Splunk SOAR

Sending emails with Splunk SMTP app for SOAR v 2.3.0

rferg06
Explorer

We had previously been successfully using the Splunk SMTP app for SOAR (Phantom) until the beginning of this year.  We are currently on v5.5.0 of SOAR and v2.3.0 of the SMTP app.

I am wondering if anyone has successfully completed test connectivity with the combination of these two versions.  We are currently receiving this output and error:

App 'SMTP' started successfully (id: 123456789) on asset: 'smtp'(id: 1)
Loaded action execution configuration
Using OAuth Authentication
1 action failed Error retrieving system info, Status Code: 401 Error from Server: {"failed": true, "message": "Request Validation Error: Invalid or missing session token. Please refresh your session."}. Test Connectivity Failed

 We have had a support case open with Splunk for over a month.

Looking to see if anyone out there has been able to get SMTP app working.

If you have given up on the SMTP app, what are you using to send emails instead?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...