Chatbots for security and IT teams (Part 1): Microsoft Teams

Written by Thomas KinsellaCo-founder & CCO, Tines

Published on April 26, 2021

This article was posted more than 18 months ago.

⚠️Warning

In 2019, Security and IT organizations are finding it harder to source and retain talent, which is why many companies are embracing remote workers and distributed teams. Communicating within and between remote teams is challenging, and many organizations are using communication tools like Slack and Microsoft Teams, and with them, chatbots, to improve communication and collaboration.

Often during a security incident, security teams create virtual rooms to discuss the details, investigate IOCs, and take action. Frequently, multiple teams from different disciplines are invited. On IT and Product Development teams, virtual rooms are often created on a per-project basis to discuss project-specific initiatives and challenges.

This process of collaborating within a chat tool is commonly called “ChatOps” – “a collaboration model that connects people, tools, process, and automation into a transparent workflow” according to Atlassian.

ChatOps can be improved significantly using chatbots – autonomous programs that interact with users within chats. They provide the “automation” part of ChatOps and allow users to take actions from within their chat application. ChatOps and chatbots allow analysts to maintain their focus in one location, and to operate using just one pane of glass – keeping them focused on performing more meaningful and impactful work.

In order for ChatOps to be successful, it requires both the ability to kick off automated actions from within the chat application and an automation solution to send alerts and data back to the chat program either proactively or reactively.

Because most security and IT tools don’t integrate natively with Slack or Microsoft Teams, you can use Tines to connect your tools together by creating a Tines chatbot. These chatbots can leverage the full power of the Tines Automation platform and send data back to Microsoft Teams or Slack.

The idea of chatbots for security and IT teams is not new – security teams in Slack, Netflix and Dropbox, among others, have created open-source chatbots for alerting purposes and for indicator enrichment. Creating your own chatbot which fits your own internal processes allows you to be more fl