Realtime notifications via Microsoft Teams
Notifications help ensure operators are informed of potential security threats in seconds, allowing them to take appropriate action to mitigate the risks. bucketAV integrates with marbot, allowing you to receive alerts about infected or unscannable objects via Microsoft Teams.
Receiving bucketAV notifications with marbot is free of charge. A subscription for marbot is not required.
- Add marbot to Microsoft Teams.
- Select a channel.
- Send
@marbot end?
to the channel. - Copy the returned URL (e.g.,
https://api.marbot.io/v1/endpoint/YOUR_ENDPOINT_ID
). - Open SNS in the AWS Management Console.
- Ensure that you are in the correct region.
- Navigate to Topics.
- Search for the FindingsTopic and click on it.
- Click on the Create Subscription button.
- Keep the prefilled Topic ARN.
- Set Protocol to HTTPS.
- Set Endpoint to the URL returned by marbot.
- Deactivate Enable raw message delivery.
- Enable the Subscription filter policy.
- Select Message attributes as the filter policy scope.
- Use the following policy to only get notified about infected and unscannable objects.
{"status": ["infected", "no"]}
- Press the Create subscription button.
That’s it. Here is what a notification about an infected file looks like in Microsoft Teams.