Enhancing Security Workflows with Real-Time Notifications via Microsoft Teams and Slack

August 09, 2023 Flowmon, Infrastructure Management

In today's fast-paced digital landscape, staying one step ahead of potential security threats is paramount. Real-time security notifications serve as the frontlines of defense, enabling swift actions that can prevent potential breaches and minimize damage.

The integration with popular collaboration platforms like Microsoft Teams and Slack marks a pivotal advancement in security workflows.

We are introducing new capability to post events from Flowmon ADS into Teams channel or Slack to instantly notify security teams. Integrations scripts are based on simple webhooks and available out of the box on our support portal both for Teams and Slack.

Notification via Teams

Let’s look at posting events into Teams. Whenever there is a high severity event detected it get instantly posted into specific channel. The result in Teams may look like this. (Picture 1: Event posted in Teams channel)

Most important information is highlighted. There is an active link from event ID which leads to event details in Flowmon ADS. This event represents a situation when a new, previously unknown device, is connected to the network.

Security team can now communicate about the event via Teams as they are used to. When there is a need for drill down to more details in Flowmon ADS it is one click away. (Picture 2: Event details in Flowmon ADS. Drill down from event summary in Teams.

How to set it up?

Configuration is easy. First you need to configure an Incoming webhook in Teams and get unique URL. Next you need Flowmon hostname or its IP address. It is required parameter to be able to construct URL pointing back to event details. Install the Teams integration custom script obtained from our support portal and create a custom action using the script. You can find more details in the configuration guide.

Summary

In conclusion, the fusion of Flowmon ADS with Microsoft Teams and Slack heralds a new era of efficient and effective security management. The seamless transition from high-level notifications to detailed event insights within Flowmon ADS ensures that no crucial information is overlooked.

Pavel Minarik

As Vice President of Technology at Progress Software, I'm responsible for overarching technology strategy and architecture of our Enterprise Application Experience products such as Flowmon, Loadmaster and What's Up Gold and experimental development in this area.

My vision is to empower enterprises with always on application experience accompanied with secure and well performing digital environment. On premise. In the data center. In private & public cloud. Consolidated picture of the network, applications and security in single Application Delivery, NetOps & SecOps solution with easy to use and flexible user interface providing insight out of the box.

As a senior researcher of Institute of Computer Science of Masaryk University I have participated in several research and development projects in domain of network traffic monitoring, analysis and cyber security. I'm author of more than ten publications in the domain of behavior analysis and several algorithms for traffic processing and anomaly detection summarized in PhD thesis “Building a System for Network Security Monitoring”.