Greetings:
For once I have a non-mission-critical question:
I am configuring alerts utilizing Teams webhooks for delivery. I was wondering if I could customize the content of the Event section of the Teams message. I took a stab at it based on my very confused reading of the documentation and what was found within the various corners of the internet, and, predictably, this did not work:
<b>--- [Event] ---</b>
<table>
<tr><td><b>Alert Replay:</b></td><td>${http_external_uri}alerts/${event.id}/replay-search</td></tr>
<tr><td><b>Timestamp:</b></td><td>${event.timestamp}</td></tr>
<tr><td><b>UserID:</b></td><td>${event.UserId}</td></tr>
<tr><td><b>Workload:</b></td><td>${event.Workload}</td></tr>
<tr><td><b>ClientIP:</b></td><td>${event.ClientIP}</td></tr>
<tr><td><b>City:</b></td><td>${event.Client_city}</td></tr>
<tr><td><b>Country:</b></td><td>${event.Client_country}</td></tr>
<tr><td><b>ISP:</b></td><td>${event.as_organization}</td></tr>
<tr><td><b>Key:</b></td><td>${event.key}</td></tr>
<tr><td><b>Priority:</b></td><td>${event.priority}</td></tr>
<tr><td><b>Alert:</b></td><td>${event.alert}</td></tr>
<tr><td><b>Timestamp Processing:</b></td><td>${event.timestamp}</td></tr>
<tr><td><b>Timerange Start:</b></td><td>${event.timerange_start}</td></tr>
<tr><td><b>Timerange End:</b></td><td>${event.timerange_end}</td></tr>
<table>
My ideas was that I could pull the fields from the message and display as what should be discernible, above. However, the alert only broght over the standard/existing fields (Alert Replay, TimeStamp, Priority, Alert, TimeStamp Processing).
Is it possible to enrich Event content with standard message fields such as “UserID” and GeoIP data (ClientIP, Client_City, etc.)
Thank you!