Help
FortiSIEM Discussions
Lyyiheang
New Contributor

Created on ‎02-11-2024 12:01 AM

Incident Notifications via Microsoft team/Telegram

Dear Team,

 

I would like to any possible way or guide for configuring FortiSIEM to send notification via Telegram or Microsoft team. Appreciate for every answer.

 

Thank You

378
0 Kudos
2 Solutions
Secusaurus
Contributor

Created on ‎02-11-2024 02:47 AM

Hi @Lyyiheang,

As of version 7.1.x, there is no integrated solution.

In MS Teams, you can get/view email addresses for each channel and simply send notifications via mail to these channels.

The only other way to send notifications is pushing an xml to a webserver (https), where you then need to have a script that can work with that.

I'd assume services like IFTTT could handle that but I don't think you'd like to do that from a data privacy perspective.

 

Best

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

View solution in original post

FCP & FCSS Security Operations | Fortinet Advanced Partner
363
0 Kudos
marod1981
New Contributor

Created on ‎02-12-2024 12:13 AM

while there is no easy way included, it can be done via a python (remediation) script which uses a teams webhook. Same should work for telegram...

Screenshot 2024-02-12 082508.png

or sending a notification to my awtrix clock

awtrix (4).gif

 

Regards

Manuel

View solution in original post

344
4 REPLIES 4
Secusaurus
Contributor

Created on ‎02-11-2024 02:47 AM

Hi @Lyyiheang,

As of version 7.1.x, there is no integrated solution.

In MS Teams, you can get/view email addresses for each channel and simply send notifications via mail to these channels.

The only other way to send notifications is pushing an xml to a webserver (https), where you then need to have a script that can work with that.

I'd assume services like IFTTT could handle that but I don't think you'd like to do that from a data privacy perspective.

 

Best

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
364
0 Kudos
marod1981
New Contributor

Created on ‎02-12-2024 12:13 AM

while there is no easy way included, it can be done via a python (remediation) script which uses a teams webhook. Same should work for telegram...

Screenshot 2024-02-12 082508.png

or sending a notification to my awtrix clock

awtrix (4).gif

 

Regards

Manuel

345
Secusaurus
Contributor
In response to marod1981

Created on ‎02-12-2024 12:18 AM

Hi Manuel,

 

Great point (love the awtrix clock and note that down for our SOC :) )!

Just one thing to note: The incident then is considered as remediated. Depending on how your analysts work, this might become irritating.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
340
0 Kudos
Lyyiheang
New Contributor
In response to marod1981

Created on ‎02-12-2024 12:49 AM

@marod1981 Can you please share me script for testing? You idea is very great

334
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.