Realtime notifications via Microsoft Teams

Notifications help ensure operators are informed of potential security threats in seconds, allowing them to take appropriate action to mitigate the risks. bucketAV integrates with marbot, allowing you to receive alerts about infected or unscannable objects via Microsoft Teams.

Receiving bucketAV notifications with marbot is free of charge. A subscription for marbot is not required.

  1. Add marbot to Microsoft Teams. Adding marbot to Microsoft Teams part 1
  2. Select a channel. Adding marbot to Microsoft Teams part 2
  3. Send @marbot end? to the channel.
  4. Copy the returned URL (e.g., https://api.marbot.io/v1/endpoint/YOUR_ENDPOINT_ID). Get marbot endpoint URL for channel
  5. Open SNS in the AWS Management Console.
  6. Ensure that you are in the correct region.
  7. Navigate to Topics.
  8. Search for the FindingsTopic and click on it.
  9. Click on the Create Subscription button. Creating a SNS subscription part 1
  10. Keep the prefilled Topic ARN.
  11. Set Protocol to HTTPS.
  12. Set Endpoint to the URL returned by marbot.
  13. Deactivate Enable raw message delivery. Creating a SNS subscription part 2
  14. Enable the Subscription filter policy.
  15. Select Message attributes as the filter policy scope.
  16. Use the following policy to get notified about infected and unscannable objects.
{"status": ["infected", "no"]}

Creating a SNS subscription part 3

  1. Press the Create subscription button.

That’s it. Here is what a notification about an infected file looks like in Microsoft Teams.

bucketAV notification about infected file in Microsof Teams

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email