The integration with popular collaboration platforms like Microsoft Teams and Slack marks a pivotal advancement in security workflows.
We are introducing new capability to post events from Flowmon ADS into Teams channel or Slack to instantly notify security teams. Integrations scripts are based on simple webhooks and available out of the box on our support portal both for Teams and Slack.
Notification via Teams
Let’s look at posting events into Teams. Whenever there is a high severity event detected it get instantly posted into specific channel. The result in Teams may look like this. (Picture 1: Event posted in Teams channel)
Most important information is highlighted. There is an active link from event ID which leads to event details in Flowmon ADS. This event represents a situation when a new, previously unknown device, is connected to the network.
Security team can now communicate about the event via Teams as they are used to. When there is a need for drill down to more details in Flowmon ADS it is one click away. (Picture 2: Event details in Flowmon ADS. Drill down from event summary in Teams.
How to set it up?
Configuration is easy. First you need to configure an Incoming webhook in Teams and get unique URL. Next you need Flowmon hostname or its IP address. It is required parameter to be able to construct URL pointing back to event details. Install the Teams integration custom script obtained from our support portal and create a custom action using the script. You can find more details in the configuration guide.
Summary
In conclusion, the fusion of Flowmon ADS with Microsoft Teams and Slack heralds a new era of efficient and effective security management. The seamless transition from high-level notifications to detailed event insights within Flowmon ADS ensures that no crucial information is overlooked.
