Integration with Microsoft Teams
You can configure CloudGuard to send notifications to Microsoft Teams. The integration uses a webhook that you create in Microsoft Teams. These CloudGuard features can send notifications to Microsoft Teams:
-
Toxic Combinations - The Toxic Combinations feature sends its own notifications. After you create a Microsoft Teams integration, you can configure CloudGuard to send notifications to a Microsoft Teams channel when it detects a Toxic Combination. See Toxic Combinations and Action Hub.
|
|
Important - Microsoft will deprecate Office 365 Webhook Connectors on January 31st, 2025. To continue using an integration of Microsoft Teams with CloudGuard, you must create a new webhook workflow in Microsoft Teams. For more information, see Microsoft documentation. |
Configuration
Step 1: In Microsoft Teams, create a webhook URL for CloudGuard
|
|
Note - If you are using Microsoft Teams Classic, click on Apps in the sidebar, search for Workflows, and then add Workflows. Click the Post to a channel when a webhook request is received workflow. Continue the instructions below in Step 1 > 5. |
-
Open Microsoft Teams.
-
For the relevant Microsoft Teams channel, click
and select Workflows. -
In the Notify a team section, click Post to a channel when a webhook request is received.
-
Add a name for the new workflow.
-
Click Next.
-
From the Microsoft Teams Team list, select your team.
-
From the Microsoft Teams Channel list, select your channel.
-
Click Add workflow.
-
In the Workflow added successfully field, click
to copy the webhook URL. Keep this URL in a safe place. -
Click Done.
Step 2: In CloudGuard, create a Microsoft Teams integration
-
From the left menu, select Integration Hub.
-
In the top right corner, select All Integrations.
-
In the Collaborations and Messaging section, click Teams.
The Teams sliding window opens.
-
Click Add.
-
Enter a name for the integration.
-
In the Teams webhook URL field, paste the webhook URL you copied from Microsoft Teams in Step 1 > 9.
Step 3: In CloudGuard, configure a notification to send to the Microsoft Teams integration
-
When you create or edit a notification, select one or more of these configurations::
-
CSPM - Summary report to Teams channel
-
Send critical security events to Teams channels (CDR, Admission control and Runtime protection only)
-
-
Add the notification to an applicable policy. For example, add the CSPM - Summary report to Teams channel notification to a CSPM policy.
For more information, see Notifications.
Step 4: Test the Integration
In CloudGuard, manually send the notification. In Microsoft Teams, check if the notification appears as expected. For more information, see Notifications.
Troubleshooting
If a test of the integration fails, follow this procedure to resolve a rare issue in Microsoft Teams
To troubleshoot the integration between CloudGuard and Microsoft Teams
-
Log in to your Microsoft Power Apps.
-
Click Flows and select the flow that you created for CloudGuard.
-
Click Edit.
-
Select Send each adaptive card.
-
From the Select an output from previous steps list, select Post card in a chat or channel.
-
From the Post as list, select User.
-
Click Save.
-
Test the integration between CloudGuard and Microsoft Teams.