Skip to content
English
More support Customer portal Sign in
Contact us
  • There are no suggestions because the search field is empty.

Creating Cydarm cases from Microsoft Teams messages

This guide explains how to integrate Microsoft Teams with Cydarm.

Overview

Follow these steps to integrate Microsoft Teams with Cydarm, enabling you to create Cydarm cases directly from Teams messages using a manually triggered Power Automate flow.

Part 1: Create a webhook endpoint in Cydarm

  1. In Cydarm, go to Settings

  2. Navigate to Advanced Connectors

  3. Create a new connector of type Webhook Endpoint

  4. Name it something descriptive (e.g., "Microsoft Teams Webhook Receiver")

  5. Enter a provisional case name (e.g., "Case from Teams")

  6. Click Submit

  7. Copy the generated webhook URL using the copy button — you'll need this for the Power Automate flow

Part 2: Create the power automate flow in Teams

  1. Open Microsoft Teams and navigate to your channel (e.g., SecOps)

  2. Click the triple-dot menu (⋯) in the top corner of the channel

  3. Select Workflows

  4. In the bottom left, click Manage

  5. Create a new flow from blank

  6. Important: Update the flow title immediately (e.g., "Create Cydarm Case") — this cannot be changed later and affects visibility

  7. For the trigger, search for and select For a selected message

  8. Add a new step and search for HTTP

  9. Select Send a webhook (or HTTP action)

  10. Configure the HTTP action:

    • Method: POST

    • URI: Paste the webhook URL you copied from Cydarm

    • Body: Use dynamic content to select Body (this sends the entire adaptive card payload to Cydarm)

  11. Save the flow

Part 3: Test the integration

  1. Return to your Teams channel and send a test message

  2. Hover over the message until the triple-dot menu (⋯) appears

  3. Click for more options, then hover over More actions

  4. Select Create Cydarm Case

  5. The Power Automate workflow will run

  6. In Cydarm, check the case list — a new case should appear with the full message body stored in the thread

Part 4: Customize case titles (optional)

To give cases more descriptive titles based on the message content:

  1. In Cydarm, go to Settings

  2. Edit your webhook connector

  3. In the Case description template field, use macros to extract content from the Teams payload

Example template:

From Teams:

{{data.teamsFlowRunContext.MessagePayload.Body.Plaintext}} from {{data.teamsFlowRunContext.User.DisplayName}}

Note: Ensure there are no leading spaces in the macro path.

  1. Click Submit

  2. Test again — new cases will now display the message content and sender in the title

Additional customization options

  • Advanced templates: Create custom notes using extracted fields from the Teams payload (useful for longer messages)

  • Metadata fields: Map existing metadata fields in Cydarm to values extracted from the Teams message structure

This integration enables your security operations team to quickly escalate Teams conversations into tracked Cydarm cases without leaving the Teams interface.