InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Microsoft Teams Integration

Instructions for Integration Between Microsoft Teams & InsightCloudSec

The Microsoft Teams integration works like other messaging integrations. InsightCloudSec can send notification messages to Microsoft Teams channels and is compatible with all InsightCloudSec resources.

Users can take advantage of the teams integration to send high priority security alerts to MS Teams Channels. For issues like the provisioning of noncompliant security group rules which leave SSH open to the world, the applicable team or person can receive a notice and respond.

For additional details on Integrations, including editing and deleting integrations, take a look at the Integrations Overview page. Also check out our documentation on Jinja2 for information about templating with Jinja2.

Prerequisites

To complete the Microsoft Teams Integration, you will need to ensure you have the following:

  • A functioning InsightCloudSec platform installation and Org Admin permissions
  • Administrative access to the Microsoft Teams setup you want to use for integration

If you need help with this integration, contact [email protected].

Setup for Microsoft Teams Integration

📘

DivvyCloud vs. InsightCloudSec (Screen Captures)

Some images include DivvyCloud but the capability within InsightCloudSec is exactly the same.

Configuration Steps in Microsoft Teams

1. Visit your MS Teams application and locate the channel you want to target for integration.

  • Note: Channel integrations must be configured individually

2. Click on the ellipsis menu option to the right of the channel and select "Connectors".

MS Teams Channel Context MenuMS Teams Channel Context Menu

MS Teams Channel Context Menu

3. Locate (using Search) and select the "Incoming Webhook" option. Provide a name (one you can easily remember) and click "Create".

  • Note: The name you create here has no link to the name required in InsightCloudSec, but as a best practice, it's typically easier to just keep the same name.
Create a New Teams WebhookCreate a New Teams Webhook

Create a New Teams Webhook

4. After you click "Create", copy the URL generated at the bottom of the form.

Note: If you mistakenly close this form before copying the URL, you can obtain the webhook URL again from the channel details by clicking the ellipsis menu next to the Teams channel (as shown above) and looking under the "Configured" option.

Configuration Steps in InsightCloudSec

1. Navigate to "Administration --> Integrations" page and select "Edit" on the Microsoft Teams card.

Create a New Microsoft Teams Integration in InsightCloudSecCreate a New Microsoft Teams Integration in InsightCloudSec

Create a New Microsoft Teams Integration in InsightCloudSec

2. Enter a channel name (e.g., MS Integration) and paste the URL you obtained from MS Teams when you created the new webhook. Click "Save".

Adding the Webhook in InsightCloudSecAdding the Webhook in InsightCloudSec

Adding the Webhook in InsightCloudSec

3. Success. You have configured the integration for Microsoft Teams. Now it's time to set up a Bot to send your notifications.

Using an MS Teams Webhook for Health Notifications

In addition to general MS Teams channel integration, you can also use an MS Teams webhook to subscribe to InsightCloudSec Health Notifications.

Health Notifications are typically generated based on issues related to the following: system clock drift, job scheduling (no harvest within 24 hours), invalid credentials, assume role failures, and invalid permissions.

Configure Bot with the "Send Microsoft Teams Message" Action

To set up a Bot to use the Microsoft Teams integration, you will need to complete something similar to the steps outlined below.

1. From the main navigation panel, locate Automation and select "BotFactory"

2. Click Create Bot and complete your desired details for the "About Your Bot", "Resource Type & Groups", and "Filters" sections.

3. In the Actions section, click Add Action and locate the new "Send Microsoft Teams Message (Webhook)" action. (Search using "Teams" or "Webhook" for quickest results).

4. Complete the configuration for the action.
Note: You must use the same name you supplied when you created the integration in the InsightCloudSec portion of the setup; our example used "MS Integration" (this name does not have to match the name you supplied in Teams).

InsightCloudSec Bot Action Setup ExampleInsightCloudSec Bot Action Setup Example

InsightCloudSec Bot Action Setup Example

5. Select "Next" to define any Run Options and then select "Save" when your Bot is complete.

6. Confirm your Bot is operating as intended. If you run into issues we are here to help. Reach out to [email protected].

What's Next?

After completing your Microsoft Teams integration, you may be interested in learning more about other Integrations we offer, including PagerDuty Integration, ServiceNow Integration, or Splunk Integration.

Check out additional information on templating with Jinja2. Or for additional information on capabilities on Bots and automation, check out our documentation on BotFactory.

Updated a day ago

Microsoft Teams Integration


Instructions for Integration Between Microsoft Teams & InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.