Fortinet black logo

Administration Guide

Microsoft Teams Notification action

Microsoft Teams Notification action

Microsoft Teams Notification actions can be configured to send notifications to channels in Microsoft Teams. To trigger the notifications, you need to add an Incoming Webhook connector to a channel in Microsoft Teams, then you can configure the automation stitch with the webhook URL.

In the following example, you will configure an automation stitch with the default Any Security Rating Notification trigger and two Microsoft Teams Notification actions with different notification messages. One message is for the Security Rating Summary log, and the other is a custom message with a ten second delay.

To add the Incoming Webhook connector in a Microsoft Teams channel:
  1. In Microsoft Teams, click the ... (More options) beside the channel name, and select Connectors.
  2. Search for Incoming Webhook and click Configure.
  3. Enter a name for the webhook, upload an image for the webhook, and click Create.
  4. Copy the webhook to the clipboard and save it.

  5. Click Done.
To configure an automation stitch with Microsoft Teams Notification actions in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Select Any Security Rating Notification.
    3. Click Apply.
  4. Configure the first Microsoft Teams Notification action:
    1. Click Add Action.
    2. Click Create and select Microsoft Teams Notification.
    3. Enter the following:

      Name

      teams_1

      URL

      Paste the webhook URI from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the second Microsoft Teams Notification action:
    1. Click Add Action.
    2. Click Create and select Microsoft Teams Notification.
    3. Enter the following:

      Name

      teams_2

      URL

      Paste the webhook URI from the clipboard

      Message

      Text

      Message text

      This is for test.

    4. Click OK.
    5. Select the action in the list and click Apply.
    6. Click the Add delay located between both actions. Enter 10 and click OK.

  6. Click OK.
  7. Trigger the automation stitch:
    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Microsoft Teams channel.

To configure an automation stitch with Microsoft Teams Notification actions in the CLI:
  1. Configure the automation trigger:
    config system automation-trigger
        edit "Any Security Rating Notification"
            set event-type security-rating-summary
            set report-type any			
        next
    end
  2. Configure the automation actions:
    config system automation-action
        edit "teams_1"
            set action-type microsoft-teams-notification
            set uri "outlook.office.com/webhook/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/IncomingWebhook/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        next
        edit "teams_2"
            set action-type microsoft-teams-notification
            set message "This is for test."
            set uri "outlook.office.com/webhook/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/IncomingWebhook/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        next
    end
  3. Configure the automation stitch:
    config system automation-stitch
        edit "Teams_action"
            set trigger "Any Security Rating Notification"
            config actions
                edit 1
                    set action "teams_1"
                    set required enable
                next
                edit 2
                    set action "teams_2"
                    set delay 10
                    set required enable
                next
            end
        next
    end
  4. Verify that the automation action was triggered:

    # diagnose test application autod 3

    stitch: Teams_action

    local hit: 2 relayed to: 0 relayed from: 0

    last trigger:Mon Nov 16 10:28:08 2020

    last relay:

    actions:

    teams_1:

    done: 2 relayed to: 0 relayed from: 0

    last trigger:Mon Nov 16 10:28:08 2020

    last relay:

    teams_2:

    done: 2 relayed to: 0 relayed from: 0

    last trigger:Mon Nov 16 10:28:08 2020

    last relay:

    logid2stitch mapping:

    id:52000 local hit: 22 relayed hits: 0

    Teams_action

Microsoft Teams Notification action

Microsoft Teams Notification actions can be configured to send notifications to channels in Microsoft Teams. To trigger the notifications, you need to add an Incoming Webhook connector to a channel in Microsoft Teams, then you can configure the automation stitch with the webhook URL.

In the following example, you will configure an automation stitch with the default Any Security Rating Notification trigger and two Microsoft Teams Notification actions with different notification messages. One message is for the Security Rating Summary log, and the other is a custom message with a ten second delay.

To add the Incoming Webhook connector in a Microsoft Teams channel:
  1. In Microsoft Teams, click the ... (More options) beside the channel name, and select Connectors.
  2. Search for Incoming Webhook and click Configure.
  3. Enter a name for the webhook, upload an image for the webhook, and click Create.
  4. Copy the webhook to the clipboard and save it.

  5. Click Done.
To configure an automation stitch with Microsoft Teams Notification actions in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Select Any Security Rating Notification.
    3. Click Apply.
  4. Configure the first Microsoft Teams Notification action:
    1. Click Add Action.
    2. Click Create and select Microsoft Teams Notification.
    3. Enter the following:

      Name

      teams_1

      URL

      Paste the webhook URI from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the second Microsoft Teams Notification action:
    1. Click Add Action.
    2. Click Create and select Microsoft Teams Notification.
    3. Enter the following:

      Name

      teams_2

      URL

      Paste the webhook URI from the clipboard

      Message

      Text

      Message text

      This is for test.

    4. Click OK.
    5. Select the action in the list and click Apply.
    6. Click the Add delay located between both actions. Enter 10 and click OK.

  6. Click OK.
  7. Trigger the automation stitch:
    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Microsoft Teams channel.

To configure an automation stitch with Microsoft Teams Notification actions in the CLI:
  1. Configure the automation trigger:
    config system automation-trigger
        edit "Any Security Rating Notification"
            set event-type security-rating-summary
            set report-type any			
        next
    end
  2. Configure the automation actions:
    config system automation-action
        edit "teams_1"
            set action-type microsoft-teams-notification
            set uri "outlook.office.com/webhook/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/IncomingWebhook/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        next
        edit "teams_2"
            set action-type microsoft-teams-notification
            set message "This is for test."
            set uri "outlook.office.com/webhook/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/IncomingWebhook/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        next
    end
  3. Configure the automation stitch:
    config system automation-stitch
        edit "Teams_action"
            set trigger "Any Security Rating Notification"
            config actions
                edit 1
                    set action "teams_1"
                    set required enable
                next
                edit 2
                    set action "teams_2"
                    set delay 10
                    set required enable
                next
            end
        next
    end
  4. Verify that the automation action was triggered:

    # diagnose test application autod 3

    stitch: Teams_action

    local hit: 2 relayed to: 0 relayed from: 0

    last trigger:Mon Nov 16 10:28:08 2020

    last relay:

    actions:

    teams_1:

    done: 2 relayed to: 0 relayed from: 0

    last trigger:Mon Nov 16 10:28:08 2020

    last relay:

    teams_2:

    done: 2 relayed to: 0 relayed from: 0

    last trigger:Mon Nov 16 10:28:08 2020

    last relay:

    logid2stitch mapping:

    id:52000 local hit: 22 relayed hits: 0

    Teams_action