Versions Compared

Old Version 3

changes.mady.by.user Andrew Dannenberger

Saved on

compared with

New Version Current

changes.mady.by.user Amanda McGown

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Product Name

CIS CSAT Pro - SecureSuite CIS Controls Self Assessment Tool

Product Version

v1.x10.x0+

DateUse /date to insert current date

Problem

Info

I forgot my password OR I need a One-Time Password (OTP) for MFA OR I’m not receiving Safeguard workflow messages. How do I configure email to receive these messages?

Overview

  • CSAT Pro email configuration is optional, however, if you want to use OTP, MFA, or Safeguard workflow messages, then it must be configured

  • CSAT Pro utilizes the Grails mail plugin for email communication

  • The plugin assumes by default an unsecured mail server configured at localhost on port 25 by default. (is this why username and password seems to be optional?)(From https://csat-pro.docs.cisecurity.org/en/stable/source/CSAT%20Pro%20Deployment/#email-configuration, but we’re skeptical about Gmail) Numerous SMTP services exist

  • To support SMTP services, such as Gmail, Hotmail, Amazon SES, or in-house SMTP services available through corporate emailing technologies, such as Exchange. CIS CSAT Pro can support these SMTP servers, as long as the connection information entered below is correct. Some configuration setting recommendations for certain webmail providers may be prepopulated in the Advanced Mail Settings?like Microsoft Exchange, go to the “Advanced Mail Settings” section to configure those services

Requirements

  • Must be able to connect to and utilize a valid SMTP server in order to send email messages

  • SMTPS port 587 - is it compatible?

Solution

Solution 1

The first opportunity that users have to configure email is when running the CSAT Pro installer. The required fields are Here is some information on the fields:

  • Host/SMTP

, Port, and Default Sender Email Address.

What use cases is username and password required - for SMTPS?

Image Removed

  • - the host name of the email server

  • Port - 587, 465, or 25

  • Username-enter an email address that is used as a username

  • Password - the password of the email address listed in username

  • Default Sender Email Address - the email address used for sending the emails

installer.PNGImage Added

For the optional “Advanced Settings” section, click on “Advanced Settings” for the section to appear. The question marks on the side of each setting provides additional information that helps fill out the settings.

  • mail.smtp.auth - If set to true, it attempts are made to authenticate the user using the AUTH command. Defaults to false.

  • mail.smtp.socketFactory.port - Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used.

  • mail.smtp.socketFactory.class - If set, specifies the name of a class that implements the javax.net.SocketFactory interface. This class will be used to create SMTP sockets.

  • mail.smtp.socketFactory.fallback - If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true.

  • mail.smtp.starttls.enable - If set to true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must be configured so that the client will trust the server’s certificate. Defaults to false.

Image Added

Solution 2

If you have already run the CSAT Pro installer and would like to edit the mail configuration later on, then go to \(CSAT directory)\CSAT_Pro\conf and open the csat-config.yml file with the text editor of your choice. Once opened, edit the host, port, username, password, and from lines with your organization’s information.

Image Added
Note

If you are editing the csat-config.yml file manually, you may run into issues encrypting the password. In that scenario, run the CSAT Pro installer again by selecting “No, install into a different directory.”

The following screenshot is an example of what a basic configuration might look like:

config.PNGImage Added
Info

For more information on the CSAT Pro installation process please see the Quick Start Guide for CSAT Pro installations.

  • simple self contained steps

  • add illustrations as needed

    • stick to 3-5 steps

    Troubleshooting

    If you have configured email in one of the two ways mentioned above, but you are still not receiving emails, then please send us your csat-config.yml file. Please see the resources for further assistance:

    Keywords; CSAT Pro email configuration SMTP SMTPS MFA

    Content by Label

    Filter by label (Content by label)
    showLabelsfalse
    showSpacefalse
    cqllabel = "sbp_fer"

    Copyright © 2020 2024

    Center for Internet Security®

    Privacy Policy

    Page Properties
    hiddentrue

    Action

    Name(s)

    Date

    Linked ticket

    Jira Legacy
    serverSystem JIRA
    serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
    keySUPPORT-27318
    Jira Legacy
    serverSystem JIRA
    serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
    keySUPPORT-29880
    Jira Legacy
    serverSystem JIRA
    serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
    keySUPPORT-29146
    jira
    Jira Legacy
    serverSystem JIRA
    serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
    keySUPPORT-30809

    Created by

    serverSystem JIRA
    serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
    keySUPPORT-21358
    Jira Legacy
    serverSystem JIRA
    serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
    keySUPPORT-30230

    Created by

    Reviewed by

    Approved byAndrew Dannenberger

    Reviewed by

    SBP Product Technical Support Team (Amanda McGown Allan Cornwell Amar Malik (Unlicensed) Andrew Dannenberger Chris Boldiston Nick Romanzo Parami Swenson (Unlicensed))

    Approved by

    Amanda McGown Chris Boldiston

    Remove by