Configure Alert Notification via HTTP to Microsoft Teams

Overview

This guide outlines the steps to configure Logpoint to send incident details to a Microsoft Teams channel using a Workflow.Workflows helps you automate repetitive tasks and processes in Teams. It can also help us with our day to day task with the workflows such as scheduling the reminder on follow-up, creating a planner task from a message and so on.

Prerequisites

• Access to Logpoint with appropriate user permissions to configure alert notifications.

• A Microsoft Teams channel where alerts should be sent.

• A Workflow for the Teams channel.

Step 1: Create an Workflow in Microsoft Teams

• Open Microsoft Teams and navigate to the desired channel.

• Click on the More options (⋮) next to the channel name and select Workflow.

• Search for Post to a channel when a webhook request is received and click to Add.

• Provide a name for the Workflow (e.g., "Logpoint Alerts")

• Click Create, then copy the generated Workflow URL.

• Click Done.

Step 2: Configure Logpoint for HTTP Alert Notification

• Log in to Logpoint.

• Navigate to Settings > Knowledge base > Alerts rules > Search for the alerts> click on bell icon> Click on HTTP Notification.

• Enable the Notify via HTTP/S button

• Notification Trigger : Automatic

• Protocol: HTTPS

• Base URL : Input the workflow generated URL

• Request Type: POST

• Headers: None

• Body:
  {
  "type": "message",
  "attachments": [
  {
  "contentType": "application/vnd.microsoft.card.adaptive",
  "content": {
  "type": "AdaptiveCard",
  "body":
  [
  {
  "type": "TextBlock",
  "text": "{{alert_name}}",
  "weight": "Bolder",
  "size": "Medium",
  "color": "Attention"
  },
  {
  "type": "TextBlock",
  "text":"{{description}}",
  "wrap": "true"
  },
  {
  "type": "TextBlock",
  "text": "Risk Level: {{risk_level}}",
  "weight": "Bolder",
  "color": "Warning",
  "wrap": "true"
  },
  {
  "type": "TextBlock",
  "text": "Incident Timestamp: {{detection_timestamp | datetime}}",
  "wrap": "true",
  "spacing": "None"
  }
  
  ],
  "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
  "version": "1.0"
  }
  }
  ]
  }
  

The triggered incident will send the HTTP post request with Logpoint Reserved Jinja placeholders which populates the incident details to be posted in the Microsoft Teams Channel.

Step 3: Enhancing Notifications with Adaptive Cards

Adaptive Cards allow for richer, more structured messages in Teams. Instead of plain text, you can format alerts into a visually appealing and interactive format.

Troubleshooting Tips

• Verify the HTTP Notification configuration

• Check for the alert_dispatcher log for any errors.

Conclusion

By configuring Logpoint Alert notification via HTTP to Microsoft Teams, you can get the real time notifications in your Microsoft Team channel.