Microsoft Teams Destination

Configuring Microsoft Teams as an alert destination in your Panther Console


Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Microsoft Teams as the destination where you will receive alerts.
The MS Teams Destination requires a Microsoft Teams Webhook URL. When an alert is forwarded to an MS Teams Destination, it sends a message to the specified Webhook URL.

How to set up Microsoft Teams alert destinations in Panther

Configure the Webhook URL in Microsoft Teams

The Microsoft Teams Destination is configured via a custom connector with a Webhook URL. First, ensure that your team has the option to add Incoming Webhooks as a connector.
  1. 1.
    Log in to your Microsoft Teams application.
  2. 2.
    Navigate to Apps. Click Connectors, then click Incoming Webhook.
    The image shows the Apps list in Microsoft Teams. In the left sidebar, Connectors is highlighted. On the right, the "Incoming Webhook" app is highlighted.
  3. 3.
    Click Add to a team.
  4. 4.
    Select a team to add the Incoming Webhook connector to, then click Setup a connector.
    The image shows a page in Microsoft Teams where you can select a channel to start using Incoming Webhook. There is a dropdown menu labeled "Type a team or channel name." It is filled in with "Panther Labs > General"
  5. 5.
    Click Configure next to Incoming Webhook. Configure the name, description, and settings.
    The image shows a page in Microsoft Teams with the header "Connectors for General channel in Panther Labs team." Below that, there is a list of Connectors. Next to "Incoming webhook", there is a button labeled "Configure."
  6. 6.
    Enter a name for the Incoming Webhook integration, and optionally upload an image. Click Create.
    The image shows the Incoming Webhook configuration page in Microsoft Teams. There is a field to enter a name, which is filled in with "Panther alerts." Below that, there is the option to upload an image. At the bottom, there is a "Create" button.
  7. 7.
    On the next page, a Webhook URL is displayed on the screen. Copy the URL and store it in a secure location, as you will need it in the next steps.
  8. 8.
    Click Done.

Configure the Microsoft Teams alert destination in Panther

  1. 1.
    Log in to the Panther Console.
  2. 2.
    In the left sidebar, click Configure > Alert Destinations.
  3. 3.
    Click +Add your first Destination.
    • If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.
  4. 4.
    Click Microsoft Teams.
  5. 5.
    Fill out the form to configure the Destination:
    • Display Name: Enter a descriptive name.
    • Webhook URL: Enter the Microsoft Teams Webhook URL that you generated in the previous steps of this documentation.
    • Severity: Select the severity level of alerts to send to this Destination.
    • Alert Types: Select the alert types to send to this Destination.
    • Log Type: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
      In the Panther Console, the "Configure your Msteams Destination" page is displayed. It contains fields for Display Name, Microsoft Teams Webhook URL, Severity, Alert Types, and Log Types.
  6. 6.
    Click Add Destination.
  7. 7.
    On the final page, optionally click Send Test Alert to test the integration. When you are finished, click Finish Setup.

Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.