Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MS Teams config #2727

Open
mcmurrayd09 opened this issue Mar 30, 2020 · 11 comments
Open

MS Teams config #2727

mcmurrayd09 opened this issue Mar 30, 2020 · 11 comments

Comments

@mcmurrayd09
Copy link

mcmurrayd09 commented Mar 30, 2020
edited
Loading

Dumping some ms teams config tricks. Not a lot of examples online and wanted to share the quirks i got through in case others have similar problems as i do.

alert_text_type: alert_text_only - removes index dump at the end of the alert to make it look cleaner.

alert:
- "ms teams"

that's wrong
should be:

alert:
- "ms_teams"


ms_teams_alert_summary:
- "test"

that's also wrong, ms teams expects a string not a list
correct:
ms_teams_alert_summary: "test"
i've also discovered this summary is totally pointless. No matter what i put here it doesn't display in the alert. Use the alert_test to handle your formatting and what you want to show. Hope this saves someone time googling and finding this post rather than reading documentation. The documentation is great btw!

Edit: ms_teams_alert_summary does in fact do something. if you enable push notifications on your mobile devices or notifications in the bottom right the text you put here is what comes up
@aymenwerg
Copy link

I configured Elastalert with ms team and it work but now i want to gave them a nice look to be more humain readable (short msg also)!!
can you help me ?

@mcmurrayd09
Copy link
Author 

alert_text_type: alert_text_only

alert_text: |
  Data<br>
  ip: {0}<br>
  port: {1}<br>
  status up: {2}<br>
  status down: {3}<br>

alert_text_args:
- url.domain
- url.port
- summary.up
- summary.down

try following along with this. for each argument you add in the list coorelate it to your alert text. remember arrays start at index 0

@knightian
Copy link

Can you show config where ms teams is working?

I cannot get it to work no matter what I do

@knightian
Copy link 

alert:
- "ms teams"

that's wrong

should be:

OMG that fixed it for me <3

@knightian knightian mentioned this issue Nov 1, 2020
Closed
@zerocarbthirty
Copy link

Is there a way that I can sponsor a fix to the formatting for messages that come from Teams? In Telegram it looks OK in teams its just a huge jumble of text and it's essentially unusable.

@nsano-rururu
Copy link
Contributor

@zerocarbthirty

I haven't tried it, but ms_teams_alert_fixed_width seems to be relevant.

https://github.com/Yelp/elastalert/blob/master/elastalert/alerts.py#L1071

body = "{0}".format('\n\n'.join(x for x in body.split('\n'))).replace('\n``````', '')

https://elastalert.readthedocs.io/en/latest/ruletypes.html#ms-teams

ms_teams_alert_fixed_width: By default this is False and the notification will be sent to MS Teams as-is. Teams supports a partial Markdown implementation, which means asterisk, underscore and other characters may be interpreted as Markdown. Currenlty, Teams does not fully implement code blocks. Setting this attribute to True will enable line by line code blocks. It is recommended to enable this to get clearer notifications in Teams.

@zerocarbthirty
Copy link

@zerocarbthirty

I haven't tried it, but ms_teams_alert_fixed_width seems to be relevant.

https://github.com/Yelp/elastalert/blob/master/elastalert/alerts.py#L1071

body = "{0}".format('\n\n'.join(x for x in body.split('\n'))).replace('\n``````', '')

https://elastalert.readthedocs.io/en/latest/ruletypes.html#ms-teams

ms_teams_alert_fixed_width: By default this is False and the notification will be sent to MS Teams as-is. Teams supports a partial Markdown implementation, which means asterisk, underscore and other characters may be interpreted as Markdown. Currenlty, Teams does not fully implement code blocks. Setting this attribute to True will enable line by line code blocks. It is recommended to enable this to get clearer notifications in Teams.

Hi,
We've integrated Teams with other products and we use this:

{ "@type": "MessageCard", "@context": "https://schema.org/extensions", "summary": "Sumary", "themeColor": "0078D7", "title": "New Item Imported: #{{item_id}}", "potentialAction": [ { "@type": "OpenUri", "name": "View Item #{{item_id}}", "targets": [ { "os": "default", "uri": "removed obviously" } ] } ] }
which results in a real nice card look. just fyi

@zerocarbthirty
Copy link

There is also this python library that handles the formatting for messages sent to Teams webhooks.

https://pypi.org/project/pymsteams/

@Acmosa
Copy link

Acmosa commented Oct 8, 2021

@mcmurrayd09 Thanks for sharing that.
If you set

ms_teams_alert_fixed_width: false

Then you can use markdown to format your text. Otherwise it will post your text as is.
https://support.microsoft.com/en-us/office/use-markdown-formatting-in-teams-4d10bd65-55e2-4b2d-a1f3-2bebdcd2c772

@zerocarbthirty
Copy link

zerocarbthirty commented Oct 8, 2021 via email

@knightian
Copy link

@zerocarbthirty https://github.com/jertel/elastalert2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@zerocarbthirty @Acmosa @nsano-rururu @mcmurrayd09 @aymenwerg @knightian