IBM QRadar

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------

Hi Oliver,
Yes, authenticated SMTP servers can be added to QRadar 7.4.0 to ensure secure email delivery.

Regards
Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868
------------------------------

Original Message:
Sent: Wed March 04, 2020 03:06 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------

Perfect, thanks for the quick answer.

When can we expect the 7.4.? ;-)

------------------------------
Kind regards
Oliver
------------------------------

Original Message:
Sent: Thu March 05, 2020 02:39 AM
From: Gabriel NKUITE
Subject: QRadar SMTP with authentication

Hi Oliver,
Yes, authenticated SMTP servers can be added to QRadar 7.4.0 to ensure secure email delivery.

Regards
Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868

Original Message:
Sent: Wed March 04, 2020 03:06 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------

QRadar 7.4.0 was released yesterday (Mar 17 2020). See the "What's New" documentation here: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4.0/com.ibm.qradar.doc/c_qradar_core_whatsnew_security_740.html for information on configuring a secure email server.

------------------------------
ALAA ALI
------------------------------

Original Message:
Sent: Thu March 05, 2020 08:40 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Perfect, thanks for the quick answer.

When can we expect the 7.4.? ;-)

------------------------------
Kind regards
Oliver

Original Message:
Sent: Thu March 05, 2020 02:39 AM
From: Gabriel NKUITE
Subject: QRadar SMTP with authentication

Hi Oliver,
Yes, authenticated SMTP servers can be added to QRadar 7.4.0 to ensure secure email delivery.

Regards
Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868

Original Message:
Sent: Wed March 04, 2020 03:06 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------

Feature list can be found here as well: https://www.ibm.com/community/qradar/ along with some important notes. As we have new info to share or important notes, we'll add them to the front page of QRadar 101.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------

Original Message:
Sent: Wed March 18, 2020 09:40 AM
From: Alaa Ali
Subject: QRadar SMTP with authentication

QRadar 7.4.0 was released yesterday (Mar 17 2020). See the "What's New" documentation here: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4.0/com.ibm.qradar.doc/c_qradar_core_whatsnew_security_740.html for information on configuring a secure email server.

------------------------------
ALAA ALI

Original Message:
Sent: Thu March 05, 2020 08:40 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Perfect, thanks for the quick answer.

When can we expect the 7.4.? ;-)

------------------------------
Kind regards
Oliver

Original Message:
Sent: Thu March 05, 2020 02:39 AM
From: Gabriel NKUITE
Subject: QRadar SMTP with authentication

Hi Oliver,
Yes, authenticated SMTP servers can be added to QRadar 7.4.0 to ensure secure email delivery.

Regards
Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868

Original Message:
Sent: Wed March 04, 2020 03:06 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------

This is a very useful feature! Appreciate the product team for putting in this enhancement.

Like to find out if it will be possible for the team to share more on how the QRadar sends an authenticated request to the email server/ relay under the hood. We have a client who needs to connect to Office365 through a proxy and we will need to put in the proxy configuration and certificate; as well as the authentication credentials for the service account.

What will be the best way to approach this?

------------------------------
Jun Xiang Leong
------------------------------

Original Message:
Sent: Thu March 19, 2020 12:40 PM
From: Jonathan Pechta
Subject: QRadar SMTP with authentication

Feature list can be found here as well: https://www.ibm.com/community/qradar/ along with some important notes. As we have new info to share or important notes, we'll add them to the front page of QRadar 101.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com

Original Message:
Sent: Wed March 18, 2020 09:40 AM
From: Alaa Ali
Subject: QRadar SMTP with authentication

QRadar 7.4.0 was released yesterday (Mar 17 2020). See the "What's New" documentation here: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4.0/com.ibm.qradar.doc/c_qradar_core_whatsnew_security_740.html for information on configuring a secure email server.

------------------------------
ALAA ALI

Original Message:
Sent: Thu March 05, 2020 08:40 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Perfect, thanks for the quick answer.

When can we expect the 7.4.? ;-)

------------------------------
Kind regards
Oliver

Original Message:
Sent: Thu March 05, 2020 02:39 AM
From: Gabriel NKUITE
Subject: QRadar SMTP with authentication

Hi Oliver,
Yes, authenticated SMTP servers can be added to QRadar 7.4.0 to ensure secure email delivery.

Regards
Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868

Original Message:
Sent: Wed March 04, 2020 03:06 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------

This is a great addition. Really appreciate it.

If the client is connecting to Office365 through a proxy, what are the configurations we will need to configure under the hood to get this done? If you could share a little more on how what QRadar uses under the hood to connect to an authenticated e-mail server/relay that will help a lot.

------------------------------
Jun Xiang Leong
------------------------------

Original Message:
Sent: Thu March 19, 2020 12:40 PM
From: Jonathan Pechta
Subject: QRadar SMTP with authentication

Feature list can be found here as well: https://www.ibm.com/community/qradar/ along with some important notes. As we have new info to share or important notes, we'll add them to the front page of QRadar 101.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com

Original Message:
Sent: Wed March 18, 2020 09:40 AM
From: Alaa Ali
Subject: QRadar SMTP with authentication

QRadar 7.4.0 was released yesterday (Mar 17 2020). See the "What's New" documentation here: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4.0/com.ibm.qradar.doc/c_qradar_core_whatsnew_security_740.html for information on configuring a secure email server.

------------------------------
ALAA ALI

Original Message:
Sent: Thu March 05, 2020 08:40 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Perfect, thanks for the quick answer.

When can we expect the 7.4.? ;-)

------------------------------
Kind regards
Oliver

Original Message:
Sent: Thu March 05, 2020 02:39 AM
From: Gabriel NKUITE
Subject: QRadar SMTP with authentication

Hi Oliver,
Yes, authenticated SMTP servers can be added to QRadar 7.4.0 to ensure secure email delivery.

Regards
Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868

Original Message:
Sent: Wed March 04, 2020 03:06 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------

Dear Oliver,
Can you please share your installation guide? I would really appreciate that! Thanks in advance.

------------------------------
Mohamed Nazim
------------------------------

Original Message:
Sent: Wed March 04, 2020 03:06 AM
From: Oliver Braun
Subject: QRadar SMTP with authentication

Hi all,

we have the challenge to use SMTP with authentication for a customer. 

We successfully implemented this with a tutorial from the developer.ibm.com forum. 
(https://developer.ibm.com/answers/questions/431340/qradar-smtp-with-authentication/ Answer 3 from Alaa Ali) Thanks for that!

Only minor adjustments are necessary to set it up for 7.3.x. The real problem is that the package Cyrus-sasl-plain is no longer included in 7.3.x. We have reinstalled it.

Is there a good chance that it will be included in QRadar 7.4.x by default as it was in 7.2.8?

I can share my installation guide if anyone is interested.

------------------------------
Kind regards
Oliver
------------------------------