Updates and Releases

Release 5.14 - May 26, 2021
Updates and Bug Fixes
Added 'Always Score Good' to Tags. Setting a data point to 'Always Score Good' will add 5,000 points and should always result in a positive score. Added ability to download rollup reports across all your API keys. Fixed some bugs with reporting filters, fingerprint reporting, and activity incidents not including IPv6 entities.
Data Retention Now 30 Days
To simplify GDPR and other privacy requirements, we now only keep vetting data for 30 days (reduced from 35). So portal views and downloads will only show the last 30 days of data as of May 28th. Vetting data past 30 days is purged from our systems.
Release 5.13 - March 31, 2021
Risk Hit Spike Alarms on Dashboard
Replacing the old Area Activity charts on the Dashboard is a new Spikes area. If our service detects a significant spike for specific risk hit, the alarm is listed on the dashboard with links to easily view the data. As an example, if E-HAWK monitors detect a big increase in Disposable Emails, a Spike Alarm is created. The portal displays current alarms (last 24 hours) and all alarms for the last seven days that have a score profile of -25 or worse.
Report Download Enhancements
Download reports have moved to a background process. Report limits have been increased from 5k to 50k rows. On the Data Reports page in the Portal you will see a new Report Queue table when requesting a report. When the report is ready click on the download link in the queue table. Reports will be listed in the queue for two hours. Large data sets can take several minutes to process.
Campaign IP Blocklist API
This new API is designed for companies driving traffic via web campaigns. The API provides a list of IPs per campaign to block thus reducing click and lead fraud for your campaigns in real-time. When sending campaign_id with Vetting API calls, E-HAWK tracks campaign performance in real-time. If you are using any ad platform that supports IPs blocking per campaign, use this API to get a list of all IPs to add to campaign blocklists in platforms such as Google, Bing, and others. This will block these bad IPs from getting campaign traffic.
Obfuscate API
Use the Obfuscate API to replace all personal data with 'Data Obfuscated'. When calling with a transaction ID the API will replace IP, email, name, street, city, state, postalcode, and phone with 'Data Obfuscated'. Use this API when GDPR and other privacy laws require the obfuscation of personal information for a transaction.
Column Sorting on Data Reports Page
Click on any column name in the Data Reports page to sort. One click for ascending and two clicks for descending sorts. The sorting column will have a sort icon to the right with an order indicator. For example, to sort by IP click the IP column name.
Added Tests for Domains with No Web IP
Some domains just have MX records, but no IP in DNS. In this case the site is not viewable and the new test 'Domain: No Web IP' will hit. Scoring for current clients is set to zero.
Release 5.12 - February 1, 2021
Added settings to restrict Portal download of data. You can now turn off for all users or only allow admins to download data. Bug fixes include fixing lead source charts counts, timezone charts for our Australian users, and removing scoring data in JSON error responses.
Release 5.11 - November 30, 2020
With our rapid growth in usage, 5.11 was focused on upgrades to our backend infrastructure, code, and learning engines. We expect improved performance in API response times and the updated code positions us well for the many enhancements planed for 2021.
Release 5.9 - September 1, 2020
Lead Source Sub IDs
Added full support for sub IDs for lead sources. Just send lead_source=source name plus sub_id=subID when calling the API. Reporting as well as the Lead Source API will now include sub ID information. In addition, on the Lead Source Portal we added a Group button to easily rollup Lead Sources and all their Sub IDs.
Mandate 2FA for Portal Users
On the Users page in the portal, click on Settings and you can require Two Factor Authentication for all users in your account. We recommend turning this on for extra security.
Added Tests for Free Domains
In both emaildomain and domain checks, we added a test for domains from free services such as .ga and .tk. Hits are returned as Email: Free Domains and Domain: Free Domain. Default score is -5, but we recommend cranking that up a bit.
Added Dynamic DNS Checks
Domain checks includes Dynamic DNS tests for DDNS services such as proxydns.com. Default score is -10. These services are often used for home web sites and would typically not be used by corporate systems.
Release 5.8 - June 18, 2020
New chart view added to the Data Reports area
Click on the Chart Icon to quickly find out what specific risk hits impacted scores. Chart shows Risk Hits, Score Impact, Grouped by Risk Level. This chart can help you quickly identify why filtered lists of data are scoring bad or good. Give it a try and let us know what you think.
Added Campaign and Lead Source Report API
The API empowers users to get real-time reports on performance by Lead Source and Campaign. Easy to connect into Google Sheets or Excel to monitor lead source and campaign results. This replaces any emailed reports on performance. You can get more info using the API and view live data in an excel, gSheet, or any program that parses JSON to create tables.
Security
Enhanced with IP ACLs to limit IPs that can call our APIs. IP ACLs limit inbound traffic to our api and feed-api endpoints. By default, our endpoints accept traffic from most IPs. By adding your IPs to this list, you restrict all endpoint access to only those IPs on ACL list. The ACL supports individual IPv4 entries as well as v4/24 CIDR blocks. To access, click on Account->Settings. If the ACL IPs are set and call from other IPs hit our endpoints, the JSON response code will be -6 with the error description of IP not in ACL.
Other Features
Added new cache times to both repeat and unique from 5 minutes to 12 hours. These settings are per API key.
All portal users will be asked to check their profile data every six months. Please make sure to update any wrong info. Admins can also add a phone number for text alerts on downtown and security issues from E-HAWK.
New Portal page of Account->Settings where you can manage the account main and technical contacts as well as get quick links to security settings. We will be adding Subscription info and credit card payments to the page in a future release.
We updated the look and feel of www.ehawk.net, created a new section for API docs (we now have 8 APIs) and simplified adding a ticket to our support system in the portal.
Release 5.7 - February 11, 2020

