Hi,
I want to integrate emails from particular DL into splunk and splunk should create alerts for that traffic.
You can use this addon [TA-mailclient][1]
[1]: http://qw https://splunkbase.splunk.com/app/3200/
We have used it in the past to get emails from a mailbox and then create alerts based on it.
It works well and you only need email server name and credentials for the mailbox to make it work.
As you are getting emails to your own DL, I would suggest creating a separate mailbox and having the mails sent to it. The addon can read it and create the events.
Keep in mind that this uses IMAP/POP3, so check with your exchange/security admins before implementing.
You can use this addon [TA-mailclient][1]
[1]: http://qw https://splunkbase.splunk.com/app/3200/
We have used it in the past to get emails from a mailbox and then create alerts based on it.
It works well and you only need email server name and credentials for the mailbox to make it work.
As you are getting emails to your own DL, I would suggest creating a separate mailbox and having the mails sent to it. The addon can read it and create the events.
Keep in mind that this uses IMAP/POP3, so check with your exchange/security admins before implementing.
@naregayam Please have a look at these apps below.
https://splunkbase.splunk.com/app/3720/
https://splunkbase.splunk.com/app/1739/
Also go through the link to save the mails into a file and then have it monitored via Splunk.
https://www.techhit.com/messagesave/help/saving-outlook-messages.html
Can you elaborate your requirement again?
You need Splunk to alert to you whenever an email has been send to particular email distribution list?
Hi jawaharas, Yes your understanding is correct
When we get a mail from "Threat hunt team" with details like Attack name, attack sources, IOC's, Hash files, Attack description, Recommendation.
That mail needs to integrate with Splunk and when ever we got mail to our outlook that mail needs to get to splunk and splunk needs to create alert based on the data collected and attached files in the mail. And this IOC's need to be monitored by splunk and we need alert whenever there is an Traffic observed by splunk.
@naregayam did you find a solution that met your requirements? I'm looking to do something very similar, but having trouble finding something that would work with Exchange.