with Maltego's broader intelligence gathering capabilities.
  • Cross-Platform Investigation Workflow: Teams that use Maltego as part of their standard investigative toolkit maintain continuity between Maltego analysis sessions and the investigation platform's case management and compliance workflows.
  • Collaborative Intelligence Analysis: Multiple analysts work on different aspects of an investigation using Maltego, with results merged back into a unified investigation graph through the integration's conflict resolution capabilities.

Integration#

The Maltego Integration module connects with the investigation platform's entity management, graph visualization, and case management systems. Exported entities carry investigation context including risk assessments, evidence links, and relationship metadata. Imported Maltego graphs automatically update investigation entity records, trigger re-evaluation of risk scores, and populate investigation timelines. The module supports Maltego's standard graph formats and provides custom transform server capabilities for investigation-specific enrichment.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14