receive emails from thirdpart app as event in splu...

pouriajalilian1 · ‎08-13-2019

i have a server that the only way it can alert on events is to send emails to an external thirdparty app ,like splunk.so i want to monitor whenever it receives emails and create alerts,dashboards based on that events.is it possible??please give me clear advice on that .

richgalloway · ‎08-13-2019

Splunk cannot receive email directly. It can, however, access IMAP mailboxes using the IMAP Mailbox app (https://splunkbase.splunk.com/app/1739/). I once wrote a scripted input to access Office 365 mailboxes using an API that is no longer supported. So there are options. Post specific questions and we may be able to help more.

---
If this reply helps you, Karma would be appreciated.

pouriajalilian1 · ‎08-13-2019

[IMAP Configuration]
debug = 0
deleteWhenDone = 0
disabled = 0
fullHeaders = 1
includeBody = 1
noCache = 0
port = 587
server = mail.test.com
useSSL = 1
user =username@test.com
password =**********
mimeTypes = text/plain
folders = all
imapSearch = UNDELETED
deleteWhenDone = False
noCache = False
splunkuser = admin
splunkpassword =*****
timeout = 10
---------i wrote something like this,but it didnt work.
besides,i enabled windows script on inputs.conf and disabled nix one as instructed in the manual .help me please

richgalloway · ‎08-13-2019

I don't know enough about the IMAP app to offer detailed help. You may want to post a new question.

---
If this reply helps you, Karma would be appreciated.

pouriajalilian1 · ‎08-14-2019

thank you my friend

pouriajalilian1 · ‎08-13-2019

does Streams events from from a mail server. is what i have to configure?? in this way,i couldnt set protocol filed .

receive emails from thirdpart app as event in splunk

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann