Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    26.1.0
    26.1.0

    Microsoft Teams

    Microsoft Teams

    Microsoft Teams is a group collaboration tool that Microsoft recent released that is similar in nature to Slack and HipChat. Like other collaboration tools, it is most effective to have all of your alerts sent to Teams in order to stay up to date on infrastructure performance.

    To set up the integration, you need to do the following:

    1. At the minimum, a Microsoft Teams Essential package.

    2. Add a Workflow to a Teams channel.

    3. Set up the integration in FortiMonitor.

    These procedures are detailed in their respective sections below.

    Add a Workflow to a Teams channel

    1. Login to your Microsoft Teams application.

    2. Create a new Channel where you want to receive notifications.

    3. Go to Apps and search for Workflow.

    4. Click the Workflows app card and select Add. If is already added, the button on the card will be Open.

    5. Go back to the new channel then click on the 3-dot menu.

    6. Search for webhook in the dialog that pops up.

    7. Select Post to a channel when a webhook request is received.

    8. Click Next on the dialog. You now have the option to select where you want to receive notification.

    9. Click the Add Workflow button.

    10. After adding the Workflow, a new URL is displayed. Save this URL for later.

    Set up the integration in FortiMonitor

    After configuring Teams, continue setting up the integration in FortiMonitor.

    1. Log in to FortiMonitor.

    2. From the navigation menu, select Teams & Activity> Integrations.

    3. Locate the Teams card then click Configure.

    4. Configure your Teams integration. The configuration options are detailed in the following table:

    Field

    Description

    Title

    Enter a name for the MS Teams integration.

    Webhook URL

    URL generated from MS Teams that will allow you to send alerts to an MS Teams channel. Enter the copied URL from Teams in this field.

    5. Customize the MS Teams Outage and Clear incident cards. These are the messages that will be posted to the channel when an incident is detected or is resolved. The parameters you can use are detailed in the following sections.
    The following parameters are preconfigured by default:

    6. Select Save.

    7. Go to the Configured Integrations tab to verify your Teams integration.

    8. To set up notifications, configure the integration's Alert Timeline and add MS Teams to the timeline.

    MS Teams incident card examples

    Incident is detected

    Incident is resolved

    Broadcast

    Parameters

    Parameter

    Description

    $trigger

    The type of event that triggered this payload (outage, ack, broadcast, clear).

    $fqdn

    The Fully qualified domain name of the server experiencing the incident/clear.

    $name

    Name of the server experiencing the incident/clear.

    $timestamp

    UTC timestamp of when the incident/clear occurred.

    $event

    The type of event, either incident event or clear event.

    $outage_id

    The ID number of the associated incident.

    $services

    For service incident: services experiencing the incident/clear.

    $compound_service_id

    The ID number of the compound metric affected.

    $network_service_id

    The ID number of the network service affected.

    $resource

    For resource anomalies: resources experiencing the anomaly/clear.

    $server_resource_id

    The ID number corresponding to the resource affected.

    $items

    Services experiencing the incident/clear or resources experiencing the anomaly/clear.

    $reasons

    The reasons for network service incidents or the details for anomalies.

    $duration

    The duration of incidents/anomalies which will be filled in on-clear.

    $tags

    The tags for the server.

    $server_key

    The server key for the server.

    $server_id

    The ID number of the server experiencing the incident/clear.

    $partner_server_id

    The partner server id for the server.

    $item_type

    The service type textkeys of the services experiencing the incident/clear, or plugin_textkey/resource_textkey combinations of the resources the experiencing the anomaly/clear, or the OID name of SNMP resources experiencing the outage/clear.

    $custom_attribute

    You can pass custom server attributes that are set on your servers. Use the attribute type as the key.

    $alert_label

    Alert label of the incident/anomaly.

    $severity

    The severity of the outage/anomaly, either critical or warning.

    $metric_tags

    The tags for all of the metrics involved in the outage.

