All Apps and Add-ons

Microsoft Teams Add-on for Splunk

Gabriel
Path Finder

Hi everyone

I got a question regarding the configuration of the app Microsoft Teams Add-on for Splunk.

When I configure a Webhook, a TeamsSubscription, and a CallRecord according to this guide, MS Teams data flow into my Splunk instance. Just like the guide suggests, I use ngrok since the server my Splunk instance is running on is not accessible via HTTPS.

Ngrok is fine for testing, but I want to switch it out for my actual proxy server. I tried several different settings, but there is no more data coming in. Given that data came in for as long as I used ngrok, all settings related to Azure (Tenant ID, Client ID, Client Secret) must be correct. The issue lies somewhere in the proxy server settings.

Can anyone share some insights on how to configure the MS Teams Add-on as well as proxy server settings? Here is my current setup.

Webhook
- Name: Webhook
- Interval: 30
- Index: ms_teams
- Port: 4444

Subscription
- Name: Subscription
- Interval: 86400
- Index: ms_teams
- Global Account: MSAzure
- Tenant ID: mytenantidfromazure
- Environment: Public
- Webhook URL: myproxy.server.com <------- splunkinstanceserver.com:4444 or myproxy.server.com?
- Endpoint: v1.0

CallRecord
- Name: CallRecord
- Interval: 30
- Index: ms_teams
- Global Account: MSAzure
- Tenant ID: mytenantidfromazure
- Environment: Public
- Endpoint: v1.0
- Max Batch Site: 5000

Proxy
- Enable: checked
- Host: myproxyserver.com
- Port: 4444  <--------- Is this meant to be the port of my webhook or where my proxy takes https requests?
- Username: userformyproxyserver
- PW: userpwformyproxyserver

splunkd.log
***Paths are shortened for readability.

.../TA_MS_Teams/bin/TA_MS_Teams_rh_settings.py persistent}: WARNING:root:Run function: get_password failed: Traceback (most recent call last):
.../TA_MS_Teams/bin/TA_MS_Teams_rh_settings.py persistent}: File ".../TA_MS_Teams/bin/ta_ms_teams/aob_py3/solnlib/utils.py", line 148, in wrapper
.../TA_MS_Teams/bin/TA_MS_Teams_rh_settings.py persistent}: return func(*args, **kwargs)
.../TA_MS_Teams/bin/TA_MS_Teams_rh_settings.py persistent}: File ".../TA_MS_Teams/bin/ta_ms_teams/aob_py3/solnlib/credentials.py", line 128, in get_password
.../TA_MS_Teams/bin/TA_MS_Teams_rh_settings.py persistent}: "Failed to get password of realm=%s, user=%s." % (self._realm, user)
.../TA_MS_Teams/bin/TA_MS_Teams_rh_settings.py persistent}: solnlib.credentials.CredentialNotExistException: Failed to get password of realm=__REST_CREDENTIAL__#TA_MS_Teams#configs/conf-ta_ms_teams_settings, user=proxy.

Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...