Under review

Teams integration customization

Jonathan Atlikhani 6 months ago 0

We tried the new Teams integration and noticed it now has the justification field but no way to customize it at all. With the previous method of alerting via session trigger, I was able to edit the JSON to remove some info we aren't interested in such as user groups and also added a hyperlink/buttons to scan the certificates and file hashes in VirusTotal -

"https://virustotal.com/gui/file/{GETDATAFIELD(CorrelationEvent.Data, 'CertificateThumbprint'):jsnq}"}}]}},
{{"type":"ActionSet","actions":[{{"type":"Action.OpenUrl","title":"File hash","url":
"https://virustotal.com/gui/file/{GETDATAFIELD(CorrelationEvent.Data, 'FileSha256'):jsnq}"}}]}},

It would be nice if we could customize the new integration option.