Configure a Send Incident to Microsoft Teams Task (Beta)

This document is intended for early-access customers, and it is updated as Automated Response features are enhanced.

In your automated response playbook, you can configure a Send Incident to Microsoft Teams task to send Alert Logic incident details to Teams via a connector.

The source of the incident can be any of the following:

  • Incident that meets the conditions of a trigger for the playbook
  • Incident that a user selects to run the playbook on manually
  • Sample incident payload used to test the playbook

Complete the following steps to successfully configure the Send Incident to Microsoft Teams task:

  1. Create a Microsoft Teams connector
  2. Add the task to your playbook
  3. Configure the task input
  4. Configure the task output (optional)

Create a Microsoft Teams connector

The Send Incident to Microsoft Teams task requires a Microsoft Teams connector with the following configuration:

  • Connection Target—Microsoft Teams connection target for the channel to which you want to send the incident details
  • Payload Type—Incident
  • Payload Template Format—JSON
  • Payload Template—Edited to include the details that you want to send to Teams, if you want to change the message content

To check for an existing connector that meets these requirements, in the Alert Logic console, click Configure in the navigation menu (), and then click Connectors. If any Teams connectors appear in the list, review the configuration.

Add the task to your playbook

If you have not added the task to your playbook, complete the instructions in Add a task in the workflow diagram and Add task details (optional).

Configure the task input

Complete these instructions to provide the input values for your Send Incident to Microsoft Teams task.

To configure the task input:

  1. On the task Input tab, select the connector in Microsoft Teams Connector that you created or identified in Create a Microsoft Teams connector.
  2. In Incident Payload, leave the YAQL expression to reference the incident payload that the playbook is running on:

    <% ctx().payload %>

The selected Teams connector controls the incident details that the playbook sends.

Insert a YAQL expression in an input field

Any field that supports one or more Yet Another Query Language (YAQL) expressions has a SELECT VARIABLE drop-down list above the field. A YAQL expression can reference a value in the playbook context, such as a field in the incident payload, or the published result of a previous task.

To insert a YAQL expression, place your cursor in the field where you want to insert the reference, click SELECT VARIABLE, and then select the variable. A YAQL expression that references the selected value appears in the field.

Configure the task output (optional)

This task does not generate results that you can publish as output. For other ways to publish output, see Configure task output (optional).

Technical reference

Action Name

Send Incident to Microsoft Teams

Action Type

connectors_send_notification_msteams

Limitations

The Teams channel cannot be configured in this task. The channel that the task uses is the one configured in the connection target.