Back to home

Knowledge Base

Cydarm Administration

Integrations

Microsoft Teams integration - case updates and notifications

This guide will help you set up automated notifications from Cydarm to your Microsoft Teams channels whenever cases are created or case data is added. This integration ensures your team stays informed about important security incidents in real-time.

Overview

The Microsoft Teams integration allows you to:

Receive notifications when new cases are created
Get alerts when case data is added by human users
Display rich, formatted cards with case details
Provide direct links to view cases in Cydarm

Prerequisites

Microsoft Teams access with permissions to add connectors
Cydarm platform access with automation configuration rights
A designated Teams channel for security alerts

Part 1: Microsoft Teams setup

Step 1: Configure incoming webhook

Open Microsoft Teams and navigate to the channel where you want to receive Cydarm alerts.
Click the more options (⋯) next to the channel name.
Select Connectors from the dropdown menu.
Search for Incoming Webhook and click Configure.
Name your webhook (e.g., "Cydarm Alerts").
Click Create and copy the generated Webhook URL.

Important: Save this webhook URL - you'll need it for the Cydarm configuration.

Part 2: Cydarm platform configuration

Step 1: Create the connector

Click Settings under the more options (⋯) in the right corner of the Cydarm navigation menu.
Click on Connectors in the left side menu.
Click on Create Connector and add the following information to the various fields:
- Connector Type: Generic Webhook Sender
- Name: Microsoft Teams
- Description: Send case updates and notifications to team channels
- Base Url: [Paste your Teams webhook URL here]
- API Key: Leave blank
- ✓ Activate Connector

Step 2: Create automation for new cases

1. Choose trigger

Navigate to the Triggered Automations in Cydarm settings
Click on Create Triggered Automation in the top right corner
Select trigger: Case created
Name: Microsoft Teams Alerts (or your preferred name)
Description: Send case notification to teams
Click Next

2. Action and connector

Condition: Leave blank
Select action: Send Generic Webhook
Select connector: Microsoft Teams
✓ Activate automation on Submit
Click Next

3. Configure template

Configure the following settings:

URL Path: Leave blank
HTTP Method: POST
HTTP Content-Type: application/json
Headers: Leave blank
✓ Process response in Cydarm
Click Submit

Request Template:

{
  "type": "message",
  "attachments": [
    {
      "contentType": "application/vnd.microsoft.card.adaptive",
      "content": {
        "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
        "type": "AdaptiveCard",
        "version": "1.2",
        "body": [
          {
            "type": "TextBlock",
            "text": "New Case Created",
            "size": "Large",
            "weight": "Bolder",
            "horizontalAlignment": "Center"
          },
          {
            "type": "TextBlock",
            "text": "**Case ID:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "**Created by:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "**Description:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "**Status:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "[View in Cydarm](https://your-cydarm-URL.trial.cydarm.io/cases/)",
            "wrap": true
          }
        ]
      }
    }
  ]
}

Response Processing steps:

✓ Process response in Cydarm
Success response codes: 202
Response Template:

{
  "add_case_comment": "Microsoft Teams notification sent successfully.",
  "add_case_tags": ["teams:sent"]
}

Step 3: Create automation for case data creation

1. Choose trigger

Create another Triggered Automation
Select Trigger: Case data created
Name: Microsoft Teams Alerts for Case Data Creation
Description: Send case notification to teams

2. Action and Connector Setup

Condition: event.case_data_creator.is_human == true
Select action: Send Generic Webhook
Select connector: Microsoft Teams
✓ Activate automation on Submit

3. Configure Template

Use the same HTTP settings as above with this request template:

{
  "type": "message",
  "attachments": [
    {
      "contentType": "application/vnd.microsoft.card.adaptive",
      "content": {
        "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
        "type": "AdaptiveCard",
        "version": "1.2",
        "body": [
          {
            "type": "TextBlock",
            "text": "New Case Data Created",
            "size": "Large",
            "weight": "Bolder",
            "horizontalAlignment": "Center"
          },
          {
            "type": "TextBlock",
            "text": "**Case ID:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "**Description:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "**Creator Name:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "**Status:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "**MIME Type:** ",
            "wrap": true
          },
          {
            "type": "TextBlock",
            "text": "[View in Cydarm](https://monash-university-a8c0.trial.cydarm.io/cases/)",
            "wrap": true
          }
        ]
      }
    }
  ]
}

Use the same Response processing configuration as in Step 2.

Testing the integration

To test the setup:

Go to Cydarm and create a new case
Change the case severity (optional)
Assign a user to the case (optional)
Add a comment, upload a file, or create STIX data

Expected results

You should see notifications appear in your Teams channel that look like:

For new cases:

Card titled "New Case Created"
Case ID, creator, description, and status
Direct link to view in Cydarm

For case data creation:

Card titled New Case Data Created
Case details plus MIME type information
Direct link to view in Cydarm

Troubleshooting

Common issues

Notifications not appearing:

Verify the webhook URL is correct
Check that automations are activated
Ensure the connector is properly configured

Formatting issues:

Verify JSON syntax in request templates
Check that all template variables are properly formatted

Missing case data notifications:

Confirm the condition event.case_data_creator.is_human == true is set
Verify that data is being added by human users, not automated processes

Success indicators

When working correctly, you'll see:

Case comments in Cydarm stating Microsoft Teams notification sent successfully
Tags added to cases: ["teams:sent"]
Formatted cards appearing in your Teams channel

Customization options

Modify card content

You can customize the notification cards by editing the request templates to include additional case fields or change the formatting.

Add conditions

Use the condition field to filter which cases trigger notifications (e.g., only high-severity cases).

Multiple channels

Create multiple connectors with different webhook URLs to send notifications to different Teams channels based on case criteria.

For more detailed technical information please refer to our Cydarm API documentation.