Hi all
I have some problems with the alert and action with siem part
i have config the alert and action to exacly like our watcher ( watcher worked )
I have turned on the xpack.eventLog.logEntries to true
when i set the security on the mail connector the log put the error wrong ssl number version,
when i turn it off then i give me the error sending email: Mail command failed: 530 5.7.1 Client was not authenticated
The provider that i use are outlook, with custom server that we have setup. And since watcher was able to send mail i dont thinks that there is an connection error or elastic cannot recognize the provider.
Watcher might be using something slightly different for configuration. The alerting compared to watcher is going to through Kibana and that server to establish the connection and send the alert which is also different.
Thanks man but i have already solve the issue.
It turn out that i have to set the tls to none and then have the mail admin to config the system to allow the account of mine to be able to send mail on that server specifically.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.