File Inspection Engine
File Inspection Engine (FIE) is a containerized file analysis service that performs synchronous, real-time scanning of files via an HTTP API. It is designed for integration into network security pipelines where files must be inspected inline — each request submits a file, waits for analysis to complete, and receives a verdict in the same response.
FIE uses Spectra Core for static file analysis, enabling deep inspection of over 400 file formats without executing files. It is deployed as an OCI-compliant container on Docker or Kubernetes and maintains a local threat database, so file content never leaves your infrastructure during scanning.
Key capabilities
- Synchronous HTTP API — submit a file, receive a classification verdict in one request
- Containerized deployment on Docker or Kubernetes (no agent installation required)
- Local threat database — all file analysis happens on-premises
- Configurable Spectra Core instances for throughput scaling
- Large file handling with dedicated core pools
- Optional enrichment with cloud threat details via Spectra Intelligence hash lookups (hash only, no file upload)
Privacy
File Inspection Engine keeps all file data on-premises. Files submitted for scanning are processed locally using a bundled threat database and are not uploaded to external services. When the --with-threat-details option is enabled, FIE contacts Spectra Intelligence using the file hash only — the file itself is never transmitted. The threat database is updated on a regular schedule from ReversingLabs infrastructure.
Deployment options
Choose a deployment model based on your infrastructure:
- Deployment Overview and Hardware Requirements — capacity planning, Spectra Core instance sizing, and networking prerequisites
- Docker Deployment — standalone container setup for development and smaller deployments
- Kubernetes Deployment — Helm chart installation for production Kubernetes clusters
- Air-Gapped Kubernetes — deployment in offline or restricted network environments
- Helm Values Reference — complete chart configuration reference
Configuration
FIE is configured via CLI flags and environment variables. Key settings include the number of Spectra Core instances, analysis timeouts, maximum file size, and network interface bindings.
See the Configuration Reference for all available options.
Usage and API
FIE exposes a REST API for file submission, result retrieval, status monitoring, and classification overrides.
See the Usage Guide for API endpoint documentation, scanning workflows, response formats, and error handling.
Related resources
- Spectra Core Analysis — how the underlying static analysis engine works
- Classification — risk scores, threat levels, and classification methodology
- Platform Requirements — hardware sizing across all ReversingLabs products