Microsoft Teams Out-of-the-Box SecOps Integration

Microsoft Teams Out-of-the-Box SecOps Integration

Requirements

  • Microsoft Teams
    • A Microsoft Teams Essentials subscription or above
  • An Active Lumu Insights or Lumu Defender subscription

Notes
Incoming Webhooks connectors will be retired by Microsoft. We strongly advice to migrate to the Webhook model. You can find more information at Retirement of Office 365 connectors within Microsoft

Configure Microsoft Teams with Workflow

You need to prepare your Microsoft Teams channel to receive notifications from Lumu. In the following steps, you’ll create a Workflow into MS teams with a Webhook.

You can use an existing channel or create a new one. Select the most suitable method for your environment. Even if you use an existing channel or create a new one, ensure you use a public channel. The Workflows app can't post in private channels as a flow bot. You can check further details in the Microsoft Create Incoming Webhooks document.
1. Select a Teams channel, then select the Workflows option.

2. From the Notify a team’s options, select Send Webhooks alerts to a channel.

3. Wait for your previous connection to be validated. Then, click on the Next button

4. Ensure the selected Teams Team and Teams Channel are correct. Modify your selection if it applies. Click the Add workflow button.

5. Copy and save the unique webhook URL displayed in the dialog box. This URL will be used to send data to Teams. When finished, click Done.

Add Integration

1. Log into your Lumu account through the Lumu Portal Client or the Lumu MSP Portal and navigate to the integrations screen. There, click on the SecOps tab.


2. Locate the Microsoft Teams integration.


3. Familiarize yourself with the integration details and click the Activate button to start setting up the integration.

4. Add the integration name and select the incident events for which you would like to receive notifications.

5. Copy the Webhook URL generated earlier from the incoming webhook.


If your webhook URL is valid, the integration will display the following message:

6. You can now see the details of the created integration.

Notes
If you delete the incoming webhook, the integration will go offline. We recommend refraining from removing the webhook unless necessary. Alternatively, you can edit it to align with another incoming webhook from a different channel or the same one.

Operating the integration

Now, you can track your Lumu incidents in your Microsoft Teams channel. You will receive a notification in Microsoft Teams providing comprehensive incident details matching the selected events in the configuration phase.

  • New incident:

  • Integrations response updated:

  • Incident comment added


  • Incident muted:

  • Incident un-muted:

  • Incident closed:

Remember that an incident cannot be reopened in the Lumu portal. However, it can be unmuted.


    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Microsoft Sentinel Out-of-the-Box SecOps Integration

          Requirements An active Azure subscription to enable Azure Monitor services An active Lumu Insights or Lumu Defender subscription Add Integration If you operate a multi-tenant organization in Microsoft Entra ID, you must create an admin user on the ...

        • Slack Out-of-the-Box SecOps Integration

          Requirements A Slack Free or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Slack Incoming Webhook 1. Create a Slack app. In your Slack page, click on the three dots and select the “Automations” option. 2. Click on ...

        • Universal SIEM Out-of-the-Box SecOps Integration

          Universal SIEM is the recommended way to integrate SIEM solutions with Lumu. The Lumu Universal SIEM Out-of-the-Box integration allows you to centralize Lumu detections and operating events in your SIEM deployment. With this information in your SIEM, ...

        • Datto Autotask Out-of-the-box SecOps Integration

          Requirements An Autotask PSA Essentials or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Autotask To setup the integration, you will need to create an API username/password in Autotask to give Lumu access and the ...

        • HaloPSA Out-of-the-Box SecOps Integration

          Requirements A HaloPSA subscription An Active Lumu Insights or Lumu Defender subscription Configure HaloPSA To set up the integration, you will need to create a pair of API credentials in HaloPSA to give Lumu access and the following data: Data ...