Microsoft Teams Destination
Configuring Microsoft Teams as an alert destination in your Panther Console
Last updated
Was this helpful?
Configuring Microsoft Teams as an alert destination in your Panther Console
Last updated
Was this helpful?
Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Microsoft Teams as the destination where you will receive alerts.
The MS Teams Destination requires a Microsoft Teams Webhook URL. When an alert is forwarded to an MS Teams Destination, it sends a message to the specified Webhook URL.
The Microsoft Teams Destination is configured via a custom connector with a Webhook URL. First, ensure that your team has the option to add Incoming Webhooks as a connector.
Log in to your Microsoft Teams application.
Navigate to Apps. Click Connectors, then click Incoming Webhook.
Click Add to a team.
Select a team to add the Incoming Webhook connector to, then click Setup a connector.
Click Configure next to Incoming Webhook. Configure the name, description, and settings.
Enter a name for the Incoming Webhook integration, and optionally upload an image. Click Create.
On the next page, a Webhook URL is displayed on the screen. Copy the URL and store it in a secure location, as you will need it in the next steps.
Click Done.
Log in to the Panther Console.
In the left sidebar, click Configure > Alert Destinations.
Click +Add your first Destination.
If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.
Click Microsoft Teams.
Fill out the form to configure the Destination:
Display Name: Enter a descriptive name.
Webhook URL: Enter the Microsoft Teams Webhook URL that you generated in the previous steps of this documentation.
Severity: Select the severity level of alerts to send to this Destination.
Alert Types: Select the alert types to send to this Destination.
Click Add Destination.
On the final page, optionally click Send Test Alert to test the integration. When you are finished, click Finish Setup.
Log Type: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: .
