Fortinet black logo

New Features

Home FortiAnalyzer 7.4.0 New Features
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0

Webhook Connector to Support MS Teams

Webhook Connector to Support MS Teams

Note

This information is also available in the FortiAnalyzer 7.4 Administration Guide:

A webhook connector has been added in FortiAnalyzer to support MS Teams. This connector can be used to post a message in MS Teams.

After an MS Teams connector is created, it can be added in the incident settings, notification profiles for event handlers, or as part of a playbook.

This topic contains the following instructions:

To create a MS Teams connector:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New.

    The Create New Fabric Connector pane displays.

  3. In the ITSM section, double-click MS Teams Connector.
  4. Configure the following options:
    NameType a name for the fabric connector.

    Description

    (Optional) Type a description for the fabric connector.

    Protocol

    Select HTTPS.

    Method

    Select POST.

    Title

    Type a title for the fabric connector.

    Teams Webhook URL

    Enter the incoming webhook URL created in MS Teams.

    HTTP Body

    Enter the HTTP body of the message that should be sent by the connector.

    For example, { \"text\": \"<message to send>\" }.

    Status

    Enabled by default. The connector can be disabled, as needed.

  5. Click OK.

Use ${} for macros in the HTTP Body field. The following macros and variables are supported:

Category

Variable

Macro

Description

Global

type

${type}

Notification type

Global

adom

${adom}

Adom name

Global

from

${from}

FAZ SN

Global

timestamp

${timestamp}

Notification timestamp

Event

event

${event}

All event fields

Event

eventid

${event.eventid}

Event id

Event

alertid

${event.alertid}

Alert id (same with eventid, but name consistent with previous notification format)

Event

logtype

${event.logtype}

Log type

Event

devtype

${event.devtype}

Device type

Event

eventtime

${event.eventtime}

Event time

Event

alerttime

${event.alerttime}

Alert time (same with eventtime, but name consistent with previous notification format)

Event

firstlogtime

${event.firstlogtime}

First log time

Event

lastlogtime

${event.lastlogtime}

Last log time

Event

devid

${event.devid}

Device id

Event

devname

${event.devname}

Device name

Event

eventtype

${event.eventtype}

Event type

Event

groupby1

${event.groupby1}

groupby1

Event

groupby2

${event.groupby2}

grouby2

Event

groupby3

${event.groupby3}

grouby3

Event

indicator

${event.indicator}

indicator

Event

severity

${event.severity}

severity

Event

subject

${even.subject}

subject

Event

tag

${event.tag}

tag

Event

triggername

${event.triggername}

Trigger name

Event

vdom

${event.vdom}

vdom

Event

epid

${event.epid}

epid

Event

euid

${event.euid}

euid

Event

epip

${event.epip}

epip

Event

epname

${event.epname}

epname

Event

euname

${event.euname}

euname

Event

extrainfo

${event.extrainfo}

Additional info

Event

log-length

${event.log-length}

Log length

Event

log-detail

${event.log-detail}

Log detail

Incident

incident

${incident}

All incident fields

Incident

incid

${incident.incid}

Incident ID

Incident

type

${incident.type}

Notification type

Incident

revision

${incident.revision}

revision

Incident

attach_revision

${incident.attach_revision}

attach revision
To use the MS Teams connector in a playbook:

  1. When adding a connector in a playbook, select MS_TEAMS.

  2. From the Connector dropdown, select the MS Teams connector that you created.

  3. Configure the other options for the playbook as needed.

    For more information, see the FortiAnalyzer Administration Guide.

To use the MS Teams connector in incident settings:

  1. Go to Incidents & Events > Incidents.

  2. In the toolbar, click Settings.

  3. From the Fabric Connector dropdown, select the MS Teams connector that you created.

  4. Configure the other options for the incident settings as needed.

    For more information, see the FortiAnalyzer Administration Guide.

To use the MS Teams connector in a notification profile:

  1. When selecting the Connectors for a notification profile, select the MS Teams connector that you created.

  2. Configure the other options for the notification profile as needed.

    For more information, see the FortiAnalyzer Administration Guide.

