This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

XSOAR Marketplace: Keeping it Simple with Microsoft Teams via Webhook

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XSOAR Marketplace: Keeping it Simple with Microsoft Teams via Webhook

MBeauchamp2
L4 Transporter
‎02-16-2023 05:44 AM

XSOAR Marketplace: Keeping it Simple with Microsoft Teams via WebhookXSOAR Marketplace: Keeping it Simple with Microsoft Teams via Webhook

 

Is there any way to just make it send a message?

 

This was a question one of my customers posed to me when they couldn’t use the Microsoft Teams integration due to internal restrictions. The Cortex XSOAR integration with Microsoft Teams is fantastic, and includes a lot of useful functionality, but all they wanted and needed was to send a message to a specific team as part of their playbook.

 

That question piqued my curiosity and a quick Google search gave me what I needed. 

 

Microsoft Teams supports messages via incoming webhook, and with Cortex XSOAR Bring Your Own Integration (BYOI) capabilities, it didn’t seem like an insurmountable challenge to write a simple integration that would “just send a message”.

 

MBeauchamp2_0-1676397444603.png

 

While watching a hockey game that night, I figured I’d see if I could make it work. I had the integration written, tested, and sending messages by the end of the game.

 

The integration configuration is simple:

  • Add the incoming webhook as a connector on the Team
  • Configure the XSOAR integration instance with this webhook

No bots to install or permissions to configure, just a simple connector is all you need!

 

Run the ms-teams-message command from a playbook or the XSOAR CLI, and the message is sent, and includes a link back to the Incident from which it came!  I even got carried away and built in the ability to support multiple webhooks to different teams (see the README!)

 

MBeauchamp2_1-1676397444511.png

 

I shared the integration internally, and more and more of us shared it with our customers. Next it was used in Cortex XSIAM as well, and a peer subtly nudged (ok he yelled) me to contribute it to the XSOAR Marketplace.

 

The contribution process was pretty straightforward, I submitted it to the Marketplace straight from the XSOAR UI, completed the form, and the content team got in touch with me.

 

The hardest part was adding in some unit tests to the github pull request that was created after submission (my code always works sometimes!), as this integration was to be part of our officially supported pack! However the content team supported me through this process every step, and I learned a few things about mocking requests along the way!

 

So, why write this and not just watch the hockey game after work? Because why not? 

 

I’ve been automating my job for 20+ years, and thoroughly enjoy it! Cortex XSOAR is a great platform that lets me try new things, and keep my development skills sharp! The integration didn’t exist, and I felt like I had the opportunity to change that, challenge accepted!

 

Want to get started with writing your own automations and integrations? We have a great series on being an XSOAR Engineer on the Palo Alto Live Community, and the XSOAR developer site is a fantastic resource.  And if you write something amazing, why not contribute it? 

 

Plus, it’s always a great feeling watching your code in action when that message comes through into Teams:

 

MBeauchamp2_2-1676397444513.png

 

Labels:
3 Comments
  • 5213 Views
  • 3 comments
  • 2 Likes
Register or Sign-in
Labels
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks