Setting Up Integrations
Forensic Email Intelligence supports several external API integrations to enable IP intelligence, domain intelligence, and email address intelligence. The integrations are optional—if you do not configure them, those options will simply be unavailable.
You can access the Integration Settings page within FEI's Settings view through the startup page, or by using the settings icon in FEI Viewer.
FEI uses the GeoIP2 Precision Services from MaxMind. You can obtain an API key for this service below:
Once you create your account and purchase credits, visit the Account > License Keys page and create a new license key for FEI. You will need to supply your Account/User ID (an integer value found on the License Keys page) as well as your license key to activate the integration.
FEI uses SecurityTrails API for historical mail exchanger (MX) records as well as subdomain lookups. You can set up an account with SecurityTrails below:
Once you create an account, visit the API > API Keys menu and click the Create New API Key button to create an API key for FEI. You will need to supply this API key to FEI to activate the SecurityTrails integration.
EmailRep by Sublime Security
FEI uses this API for the enrichment of email addresses. You can create an account below:
External APIs and Data Privacy
When you choose to enrich a data point such as an IP address, domain name, or email address via FEI, FEI sends that specific data point to the corresponding API and gets an API response. It does not send the entirety of the email message where the data point was found. In our experience, querying IP addresses, domain names, or email addresses against external APIs do not typically raise privacy concerns. If your case requires that these data points be kept secret, consider disabling the API integrations in FEI.
When Is External API Enrichment Performed?
FEI performs enrichment operations when you specifically click on a data point and initiate a query in FEI Viewer. External enrichments are not triggered when FEI automatically ingests, extracts, and scores multiple documents in a batch process through ingestion.
FEI caches external enrichment results when reasonably feasible to prevent querying the same data point multiple times within a short time window and expending API credits unnecessarily. Query results contain an indicator that shows when the live data was retrieved from the corresponding API.