Previous
Next

Webhook Connector to Support MS Teams

Note

This information is also available in the FortiAnalyzer 7.4 Administration Guide:

A webhook connector has been added in FortiAnalyzer to support MS Teams. This connector can be used to post a message in MS Teams.

After an MS Teams connector is created, it can be added in the incident settings, notification profiles for event handlers, or as part of a playbook.

This topic contains the following instructions:

To create a MS Teams connector:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New.

    The Create New Fabric Connector pane displays.

  3. In the ITSM section, double-click MS Teams Connector.
  4. Configure the following options:
    NameType a name for the fabric connector.

    Description

    (Optional) Type a description for the fabric connector.

    Protocol

    Select HTTPS.

    Method

    Select POST.

    Title

    Type a title for the fabric connector.

    Teams Webhook URL

    Enter the incoming webhook URL created in MS Teams.

    HTTP Body

    Enter the HTTP body of the message that should be sent by the connector.

    For example, { \"text\": \"<message to send>\" }.

    Status

    Enabled by default. The connector can be disabled, as needed.

  5. Click OK.

Use ${} for macros in the HTTP Body field. The following macros and variables are supported:

Category

Variable

Macro

Description

Global

type

${type}

Notification type

Global

adom

${adom}

Adom name

Global

from

${from}

FAZ SN

Global

timestamp

${timestamp}

Notification timestamp

Event

event

${event}

All event fields

Event

eventid

${event.eventid}

Event id

Event

alertid

${event.alertid}

Alert id (same with eventid, but name consistent with previous notification format)

Event

logtype

${event.logtype}

Log type

Event

devtype

${event.devtype}

Device type

Event

eventtime

${event.eventtime}

Event time

Event

alerttime

${event.alerttime}

Alert time (same with eventtime, but name consistent with previous notification format)

Event

firstlogtime

${event.firstlogtime}

First log time

Event

lastlogtime

${event.lastlogtime}

Last log time

Event

devid

${event.devid}

Device id

Event

devname

${event.devname}

Device name

Event

eventtype

${event.eventtype}

Event type

Event

groupby1

${event.groupby1}

groupby1

Event

groupby2

${event.groupby2}

grouby2

Event

groupby3

${event.groupby3}

grouby3

Event

indicator

${event.indicator}

indicator

Event

severity

${event.severity}

severity

Event

subject

${even.subject}

subject

Event

tag

${event.tag}

tag

Event

triggername

${event.triggername}

Trigger name

Event

vdom

${event.vdom}

vdom

Event

epid

${event.epid}

epid

Event

euid

${event.euid}

euid

Event

epip

${event.epip}

epip

Event

epname

${event.epname}

epname

Event

euname

${event.euname}

euname

Event

extrainfo

${event.extrainfo}

Additional info

Event

log-length

${event.log-length}

Log length

Event

log-detail

${event.log-detail}

Log detail

Incident

incident

${incident}

All incident fields

Incident

incid

${incident.incid}

Incident ID

Incident

type

${incident.type}

Notification type

Incident

revision

${incident.revision}

revision

Incident

attach_revision

${incident.attach_revision}

attach revision
To use the MS Teams connector in a playbook:

  1. When adding a connector in a playbook, select MS_TEAMS.

  2. From the Connector dropdown, select the MS Teams connector that you created.

  3. Configure the other options for the playbook as needed.

    For more information, see the FortiAnalyzer Administration Guide.

To use the MS Teams connector in incident settings:

  1. Go to Incidents & Events > Incidents.

  2. In the toolbar, click Settings.

  3. From the Fabric Connector dropdown, select the MS Teams connector that you created.

  4. Configure the other options for the incident settings as needed.

    For more information, see the FortiAnalyzer Administration Guide.

To use the MS Teams connector in a notification profile:

  1. When selecting the Connectors for a notification profile, select the MS Teams connector that you created.

  2. Configure the other options for the notification profile as needed.

    For more information, see the FortiAnalyzer Administration Guide.

Previous
Next