# Step 1. Integrate Threat Intel Partners

By integrating Threat Intel partners you will automate identifying malicious emails. Each email reported through the Phishing Reporter add-in will automatically be analysed for malicious content via multiple integrations.

There are 2 steps to Integrating Threat Intel Partners:

1. Create a new integration
2. Follow relevant steps to install each threat intel partner

## **Creating New Integration** <a href="#creating-new-integration" id="creating-new-integration"></a>

Navigate to **Incident Responder > Integrations.** Click the blue **New** button. You can find all our Threat Intel partners under **Integration Type**.

<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlKFxOYqYqSykikkXpwjG%2Fuploads%2FO9zvAviIbw4c4O7141yr%2Fthreat%20intel%20step%201.gif?alt=media&#x26;token=67ad44ca-841f-49a9-96d9-86204d2ec467" alt="Incident Responder Integrations — New button and Integration Type list."><figcaption><p>Incident Responder > Integrations — New button and Integration Type list.</p></figcaption></figure>

### **Quick links to install each Threat Intel Partner**

You can install free threat intel partners or if you already have subscriptions for paid versions, you can integrate these too! All links to install all free and paid for intel threat partners below

**Free Intel Threat Partners**

​[Google Safe Browsing](https://doc.keepnetlabs.com/platform/incident-responder/integrations#google-safe-browsing)

[​​Zen SpamHaus​](https://doc.keepnetlabs.com/platform/incident-responder/integrations#zen-spamhaus)

​​[Cyber X-ray](https://doc.keepnetlabs.com/platform/incident-responder/integrations#cyber-x-ray)

[​VMRay​](https://doc.keepnetlabs.com/platform/incident-responder/integrations#vmray)

**Paid Intel Threat Partners**

​​[Google Web Risk](https://doc.keepnetlabs.com/platform/incident-responder/integrations#google-web-risk)

[​AnyRun​](https://doc.keepnetlabs.com/platform/incident-responder/integrations#anyrun)

[​​OPSWAT​](https://doc.keepnetlabs.com/platform/incident-responder/integrations#opswat)

[​FortiSandbox](https://doc.keepnetlabs.com/platform/incident-responder/integrations#fortisandbox)

​​[Virus Total​](https://doc.keepnetlabs.com/platform/incident-responder/integrations#virustotal)

​[IMB X-Force](https://doc.keepnetlabs.com/platform/incident-responder/integrations#ibm-x-force)

{% hint style="success" %}
Add as many Threat Intel Partners as you would like. The more you integrate, the more thorough your analysis of suspicious emails.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.keepnetlabs.com/next-generation-product/getting-started/7.-incident-responder-setup/step-1.-integrate-threat-intel-partners.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.