Overview
This guide outlines the steps to configure Logpoint to send incident details to a Microsoft Teams channel using a Workflow.Workflows helps you automate repetitive tasks and processes in Teams. It can also help us with our day to day task with the workflows such as scheduling the reminder on follow-up, creating a planner task from a message and so on.
Prerequisites
Access to Logpoint with appropriate user permissions to configure alert notifications.
A Microsoft Teams channel where alerts should be sent.
A Workflow for the Teams channel.
Step 1: Create an Workflow in Microsoft Teams
Open Microsoft Teams and navigate to the desired channel.
Click on the More options (⋮) next to the channel name and select Workflow.
Search for Post to a channel when a webhook request is received and click to Add.
Provide a name for the Workflow (e.g., "Logpoint Alerts")
Click Create, then copy the generated Workflow URL.
Click Done.
Step 2: Configure Logpoint for HTTP Alert Notification
Log in to Logpoint.
Navigate to Settings > Knowledge base > Alerts rules > Search for the alerts> click on bell icon> Click on HTTP Notification.
Enable the Notify via HTTP/S button
Notification Trigger : Automatic
Protocol: HTTPS
Base URL : Input the workflow generated URL
Request Type: POST
Headers: None
Body: { "type": "message", "attachments": [ { "contentType": "application/vnd.microsoft.card.adaptive", "content": { "type": "AdaptiveCard", "body": [ { "type": "TextBlock", "text": "{{alert_name}}", "weight": "Bolder", "size": "Medium", "color": "Attention" }, { "type": "TextBlock", "text":"{{description}}", "wrap": "true" }, { "type": "TextBlock", "text": "Risk Level: {{risk_level}}", "weight": "Bolder", "color": "Warning", "wrap": "true" }, { "type": "TextBlock", "text": "Incident Timestamp: {{detection_timestamp | datetime}}", "wrap": "true", "spacing": "None" } ], "$schema": "http://adaptivecards.io/schemas/adaptive-card.json", "version": "1.0" } } ] }
The triggered incident will send the HTTP post request with Logpoint Reserved Jinja placeholders which populates the incident details to be posted in the Microsoft Teams Channel.
Step 3: Enhancing Notifications with Adaptive Cards
Adaptive Cards allow for richer, more structured messages in Teams. Instead of plain text, you can format alerts into a visually appealing and interactive format.
Troubleshooting Tips
Verify the HTTP Notification configuration
Check for the alert_dispatcher log for any errors.
Conclusion
By configuring Logpoint Alert notification via HTTP to Microsoft Teams, you can get the real time notifications in your Microsoft Team channel.
Comments
Please sign in to leave a comment.