How to Configure the Microsoft Teams Notifier#
This topic provides step-by-step instructions for configuring the Microsoft Teams notifier in TheHive.
Notifier availability
The Microsoft Teams notifier is available only when you turn off the Send notification to every user in the organization toggle and use one of the following triggers:
- AnyEvent
- FilteredEvent
- ActionFinished
- CaseClosed
- CaseCreated
- CaseFlagged
- CaseShared
- AlertClosed
- AlertCreated
- AlertImported
- JobFinished
- AlertObservableCreated
- CaseObservableCreated
- ObservableCreated
- TaskClosed
- TaskMandatory
Required permissions
Only users with the manageConfig permission can manage notifications in TheHive.
Procedure
-
Go to the Organization view from the sidebar menu.
-
Select the Notifications tab.
-
Select and then Edit.
-
Select the Teams notifier.
-
In the Teams drawer, enter the following information:
- Endpoint
Using Microsoft Teams as a notifier requires at least one endpoint. This endpoint defines how TheHive connects to Microsoft Teams.
Endpoints can be local, defined at the organization level, or global, defined at the client level for one or more organizations.
Select the local endpoint you created.
- Text template
The message content to send to the Microsoft Teams endpoint.
If an Adaptive Card template isn't provided, you must use a plain text template. In version 5.4.3, TheHive automatically converts plain text into an Adaptive Card format structured with JSON.
Tips to write text templates
Use the Adaptive Cards Designer#
Use the Adaptive Cards Designer as a starting point to design your Adaptive Cards.
Format dates#
- TheHive uses Handlebars string helpers to read dates.
- Formatting date and time in notifications requires using dedicated Java patterns.
Format other custom data from TheHive#
Few data custom to TheHive can be properly displayed using custom string handlers together with
objectdata in notifications:
-tlpLabelto display the TLP value (example:{{tlpLabel object.tlp}})
-papLabelto display the PAP value (example:{{papLabel object.pap}})
-severityLabelto display the severity value (example:{{severityLabel object.severity}})Adaptive Card template used to display notifications when a new case is created
{ "type": "AdaptiveCard", "body": [ { "type": "TextBlock", "size": "Medium", "weight": "Bolder", "text": "#{{object.number}}: {{object.title}}", "horizontalAlignment": "Left", "spacing": "None", "wrap": true }, { "type": "ColumnSet", "columns": [ { "type": "Column", "items": [ { "type": "TextBlock", "weight": "Bolder", "text": "{{object._createdBy}}", "fontType": "Default", "color": "Accent", "spacing": "None" }, { "type": "TextBlock", "spacing": "None", "text": "Created {{dateFormat object._createdAt 'EEEE d MMMM, k:m Z' locale='en' tz='Europe/Paris'}}", "isSubtle": true, "wrap": true, "fontType": "Default", "weight": "Default", "size": "Default" } ] } ] }, { "type": "FactSet", "facts": [ { "title": "severity", "weight": "Bolder", "value": "{{ severityLabel object.severity}}" }, { "title": "TLP", "weight": "Bolder", "value": "{{ tlpLabel object.tlp}}" } ] }, { "type": "TextBlock", "weight": "Bolder", "text": "Description", "spacing": "Large", "wrap": true, "horizontalAlignment": "Left" }, { "type": "TextBlock", "text": "{{object.description}}", "spacing": "None", "wrap": true, "horizontalAlignment": "Left", "maxLines": 3 } ], "actions": [ { "type": "Action.OpenUrl", "title": "Open Case in TheHive", "iconUrl": "https://docs.strangebee.com/images/thehive.png", "url": "{{url}}", "style": "positive" } ], "$schema": "http://adaptivecards.io/schemas/adaptive-card.json", "version": "1.5" }Used with the trigger CaseCreated, this template will create a card like this in Microsoft Teams:
-
Select Confirm.