Version 5.7 adds new Email: Suspect Pattern test for emails that have bot like addresses. Default score is -5. Review your results and modify scoring as needed. The release also includes many backend updates for our portal such as updated charting, icons, and JS speed improvements.

Version 5.6 - December 17, 2019

Version 5.6 includes Two Factor Authentication for portal logins. For extra security, turn on Two Factor Authentication (2FA) for your account in the portal under Account | Profile. Also included are: New scoring report on the Data area that will download all data with risk hits and scoring, updated Dashboard charts, and several bug fixes.

Version 5.5 - November 19, 2019

Version 5.5 includes new tests for:

IP Connection Type
new scoring hits of: Connection Cable DSL, Connection Corporate, Connection Dial-up, Connection Cellular, or Connection Type Unknown. For existing API keys, these scores default to 0/Off. Please update in scoring profiles to start scoring these items.
Phone Carrier
for clients with extra phone testing: JSON returns carrier name and two scoring tests of Carrier Top US (Carrier is one of the top 4 US: ATT, Verizon, Sprint,T-Mobile) and Carrier Not Top US

We also fixed several bugs and made improvements in the backend to speed up API calls and portal dashboards. All charts and data show for 35 days and the Top Lists are now real-time.

Version 5.4 - October 15, 2019

Version 5.4 includes a redesign of our back-end to speed up reporting and portal data analysis. Also added a maximum millisecond setting for API processing time as well as security enhancements of session expire notices and password time limits.

Version 5.3 - June 4, 2019

Version 5.3 includes new tests:

  • Activity Multiple: IP has X Emails - when an IP has multiple emails. Default -1
  • Activity Multiple: Emails has X IPs - when an Email has multiple IPs. Default -1
  • Activity Multiple: IP has X Phones - when an IP has multiple phones. Default -1
  • Activity Multiple: Phones has X IPs - when a phone has multiple IPs. Default -1
  • Name: Profanity - Name contains profanity or high risk word. Default -50

Also added in the portal for Lead Source a new sort for Updated: New to Old and Old to New, fixed a bug for listing activity repeats in download reports, and improved back-end speeds.

Version 5.2 - May 7, 2019

Version 5.2 includes new features, tests, and some bug fixes listed below.

