Skip to content

Microsoft Teams Integration

BreachSpider can post alert notifications directly to Microsoft Teams channels via incoming webhooks. This puts vulnerability intelligence where your team already communicates.

Available on Standard tier and above.

Setting Up the Teams Webhook

Step 1: Create an Incoming Webhook in Teams

  1. Open Microsoft Teams.
  2. Navigate to the channel where you want BreachSpider alerts to appear.
  3. Click the ... (more options) menu on the channel name.
  4. Select Connectors (or Manage channel > Connectors depending on your Teams version).
  5. Find Incoming Webhook and click Configure.
  6. Give the webhook a name: "BreachSpider Alerts".
  7. Optionally upload the BreachSpider logo as the webhook icon.
  8. Click Create.
  9. Copy the generated webhook URL. You will need this in the next step.

Step 2: Add the Connection in BreachSpider

  1. Navigate to Integrations > Connections > Add Connection.
  2. Select Microsoft Teams as the connection type.
  3. Enter a name for this connection (e.g., "OT Security Channel").
  4. Paste the webhook URL you copied from Teams.
  5. Click Test Connection to send a test message to the channel.
  6. Verify the test message appeared in your Teams channel.
  7. Click Save.

Step 3: Create an Alert Rule

  1. Navigate to Integrations > Alert Rules > Add Rule.
  2. Give the rule a name (e.g., "KEV alerts to Teams").
  3. Select the trigger event (e.g., kev.new).
  4. Select the environment (specific or all).
  5. Select the Teams connection you created as the destination.
  6. Click Save Rule.

What the Teams Message Looks Like

BreachSpider posts an Adaptive Card to your Teams channel containing:

  • A color-coded severity header (red for critical, orange for high).
  • CVE ID and vulnerability title.
  • Affected asset and environment name.
  • BCS, CVSS, and EPSS scores.
  • KEV and exploit maturity badges.
  • One-sentence SAGE summary.
  • A "View in BreachSpider" button linking to the full CVE detail page.

The card is designed for quick visual triage. Your team can see at a glance what the vulnerability is, how severe it is, and which asset is affected.

Multiple Channels

Create separate connections for different Teams channels:

Connection Teams Channel Use Case
OT Critical #ot-critical-alerts KEV and critical findings, OT layer
IT Patching #it-patching High+ findings, OS layer
Network Ops #network-security All findings, NETWORK layer
Leadership #security-leadership Weekly digest, executive alerts

Create separate alert rules pointing to each connection with appropriate event and environment filters.

Troubleshooting

Test message does not appear in Teams:

  • Verify the webhook URL is correct and complete (it should start with https:// and contain webhook.office.com).
  • Check that the webhook is still active in your Teams channel settings (webhooks can be disabled by Teams admins).
  • Ensure your Teams admin policy allows incoming webhooks.

Messages appear but formatting is broken:

  • BreachSpider uses Adaptive Card format. Some older Teams clients may not render cards correctly. Ensure your Teams client is updated.

Want to stop alerts to a channel:

  • Disable the alert rule in BreachSpider (Integrations > Alert Rules > toggle off).
  • Or delete the connection (Integrations > Connections > delete).
  • Or delete the webhook in Teams channel settings.