Post Message Teams
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook will post a message in a Microsoft Teams channel when an Incident is created in Microsoft Sentinel.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | SentinelSOARessentials |
| Source | View on GitHub |
Additional Documentation
Post-Message-Teams (Incident Trigger)
author: Yaniv Shasha
Summary
This playbook posts a message in a Microsoft Teams channel when an incident is created in Microsoft Sentinel. The message includes key incident details such as severity, title, status, ID, and URL.
Prerequisites
- A Microsoft Teams account with permission to post messages to the target channel.
- Teams Group ID and Channel ID (can be found in the Teams web URL).
Deployment instructions
- To deploy the playbook, click the Deploy to Azure button below. This will launch the ARM Template deployment wizard.
- Fill in the required parameters:
- Playbook Name
- Teams Group ID
- Teams Channel ID
Post-deployment Instructions
a. Authorize connections
Once deployment is complete, authorize each connection.
- Open the Logic App in the Azure portal.
- Click the Teams connector resource.
- Click Edit API connection.
- Click Authorize.
- Sign in.
- Click Save.
- Repeat steps for other connections as needed.
Note: The message will be sent from the user who creates the connection.
b. Attach the playbook
- In Microsoft Sentinel, configure an automation rule to trigger this playbook when an incident is created.
- Learn more about automation rules
Note: Enable the playbook if it is disabled before assigning it to the automation rule.
Screenshots
Playbook
Teams Message Example
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