topic Re: Sending Cortex XDR incidents to MS Teams in Cortex XDR Discussions

Sending Cortex XDR incidents to MS Teams

paIoaItonetworks — Tue, 13 Aug 2024 11:19:19 GMT

So, since XDR has only 3 options of forwarding alerts - email, syslog server and slack. There is no straight method to push alerts to MS Teams. We've found a bypass which is to create an email address for a teams channel and then provide that email address when configuring the alert forwarding on XDR. The problem is that there are tons of alerts, so it wouldn't be very smart to let XDR spam the teams channel whenever new alert is created. Unfortunately, we haven't come up with a solution of forwarding incidents and ~~not alerts~~. Is there any way to do that? Thanks in advance.

Re: Sending Cortex XDR incidents to MS Teams

eronko — Tue, 13 Aug 2024 15:18:34 GMT

How you manage to buy XDR without support of your primary chat solution. Overall I don't understand how PA continuously ignoring MS teams support for years. Most likely , based on PA approach you need to buy SOAR platform to work with MS Teams.

Re: Sending Cortex XDR incidents to MS Teams

RFeyertag — Tue, 13 Aug 2024 17:03:22 GMT

Isn't there any plattform where you can vote for changes? This is insane, when we have to buy another expensive product only to get a better communication to our SOC.

Actually also the mail notification is not satisfying. There is no adjustment.

Re: Sending Cortex XDR incidents to MS Teams

micomi — Wed, 14 Aug 2024 14:05:44 GMT

Check automation rules (if you have Cortex XDR Pro). Those should trigger only on alerts within an incident and it's possible to send an email as the automation task. You will still get a message for every alert within an incident but at least no more messages for alerts which aren't in an incident