Setting Up Integrations

Forensic Email Intelligence supports several external API integrations to enable IP intelligence, domain intelligence, and email address intelligence. The integrations are optional—if you do not configure them, those options will simply be unavailable.

You can access the Integration Settings page within FEI's Settings view through the startup page, or by using the settings icon in FEI Viewer.

FEI Viewer Settings

MaxMind

FEI uses the GeoIP2 Precision Services from MaxMind. You can obtain an API key for this service below:

https://www.maxmind.com/en/geoip2-precision-insights

Once you create your account and purchase credits, visit the Account > License Keys page and create a new license key for FEI. You will need to supply your Account/User ID (an integer value found on the License Keys page) as well as your license key to activate the integration.

Important Note: Activation of new license keys by MaxMind can take a few minutes. During this time, you would get an authentication error if you attempt to use the license key with FEI.

SecurityTrails

FEI uses SecurityTrails API for historical mail exchanger (MX) records as well as subdomain lookups. You can set up an account with SecurityTrails below:

https://securitytrails.com/corp/pricing#api

Once you create an account, visit the API > API Keys menu and click the Create New API Key button to create an API key for FEI. You will need to supply this API key to FEI to activate the SecurityTrails integration.

EmailRep by Sublime Security

FEI uses this API for the enrichment of email addresses. You can create an account below:

https://emailrep.io/key

External APIs and Data Privacy

When you choose to enrich a data point such as an IP address, domain name, or email address via FEI, FEI sends that specific data point to the corresponding API and gets an API response. It does not send the entirety of the email message where the data point was found. In our experience, querying IP addresses, domain names, or email addresses against external APIs do not typically raise privacy concerns. If your case requires that these data points be kept secret, consider disabling the API integrations in FEI.

When Is External API Enrichment Performed?

FEI performs enrichment operations when you specifically click on a data point and initiate a query in FEI Viewer. External enrichments are not triggered when FEI automatically ingests, extracts, and scores multiple documents in a batch process through ingestion.

Caching

FEI caches external enrichment results when reasonably feasible to prevent querying the same data point multiple times within a short time window and expending API credits unnecessarily. Query results contain an indicator that shows when the live data was retrieved from the corresponding API.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.