  • Access Control per API key for Portal users - limit the data they can view
  • Tag API paging and numbering parameters for large data sets
  • Domain Age checking extended to 60 days
  • Tagging common domains and email domains in the portal is not allowed anymore (gmail, icloud, hotmail, etc). You can still add via the Tag API, but too many clients were tagging gmail.com as bad by mistake and causing all traffic to score bad.
  • Added settings for Activity Multiple cache time frame
  • Added end date support for Report API<
  • New Tests
    • Domains and emaildomains (like .tk) that are free to own. Risk Hits are Domain: Free Domain and Email: Free Emaildomain. Default score -5
    • Email: Suspect Local checking the local part of emails for high risk patterns. Default score -5. Highly recommend this scores -80 or worse if you do not want email with the F word, etc. in them.
    • Name: Improper Case checks the name for proper case. Default score -1
  • Fixed: Lead ID exact search, download reports are now filtered properly
Version 5.1 - February 26, 2019

Version 5.1 is a minor release adding roll-up reporting for accounts with multiple API keys, domain traffic estimates as an extra charge feature, and many back-end speed improvements and bug fixes.

Version 5.0 - January 2, 2019

Version 5 is a major update to our platform empowering API key management, additional scoring and settings, and new tests. We have also

  • New area to create and manage API keys
  • Updated Scoring and Setting areas
  • Download Score Profile in csv as well as API call
  • New tests in Email, Activity Unique, IP
  • Updated Settings:
    • Ability to auto set timeout=>false for all API calls
    • Send email Alerts to multiple emails
    • Removed requirement for IP. API just requires a minimum of IP, Email, or Domain to score
  • Improvements and bug fixes for Fingerprint Linking, IP Velocity Movement

Manage and create API keys, Settings and Scoring

The portal has a redesigned area for managing API keys, changing scoring and settings. In the Account menu for Admins is a new option of API Keys Setting and Scoring. From there Admins can create, regenerate, and name keys. Each key also has unique Settings and a Scoring Profile.

Each account has one primary API Key (identified with key icon). All keys support vetting (api.ehawk.net) and feed (feed-api.ehawk.net: Tag, Alert, Activity, Report) API calls.

Keys with access to the Community API are identified with a icon and must be used for adding/managing Community data.

Each key has separate data, reporting, tags, alerts, fingerprints, activity tracking, settings, scoring profile and is listed by name in the View select menu to filter portal data. Use icons to copy Primary key settings and/or scoring to other keys.

The screens-hot below shows the new features and how to manage API keys.

We also added two API calls for scoring profile reports for an API key:
https://feed-api.ehawk.net/score/profile/?format=csv returns a .CSV file
https://feed-api.ehawk.net/score/profile/ returns a JSON

Updated Scoring and Setting Areas

The Scoring Profile area has been updated to hopefully make setting custom scoring and tracking easier. We have added a download link to get your scoring details in a .csv file. Click on the Area tabs and adjust scoring. No more labels, just numbers to adjust scoring.

New tests in Email, Activity Unique, IP

In addition to improving our blacklists and pattern recognition engine, we added the following tests:

  • IP Invalid returns when an invalid IP is sent, default score is -10
  • Activity Unique These hit when a unique items, such as email, has multiple items, such as phones. Each area has hits from 2 to 5+ repeats for scoring different levels. Default scoring for all hits is -1. Adjust based on your business needs. New tests include:
    • Email from X Lead Sources - when an email has multiple lead sources
    • Email from X Campaigns - when an email has multiple campaigns
    • Username links to X Emails - when a username has multiple emails
    • Email links to X Usernames - when an Email has multiple usernames
    • Username links to X Phones - when a username has multiple phones
    • Phone links to X Usernames - when a phone has multiple usernames

Updated Settings

In the settings area, per API key, you can now set timeout=>false for all API calls. This is recommended if sending email, domain, or phone as it adds many tests to the service. The system also supports adding multiple emails to Alerts. And finally, we have removed the requirement for an IP to process API calls. The API requires a minimum of IP, Email, OR Domain to run, so you could just send an email address. Please contact support if you would like help.