cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts

cronic1000
Copper Contributor

‎Jun 10 2022 08:16 AM

‎Jun 10 2022 08:16 AM

Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts

What are some of the best methods and strategies to start implementing an integration between Sentinel and TEAMS where when there are certain instances or alerts occurring, said alerts can be pinged to certain members on Microsoft TEAMS like through the use of playbooks, automations and setting up a API connection to integrate the two.

5,145 Views
0 Likes
4 Replies
Reply
4 Replies
mikhailf

‎Jun 12 2022 09:57 AM - edited ‎Jun 12 2022 10:01 AM

‎Jun 12 2022 09:57 AM - edited ‎Jun 12 2022 10:01 AM

Re: Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts

Hello @cronic1000 ,

 

You can find Teams connector under Office 365 connector. 

After you have connected it, you will be able to create Analytic rules, Playbooks, etc. to get alerts.

 

Go to Sentinel -> Data connectors -> Search for Office 365 and open it. You will see 3 record types (Exchange, SharePoint, and Teams). 

 

Under "Next steps" on the same connector page you can find 36 analytic rules to create for the mentioned record types.

 

 

0 Likes
Reply
Clive_Watson

‎Jun 13 2022 01:15 AM

‎Jun 13 2022 01:15 AM

Re: Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts

There is a built-in Team playbook to Post a Message here: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Post-Message-Teams

...and a few others for Incident "changed, reopened or closed") https://github.com/Azure/Azure-Sentinel/search?q=teams+notify
0 Likes
Reply
mikhailf

‎Jun 13 2022 02:34 AM

‎Jun 13 2022 02:34 AM

Re: Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts

Thanks. You are right, there are built-in Teams playbooks.
I didn't get the original question :)
1 Like
Reply
cronic1000

‎Jun 16 2022 08:05 AM

‎Jun 16 2022 08:05 AM

Re: Integration of Microsoft Sentinel & Microsoft TEAMS for integration of alerts

Thank you, I didn't know about this, currently trying to implement this on my company's TEAMS channel but currently waiting for IT approval to get "Power Automate" as that's one of the apps it uses to create automated messages and im doing it through the use of an adaptive card, will update soon.
0 Likes
Reply