Sending Cortex XDR incidents to MS Teams

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Sending Cortex XDR incidents to MS Teams

L1 Bithead

So, since XDR has only 3 options of forwarding alerts - email, syslog server and slack. There is no straight method to push alerts to MS Teams. We've found a bypass which is to create an email address for a teams channel and then provide that email address when configuring the alert forwarding on XDR. The problem is that there are tons of alerts, so it wouldn't be very smart to let XDR spam the teams channel whenever new alert is created. Unfortunately, we haven't come up with a solution of forwarding incidents and not alerts. Is there any way to do that? Thanks in advance.

1 accepted solution

Accepted Solutions

L1 Bithead

How you manage to buy XDR without support of your primary chat solution. Overall I don't understand how PA continuously ignoring MS teams support for years. Most likely , based on PA approach you need to buy SOAR platform to work with MS Teams.

View solution in original post

3 REPLIES 3

L1 Bithead

How you manage to buy XDR without support of your primary chat solution. Overall I don't understand how PA continuously ignoring MS teams support for years. Most likely , based on PA approach you need to buy SOAR platform to work with MS Teams.

L4 Transporter

Isn't there any plattform where you can vote for changes? This is insane, when we have to buy another expensive product only to get a better communication to our SOC. 

Actually also the mail notification is not satisfying. There is no adjustment. 

L2 Linker

Check automation rules (if you have Cortex XDR Pro). Those should trigger only on alerts within an incident and it's possible to send an email as the automation task. You will still get a message for every alert within an incident but at least no more messages for alerts which aren't in an incident

  • 1 accepted solution
  • 648 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!