Microsoft Teams Integration
Get real-time security alerts directly in your Teams channels.
Where Your Team Works
Integrate CastellanAI with Microsoft Teams to receive instant security alerts where your team already collaborates.
Why Teams Integration?
| Feature | Description |
|---|---|
| Instant Alerts | Notified within seconds of critical threats |
| Customizable | Filter by severity, event type, or specific agents |
| Rich Formatting | Color-coded cards with actionable details |
Setup Steps
- 1️⃣ Create Webhook
- 2️⃣ Configure Portal
- 3️⃣ Configure Rules
- 4️⃣ Test
Step 1: Create an Incoming Webhook in Teams
- Go to your Teams channel → Click ⋯ (More options) → Select Connectors
- Search for "Incoming Webhook" and click Add
- Name it "CastellanAI Security Alerts" and optionally upload a logo
- Click Create and copy the generated webhook URL
Keep URL Secure
Anyone with this URL can post messages to your Teams channel. Store it securely.
Step 2: Configure in CastellanAI Portal
- Navigate to Dashboard → Profile (or Settings)
- Scroll to Notification Settings section
- Click Add Teams Webhook
- Paste your webhook URL and give it a descriptive name
- Click Save and Test Connection
Step 3: Configure Alert Rules
Customize which alerts get sent to Teams:
| Filter | Description |
|---|---|
| Minimum Severity | Only High or Critical (recommended) |
| Event Types | Auth, Network, Process, File, Registry |
| Specific Agents | Critical production servers only |
| Quiet Hours | Suppress non-critical outside hours |
Step 4: Test Your Integration
- Click "Send Test Alert" in the portal
- Check your Teams channel for the test message
- Verify formatting and links work correctly
Success!
Your Teams integration is now active. You'll receive security alerts based on your configured rules.
Alert Format
Teams alerts include rich formatting:
- 📋 Structure
- 🎨 Color Coding
- ⚡ Quick Actions
Alert Components
| Component | Description |
|---|---|
| Severity Badge | Color-coded (Red=Critical, Orange=High, Yellow=Medium) |
| Event Summary | AI-generated description |
| Affected Host | Hostname and platform |
| MITRE ATT&CK | Mapped tactics and techniques |
| Quick Actions | Direct links to investigate |
Severity Colors
| Severity | Color | Meaning |
|---|---|---|
| Critical | 🔴 Red | Immediate action required |
| High | 🟠 Orange | Prompt investigation needed |
| Medium | 🟡 Yellow | Review within 4 hours |
| Low | 🔵 Blue | Informational |
Available Actions
| Action | Description |
|---|---|
| View in Portal | Open event details |
| Mark Reviewed | Acknowledge the alert |
| Take Action | Execute response action |
| Related Events | View correlated activity |
Advanced Configuration
- 📍 Multiple Channels
- 🔍 Event Filtering
Multiple Webhook Setup
Configure different channels for different alert types:
| Channel | Purpose | Severity |
|---|---|---|
| #security-critical | On-call team | Critical only |
| #security-all | SOC team | High and above |
| #security-daily | Daily digest | Summary |
Advanced Filters
| Filter Type | Example |
|---|---|
| Severity | Critical, High only |
| Event Type | Malware, Auth failures |
| Host Pattern | PROD-* servers only |
| User Pattern | Admin accounts only |
Troubleshooting
- ❌ Not Received
- 📢 Too Many Alerts
- ⏱️ Alerts Delayed
Test Alert Not Received
| Check | Solution |
|---|---|
| Webhook URL | Verify correct and active |
| Connector status | Ensure connector still installed |
| Channel permissions | Verify you can post to channel |
Too Many Alerts
| Solution | Implementation |
|---|---|
| Increase threshold | Set to High or Critical only |
| Use separate webhooks | Different channels for priorities |
| Enable digest mode | Batch similar events |
Alerts Delayed
CastellanAI sends alerts in near real-time. Delays may be caused by:
- Teams service latency
- Network issues
- Rate limiting
Best Practices
| Practice | Description |
|---|---|
| Use dedicated channels | Separate critical from informational |
| Set channel notifications | Enable for critical channels |
| Pin ongoing incidents | Use Teams pin feature |
| Create workflows | Automate with Power Automate |
📝 Teams Integration Checklist
- Create incoming webhook in Teams
- Add webhook to CastellanAI portal
- Configure severity filters
- Test webhook delivery
- Set up channel notifications
- Train team on alert response
- Document escalation procedures
What's Next?
| Guide | Description |
|---|---|
| Slack Integration | Also use Slack? Set up parallel alerting |
| Taking Action | Respond to alerts and execute actions |
| Advanced Webhooks | Custom webhook configurations |