Integration with Microsoft Teams
You can configure CloudGuard to send notifications to Microsoft Teams. The integration uses a webhook that you create in Microsoft Teams. These CloudGuard features can send notifications to Microsoft Teams:
-
Toxic Combinations - The Toxic Combinations feature sends its own notifications. After you create a Microsoft Teams integration, you can configure CloudGuard to send notifications to a Microsoft Teams channel when it detects a Toxic Combination. See Toxic Combinations and Action Hub.
|
Important - On January 31st, 2025, Microsoft will deprecate Office 365 Webhook Connectors. To continue using an integration of Microsoft Teams with CloudGuard, you must create a new webhook workflow in Microsoft Teams. For more information, see Microsoft documentation. |
Configuration
|
Note - If you are using Microsoft Teams Classic, click on Apps in the sidebar, search for Workflows, and then add Workflows. Click the Post to a channel when a webhook request is received workflow. Continue the instructions below from step 5. |
-
Open Microsoft Teams.
-
For the required Microsoft Teams channel, click and select Workflows.
-
In the Notify a team section, click Post to a channel when a webhook request is received.
-
Add a name for the new workflow.
-
Click Next.
-
From the Microsoft Teams Team list, select your team name.
-
From the Microsoft Teams Channel list, select your channel name.
-
Click Add workflow.
-
In the Workflow added successfully field, click to copy the webhook URL Keep this URL in a safe place.
-
Click Done.
-
From the left menu, select Integration Hub.
-
In the top right corner, select All Integrations.
-
In the Collaborations and Messaging section, click Teams.
The Teams sliding window opens.
-
Click Add.
-
Enter a name for the integration.
-
In the Teams webhook URL field, paste the webhook URL you copied from Microsoft Teams.
-
When you create or edit a notification, select one or more of these:
-
CSPM - Summary report to Teams channel
-
Send critical security events to Teams channels (CDR, Admission control and Runtime protection only)
-
-
Add the notification to an applicable policy. For example, add the CSPM - Summary report to Teams channel notification to a CSPM policy.
For more information, see Notifications.
Manually send the notification you configured from CloudGuard. Check if it appears as expected in Microsoft Teams. For more information, see Notifications.
Troubleshooting
If a test of the integration fails, follow this procedure to resolve a rare issue in Microsoft Teams
-
Log in to your Microsoft Power Apps.
-
Click Flows and select the flow that you just created.
-
Click Edit.
-
Select Send each adaptive card.
-
From the Select an output from previous steps list, select Post card in a chat or channel.
-
From the Post as list, select User.
-
Click Save.