I’ve got a workflow which notifies a Teams Channel when a Jira is updated in a particular Jira project. I capture the Jira ticket ID and the Teams message ID in a String/String object in a Global Artifact.
Goal:
- For new Jira tickets, a new conversation. This is straightforward.
- For updates to existing Jira tickets, I want to respond to the existing conversation, using the Teams message ID which I captured last time the workflow ran for a particular Jira ticket.
I want to use Send Message by GUID, which is described in the documentation as more performant, presumably because there’s no need to look up the GUID by Team/Channel Name in MS Graph API using get_teams_from_microsoft in teams_utils.py
As a workaround I can fall back to Send HTML Message, but as the workflow will always be posting to the same Team/Channel, I’d like to avoid the overhead of the Graph API lookup if possible.
Is this a workflow you have built out already or are you trying to build it out now?
I’m at the stage where both of those answers are potentially accurate.
Okay, let me take a look and see what I can figure out for you as a solution.
1 Like
Thank you for taking a look! This is definitely a nice-to-have wishlist item, rather than a show-stopping problem.
Then again, I am planning to build more two-way Teams channel interactions in future (!lookup <user> or !isolate-endpoint <hostname>, stuff like that) using Teams, and anything which shaves off response time for that sort of two-way communication via Teams will make the end-user SOC analyst user experience that much better.
1 Like
I was a Security Analyst for the past 4 years so I understand completely. I put in a ticket to have our development team take a look at this and see if it is something we can add.
1 Like
That sounds great, thank you. I realize I read your Phishing Remediation plugin documentation recently - it was food for thought.
With the Teams plugin, I wonder why there are three Actions to send a message to a team/channel:
- Send Message: Send a message; plaintext; target team/channel.
- Send HTML Message: Send HTML as a message; target team/channel.
- Send Message by GUID: Sends a message using the GUID for the team and channel. This is more performant than send message. Can send either HTML or plaintext.
On the other hand, I guess combining them into a single Action in a newer version of the plugin might break workflows which use the existing Actions.
I submitted that when I was a customer, it is a version of the workflow we used at my previous place for our phishing emails. If you have any questions on it I can try to answer them. As for the 3 actions to send a message I am not sure, I can ask around and see what I can find out though.
1 Like
Thanks again. I’m really just thinking out loud about the 3 different Actions. It’s not a problem that they are the way they are.