    $location

    A comma-separated list of the primary monitoring probe names for all network services affected.
    Previous
    Next

    Microsoft Teams

    Microsoft Teams

    Microsoft Teams is a group collaboration tool that Microsoft recent released that is similar in nature to Slack and HipChat. Like other collaboration tools, it is most effective to have all of your alerts sent to Teams in order to stay up to date on infrastructure performance.

    To set up the integration, you need to do the following:

    1. At the minimum, a Microsoft Teams Essential package.

    2. Add a Workflow to a Teams channel.

    3. Set up the integration in FortiMonitor.

    These procedures are detailed in their respective sections below.

    Add a Workflow to a Teams channel

    1. Login to your Microsoft Teams application.

    2. Create a new Channel where you want to receive notifications.

    3. Go to Apps and search for Workflow.

    4. Click the Workflows app card and select Add. If is already added, the button on the card will be Open.

    5. Go back to the new channel then click on the 3-dot menu.

    6. Search for webhook in the dialog that pops up.

    7. Select Post to a channel when a webhook request is received.

    8. Click Next on the dialog. You now have the option to select where you want to receive notification.

    9. Click the Add Workflow button.

    10. After adding the Workflow, a new URL is displayed. Save this URL for later.

    Set up the integration in FortiMonitor

    After configuring Teams, continue setting up the integration in FortiMonitor.

    1. Log in to FortiMonitor.

    2. From the navigation menu, select Teams & Activity> Integrations.

    3. Locate the Teams card then click Configure.

    4. Configure your Teams integration. The configuration options are detailed in the following table:

    Field

    Description

    Title

    Enter a name for the MS Teams integration.

    Webhook URL

    URL generated from MS Teams that will allow you to send alerts to an MS Teams channel. Enter the copied URL from Teams in this field.

    5. Customize the MS Teams Outage and Clear incident cards. These are the messages that will be posted to the channel when an incident is detected or is resolved. The parameters you can use are detailed in the following sections.
    The following parameters are preconfigured by default:

    6. Select Save.

    7. Go to the Configured Integrations tab to verify your Teams integration.

    8. To set up notifications, configure the integration's Alert Timeline and add MS Teams to the timeline.

    MS Teams incident card examples

    Incident is detected

    Incident is resolved

    Broadcast

    Parameters

    Parameter

    Description

    $trigger

    The type of event that triggered this payload (outage, ack, broadcast, clear).

    $fqdn

    The Fully qualified domain name of the server experiencing the incident/clear.

    $name

    Name of the server experiencing the incident/clear.

    $timestamp

    UTC timestamp of when the incident/clear occurred.

    $event

    The type of event, either incident event or clear event.

    $outage_id

    The ID number of the associated incident.

    $services

    For service incident: services experiencing the incident/clear.

    $compound_service_id

    The ID number of the compound metric affected.

    $network_service_id

    The ID number of the network service affected.

    $resource

    For resource anomalies: resources experiencing the anomaly/clear.

    $server_resource_id

    The ID number corresponding to the resource affected.

    $items

    Services experiencing the incident/clear or resources experiencing the anomaly/clear.

    $reasons

    The reasons for network service incidents or the details for anomalies.

    $duration

    The duration of incidents/anomalies which will be filled in on-clear.

    $tags

    The tags for the server.

    $server_key

    The server key for the server.

    $server_id

    The ID number of the server experiencing the incident/clear.

    $partner_server_id

    The partner server id for the server.

    $item_type

    The service type textkeys of the services experiencing the incident/clear, or plugin_textkey/resource_textkey combinations of the resources the experiencing the anomaly/clear, or the OID name of SNMP resources experiencing the outage/clear.

    $custom_attribute

    You can pass custom server attributes that are set on your servers. Use the attribute type as the key.

    $alert_label

    Alert label of the incident/anomaly.

    $severity

    The severity of the outage/anomaly, either critical or warning.

    $metric_tags

    The tags for all of the metrics involved in the outage.

    $location

    A comma-separated list of the primary monitoring probe names for all network services affected.
    Previous
    Next