Alerting

Trying to use Gmail for email alerts, why am I getting "Someone just tried to sign in to your Google Account from an app that doesn't meet modern security standards"?

CREVITCH
Path Finder

I am having trouble with email alerts. Tried gmail and google sent me this message:

Someone just tried to sign in to your Google Account youracct@gmail.com from an app that doesn't meet modern security standards.
Details:
Thursday, December 10, 2015 5:57 PM (Eastern Standard Time)
Yourtown, NJ, USA

We strongly recommend that you use a secure app, like Gmail, to access your account. All apps made by Google meet these security standards. Using a less secure app, on the other hand, could leave your account vulnerable. Learn more.
Google stopped this sign-in attempt, but you should review your recently used devices:

I have also tried Yahoo and Outlook mail, but the message never gets through. Can someone suggest what might be the problem?

Thanks

0 Karma

aperez_splunk
Splunk Employee
Splunk Employee

Hi Crevitch,

I took a look at this today and was able reproduce the Gmail error you've cited.

Please see below for a work-around for testing/dev:

tl;dr:
Read this: https://support.google.com/accounts/answer/6010255
Be advised that the above article provides steps to configure Gmail to allow usage of additional cipher suites that may not meet the security requirements for your use cases


Step 1. Please verify that your Splunk Email Server Settings are configured in Splunk Enterprise as described in Step 1 of this exceptional blog post from David Greenwood:

 http://blogs.splunk.com/2014/06/27/splunk-alerts-using-gmail-twitter-phone-calls-and-much-more/

Step 2. Read this for background information on what is happening on the Gmail side of the communication:

 https://support.google.com/mail/answer/14257

Step 3. Follow the "Less secure apps" link on the below page to change your access settings:

 https://support.google.com/accounts/answer/6010255

Step 4. Use the below SPL line to test your reconfiguration:

  index=_internal | head 1 | sendemail to="yourAddress@gmail.com" format="html" server=smtp.gmail.com:587 use_tls=1

CREVITCH
Path Finder

Python.log for yahoo, outlook and gmail:

2015-12-10 23:30:14,683 Eastern Standard Time ERROR sendemail:115 - Sending email. subject="Splunk Alert: powershell", results_link="http://XXXXXX:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__powershell_at_1449801720_15.4%20%7C%20head%202%20%7C%20tail%201&earliest=0&latest=now", recipients="[u'crevitch@gmail.com']", server="smtp.mail.yahoo.com:465"

2015-12-11 11:34:11,292 Eastern Standard Time ERROR sendemail:115 - Sending email. subject="Splunk Alert: Failed Login", results_link="http://XXXXXX:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD5dcd2e82a46e9e89f_at_1449840900_21.1114%20%7C%20head%201%20%7C%20tail%201&earliest=0&latest=now", recipients="[u'crevitch@gmail.com']", server="smtp-mail.outlook.com:587"

2015-12-10 17:57:13,279 Eastern Standard Time ERROR sendemail:115 - Sending email. subject="Splunk Alert: powershell", results_link="http://XXXXXX:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__powershell_at_1449787800_14.1%20%7C%20head%201%20%7C%20tail%201&earliest=0&latest=now", recipients="[u'crevitch@gmail.com']", server="smtp.gmail.com:587"
0 Karma

jplumsdaine22
Influencer

What are your email settings? I suspect you do not have TLS enabled

0 Karma

CREVITCH
Path Finder

I did use TLS

0 Karma

sophiaredrobin
New Member
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...