Splunk SOAR (f.k.a. Phantom)

Sending emails with Splunk SMTP app for SOAR v 2.3.0

rferg06
Engager

We had previously been successfully using the Splunk SMTP app for SOAR (Phantom) until the beginning of this year.  We are currently on v5.5.0 of SOAR and v2.3.0 of the SMTP app.

I am wondering if anyone has successfully completed test connectivity with the combination of these two versions.  We are currently receiving this output and error:

App 'SMTP' started successfully (id: 123456789) on asset: 'smtp'(id: 1)
Loaded action execution configuration
Using OAuth Authentication
1 action failed Error retrieving system info, Status Code: 401 Error from Server: {"failed": true, "message": "Request Validation Error: Invalid or missing session token. Please refresh your session."}. Test Connectivity Failed

 We have had a support case open with Splunk for over a month.

Looking to see if anyone out there has been able to get SMTP app working.

If you have given up on the SMTP app, what are you using to send emails instead?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...