Forum Discussion
Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts
What are some of the best methods and strategies to start implementing an integration between Sentinel and TEAMS where when there are certain instances or alerts occurring, said alerts can be pinged to certain members on Microsoft TEAMS like through the use of playbooks, automations and setting up a API connection to integrate the two.
Hello cronic1000 ,
You can find Teams connector under Office 365 connector.
After you have connected it, you will be able to create Analytic rules, Playbooks, etc. to get alerts.
Go to Sentinel -> Data connectors -> Search for Office 365 and open it. You will see 3 record types (Exchange, SharePoint, and Teams).
Under "Next steps" on the same connector page you can find 36 analytic rules to create for the mentioned record types.
- There is a built-in Team playbook to Post a Message here: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Post-Message-Teams
...and a few others for Incident "changed, reopened or closed") https://github.com/Azure/Azure-Sentinel/search?q=teams+notify- Thanks. You are right, there are built-in Teams playbooks.
I didn't get the original question 🙂
- Thank you, I didn't know about this, currently trying to implement this on my company's TEAMS channel but currently waiting for IT approval to get "Power Automate" as that's one of the apps it uses to create automated messages and im doing it through the use of an adaptive card, will update soon.
