Skip to main content
Skip table of contents

Microsoft Teams Actions

Actions for Microsoft Teams

  • Post on Teams. Sends a custom set of Lucidum data to Microsoft Teams.

Use Cases

Below are the possible use cases for the Post on Teams action:

  • You can send messages about high-risk alerts or incidents to specific Teams groups. For example, you could send a list of assets with a zero-day vulnerability to the SecOps slack channel for immediate attention.

Prerequisites

Before you can execute the action Post on Teams, you must first enable incoming incoming webhooks on Microsoft Teams and then copy the URL for incoming webhooks. For details, see https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook?tabs=dotnet#create-incoming-webhooks-1.

Workflows

Microsoft Teams Configuration 

Create or Edit an Action

To create an action for Microsoft Teams:

  1. In the Create a New Action page, in the General step, enter:

    • Action Type. Select Post on Teams.

    • Configuration Name. Select an action configuration from the pulldown options.

    • Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.

    • Description. Description of the action.

  2. Click the Next (>) icon.

  3. In the Filters page, click Configure Filters.

  4. The Configure Filters for Action page appears.

  5. In the Configure Filters for Action page, you define the query for the assets or users that the action will act upon. For existing actions, the query is already loaded in this page.

  6. For details on creating and editing queries in Lucidum, the section on Building Queries.

    NOTE: To optimize performance, the default time range is Current. If you need to access historical data, contact Lucidum Custom Success for help on using historical data without affecting performance.

  7. Click the Apply (page and pencil) icon.

  8. Click the Next (>) icon.

  9. In the Schedule step, enter:

    • Schedule Type. Define the schedule for the action. Choices are:

      • Recurrence. Specify a frequency for the recurring schedule.

      • After Data Ingestion. The action is executed after data ingestion, which happens at least once every 24 hours and can also be triggered manually.

    • Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for executing the action.

  10. Click the Next (>) icon.

  11. In the Details step, enter the following:

     

    • Output Fields. For the records selected with the Filters field, specify the columns to display. When creating or editing the query, you can select these fields in the Query Results page > Edit Column button.

    • Message. This field includes JSON to build an AdaptiveCard object. AedaptiveCard is a platform-agnostic snippet of UI data. The object allows applications to easily share and integrate UI data with other user interfaces. When delivered to Teams, the content of the AdaptiveCard uses the Teams look-and-feel. The message in Teams will include a description of the Lucidum action, the name of the person who created the action, the number of query results in the action, and a message that says “Check detailed result in Lucidum Action Center.” The message also includes a link to download the results of the latest execution of the action.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.