HttpPOST Action - Githubissues

guilhemmarchand / TA-ms-teams-alert-action

This application provides alert actions for Microsoft Teams messages publication to allows advanced messages publication from Splunk.

7 stars 5 forks source link

HttpPOST Action #42

Open dimarra opened 3 years ago

dimarra commented 3 years ago

What is the suggested way to implement the HttpPOST Action such that the activity on MSTeams is sent back to splunk? Can you provide guidance? Thanks

guilhemmarchand commented 3 years ago

@dimarra

Unfortunately I could never test this configuration myself due to lack of an MS teams access post development, this is covered in the MS doc:

https://docs.microsoft.com/en-us/outlook/actionable-messages/message-card-reference

In theory, you should be able to provide the relevant information for Teams to achieve a REST call back on something when the user clicks on the button.

I will be happy to make changes if you find issues or enhancements required on this

dimarra commented 3 years ago

thanks for the prompt response.

The link you have provided leads to the Card Playground which provides a sample json to for "@type": "MessageCard",. I know I need to customize this json per my needs. Where do I set this in my search/alert?

dimarra commented 3 years ago

I would like to have a drop down list in the message card. However it appears that this add on does not support Action Card of Type MultichoiceInput.

Is there a way to get a field that allows to stick in json for the potentialAction field to have more control in there?

    {
        "@type": "ActionCard",
        "name": "Move",
        "inputs": [
            {
                "@type": "MultichoiceInput",
                "id": "move",
                "title": "Pick a list",
                "choices": [
                    {
                        "display": "List 1",
                        "value": "l1"
                    },
                    {
                        "display": "List 2",
                        "value": "l2"
                    }
                ]
            }
        ],
        "actions": [
            {
                "@type": "HttpPOST",
                "name": "OK",
                "target": "http://..."
            }
        ]
    },

guilhemmarchand commented 3 years ago

@dimarra I will have a look, I could provide a free text form option where to paste a JSON structure yes, this might gets somehow challenging to include dynamic content resulting from the Splunk search (ex: $result,my_splunk_field$) but this should be possible as I believe I am doing this already in my JIRA Add-on. Leave this with me, I will drop a message here if I have more questions