Microsoft Teams Integration

The Microsoft Teams integration works like other messaging integrations. InsightCloudSec can send notification messages to Microsoft Teams channels and is compatible with all InsightCloudSec resources.

Users can take advantage of the teams integration to send high priority security alerts to MS Teams Channels. For issues like the provisioning of noncompliant security group rules which leave SSH open to the world, the applicable team or person can receive a notice and respond.

For additional details on Integrations, including editing and deleting integrations, take a look at the Integrations Overview page. Also check out our documentation on Jinja2 for information about templating with Jinja2.

Prerequisites

To complete the Microsoft Teams Integration, you will need to ensure you have the following:

  • A functioning InsightCloudSec platform installation and Org Admin permissions
  • Administrative access to the Microsoft Teams setup you want to use for integration

If you need help with this integration, contact us through the Customer Support Portal.

Setup for Microsoft Teams Integration

Configuration Steps in Microsoft Teams

  1. Visit your Microsoft Teams application and locate the channel you want to target for integration. Channel integrations must be configured individually.
  2. Click on the ellipsis menu option to the right of the channel and select Connectors.
  3. Locate (using Search) and select the Incoming Webhook option. Provide a name (one you can easily remember) and click Create. The name you create here has no link to the name required in InsightCloudSec, but as a best practice, it's typically easier to just keep the same name.
  4. After you click Create, copy the URL generated at the bottom of the form. If you mistakenly close this form before copying the URL, you can obtain the webhook URL again from the channel details by clicking the ellipsis menu next to the Teams channel (as shown above) and looking under the Configured option.

Configuration Steps in InsightCloudSec

  1. Navigate to Administration > Integrations page and select Edit on the Microsoft Teams card.
  2. Enter a channel name (e.g., MS Integration) and paste the URL you obtained from MS Teams when you created the new webhook. Click Save.
  3. Success. You have configured the integration for Microsoft Teams. Now it's time to set up a Bot to send your notifications.

Using an MS Teams Webhook for Health Notifications

In addition to general MS Teams channel integration, you can also use an MS Teams webhook to subscribe to InsightCloudSec Health Notifications.

Health Notifications are typically generated based on issues related to the following: system clock drift, job scheduling (no harvest within 24 hours), invalid credentials, assume role failures, and invalid permissions.

Configure Bot with the Microsoft Teams Action

To set up a Bot to use the Microsoft Teams integration, you will need to complete something similar to the steps outlined below.

  1. From the main navigation panel, locate Automation and select BotFactory
  2. Click Create Bot and complete the About Your Bot, Resource Type & Groups, and Filters sections.
  3. In the Actions section, click Add Action and locate the Send Microsoft Teams Message (Webhook) action.
  4. Complete the configuration for the action. You must use the same name you supplied when you created the integration in the InsightCloudSec portion of the setup.
  5. Select Next to define any Run Options and then select Save when your Bot is complete.
  6. Confirm your Bot is operating as intended. If you run into issues we are here to help. Reach out to us through the Customer Support Portal.