| Description | This article describes how to create a Microsoft Teams from FortiAnalyzer, create a webhook from Microsoft Teams, and send an alert to Microsoft Teams. |
| Scope | FortiAnalyzer v7.4.1 and Microsoft Teams. |
| Solution |
Create Microsoft Teams Connector under Fabric View -> Fabric Connectors -> Create new -> MS Teams Connector.
Note: In v7.6, the connectors are under Incidents & Events -> Automation -> Active Connectors -> Create New.
When creating the Microsoft Teams Connector, the 'Teams Webhook URL' from Teams is necessary.
To get the Webhook URL, it is necessary to create a Channel under Manage Channel -> Connectors -> Edit.
Search for the 'incoming webhook' and configure the connector.
It is possible to set up any name and use the default, or upload an image and select create.
After the webhook has been created, the Webhook URL is available from the same page.
In versions before v7.4.7, the URL must be without 'https://'.
If the URL has not been copied, it is possible to get the URL from Manage Channel -> Connectors -> Edit -> Configured -> Manage.
After completing the Microsoft Teams Connectors from FortiAnalyzer, create an event handler.
Create a notification profile under Incident & Events -> Handlers -> Notification Profile and select the configured connector by enabling the 'Send Alert through Fabric Connectors' option.
This event handler is related to logging in to FortiGate. The handler setting changed to the notification sent to Microsoft Teams.
When the user logs in to the FortiGate, the event handler will trigger and send a notification to Microsoft Teams.
Microsoft Teams will get the notification below:
Note: If the Notification from Teams was configured before October 2024, it is possible that the notification stopped working. Connect must be updated. To do so, follow the instructions in this document from Microsoft Teams: Update connectors URL.
Related document: |
