IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Outboud email integration not connecting

    Posted Fri December 01, 2023 03:56 PM

    Hello Expert,

    I am unable to test connection to my o365 using the outbound email application from my QRadar SOAR platform. I receive the below error message.

    Kindly assist 



    ------------------------------
    Benjamin Nworah
    ------------------------------


  • 2.  RE: Outboud email integration not connecting

    Posted Tue December 05, 2023 10:07 AM
    Edited by benlinux Wed December 06, 2023 02:32 AM

    Hello,

    Please I need help here. From the AppHost, I am trying with basic authentication.



    ------------------------------
    benlinux
    ------------------------------

    Original Message


  • 3.  RE: Outboud email integration not connecting

    Posted Wed December 06, 2023 03:07 AM

    Hi,

    Have You try to change smtp_ssl_mode to starttls or ssl?

    From error log what I can see i that says : SMTP AUTH extension not supported by server

    Vedran



    ------------------------------
    Vedran Goricki
    ------------------------------

    Original Message


  • 4.  RE: Outboud email integration not connecting

    Posted Wed December 06, 2023 03:31 AM

    Hello Vedran,

    I am testing this on both Microsoft outlook (for customer) and hmail server (my lab). I have tried starttls, none, ssl and nothing seems to work :(. But using starttls will require certs. 

    I am using basic authentication ( username and password).

    Regards,



    ------------------------------
    benlinux
    ------------------------------

    Original Message


  • 5.  RE: Outboud email integration not connecting

    Posted Wed December 06, 2023 04:12 AM

    Hi,

    I am using smtp_ssl_mode = starttls and no certificate specified

    OK so i am using same mailbox (not O 365) for inbound email and to send email to that address. This is used for testing.

    I would recommed You to try SOAR CLI -  SOAR Email configuration https://www.ibm.com/docs/en/sqsp/51?topic=guide-email-configuration

    If there is problem with certificate in that step SOAR will let You know

    This is how You import certificate in SOAR if there is an issue https://www.ibm.com/support/pages/how-import-untrusted-certificates-ibm-security-soar

    If that works, the same config should apply fro the app. And You can setup smtp_ssl_cafile= if needed

    And check if basic authentication is supported on O 365 in You case. Seeing a lot o articles that this is disabled

    https://www.codetwo.com/admins-blog/disable-basic-authentication-office-365/

    Regrads

    ,



    ------------------------------
    Vedran Goricki
    ------------------------------

    Original Message


  • 6.  RE: Outboud email integration not connecting

    Posted Wed December 06, 2023 06:41 AM

    Hello Vedran,

    The test worked for me on my lab, I was using the resilient password(my bad). However the customer uses exchange (on-prem and cloud). and reading the below link it appears the basic auth is deprecated for exchange online. What other option can i use with the outbound email app??

    https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online?source=recommendations
    Regards,



    ------------------------------
    benlinux
    ------------------------------

    Original Message