Integrate with Microsoft Teams

Integrate StackRox with Microsoft Teams.

If you are using Microsoft Teams, you can forward StackRox alert notifications to Microsoft Teams and post them as alerts to a Teams channel. This guide explains how to integrate the StackRox Kubernetes Security Platform with Microsoft Teams.

Integrating with Microsoft Teams requires version 2.5.32 or newer. If you are on an older version, see the Upgrade StackRox page for upgrade instructions.

You must have a Microsoft Teams account with proper access to set up a webhook URL.

To forward alerts from the StackRox Kubernetes Security Platform to Microsoft Teams:

  1. Set up a webhook URL in Microsoft Teams. See Configure Microsoft Teams.
  2. Use the Microsoft Teams URL to integrate Microsoft Teams with the StackRox Kubernetes Security Platform. See Configure the StackRox Kubernetes Security Platform.
  3. Identify policies for which you want to send notifications, and update the notification settings for those policies. See Configure policy notifications.

Alerts in Microsoft Teams
Alerts in Microsoft Teams

Depending upon the policy, the Alert object may contain some blank fields in the PolicyFields object. The Teams integration doesn’t show these empty fields in the message posted on the Microsoft Teams channel.

Configure Microsoft Teams

Create a custom incoming webhook in Microsoft Teams.

  1. In Microsoft Teams, choose More options (⋯) next to the channel name and then choose Connectors.
  2. Scroll through the list of Connectors to Incoming Webhook, and choose Add.
  3. Enter a name for the webhook, upload an image to associate with data from the webhook, and choose Create.
  4. Copy the webhook to the clipboard and save it. You’ll need the webhook URL to send information to Microsoft Teams.
  5. Choose Done.

Configure the StackRox Kubernetes Security Platform

Create a new integration in the StackRox Kubernetes Security Platform by using the webhook URL.

  1. Navigate to Platform Configuration > Integrations.
  2. Under the Plugins section, select Microsoft Teams.
  3. Select the New Integration icon.
  4. Enter a name for Integration Name.
  5. Enter the generated webhook URL in the Default Teams Webhook box.
  6. Select Test (checkmark icon) to test that the integration with Microsoft Teams is working.
  7. Select Create (save icon) to create the configuration.

Configure by using the API

You can also configure the StackRox Kubernetes Security Platform by using the API. To do this, send a request to the /v1/notifiers endpoint. For example:

Copy
curl -H "Authorization: Bearer <auth-token>" -X POST -H 'Content-Type:application/json' -k https://<stackrox-portal-address>/v1/notifiers -d '{
  "name":"Teams Integration",
  "labelDefault":"<microsoft-teams-webhook-url>",
  "labelKey":"microsoft-teams/webhook",
  "uiEndpoint":"https://<stackrox-portal-address>",
  "type":"teams",
  "enabled":true,
  "categories":[],
  "clusterIds":[]
}'

Create issues in different Microsoft Teams channels

You can configure the StackRox Kubernetes Security Platform to send messages to different Microsoft Teams channels, so they directly go to the right team. To configure this:

  1. Configure Microsoft Teams by setting up webhooks for each channel you want to send alerts.
  2. Add an annotation similar to the following in your deployment YAML file:
    Copy
    microsoft-teams/webhook: <microsoft-teams-webhook-url>
  3. Use the annotation key microsoft-teams/webhook in the Label/Annotation Key For Teams Webhook box when you Configure the StackRox Kubernetes Security Platform.

Once configured, if a deployment has the annotation, the StackRox Kubernetes Security Platform sends the alert to the webhook specified in the annotation. Otherwise, it sends the alert to the default webhook.

Configure policy notifications

  1. Navigate to Platform Configuration > System policies.

  2. Select the check boxes for one or more policies for which you want to send alerts.

  3. Select Enable Notifications or Actions > Enable Notification (depends upon the StackRox Kubernetes Security Platform version you are using).

  4. In the Enable Notifications dialog, select the check box for the Microsoft Teams notifier (same as the Integration Name). If you haven’t configured any other integrations, you’ll see the message No notifiers configured!.

    Configure policy notifications
    Configure policy notifications

  5. Select Enable.

  • The StackRox Kubernetes Security Platform sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.

  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you won’t receive a notification unless a violation generates a new alert. The StackRox Kubernetes Security Platform creates a new alert when:

    • a policy violation occurs for the first time in a deployment, or
    • a runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for that policy in that deployment.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.