Make domain-specific inbound email actions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 04:46 AM
Hello All,
I have to configure one Inbound Action from one email address which is sending alerts to our Instance to create Incidents.
Currently, we have configured a new Inbound Action "McAfee ESM Alerts - Incident CreationNew" in XYZ Domain which will receive the incoming emails from email id "iit.siem@siemalerts.com" in XYZ Domain. But earlier also we configured an Inbound Email Action in ABC Domain which will also receive the incoming emails from the same email address. The Inbound Action should only receive the emails with the Subject containing "McAfee ESM - Alarm Triggered: 2-SIEM-P3_Meraki IDS Alerts" in XYZ Domain.
We have created a dummy caller with the same email address in XYZ Domain but there seems to be a conflict that arises here like we are also receiving ABC Domain Incidents in XYZ Domain. Also while performing the testing in Dev, I found like the alerts are getting triggered in XYZ Domain from ABC Domain although ABC Domain Inbound Action is triggered ideally it should be triggered in ABC Domain based on the condition.
Can anyone help me out on this issue? As I need to show a demo to our customer on this.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 07:53 AM
I need urgent attention and help on this as this issue has been escalated by our customer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2022 12:18 PM
It's been a while since I've used Domain sep, but I thought Inbound actions should remain in global and then based on the user's domain (from the inbound email address), that's what determines the domain. In your case, you want to use the same user but in 2 different domains. The user record only supports 1 domain.
Wouldn't it be easier to use 2 different email addresses tied to 2 different users?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2022 02:19 PM
Hi, if you are utilizing the same email address across multiple inbound actions and then you will need some additional filtering\some sort of differentiator in your inbound action conditional filtering IE subject, or a match to the sender\user etc that is unique.
If you include values for 1 inbound action you will need to ensure that at least 1 unique value is excluded from other inbound actions that share similar trigger conditions - it would also be possible to script these checks within the inbound action but conditions are the better solution.
