Post Message Teams

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook will post a message in a Microsoft Teams channel when an Incident is created in Microsoft Sentinel.

Attribute	Value
Type	Playbook
Solution	SentinelSOARessentials
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	0
`teams`	Managed	1	1

Action parameters (URLs, paths, function IDs)

`teams` (Managed)

Action	Method	Endpoint	Other
Post_a_message_(V3)	post	`[concat('/v3/beta/teams/@{encodeURIComponent(''', parameters('TeamsGroupId'), ''')}', '/channels/@{encodeURIComponent(''', parameters('TeamsChannelId'), ''')}/messages')]`	—

Additional Documentation

📄 Source: Post-Message-Teams/incident-trigger/readme.md

Post-Message-Teams (Incident Trigger)

author: Yaniv Shasha

Summary

This playbook posts a message in a Microsoft Teams channel when an incident is created in Microsoft Sentinel. The message includes key incident details such as severity, title, status, ID, and URL.

Prerequisites

A Microsoft Teams account with permission to post messages to the target channel.
Teams Group ID and Channel ID (can be found in the Teams web URL).

Deployment instructions

To deploy the playbook, click the Deploy to Azure button below. This will launch the ARM Template deployment wizard.
Fill in the required parameters:
- Playbook Name
- Teams Group ID
- Teams Channel ID