opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Office 365 SMTP relay for email alerting

Open dominictory opened this issue 1 year ago • 2 comments

Description

Our SIEM solution (Wazuh) uses Postfix and O365 SMTP relay to send email alerts, as we have 365-based senders/recipients. Can this be done on OpenCTI? To add to this, can port 587 be used, as the documentation states 25 or 465?

Thanks!

Environment

OpenCTI 5.12.25

dominictory avatar Feb 05 '24 16:02 dominictory

The code seems to supports whatever port your set - the docs are just referencing the default ports. If you want to use port 587 - then set then in your proper config values in the ENV variables of the docker-compose.yml / the .env file / or /etc/environment - those values are - SMTP__USERNAME, SMTP__PASSWORD, SMTP__HOSTNAME, SMTP__PORT, and SMTP__USE_SSL. If you care about TLS Cert checking for validity and are using TLS - SMTP__REJECT_UNAUTHORIZED - or leave that the default of false.

const USE_SSL = booleanConf('smtp:use_ssl', false);
const REJECT_UNAUTHORIZED = booleanConf('smtp:reject_unauthorized', false);

const smtpOptions = {
  host: conf.get('smtp:hostname') || 'localhost',
  port: conf.get('smtp:port') || 25,
  secure: USE_SSL,
  tls: {
    rejectUnauthorized: REJECT_UNAUTHORIZED,
    maxVersion: conf.get('smtp:tls_max_version'),
    minVersion: conf.get('smtp:tls_min_version'),
    ciphers: conf.get('smtp:tls_ciphers'),
  },
};

ParamConstructor avatar Feb 13 '24 13:02 ParamConstructor

The code seems to supports whatever port your set - the docs are just referencing the default ports. If you want to use port 587 - then set then in your proper config values in the ENV variables of the docker-compose.yml / the .env file / or /etc/environment - those values are - SMTP__USERNAME, SMTP__PASSWORD, SMTP__HOSTNAME, SMTP__PORT, and SMTP__USE_SSL. If you care about TLS Cert checking for validity and are using TLS - SMTP__REJECT_UNAUTHORIZED - or leave that the default of false.

const USE_SSL = booleanConf('smtp:use_ssl', false);
const REJECT_UNAUTHORIZED = booleanConf('smtp:reject_unauthorized', false);

const smtpOptions = {
  host: conf.get('smtp:hostname') || 'localhost',
  port: conf.get('smtp:port') || 25,
  secure: USE_SSL,
  tls: {
    rejectUnauthorized: REJECT_UNAUTHORIZED,
    maxVersion: conf.get('smtp:tls_max_version'),
    minVersion: conf.get('smtp:tls_min_version'),
    ciphers: conf.get('smtp:tls_ciphers'),
  },
};

Thanks. I've got the appropriate variables down in docker-compose now, but I'm just trying to figure out the logic to be able to go OpenCTI email trigger -> Postfix/SMTP -> O365 relay -> email recipient

dominictory avatar Feb 20 '24 15:02 dominictory