Breadcrumbs

Emailer

Requirements

NDR customers need the ability to customize the Simple Mail Transfer Protocol (SMTP) server used in the application. To enable this, a user-friendly configuration option must be provided in the UI, allowing customers to modify the SMTP server as required.

New Options

Description

Custom SMTP Settings

  • This option is added to the Settings menu along with the existing LR Default Email Server option that uses our default settings.

  • Customers can input their preferred server, username, password, port, and other necessary details. 

Test email

This button is added to allow users to send a test email to themselves through the customized settings.

The LR Default Email Server option can only be modified internally for encrypted configurations. This enables us to set it to any required SMTP server.

Switching from the Gmail SMTP server to a different server is also recommended.

Emailer Microservice

The Emailer module is developed to facilitate sending emails within the application. As part of this module, a REST API is created that allows users to send emails using a payload request. This Application Programming Interface (API) is integrated into our application to enable seamless email communication. 

global_config Changes

"EmailerUrl": "http://<ip>:<port>"
"EmailerListen": "<ip>:<port>"

DB Collection

A new database table (email_server_settings) is introduced to store the email server settings. This database table contains all the necessary information related to email server settings, such as the server address, port number, authentication details, and encryption settings. This table is used by the Emailer module to send emails securely and efficiently.

Service File

sudo cat /etc/systemd/system/emailer.service 


[Unit]
Description=emailer
After=network.target opt.mount

[Service]
Type=simple
Restart=always

User=<User>
ExecStart=/opt/mistnet/bin/emailer -entry-source <probename>
[Install] 
WantedBy=multi-user.target

Example

[Unit]
Description=emailer
After=network.target opt.mount

[Service]
Type=simple
Restart=always
User=minternal


ExecStart=/opt/mistnet/bin/emailer -entry-source xenon-dev04-probe-0
[Install]
WantedBy=multi-user.target

REST APIs Used

Two new REST APIs are introduced in the Emailer module to facilitate email communication within the application.

API Route

Methods

Notes

/api/v1/emailer

POST

  • Allows users to send emails from within the application.

  • Users can provide the necessary email server configuration details and the content of the email including the subject, body, and any attachments.

/api/v1/emailer/validation

POST

  • Enables users to validate their email configuration settings before sending the emails.

  • Users can provide the necessary email server configuration details, such as the server address, port number, authentication details, and encryption settings. The API will validate these settings before processing.

These two APIs make it easier to communicate with the customers via email from anywhere within the application. Customers can now send emails and validate their email configuration settings directly from the application. This functionality will greatly improve the overall user experience, making it more convenient and user-friendly.

Validation API

POST /api/v1/emailer/validation

A new REST API is developed with its endpoint as /api/v1/emailer/validation, which allows the customers to validate their email configuration settings. The payload for this API includes various fields such as uuid, server_name, smtp_host, protocol, smtp_port, sender_id, username, password, is_active, subject, message, email_list, and files.

Field Name

Description

uuid

Identifies the email configuration

server_name

Contains the name of the email server used

smtp_host

Specifies the SMTP server address

protocol

Indicates the encryption protocol used

smtp_port

Contains the port number for the SMTP server

sender_id

Contains the email address of the sender

usernamepassword

Contains the login credentials for the email server

is_active

Determines whether the email server is active or not

subject

Contains the subject of the email

message

Contains the message content of the email

email_list

Lists the email addresses of the recipients

files

Allows users to attach files to the email

Emailer API

POST /api/v1/emailer

A new RESTful API is developed with /api/v1/emailer as its endpoint to provide functionality for sending emails to customers from within the application. The payload of this API includes several fields such as subject, message, email_list, and files for any attachments that may be included with the email. These fields are all necessary for the proper functioning of the API. The files field can be optional. The purpose of this API is to simplify the process of sending emails to customers from anywhere in our application.

Field Name

Description

subject

Contains the subject of the email

message

Contains the message content of the email

email_list

Lists the email addresses of the recipients

files

Allows users to attach files to the email

Configuring Emailer in LogRhythm NDR

Old UI

  1. Go to Settings and then click Operational in LogRhythm NDR.

  2. Click Add Emailer to open the Add Emailer page.
    A prompt appears where various details must be entered to set up the email server details.

  3. Enter the Profile Name and the SMTP server name.

  4. Select the corresponding protocol.
    The protocol can be either SSL or TLS depending on the SMTP server settings.

  5. Enter the SMTP port number.
    The default port number is 587, but some email providers may use different port numbers.

  6. Enter the Username and Password for the email account.

  7. Enter the sender email address.
    This is the email address that will appear in the From field of any email you send using this profile.

  8. Enter the test email address.
    This is the email address to which a test email will be sent to verify that the profile is working.

  9. Click the Test button.
    A test email is sent to the email address provided. The email profile has been successfully configured if the test email is received correctly.

  10. Click the Update button.
    The profile is now stored in the email_server_settings database table.

New UI

  1. Go to Settings and then click Operational in LogRhythm NDR.

  2. Click Add Emailer to open the Add Emailer page.

  3. Enter the SMTP Profile name.

  4. Enter the SMTP Host name.

  5. Select the corresponding protocol.
    The protocol can either be SSL, or TLS, or Basic depending on the SMTP server settings.

  6. Enter the SMTP port number.
    The default port number is 587, but some email providers may use different port numbers.

  7. Enter the Username and Password for the email account.

  8. Enter the sender email address.
    This is the email address that will appear in the From field of any email you send using this profile.

  9. Enter the test email address.
    This is the email address to which a test email will be sent to verify that the profile is working.

  10. Click the Test button.
    A test email is sent to the email address provided. The email profile has been successfully configured if the test email is received correctly.

  11. Click the Update button.
    The profile is now stored in the email_server_settings database table.