Microsoft Teams Destination

Configuring Microsoft Teams as an alert destination in your Panther Console

Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Microsoft Teams as the destination where you will receive alerts.

The MS Teams Destination requires a Microsoft Teams Webhook URL. When an alert is forwarded to an MS Teams Destination, it sends a message to the specified Webhook URL.

How to set up Microsoft Teams alert destinations in Panther

Configure the Power Automate Workflow in Microsoft Teams

To set up the Microsoft Teams destination, use Power Automate with a Webhook URL. Before proceeding, make sure your team has permission to add workflows in Microsoft Teams.

Log in to your Microsoft Teams application.
Navigate to Workflows. Click New Flow, then click Create from Blank.

Search the trigger "When a Teams webhook request is received" and add to the flow.

Specify who can trigger - "Anyone".

Add a New Step: "Post card in chat or channel" Configure this step as follows:
1. Select an output from the previous step: Click the field and choose attachments.
2. Post card in chat or channel:
  - Post as: Select Flow bot.
  - Post in: Select Channel.
  - Team: Choose the appropriate Microsoft Team where the message should be sent.
  - Channel: Select the channel that will receive the alerts.
  - Adaptive Card: Click the field and select content.

Update the workflow name to something meaningful, then click Save to finalize your changes.

After saving the workflow, a webhook URL will be generated under the first step labeled "HTTP POST URL." Copy this URL, as you’ll need it later in Panther.

Configure the Microsoft Teams alert destination in Panther

Log in to the Panther Console.
In the left sidebar, click Configure > Alert Destinations.
Click +Add your first Destination.
- If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.
Click Microsoft Teams.
Fill out the form to configure the Destination:
- Display Name: Enter a descriptive name.
- Webhook URL: Enter the Microsoft Teams Webhook URL that you generated in the previous steps of this documentation.
- Severity: Select the severity level of alerts to send to this Destination.
- Alert Types: Select the alert types to send to this Destination.
Click Add Destination.
On the final page, optionally click Send Test Alert to test the integration. When you are finished, click Finish Setup.

Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.

PreviousJira Data Center Destination (Beta)NextMindflow Destination

Last updated 9 days ago

Was this helpful?