I have been doing some tests with the MS Teams integration and I’m missing the capability to have a workflow trigger from a thread response in a channel.
Are there any possibilities to get it to find triggers also in responses? From what I understand of the documentation the only trigger is for new messages atm.
What I want to achieve is to be able to keep everything in a single thread to keep certain channels nice and tidy.
Ex: Say we have the channel discussing vulnerability management, a team member find an article online about a new CVE and the person then post about this vulnerability in the channel for starting some investigations how we are effected by this. I would then be able to run ex !lookup-vuln-asset CVE-xxx-xxxx or similar to get those kind of details directly within the same thread.
Another example would be during an Incident handling situation. We get a report that a user gave away their credentials to a phishing site then we have the standard stuff - Force change pw, terminate existing sessions. But after that we do some threat hunting to see if other users also fell for the same scam, yeah user X and Y also fell for it now we need to apply actions to their accounts as well.
Hope I made it somewhat clear what I mean.
I think that this functionality would be great to have.
1 Like
Currently we do not have that capability with the Teams plugin, but it is something you can put in a feature request for.
https://docs.google.com/forms/d/e/1FAIpQLSdy8giQqb9m6bHn8EvxWyM93yTphXn5Nc6n_W9PHcga3a5_XA/viewform
I have all my Teams responses stay within the same thread, but you cannot trigger off of those responses
I think it should at least be possible to implement since the MS Teams API does have a HTTP request for specific replies in a thread as well.
GET /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-id}
I have filled in the request 
1 Like
Yes I do get the responses from a workflow in the same thread as well.
We would like to be able to continue to build and add additional intel in the same thread along the way by triggering another workflow from a new response in the thread.
I think what you are looking for might fall under the Case Management that Rapid7 is working on. Teams triggers are intended to independent processes with no dependancies.
It isn’t exactly what you are looking for, but if you include an argument in the Teams Trigger that accepts a thread id, then the output of multiple triggers can be all included in a single thread. You could also do this using two different channels, one channel to accept the commands, and another one with a list of consolidated responses
1 Like
Ah okay, yeah not exactly what I’m looking for but definitely an interesting use case as well!
They updated the Teams plugin, I haven’t had a chance to play with it yet but it should be able to handle that now.
It is better, but still not always posting.
The issue is the upgrade process for major upgrades is too time consuming right now.
I’ve upgraded some of my more critical workflows, but there will be a while before I can convert all.
Cool, will check it out to see if I get it to work 
Have updated to the latest Teams plugin and replaced the trigger but it still can’t detect on new messages in a thread only first messages unfortunately.
Or, at least I couldn’t get it to trigger on new messages within a thread.