Friday, August 2, 2013

A Proximity View for Maltego

By following the steps bellow you will be able to visualize the proximity of entities in your graph to other preselected target entities. This step-by-step guide was created as a tutorial as well as a proof-of-concept illustration for what can be done using Maltego Viewlets. Let's get started...

Step 1: Open or create a graph in Maltego

To download Maltego visit Paterva's Website. Open an existing graph or create a new graph and drag a few entities from the palette onto the graph and connect them with links (or run transforms to generate links).

Step 2: Select the Bubble View



Step 3: Change to Organic layout for a better view (Optional)


Step 4: Select a target entity 

Select an entity that you want to use as a target for displaying the proximity of other entities to this entity.

Step 5: Show property view toolbar

If the toolbar in the Property View is not visible, right click on the Property View title and click on Show/Hide Toolbar.



Step 6: Add a color property

Click on the plus button in the Property View toolbar to add a new dynamic property. (Note that you can also customize any entity type instead to add the property to that entity type permanently)


Complete the fields as shown below and click OK.


Step 7: Set the color property

Set the color property in the Property View in html/hex format. (Blue in this case)


Step 8: Choose other proximity targets

Repeat steps 6 and 7 for any other entities, optionally using different colors for each one.

Step 9: Add the proximity Viewlet

Click on Configure in the Viewlet drop-down menu.



Click on New Viewlet, enter a name for the Viewlet and click OK.


Click on the Add Binding button.



Choose the "Entity Color" binding property.



Add the following JavaScript code to the binding and click OK twice.

var colorProperty = "proximity.color";

// Converts RGB bytes to hex color (e.g. [255,255,255]->"#FFFFFF")
function rgbToHex(r, g, b) {
    r = Math.floor(r);
    g = Math.floor(g);
    b = Math.floor(b);
    return "#" + ((1 << 24) + (r << 16) + (g << 8) + b).toString(16).slice(1);
}

// Converts hex color to RGB
function hexToRgb(hex) {
    var result = /^#?([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})$/i.exec(hex);
    return result ? {
        r: parseInt(result[1], 16),
        g: parseInt(result[2], 16),
        b: parseInt(result[3], 16)
    } : null;
}

// Populate "colors" with the closest distance for each color found
function recurse(entity, colors, maxDepth, depth) {
    if (depth === maxDepth) {
        return;
    }
    var color = entity.getPropertyValue(colorProperty);
    if (color) {
        var minDepth = colors[color];
        if (!minDepth || depth < minDepth) {
            minDepth = depth;
        }
        colors[color] = minDepth;
    } else {
        var newDepth = depth + 1;
        var links = entity.incoming();
        for (var i in links) {
            recurse(links[i].source(), colors, maxDepth, newDepth);
        }
        links = entity.outgoing();
        for (var i in links) {
            recurse(links[i].target(), colors, maxDepth, newDepth);
        }
    }
}

if (hasProperty(colorProperty)) {
    // If we have a color property then use that
    getPropertyValue(colorProperty);
} else {
    // else get color from proximity to other entities with color properties
    var maxDepth = 6;
    var colors = [];
    recurse(entity, colors, maxDepth, 0);
    var totalWeight = 1;
    var mycolor = {r: 240, g: 240, b: 240};
    for (var i in mycolor) {
        mycolor[i] *= totalWeight;
    }
    for (var c in colors) {
        var color = hexToRgb(c);
        var weight = (maxDepth - colors[c]) / maxDepth;
        for (var i in color) {
            mycolor[i] += color[i] * weight;
        }
        totalWeight += weight;
    }
    for (var i in color) {
        mycolor[i] /= totalWeight;
    }
    rgbToHex(mycolor["r"], mycolor["g"], mycolor["b"]);
    var DEBUG = false;
    if (DEBUG) {
        var out = "";
        for (var i in colors) {
            out += i + ":" + colors[i] + " ";
        }
        out;
    }
}

Result

Your resulting graph should look something like the following, where I have set the indicated entities as my "targets".



There are a lot of optimizations that can be done to the Viewlet code but hopefully this will come in handy for someone working with large and complex graphs where proximity of entities play an important role in analyzing the data.


Anton van Aswegen

No comments :

Post a Comment