FortiSIEM Discussions
Lyyiheang
New Contributor

Incident Notifications via Microsoft team/Telegram

Dear Team,

 

I would like to any possible way or guide for configuring FortiSIEM to send notification via Telegram or Microsoft team. Appreciate for every answer.

 

Thank You

2 Solutions
Secusaurus
Contributor II

Hi @Lyyiheang,

As of version 7.1.x, there is no integrated solution.

In MS Teams, you can get/view email addresses for each channel and simply send notifications via mail to these channels.

The only other way to send notifications is pushing an xml to a webserver (https), where you then need to have a script that can work with that.

I'd assume services like IFTTT could handle that but I don't think you'd like to do that from a data privacy perspective.

 

Best

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

View solution in original post

FCP & FCSS Security Operations | Fortinet Advanced Partner
marod1981
New Contributor

while there is no easy way included, it can be done via a python (remediation) script which uses a teams webhook. Same should work for telegram...

Screenshot 2024-02-12 082508.png

or sending a notification to my awtrix clock

awtrix (4).gif

 

Regards

Manuel

View solution in original post

5 REPLIES 5
Secusaurus
Contributor II

Hi @Lyyiheang,

As of version 7.1.x, there is no integrated solution.

In MS Teams, you can get/view email addresses for each channel and simply send notifications via mail to these channels.

The only other way to send notifications is pushing an xml to a webserver (https), where you then need to have a script that can work with that.

I'd assume services like IFTTT could handle that but I don't think you'd like to do that from a data privacy perspective.

 

Best

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
marod1981
New Contributor

while there is no easy way included, it can be done via a python (remediation) script which uses a teams webhook. Same should work for telegram...

Screenshot 2024-02-12 082508.png

or sending a notification to my awtrix clock

awtrix (4).gif

 

Regards

Manuel

Secusaurus

Hi Manuel,

 

Great point (love the awtrix clock and note that down for our SOC :) )!

Just one thing to note: The incident then is considered as remediated. Depending on how your analysts work, this might become irritating.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
Lyyiheang

@marod1981 Can you please share me script for testing? You idea is very great

ELCaminooo

HI @marod1981 can you provide your step-by-step configuration on python (remediation) script for microsoft teams.

 

Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"