search

demisto / content-docs

Demisto Content Developer Docs
https://xsoar.pan.dev/
MIT License
41 stars 59 forks source link

Issue with "Mail Listener v2" in @site/docs/reference/integrations/mail-listener-v2.md #1252

Closed acicalla-ampere closed 1 year ago

acicalla-ampere commented 1 year ago

Describe the problem

The integration no longer works. Microsoft retired basic authentication and the integration stopped working just showing failed logins. We worked with Palo Alto support and there is currently no resolution. What is the eta for this integration to start working with Oauth2 authentication? We would like to use this integration got employees to forward potential phishing emails but with basic authentication blocked we are unable to implement this feature.

Screenshots

Environment

Suggested fix

Update the integration to work with current O365 supported authentication methods. The other 0365 integration do not watch a mailbox like this integration to spawn incidents and kick off playbooks we have already reviewed them with support. The supported authentication is OAuthv2.

bakatzir commented 1 year ago

Hi @acicalla-ampere. As MS is retiring basic auth from its Exchange Online deployments, we recommend to our customers to move to either the EWS O365 or the O365 Outlok Mail(using Graph API) Integrations. The full considerations can be found in: https://xsoar.pan.dev/docs/reference/articles/MS_Azure_Integrations#exchange-and-ews.

Going forward, Mail Listener v2 will probably be deprecated in 2023.

acicalla-ampere commented 1 year ago

Bar, Neither of those integrations provide the option to listen to a mailbox and spawn an incident from the receipt of the email. We already have the other integrations you mention and they do not provide this functionality from what we have seen.

Thank you,

[signature_223738876] Anthony Cicalla | Senior Principal IT Security Architect C 415.937.2985|O530.745.4137 | @.**@.> 4655 Great America Parkway, Suite 601 | Santa Clara CA 95054webextlink://4655%20Great%20America%20Parkway,%20Suite%20601%20|%20Santa%20Clara%20CA%2095054 Book a Meetinghttps://meetings.hubspot.com/acicalla

From: Bar Katzir @.> Date: Tuesday, December 13, 2022 at 6:07 AM To: demisto/content-docs @.> Cc: Anthony Cicalla @.>, Mention @.> Subject: Re: [demisto/content-docs] Issue with "Mail Listener v2" in @site/docs/reference/integrations/mail-listener-v2.md (Issue #1252) [EXTERNAL EMAIL NOTICE: This email originated from an external sender. Please be mindful of safe email handling and proprietary information protection practices.]

Hi @acicalla-amperehttps://github.com/acicalla-ampere. As MS is retiring basic auth from its Exchange Online deployments, we recommend to our customers to move to either the EWS O365 or the O365 Outlok Mail(using Graph API) Integrations. The full considerations can be found in: https://xsoar.pan.dev/docs/reference/articles/MS_Azure_Integrations#exchange-and-ews.

Going forward, Mail Listener v2 will probably be deprecated in 2023.

— Reply to this email directly, view it on GitHubhttps://github.com/demisto/content-docs/issues/1252#issuecomment-1348638593, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A2LARH67VOKCGM5P4EETJY3WNB7JJANCNFSM6AAAAAAS4MUNRQ. You are receiving this because you were mentioned.Message ID: @.***>

bakatzir commented 1 year ago

May I ask you to provide some more information regarding the difference? From the EWS O365 instance config, e.g, you can choose the folder you want to listen to and to spawn incidents from the receipt of mail. image

acicalla-ampere commented 1 year ago

Bar,

I got it working. I was originally on a call with support and at the time they couldn’t tell me how to configure the O365 integration. However, after digging into what you sent yesterday. I was able to get it working and fetching emails. I appreciate it. I would update the mail listener v2 to point to the documentation you shared with me yesterday. You can close this ticket.

Thank you,

[signature_2987449209] Anthony Cicalla | Senior Principal IT Security Architect C 415.937.2985|O530.745.4137 | @.**@.> 4655 Great America Parkway, Suite 601 | Santa Clara CA 95054webextlink://4655%20Great%20America%20Parkway,%20Suite%20601%20|%20Santa%20Clara%20CA%2095054 Book a Meetinghttps://meetings.hubspot.com/acicalla

From: Bar Katzir @.> Date: Wednesday, December 14, 2022 at 12:18 AM To: demisto/content-docs @.> Cc: Anthony Cicalla @.>, Mention @.> Subject: Re: [demisto/content-docs] Issue with "Mail Listener v2" in @site/docs/reference/integrations/mail-listener-v2.md (Issue #1252) [EXTERNAL EMAIL NOTICE: This email originated from an external sender. Please be mindful of safe email handling and proprietary information protection practices.]

May I ask you to provide some more information regarding the difference? From the EWS O365 instance config, e.g, you can choose the folder you want to listen to and to spawn incidents from the receipt of mail. [image]https://user-images.githubusercontent.com/37335599/207542378-fe37fbeb-2b9b-45bc-a694-465846cababb.png

— Reply to this email directly, view it on GitHubhttps://github.com/demisto/content-docs/issues/1252#issuecomment-1350607926, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A2LARHY3P7Q4D7YZ5SLS5ADWNF7GTANCNFSM6AAAAAAS4MUNRQ. You are receiving this because you were mentioned.Message ID: @.***>