Cant sent mail upon SIEM alert

Hi all
I have some problems with the alert and action with siem part
i have config the alert and action to exacly like our watcher ( watcher worked )
I have turned on the xpack.eventLog.logEntries to true

when i set the security on the mail connector the log put the error wrong ssl number version,
when i turn it off then i give me the error sending email: Mail command failed: 530 5.7.1 Client was not authenticated

The provider that i use are outlook, with custom server that we have setup. And since watcher was able to send mail i dont thinks that there is an connection error or elastic cannot recognize the provider.

Please help.

Thanks for your time.

Watcher might be using something slightly different for configuration. The alerting compared to watcher is going to through Kibana and that server to establish the connection and send the alert which is also different.

Have you looked at this part of the docs yet?

Thanks man but i have already solve the issue.
It turn out that i have to set the tls to none and then have the mail admin to config the system to allow the account of mine to be able to send mail on that server specifically.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.