Splunk SOAR (f.k.a. Phantom)

Issues with Microsoft Exchange On-Premise EWS polling

danieldelacasa
Explorer

Hi,

We are using Microsoft Exchange On-Premise EWS app version 2.0.29 (Upgraded from 2.0.17) and we are experiencing some issues with Polling.

First of all the "oldest first" parameter seems to work as "latest first" and the "latest first" works as "oldest first".

Secondly the Scheduled/interval polling is working this way (more or less in every single test I have made):

- First iteration: brings the Max emails per scheduled polling.

-Second iteration: brings the first iteration number of emails.

-Third iteration: brings the max emails per scheduled polling.

-After that it does not bring any more emails despite the fact that there are more pending emails to bring.

 

As well it seems that there is a cache when I try the same emails and there are some emails missing when I execute the Scheduled polling over the same set of emails.

 

Can you help please?

 

Thank you!

 

Labels (1)
0 Karma

WalshyB
SplunkTrust
SplunkTrust

Hi,

Have you tried the previous version 1.0.105? We raised a support case for the latest version for similar issues and they are looking into a fix as the state file isn't filled out correctly.

Oldest first for us didn't work at all, so we had to use latest which puts everything out of order.

0 Karma

carl72086
Explorer

Hey,

For app related issues, you can try reporting it Phantom Support / or to the developer of the App.

In the meantime, just revert to the working app version while the issue is being identified / fixed in the newer version.

 

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...