Cant sent mail upon SIEM alert

lusynda · October 28, 2020, 4:10am

Hi all
I have some problems with the alert and action with siem part
i have config the alert and action to exacly like our watcher ( watcher worked )
I have turned on the xpack.eventLog.logEntries to true

when i set the security on the mail connector the log put the error wrong ssl number version,
when i turn it off then i give me the error sending email: Mail command failed: 530 5.7.1 Client was not authenticated

The provider that i use are outlook, with custom server that we have setup. And since watcher was able to send mail i dont thinks that there is an connection error or elastic cannot recognize the provider.

Please help.

Thanks for your time.

Frank_Hassanabad · November 2, 2020, 5:41pm

Watcher might be using something slightly different for configuration. The alerting compared to watcher is going to through Kibana and that server to establish the connection and send the alert which is also different.

Have you looked at this part of the docs yet?

lusynda · November 3, 2020, 1:31am

Thanks man but i have already solve the issue.
It turn out that i have to set the tls to none and then have the mail admin to config the system to allow the account of mine to be able to send mail on that server specifically.

Topic		Replies	Views
Config alerts and actions email connector SIEM	8	2831	October 22, 2020
Alert and connect mail format error SIEM	10	1137	April 30, 2021
Unable to send the Alert using watcher Elasticsearch elastic-stack-alerting	2	1241	January 4, 2019
Elasticsearch Alert Email not working - Watcher Elasticsearch elastic-stack-alerting	12	3035	June 22, 2020
Testing alerting email action Elastic Observability elastic-stack-monitoring , elastic-stack-alerting	2	839	November 4, 2022

Cant sent mail upon SIEM alert

Related topics