Microsoft Teams Notifications

Sysdig Monitor supports sending an alert notification to Microsoft Teams. Teams has different types of integrations for third-party applications, of which Sysdig supports Incoming Webhooks.

About Incoming Webhooks

Incoming Webhooks are a type of Connector in Teams that provide a simple way for an external app to share content in team channels. They are often used as tracking and notification tools. Microsoft Teams provides a unique URL to which you can send a JSON payload with the message that you want to POST, typically in a card format. Cards are UI containers that contain content and actions related to a single topic and are a way to present message data in a consistent way.

You will need to enter the URL that you copied from the Connector. Sysdig will format a message by using a custom card template and send it to the channel. The message will show up as a new notification in the Microsoft application.

Prerequisites

Have the destination URL handy. You can copy it from the Connectors > Incoming Webhook window on the Microsoft Teams UI. For more information, see Add an incoming Webhook to a Teams channel.

Note: Webhooks via HTTPS work only when a signed or valid certificate is in use.

Enable Microsoft Teams

Complete steps 1-3 in Set Up a Notification Channel and choose Microsoft Teams.
Enter the configuration options:
- URL: The destination URL you have copied from Microsoft Teams UI.
- Channel Name: Add a meaningful name for your channel.
- Enabled: Toggle on or off.
- Notification options: Toggle for notifications when alerts are resolved or acknowledged.
- Test notification: Toggle to be notified that the configured URL is working.
- Shared With: Choose whether to apply this channel globally. All Teams or to a specific team from the drop-down.
Click Save.

Choose Message Format (Secure Only)

The “Configure Channel Sections” option applies only to notifications sent from Sysdig Secure events governed by Threat Detection policies. Here you can choose whether the message should be:

Shortened: (Default) Includes a summary of the event giving the rule, policy name, and contextual information about where the event took place. When available, a Runbook Link and Action Taken are displayed.
Detailed: Includes full event details, as shown.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.