Config alerts and actions email connector

Hi all
I wanted to try to config the mail sending feature for the SIEM,
when i config the connector for email 2 encounter 2 problems:

  1. the username and password part every time i try to add new to it, when i save it then when i view the connector again it disappears, i don't know if this is a feature or i did something wrong.
  2. I have config everything i can and i still have not received any alert at all.

Please help me to config this connector things, it is a nice feature that surely will com in handy for me in the future.

Thank for your time and have a good days.

Hi @lusynda,

About 1), this is an intented behaviour as the credentials are secrets and they are not exposed when you edit the connector.

About 2), do you mind sharing how you configure the connector?

This might help: https://www.elastic.co/guide/en/kibana/master/email-action-type.html#configuring-email

Thanks you for your quick respond,
I am a little bit confuse, do i have to config the connector on somewhere else than the kibana interface because i config the connector on it.
Also can i ask that there are 2 place to input the email in the config of the connector, the sender and the username, are those 2 places the same mail or is it difference mail.

Hi lusynda,

I am a little bit confuse, do i have to config the connector on somewhere else than the kibana interface because i config the connector on it.

No, it should all be in the UI.
I think Christos means the configuration you've input in the Connector UI.
Under "Stack Management" -> " Alerts and Actions" -> "Connectors", you'll find the configuration of the Email Connector.
If you share the configuration you've provided there (not including the security credentials obviously) we might spot something. These configurations can be tricky and depend on the specific Email provider.

Also can i ask that there are 2 place to input the email in the config of the connector, the sender and the username, are those 2 places the same mail or is it difference mail.

The first email, under the sender field, is the email address from which that emails will be sent.
The second, under ** Username**, is the credentials for logging into your email server.

Many providers use the same email address for both the sender and the authentication, but some providers provide a different username for authentication than the email from which the email is sent.
If your Email provider doesn't specify a different username for authentication, then you probably want to use your email address in both of these fields.

The config of mine connector are just simple to

Sender: test@test.com
config:
    host: mail.test.com
    port: 587
    secure: true
  secrets:
    user: test@test.com
    password: <password>

I really don't see any problems with this config since it is so simple.

Hey,
Am I right that you put test.com to obfuscate your provider?
The main reason I asked was because a provider specific configuration might be needed.
Look at the following docs, you'll see different providers sometimes require unique configurations: Email connector and action | Kibana Guide [master] | Elastic

If you can't see your provider in the list, then we'll have to do some further digging by enabling the vent log, which might give you more info (by setting xpack.eventLog.logEntries in your kibana.yml to true).

Yes the test.com to hide my mail provider,
Our mail are custom server config by us, it is outlook mail server, i have to put test.com there because it might leak our domain name.
And also i should give you this info regarding our server, we don't have internet access for our server, so gmail so not an option.
The only way to config the mail is to set the connector to connect to our own mail server to send mail.

That makes sense, thanks for clarifying, I just wanted to make sure we're correctly diagnosing the problem.

You might have to play around with the configurations, as these can be very deployment specific.
Have you tried it with port 465? or Security off?

If you've tried these different options and it still doesn't work, then the best bet for diagnosing this would be to switch the event log on and look in the Kibana log for some additional information.
That way you'll at least know if Kibana is successfully sending the email or not.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.