Help
FortiSIEM Discussions
Lyyiheang
New Contributor

Created on ‎02-11-2024 12:01 AM

Incident Notifications via Microsoft team/Telegram

Dear Team,

 

I would like to any possible way or guide for configuring FortiSIEM to send notification via Telegram or Microsoft team. Appreciate for every answer.

 

Thank You

1233
0 Kudos
2 Solutions
Secusaurus
Contributor II

Created on ‎02-11-2024 02:47 AM

Hi @Lyyiheang,

As of version 7.1.x, there is no integrated solution.

In MS Teams, you can get/view email addresses for each channel and simply send notifications via mail to these channels.

The only other way to send notifications is pushing an xml to a webserver (https), where you then need to have a script that can work with that.

I'd assume services like IFTTT could handle that but I don't think you'd like to do that from a data privacy perspective.

 

Best

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

View solution in original post

FCP & FCSS Security Operations | Fortinet Advanced Partner
1218
0 Kudos
marod1981
New Contributor

Created on ‎02-12-2024 12:13 AM

while there is no easy way included, it can be done via a python (remediation) script which uses a teams webhook. Same should work for telegram...

Screenshot 2024-02-12 082508.png

or sending a notification to my awtrix clock

awtrix (4).gif

 

Regards

Manuel

View solution in original post

1199
5 REPLIES 5
Secusaurus
Contributor II

Created on ‎02-11-2024 02:47 AM

Hi @Lyyiheang,

As of version 7.1.x, there is no integrated solution.

In MS Teams, you can get/view email addresses for each channel and simply send notifications via mail to these channels.

The only other way to send notifications is pushing an xml to a webserver (https), where you then need to have a script that can work with that.

I'd assume services like IFTTT could handle that but I don't think you'd like to do that from a data privacy perspective.

 

Best

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
1219
0 Kudos
marod1981
New Contributor

Created on ‎02-12-2024 12:13 AM

while there is no easy way included, it can be done via a python (remediation) script which uses a teams webhook. Same should work for telegram...

Screenshot 2024-02-12 082508.png

or sending a notification to my awtrix clock

awtrix (4).gif

 

Regards

Manuel

1200
Secusaurus
Contributor II
In response to marod1981

Created on ‎02-12-2024 12:18 AM

Hi Manuel,

 

Great point (love the awtrix clock and note that down for our SOC :) )!

Just one thing to note: The incident then is considered as remediated. Depending on how your analysts work, this might become irritating.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
1195
0 Kudos
Lyyiheang
New Contributor
In response to marod1981

Created on ‎02-12-2024 12:49 AM

@marod1981 Can you please share me script for testing? You idea is very great

1189
0 Kudos
ELCaminooo
Staff
Staff
In response to marod1981

Created on ‎11-16-2024 10:43 PM

HI @marod1981 can you provide your step-by-step configuration on python (remediation) script for microsoft teams.

 

201
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.