Forum Discussion
cronic1000
Jun 10, 2022Copper Contributor
Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts
What are some of the best methods and strategies to start implementing an integration between Sentinel and TEAMS where when there are certain instances or alerts occurring, said alerts can be pinged ...
mikhailf
Steel Contributor
Hello cronic1000 ,
You can find Teams connector under Office 365 connector.
After you have connected it, you will be able to create Analytic rules, Playbooks, etc. to get alerts.
Go to Sentinel -> Data connectors -> Search for Office 365 and open it. You will see 3 record types (Exchange, SharePoint, and Teams).
Under "Next steps" on the same connector page you can find 36 analytic rules to create for the mentioned record types.
Clive_Watson
Jun 13, 2022Bronze Contributor
There is a built-in Team playbook to Post a Message here: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Post-Message-Teams
...and a few others for Incident "changed, reopened or closed") https://github.com/Azure/Azure-Sentinel/search?q=teams+notify
...and a few others for Incident "changed, reopened or closed") https://github.com/Azure/Azure-Sentinel/search?q=teams+notify
- mikhailfJun 13, 2022Steel ContributorThanks. You are right, there are built-in Teams playbooks.
I didn't get the original question 🙂