Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Sending emails with Splunk SMTP app for SOAR v 2.3.0

rferg06
Engager
‎04-17-2023 01:35 PM

We had previously been successfully using the Splunk SMTP app for SOAR (Phantom) until the beginning of this year.  We are currently on v5.5.0 of SOAR and v2.3.0 of the SMTP app.

I am wondering if anyone has successfully completed test connectivity with the combination of these two versions.  We are currently receiving this output and error:

App 'SMTP' started successfully (id: 123456789) on asset: 'smtp'(id: 1)
Loaded action execution configuration
Using OAuth Authentication
1 action failed Error retrieving system info, Status Code: 401 Error from Server: {"failed": true, "message": "Request Validation Error: Invalid or missing session token. Please refresh your session."}. Test Connectivity Failed

 We have had a support case open with Splunk for over a month.

Looking to see if anyone out there has been able to get SMTP app working.

If you have given up on the SMTP app, what are you using to send emails instead?

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...