Azure Sentinel Teams Post

%3CLINGO-SUB%20id%3D%22lingo-sub-1335352%22%20slang%3D%22en-US%22%3EAzure%20Sentinel%20Teams%20Post%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1335352%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20successfully%20implement%20Posting%20to%20Teams%20Channel%20Playbook%20i%20am%20running%20in%20some%20issues%20and%20the%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FPlaybooks%2FPost-Message-Teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FPlaybooks%2FPost-Message-Teams%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1335592%22%20slang%3D%22en-US%22%3ERE%3A%20Azure%20Sentinel%20Teams%20Post%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1335592%22%20slang%3D%22en-US%22%3E%3CP%3EI%20manage%20to%20get%20it%20through%20by%20deleting%20the%20for%20each%20function%20and%20add%20just%20post%20to%20teams%20at%20the%20end%20of%20the%20Logic%20App%20Designer%20in%20case%20anyone%20needs%20it%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fissues%2F617%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fissues%2F617%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1335638%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Teams%20Post%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1335638%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F634199%22%20target%3D%22_blank%22%3E%40akefallonitis%3C%2FA%3E%26nbsp%3B%3CSTRIKE%3EI%20just%20tried%20to%20deploy%20it%2C%20and%20I%20also%20have%20errors.%3C%2FSTRIKE%3E%20I%20just%20noticed%20you%20figured%20this%20out.%20I%20post%20my%20answer%20anyway%2C%20maybe%20it'll%20help%20someone.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you're%20interested%20in%20deploying%20this%20playbook%20without%20using%20a%20template%2C%20you%20can%20create%20a%20simple%20Logic%20App%20as%20shown%20on%20this%20picture%2C%20fill%20the%20necessary%20fields%20and%20associate%20the%20Logic%20App%20to%20an%20analytic%20rule%20in%20Sentinel.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ClementBonnet_1-1587735547106.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F186481iF602EB33AC5E3CE4%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22ClementBonnet_1-1587735547106.png%22%20alt%3D%22ClementBonnet_1-1587735547106.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi,

 

Anyone successfully implement Posting to Teams Channel Playbook i am running in some issues and the default does not seem to work when i attach it to a rule analytics https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Post-Message-Teams

 

Thanks in advance

2 Replies
Highlighted

I manage to get it through by deleting the for each function and add just post to teams at the end of the Logic App Designer in case anyone needs it

 

https://github.com/Azure/Azure-Sentinel/issues/617

Highlighted

@akefallonitis I just tried to deploy it, and I also have errors. I just noticed you figured this out. I post my answer anyway, maybe it'll help someone.

 

If you're interested in deploying this playbook without using a template, you can create a simple Logic App as shown on this picture, fill the necessary fields and associate the Logic App to an analytic rule in Sentinel.

ClementBonnet_1-1587735547106.png