Send Response on Microsoft Teams Channel

To trigger Teams alerts from the Qualys Enterprise TruRisk™ Platform, perform the following steps from the Qualys Enterprise TruRisk™ Platform app. 

1. Create new action from Actions.
2. Create new rule from Rule Manager tab.

Create New Action from Actions

To send an alert, you need to create a new action for which you want to receive an alert once the created rule is triggered. Alerts are initiated when events matching a condition are detected, and the action you configure for the condition match is triggered. For sending alerts on the Microsoft Teams Channel, you need to select Post to Teams as an action.

Perform the following steps in the application to create a new action:

1. From the Responses, navigate to Actions and click New Action.
2. Provide the Action Name and Description in the Basic Information section.
3. From the Select Action, select a Post to Teams action, sending alert messages on the MS Teams channel.
   
4. Click Save.

Create New Rule from Rule Manager Tab

While creating a new rule, define the conditions and significant events that trigger the rule and send alerts.

Perform the following steps in the Qualys application to create a new rule:

For Select Time-Window Count Match and Select Time-Window Scheduled Match, you can aggregate the alerts from the Aggregate Group list by selecting the action available in the list.

1. From Responses, navigate to Rule Manager and click New Rule.
2. In the Rule Information section, provide a Rule Name and Description of the new rule.
3. Select Rule Severity.
4. In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query button to test your query. If the Qualys Query Language (QQL) is not supported, you will be notified via the error message. The following screenshot is an example of the Rule Details section:
   
   Alternatively, you can click Sample Queries to select from the predefined queries.
5. In the Trigger Criteria, select the trigger criteria that match the rule query. You can choose the following Trigger Criteria from the drop-down menu:
   • Single Match: The system generates an alert whenever it detects an event matching your search query.
   • Time-Window Count Match: The system generates alerts based on the number of events the search query returns in a fixed time interval. For example, an alert will be sent when three matching events are found within a 4-hour window.
   • Time-Window Scheduled Match: The system generates alerts for matching events during a scheduled time. The rule will be triggered only when an event matching your search criteria is found during the time specified in the schedule. Choose a date and time range for creating a schedule and specify if the schedule should run Daily, Weekly, or Monthly. For example, daily alerts with all matches should be sent in a scheduled window between 4 PM and 5 PM.
6. In the Action Settings, choose the actions the system will perform when an alert is triggered. You can customize the message text by inserting tokens into the alert message.
7. Click Save.

Once the rule is triggered, an alert is sent to the selected Microsoft Teams Channel. 

The following image shows a sample response for the Microsoft Teams alert.