+2
Under review
Teams integration customization
We tried the new Teams integration and noticed it now has the justification field but no way to customize it at all. With the previous method of alerting via session trigger, I was able to edit the JSON to remove some info we aren't interested in such as user groups and also added a hyperlink/buttons to scan the certificates and file hashes in VirusTotal -
"https://virustotal.com/gui/file/{GETDATAFIELD(CorrelationEvent.Data, 'CertificateThumbprint'):jsnq}"}}]}},
{{"type":"ActionSet","actions":[{{"type":"Action.OpenUrl","title":"File hash","url":
"https://virustotal.com/gui/file/{GETDATAFIELD(CorrelationEvent.Data, 'FileSha256'):jsnq}"}}]}},
It would be nice if we could customize the new integration option.
Customer support service by UserEcho
I would also like to edit this because when I am in the field, I use the Teams Alerts to respond to CAM requests quickly. The links are hard coded so they always open in safari instead of the CW Control app on iOS. If I could edit the text of the alert then I could maybe add a second URL that would open in the app instead.
Additionally, it would be awesome if we could set it to only receive alerts that require our intervention. So many times I run in to approve something that is already approved using a rule.