Send Teams Adaptive Card on incident creation
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook will send Microsoft Teams Adaptive Card on incident creation, with the option to change the incident's severity and/or status.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | SentinelSOARessentials |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 3 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 0 |
microsoftsentinel |
Managed | 0 | 2 |
teams |
Managed | 1 | 0 |
Action parameters (URLs, paths, function IDs)
microsoftsentinel (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Update_incident_-_update_severity | put | /Incidents |
— |
| Update_incident_-_close_incident | put | /Incidents |
— |
Additional Documentation
📄 Source: Send-Teams-adaptive-card-on-incident-creation/readme.md
Send-Teams-adaptive-card-on-incident-creation
Author: Benjamin Kovacevic
This playbook will send Microsoft Teams Adaptive Card on incident creation, with the option to change the incident's severity and/or status.
Prerequisites
- Get Teams Group ID and Teams Channel ID. (instructions available on - https://www.linkedin.com/pulse/3-ways-locate-microsoft-team-id-christopher-barber-/). It is possible to choose Teams group and channel after deployment as well.
Quick Deployment
Deploy with incident trigger
After deployment, attach this playbook to an automation rule so it runs when the incident is created.
Learn more about automation rules
Post-deployment
- Assign Microsoft Sentinel Responder role to the Playbook's Managed Identity
- Authorize Microsoft Teams connector
Screenshots
Incident Trigger
Teams Notification
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