Alert Destination

Microsoft Teams Alerts

Send database audit alerts directly to Microsoft Teams channels using incoming webhooks. Rich adaptive cards with color-coded severity, detailed facts, and action buttons.

Start Free Trial View Configuration

Adaptive Cards

Rich, interactive cards with structured data, color-coded severity, and detailed alert information.

Channel Routing

Send different alert types to specific Teams channels for organized notification management.

Action Buttons

Direct links to view alert details, acknowledge incidents, or open the DB Audit dashboard.

Configuration Reference

1 Connection Settings

Field Type Required Default Description
name string Yes - A unique name for this alert destination (e.g., "teams-security-channel")
provider select Yes teams Alert provider - select "Microsoft Teams"
enabled boolean No true Enable or disable alert delivery
webhook_url password Yes - Microsoft Teams incoming webhook URL

2 Teams Settings

Field Type Required Default Description
card_title string No DB Audit Alert Title displayed on the adaptive card
theme_color string No auto Card accent color: auto (severity-based), or hex color (#FF0000)
include_actions boolean No true Include action buttons (View in Dashboard)
include_facts boolean No true Include detailed facts section with event data
mention_users array No - User emails to @mention for critical alerts

3 Alert Filtering

Field Type Required Default Description
severity_filter multiselect No all Alert severities to send: critical, high, medium, low, info
alert_types multiselect No all Alert types: policy_violation, anomaly_detection, threshold_breach, classification_alert
database_filter array No - Limit to specific databases (empty = all databases)

4 Delivery Settings

Field Type Required Default Description
rate_limit number No 60 Maximum alerts per minute (1-100)
retry_attempts number No 3 Number of retry attempts on failure
retry_delay_seconds number No 5 Delay between retry attempts
timeout_seconds number No 30 Request timeout in seconds

Severity Color Coding

Alert cards are automatically color-coded based on severity when theme_color is set to "auto".

Critical

Red accent for immediate attention

#DC3545
High

Light red for urgent issues

#FF6B6B
Medium

Yellow for moderate concern

#FFC107
Low

Blue for minor issues

#17A2B8
Info

Gray for informational

#6C757D

Setup Instructions

1

Create Teams Incoming Webhook

Create an incoming webhook connector in your Microsoft Teams channel.

                # Creating a Microsoft Teams Incoming Webhook

1. Open Microsoft Teams
2. Navigate to the channel where you want alerts
3. Click the "..." menu next to the channel name
4. Select "Connectors"
5. Find "Incoming Webhook" and click "Configure"
6. Give the webhook a name (e.g., "DB Audit Alerts")
7. Optionally upload a custom icon
8. Click "Create"
9. Copy the webhook URL

Note: Keep the webhook URL secure - anyone with
the URL can post to your channel.
2

Test the Webhook

Verify the webhook URL is working by sending a test message.

                # Test your Teams webhook with curl
curl -X POST -H "Content-Type: application/json" \
  -d '{
    "@type": "MessageCard",
    "@context": "http://schema.org/extensions",
    "themeColor": "00FF88",
    "summary": "Test Alert",
    "sections": [{
      "activityTitle": "Test Alert from DB Audit",
      "text": "This is a test message to verify the webhook is working."
    }]
  }' \
  "https://outlook.office.com/webhook/YOUR_WEBHOOK_URL"

# Expected: HTTP 200 with body "1"
3

Configure in DB Audit

Add the Teams destination in the DB Audit dashboard.

  1. Navigate to Settings → Alert Destinations in DB Audit
  2. Click Add Destination
  3. Select Microsoft Teams as the provider
  4. Paste your webhook URL
  5. Configure card formatting options
  6. Select which alert types and severities to send
  7. Test the connection and save
4

Create Multiple Destinations (Optional)

Set up different webhooks for different alert types or teams.

Tip: Create separate destinations for different channels - send critical alerts to #security-incidents and informational alerts to #security-logs.

Sample Alert Card

Alerts are sent as MessageCards with rich formatting and action buttons.

          {
  "@type": "MessageCard",
  "@context": "http://schema.org/extensions",
  "themeColor": "FF6B6B",
  "summary": "DB Audit Alert: Bulk Data Access Detected",
  "sections": [
    {
      "activityTitle": "High Severity Alert",
      "activitySubtitle": "Bulk Data Access Detected",
      "activityImage": "https://dbaudit.ai/icon-alert.png",
      "facts": [
        {
          "name": "Database",
          "value": "production-postgres"
        },
        {
          "name": "User",
          "value": "app_user"
        },
        {
          "name": "Client IP",
          "value": "10.0.1.50"
        },
        {
          "name": "Query Type",
          "value": "SELECT"
        },
        {
          "name": "Object",
          "value": "public.customers"
        },
        {
          "name": "Rows Accessed",
          "value": "15,000"
        },
        {
          "name": "Policy",
          "value": "Bulk Data Access Policy"
        }
      ],
      "markdown": true,
      "text": "User accessed more than 10,000 rows in a single query from the customers table."
    }
  ],
  "potentialAction": [
    {
      "@type": "OpenUri",
      "name": "View in Dashboard",
      "targets": [
        {
          "os": "default",
          "uri": "https://app.dbaudit.ai/alerts/alert_abc123xyz"
        }
      ]
    },
    {
      "@type": "OpenUri",
      "name": "View Event Details",
      "targets": [
        {
          "os": "default",
          "uri": "https://app.dbaudit.ai/events/evt_456"
        }
      ]
    }
  ]
}

Testing Your Integration

Test via Dashboard

  1. Go to Settings → Alert Destinations
  2. Find your Teams destination
  3. Click the Test button
  4. Check your Teams channel for the test alert
  5. Verify the card formatting looks correct

Test via API

            curl -X POST \
  https://api.dbaudit.ai/v1/alerts/test \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"destination_id": "dest_abc123"}'

Troubleshooting

Alerts not appearing in Teams

Verify the webhook URL is correct and the connector is still active.

  • Check that the webhook URL starts with https://outlook.office.com/webhook/ or similar
  • Verify the webhook connector hasn't been removed from the channel
  • Check Teams admin policies don't block incoming webhooks

Webhook returns 404 error

The webhook URL may have been invalidated or the connector removed.

  • Go to the Teams channel and check Connectors settings
  • Create a new incoming webhook if the old one was deleted
  • Update the webhook URL in DB Audit

Card formatting issues

The card may not render correctly in some Teams clients.

  • MessageCard format is supported in all Teams versions
  • Check if Teams is updated to the latest version
  • Try viewing the alert on desktop vs mobile

Rate limiting errors

Microsoft Teams has rate limits on incoming webhooks.

  • Reduce the rate_limit setting in DB Audit
  • Filter alerts to only send important notifications
  • Consider using multiple channels to distribute load

Action buttons not working

Users may not be able to click action buttons.

  • Ensure users have access to the DB Audit dashboard
  • Check if corporate firewalls block the dashboard URL
  • Verify the links are using HTTPS

Ready to Send Alerts to Microsoft Teams?

Start receiving database security alerts in your Teams channels in minutes.

Start Free Trial Contact Sales