Hi All,

I would like to ask if sentinel able to receive (raw log/email) from
security device(s) via SMTP. For example, instead security device(s) is
configured sending logging to sentinel via syslog/snmp. We configure
security device(s) sending alert/logging/email via SMTP to sentinel.
Once alert trigger by security device(s), it send an email to sentinel
and sentinel start to parse/decode it *or* we open port 25 on sentinel
server to listen to any SMTP traffic.

My question here, will sentinel able to receive/parse/decode the traffic
from SMTP, or is there any connector/collector event source for
SMTP(generic as email format can be vary), or there other module in
sentinel can cater this situation. Is there any workaround for this
situation. I have an experience with other SIEM that able to perform
this situation.

security device <--email/port25 (SMTP)-->
sentinel<--parse/decode-->trigger alert

*security device(s)-firewall,ids,ips.....


hareez_12's Profile: https://forums.netiq.com/member.php?userid=10292
View this thread: https://forums.netiq.com/showthread.php?t=54113