1. Logsign Support Center
  2. Logsign Unified SecOps Platform
  3. Responses

Microsoft Teams Response Integration via Webhook

Updated

You can send incident information from Logsign USO with webhook to Microsoft Teams. Here are the steps to do this.

First of all, you need to be a user with admin authorization on the microsoft side.

Ekran Resmi 2025-05-23 13.46.15.png

You open whichever channel you want to send messages to and click on the 3 dots under your profile photo at the top right and select manage channel.

At the bottom, where it says Connectors, click Edit.

Ekran Resmi 2025-05-23 13.47.09.png

When you type webhook in the search box on the left, you will see the Incoming Webhook option.

Ekran Resmi 2025-05-23 13.47.58.png

You need to give it a name after saying configure.

NOTE: The name you give in this field works like the account you will send the message to, but there are some problems on the microsoft side in this structure. It appears as Unknown User. This may be fixed in the future, when it is fixed, you will need to create a webhook again.

Ekran Resmi 2025-05-23 13.49.56.png

When you click Create it will give you a url and you need to save this url.

Ekran Resmi 2025-05-23 13.50.50.png

After this process, the things we need to do on the Microsoft side are over. Now it is time to complete this integration in Logsign USO.

After selecting Settings > Responses > Webhook, it will be enough to make an edit as below. If success comes when you press test, the integration is successful.

Then you can send Incident data to Microsoft Teams through this integration by creating an Incident or Action Rule.

To use Microsoft Teams Webhook we need to make POST requests, we have to pay attention to this.

Ekran Resmi 2025-05-23 13.59.19.png

You can then create your own draft and edit the information you want to send.

The sample draft is as follows.

 

Additional Header Json Example;

{"Content-Type": "application/json"}

 

Additional Payload Json Example;

{
"@type": "MessageCard",
"@context": "https://schema.org/extensions",
"summary": "Log Alert",
"themeColor": "0076D7",
"title": "🚨 $GET['TriggeredAlert.Alert.Info']",
"sections": [{
"activityTitle": "**$GET['TriggeredAlert.Action.Object']",
"activitySubtitle": "$GET['TriggeredAlert.Time.Generated']",
"facts": [
{ "name": "External IP", "value": "$GET['TriggeredAlert.External.IP']" },
{ "name": "AlertUID", "value": "$GET['TriggeredAlert.Alert.AlertUID']" }
],
"markdown": true
}]
}

 

If you send a payload in this way, you can get a response like below on the teams side.

Ekran Resmi 2025-05-23 14.01.49.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.