Microsoft Teams Integration
Get real-time security alerts directly in your Teams channels.
Why Teams Integration?
Integrate CastellanAI with Microsoft Teams to receive instant security alerts where your team already collaborates. Configure custom alert rules, severity filters, and rich formatted notifications.
| Feature | Description |
|---|---|
| Instant Alerts | Get notified within seconds of critical threats |
| Customizable | Filter by severity, event type, or specific agents |
| Rich Formatting | Color-coded cards with actionable details |
Setup Steps
Step 1: Create an Incoming Webhook in Teams
In Microsoft Teams, navigate to your desired channel and create an incoming webhook:
- Go to your Teams channel → Click ⋯ (More options) → Select Connectors
- Search for "Incoming Webhook" and click Add
- Name it "CastellanAI Security Alerts" and optionally upload a logo
- Click Create and copy the generated webhook URL
Important: Keep your webhook URL secure - anyone with this URL can post messages to your Teams channel.
Step 2: Configure in CastellanAI Portal
Add your Teams webhook to the portal configuration:
- Navigate to Dashboard → Profile (or Settings)
- Scroll to Notification Settings section
- Click Add Teams Webhook
- Paste your webhook URL and give it a descriptive name
- Click Save and Test Connection
Step 3: Configure Alert Rules
Customize which alerts get sent to Teams:
| Filter | Description |
|---|---|
| Minimum Severity | Only send alerts of High or Critical severity (recommended for busy channels) |
| Event Types | Filter by Authentication, Network, Process, File, or Registry events |
| Specific Agents | Only send alerts from critical production servers |
| Quiet Hours | Suppress non-critical alerts during off-hours (optional) |
Step 4: Test Your Integration
Send a test alert to verify your Teams integration is working:
- Click "Send Test Alert" in the portal
- Check your Teams channel for the test message
- Verify formatting and links work correctly
Success! Your Teams integration is now active. You'll receive security alerts based on your configured rules.
Alert Format
Teams alerts include:
- Severity Badge - Color-coded (Red=Critical, Orange=High, Yellow=Medium)
- Event Summary - AI-generated description of the security event
- Affected Host - Hostname and platform (Windows/Linux/macOS)
- MITRE ATT&CK - Mapped tactics and techniques (if applicable)
- Quick Actions - Direct links to investigate in portal
Common Issues
Test alert not received
Verify the webhook URL is correct and the Teams connector is still active. Webhooks can be revoked if the channel is deleted or connector is removed.
Too many alerts
Adjust your minimum severity filter to High or Critical. Consider using separate webhooks for different alert priorities.
Alerts delayed
CastellanAI sends alerts in near real-time. Delays may be caused by Teams service latency or network issues.
What's Next?
- Slack Integration - Also use Slack? Set up parallel alerting to Slack channels
- Taking Action - Learn how to respond to alerts and execute remediation actions
- Advanced Notifications - Configure email alerts, webhooks, and custom integrations
Advanced Configuration
Need custom message formatting, multiple webhooks, or integration with Power Automate? Check out our advanced Teams integration guide.