Skip to content

How to Add a Local Microsoft Teams Endpoint#

This topic provides step-by-step instructions for adding a local Microsoft Teams endpoint in TheHive.

Once created, this endpoint is available solely for your organization. To create an endpoint for multiple organizations, refer to the Add a Global Endpoint topic.

Required permissions

Only users with the manageConfig permission can manage local endpoints in TheHive.

Procedure

Step 1: Create a flow in Microsoft Teams#

  1. Go to your Microsoft Teams application.

  2. Select .

    Microsoft select app

  3. Select the Workflows application.

    Workflows app

  4. In the Workflows application, select New flow.

  5. Search for a template named Post to a channel when a webhook request is received.

  6. Select the template Post to a channel when a webhook request is received.

  7. Enter your flow name.

  8. Select Next.

  9. Select a Microsoft Teams team and channel.

  10. Select Create flow.

  11. Copy the HTTP POST URL.

For TheHive versions earlier than 5.4.3, users can still send notifications to Microsoft Teams using Incoming Webhooks. This method simply requires creating a webhook and adding its URL to TheHive’s settings.

While easy to set up, this legacy approach lacks the customization and enhanced security features provided by the newer Workflows integration. Moreover, with Microsoft deprecating Incoming Webhooks, this method may become less reliable or lose functionality in the future.

Migrating to the Workflows application for Microsoft Teams integration

With the 5.4.3 release, TheHive has updated the Microsoft Teams notifier in response to Microsoft's deprecation of the Incoming Webhooks. Users must now migrate from the legacy webhook setup to a new configuration using the Workflows application.

Migration expected by January 31, 2025

As announced by Microsoft on their official blog, Connector owners must update their webhook URLs by January 31, 2025, to comply with the new structure. This update is crucial for maintaining seamless integration and ensuring the continued functionality of Connectors in Microsoft Teams.

For detailed instructions, refer to Microsoft's official documentation on creating an Incoming Webhook.

Step 2: Create a Microsoft Teams endpoint#

  1. Go to the Organization view from the sidebar menu.

    Organization view

  2. Select the Endpoints tab.

    Endpoints tab

  3. Select or Add a new endpoint.

  4. In the Endpoint creation drawer, select Teams.

  5. Enter the following information:

    - Name

    The endpoint name, used to identify this Microsoft Teams integration in TheHive. This name must be unique, as two endpoints can't have the same name.

    - URL

    The URL used to connect to your Microsoft Teams. This should be the HTTP POST URL generated by the Workflows application or Incoming Webhooks, depending on your configuration.

  6. In the Proxy settings section, select the proxy settings you want to apply:

    • Default configuration
    • Disabled
    • Enabled:
      • Enter the type of protocol, either HTTP or HTTPS.
      • Enter the IP address or domain name of the proxy server.
      • Enter the port number used by the proxy server.
      • Turn on the Authentication toggle if you want to require a username and password to authenticate with the proxy server.

  7. Add a certificate authority.

    For more information about configuring SSL, refer to the Configure SSL topic.

    Use certificates only from trusted, predefined authorities for secure connections. Custom certificate authorities are not allowed.

    You can turn off the Don't check certificate authority toggle to bypass certificate validation, but this isn't recommended as it may compromise connection security.

  8. Turn on the Disable host name verification toggle if you want to bypass the verification of the server's host name against the certificate.

  9. Select Confirm.

Next steps