1. Logsign Support Center
  2. Logsign Unified SecOps Platform
  3. Responses

Microsoft Teams Response Integration via Webhook

Updated

You can send a message to the channel you created via Workflow using “Send webhook alerts to a channel”, based on an incident generated in Logsign USO.

To do this, first open the Teams application and click on the … (More apps) icon at the bottom left, then find the Workflows section.

When you click on Workflows, a template screen will appear. From there, select “Send webhook alerts to a channel”, choose the channel you created, and proceed through the steps. 

Afterwards, it will provide you with a webhook link that you can send POST requests to. Make sure to save this link — it will only be shown once, and if you don’t save it, you’ll have to create it again.

You can also view the webhook you created later under Workflows > Home at the top section.

After that, you can follow the steps below using this webhook URL.

 

 

After this process, the things we need to do on the Microsoft side are over. Now it is time to complete this integration in Logsign USO.

After selecting Settings > Responses > Webhook, it will be enough to make an edit as below. If success comes when you press test, the integration is successful.

Then you can send Incident data to Microsoft Teams through this integration by creating an Incident or Action Rule.

To use Microsoft Teams Webhook we need to make POST requests, we have to pay attention to this.

You can then create your own draft and edit the information you want to send.

The sample draft is as follows.

 

Additional Header;

{"Content-Type": "application/json"}

Content-Type*;

{"Content-Type": "application/json"}

Additional Payload Json Example;

{
 "attachments": [
   {
     "contentType": "application/vnd.microsoft.card.adaptive",
     "content": {
       "type": "AdaptiveCard",
       "version": "1.4",
       "body": [
         {
           "type": "TextBlock",
           "size": "Large",
           "weight": "Bolder",
           "text": "🚨 $GET['TriggeredAlert.Alert.Info']"
         },
         {
           "type": "TextBlock",
           "text": "**$GET['TriggeredAlert.Action.Object']**"
         },
         {
           "type": "TextBlock",
           "spacing": "None",
           "text": "$GET['TriggeredAlert.Time.Generated']",
           "isSubtle": true
         },
         {
           "type": "FactSet",
           "facts": [
             { "title": "External IP", "value": "$GET['TriggeredAlert.External.IP']" },
             { "title": "AlertUID", "value": "$GET['TriggeredAlert.Alert.AlertUID']" }
           ]
         }
       ]
     }
   }
 ]
}

 

If you send a payload in this way, you can get a response like below on the teams side.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.