Emailer

Requirements

NDR customers need the ability to customize the Simple Mail Transfer Protocol (SMTP) server used in the application. To enable this, a user-friendly configuration option must be provided in the UI, allowing customers to modify the SMTP server as required.

New Options	Description
Custom SMTP Settings	This option is added to the Settings menu along with the existing LR Default Email Server option that uses our default settings. Customers can input their preferred server, username, password, port, and other necessary details.
Test email	This button is added to allow users to send a test email to themselves through the customized settings.

The LR Default Email Server option can only be modified internally for encrypted configurations. This enables us to set it to any required SMTP server.

Switching from the Gmail SMTP server to a different server is also recommended.

Emailer Microservice

The Emailer module is developed to facilitate sending emails within the application. As part of this module, a REST API is created that allows users to send emails using a payload request. This Application Programming Interface (API) is integrated into our application to enable seamless email communication.

global_config Changes

"EmailerUrl": "http://<ip>:<port>" "EmailerListen": "<ip>:<port>"

DB Collection

A new database table (email_server_settings) is introduced to store the email server settings. This database table contains all the necessary information related to email server settings, such as the server address, port number, authentication details, and encryption settings. This table is used by the Emailer module to send emails securely and efficiently.

Service File

sudo cat /etc/systemd/system/emailer.service

[Unit]
Description=emailer
After=network.target opt.mount

[Service]
Type=simple
Restart=always

User=<User>
ExecStart=/opt/mistnet/bin/emailer -entry-source <probename>
[Install]
WantedBy=multi-user.target

Example

[Unit]
Description=emailer
After=network.target opt.mount

[Service]
Type=simple
Restart=always
User=minternal

ExecStart=/opt/mistnet/bin/emailer -entry-source xenon-dev04-probe-0
[Install]
WantedBy=multi-user.target

REST APIs Used

Two new REST APIs are introduced in the Emailer module to facilitate email communication within the application.

API Route	Methods	Notes
/api/v1/emailer	POST	Allows users to send emails from within the application. Users can provide the necessary email server configuration details and the content of the email including the subject, body, and any attachments.
/api/v1/emailer/validation	POST	Enables users to validate their email configuration settings before sending the emails. Users can provide the necessary email server configuration details, such as the server address, port number, authentication details, and encryption settings. The API will validate these settings before processing.

These two APIs make it easier to communicate with the customers via email from anywhere within the application. Customers can now send emails and validate their email configuration settings directly from the application. This functionality will greatly improve the overall user experience, making it more convenient and user-friendly.

Validation API

`POST /api/v1/emailer/validation`

A new REST API is developed with its endpoint as /api/v1/emailer/validation, which allows the customers to validate their email configuration settings. The payload for this API includes various fields such as uuid, server_name, smtp_host, protocol, smtp_port, sender_id, username, password, is_active, subject, message, email_list, and files.

Field Name	Description
uuid	Identifies the email configuration
server_name	Contains the name of the email server used
smtp_host	Specifies the SMTP server address
protocol	Indicates the encryption protocol used
smtp_port	Contains the port number for the SMTP server
sender_id	Contains the email address of the sender
username password	Contains the login credentials for the email server
is_active	Determines whether the email server is active or not
subject	Contains the subject of the email
message	Contains the message content of the email
email_list	Lists the email addresses of the recipients
files	Allows users to attach files to the email

Emailer API

`POST /api/v1/emailer`

A new RESTful API is developed with /api/v1/emailer as its endpoint to provide functionality for sending emails to customers from within the application. The payload of this API includes several fields such as subject, message, email_list, and files for any attachments that may be included with the email. These fields are all necessary for the proper functioning of the API. The files field can be optional. The purpose of this API is to simplify the process of sending emails to customers from anywhere in our application.

Field Name	Description
subject	Contains the subject of the email
message	Contains the message content of the email
email_list	Lists the email addresses of the recipients
files	Allows users to attach files to the email

Configuring Emailer in LogRhythm NDR

Old UI

Go to Settings and then click Operational in LogRhythm NDR.
Click Add Emailer to open the Add Emailer page.
A prompt appears where various details must be entered to set up the email server details.
Enter the Profile Name and the SMTP server name.
Select the corresponding protocol.
The protocol can be either SSL or TLS depending on the SMTP server settings.
Enter the SMTP port number.
The default port number is 587, but some email providers may use different port numbers.
Enter the Username and Password for the email account.
Enter the sender email address.
This is the email address that will appear in the From field of any email you send using this profile.
Enter the test email address.
This is the email address to which a test email will be sent to verify that the profile is working.
Click the Test button.
A test email is sent to the email address provided. The email profile has been successfully configured if the test email is received correctly.
Click the Update button.
The profile is now stored in the email_server_settings database table.

New UI

Go to Settings and then click Operational in LogRhythm NDR.
Click Add Emailer to open the Add Emailer page.
Enter the SMTP Profile name.
Enter the SMTP Host name.
Select the corresponding protocol.
The protocol can either be SSL, or TLS, or Basic depending on the SMTP server settings.
Enter the SMTP port number.
The default port number is 587, but some email providers may use different port numbers.
Enter the Username and Password for the email account.
Enter the sender email address.
This is the email address that will appear in the From field of any email you send using this profile.
Enter the test email address.
This is the email address to which a test email will be sent to verify that the profile is working.
Click the Test button.
A test email is sent to the email address provided. The email profile has been successfully configured if the test email is received correctly.
Click the Update button.
The profile is now stored in the email_server_settings database table.

[data-colorid=l9vqomuazg]{color:#006881} html[data-color-mode=dark] [data-colorid=l9vqomuazg]{color:#7ee6ff}[data-colorid=zvtck6qdq3]{color:#006881} html[data-color-mode=dark] [data-colorid=zvtck6qdq3]{color:#7ee6ff}Requirements