Microsoft Teams Notifications

Microsoft has announced the deprecation of Office 365 Connectors, which are used for sending notifications to Microsoft Teams. To migrate, see Migrate from Office 365 Connectors to Power Automate.

Sysdig Monitor supports sending an alert notification to Microsoft Teams. Teams has different types of integrations for third-party applications, of which Sysdig supports Incoming Webhooks.

About Incoming Webhooks

Incoming Webhooks are a type of Connector in Teams that provide a simple way for an external app to share content in team channels. They are often used as tracking and notification tools. Microsoft Teams provides a unique URL to which you can send a JSON payload with the message that you want to POST, typically in a card format. Cards are UI containers that contain content and actions related to a single topic and are a way to present message data in a consistent way.

You will need to enter the URL that you copied from the Connector. Sysdig will format a message by using a custom card template and send it to the channel. The message will show up as a new notification in the Microsoft application.

Prerequisites

Note: Webhooks via HTTPS work only when a signed or valid certificate is in use.

Enable Microsoft Teams

  1. Complete steps 1-3 in Set Up a Notification Channel and choose Microsoft Teams.

  2. Enter the configuration options:

    • URL: The destination URL you have copied from Microsoft Teams UI.

    • Channel Name: Add a meaningful name for your channel.

    • Enabled: Toggle on or off.

    • Notification options: Toggle for notifications when alerts are resolved or acknowledged.

    • Test notification: Toggle to be notified that the configured URL is working.

    • Shared With: Choose whether to apply this channel globally. All Teams or to a specific team from the drop-down.

  3. Click Save.

Choose Message Format (Secure Only)

The “Configure Channel Sections” option applies only to notifications sent from Sysdig Secure events governed by Threat Detection policies. Here you can choose whether the message should be:

  • Shortened: (Default) Includes a summary of the event giving the rule, policy name, and contextual information about where the event took place. When available, a Runbook Link and Action Taken are displayed.
  • Detailed: Includes full event details, as shown.
Topics in This Section
Migrate from Office 365 Connectors to Power Automate

Microsoft has announced the deprecation of Office 365 Connectors, which are used for sending notifications to Microsoft Teams. According to their notice, new notification channels using the Office 365 Connector cannot be created after August 15th, 2024, and existing connectors will require a URL update to function after December 31st, 2024.