Microsoft Teams Integration

Receive BreachSpider CVE alerts directly in a Teams channel.

Step 1 - Create an Incoming Webhook in Teams

Open Microsoft Teams
Navigate to the channel where you want alerts
Click the three-dot menu next to the channel name
Select Connectors (or Workflows in newer Teams)
Search for Incoming Webhook
Click Configure, give it a name like "BreachSpider Alerts"
Copy the webhook URL

The URL looks like:

https://yourorg.webhook.office.com/webhookb2/...

Reference: Microsoft Teams Incoming Webhook docs

Step 2 - Add to BreachSpider

In the BreachSpider dashboard:

Navigate to Integrations > Microsoft Teams
Click Add Connection
Paste your Teams webhook URL
Give the connection a name (e.g. "SOC Channel")
Select which events to send:
New KEV matching your assets
Critical CVEs (CVSS 9+)
High CVEs (CVSS 7-8.9)
Exploit confirmed in the wild
Click Test Connection to send a verification message
Click Save

Step 3 - Configure Alert Rules

Navigate to Integrations > Alert Rules to control which environments trigger Teams alerts and at what severity threshold.

Teams Message Format

BreachSpider sends Adaptive Cards to Teams for rich formatting:

CRITICAL CVE ALERT - BreachSpider
CVE-2025-32433 | CVSS 10.0 | KEV

Erlang/OTP SSH Server Unauthenticated RCE

Affected Assets:
- SCADA Middleware Server (Water Treatment Plant Alpha)

BCS Score: 10.0 | EPSS: 59.9% (Top 5%)
Exploit Maturity: POC | Patch Available: Yes

View in BreachSpider ->

Via API

curl -X POST \
  -H "Authorization: Bearer bs_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "teams",
    "name": "SOC Channel",
    "config": {
      "webhook_url": "https://yourorg.webhook.office.com/webhookb2/...",
      "events": ["kev.new", "cve.critical"]
    },
    "enabled": true
  }' \
  "https://breachspider.com/api/v1/integrations/connections"

Test an existing connection:

curl -X POST \
  -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/integrations/connections/3/test"