Technical Tip: Example of CUSTOM Webhook payloads for Microsoft Teams
- November 4, 2024
- 0 replies
- 1100 views
| Description | This article provides an example of CUSTOM Webhook payloads for Microsoft Teams. |
| Scope | FortiDLP. |
| Solution | Microsoft Teams is able to accept incoming webhook events from the Reveal platform and display them to a user or group conversation.
Microsoft has documentation outlining how to configure the incoming JSON payload format for Adaptive Cards. This article outlines examples of how to use the Reveal Incidents and Detections information fields to correctly format this data for Microsoft Teams.
Full details for all Incident, Detection, and Audit logs fields can be found in the platform documentation under: Administration -> Reveal Administration Guide -> Configure -> Webhooks.
The following examples do not contain every possible field. Consult the documentation to add relevant fields for the requirements.
Detection Example:
{ "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "Next DLP - Detections Webhook", "title": "Next DLP - Detections Webhook", "sections": [ { "activityTitle": "Detection Alert", "activitySubtitle": "Please see the details below:" }, { "title": "Detection Details", "facts": [ { "name": "Tenant Name", "value": "{{- js .TenantName -}}" }, { "name": "Tenant Origin", "value": "{{- js .TenantOrigin -}}" }, { "name": "Timestamp", "value": "{{- js .Timestamp -}}" }, { "name": "Description", "value": "{{- js .Description -}}" }, { "name": "Score", "value": "{{- js .Score -}}" }, { "name": "Agent Hostname", "value": "{{- js .AgentHostname -}}" }, { "name": "Username", "value": "{{- js .Username -}}" }, { "name": "Label Names", "value": "{{- js .LabelNames -}}" }, { "name": "Metadata - File Name", "value": "{{- js .Metadata.FileName -}}" }, { "name": "Process Info - Binary Name", "value": "{{- js .ProcessInfo.BinaryName -}}" } ] } ] }
Incident example:
{ "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "Next DLP - Incidents Webhook", "title": "Next DLP - Incidents Webhook", "sections": [ { "activityTitle": "Incident Alert", "activitySubtitle": "Please see the details below:" }, { "title": "Incident Details", "facts": [ { "name": "Tenant Name", "value": "{{- js .TenantName -}}" }, { "name": "Tenant Origin", "value": "{{- js .TenantOrigin -}}" }, { "name": "Incident UUID", "value": "{{- js .UUID -}}" }, { "name": "Incident Link", "value": "{{- js .TenantOrigin -}}/#incidents/{{- js .UUID -}}" }, { "name": "Description", "value": "{{- js .Description -}}" }, { "name": "Anonymised Description", "value": "{{- js .AnonymisedDescription -}}" }, { "name": "Score", "value": "{{- js .Score -}}" } ] } ] } |