Notifications - Azure Teams

This guide describes the procedure for setting up an integration between a ZeroNorth and Azure Teams. Integrating ZeroNorth with Azure provides automatic ticket management based on Issues and Remediations :


  1. ZeroNorth detects a new Issue or Remediation of a previously known Issue on a Target set up for Azure notification.
  2. ZeroNorth sends the details to the pre-specified Azure Project.
  3. Azure creates a new ticket for the Issue, or marks the ticket as “DONE” in case of a Remediation.

Features and Benefits:

  • ZeroNorth sends notification to Azure only for new events, avoiding redundant tickets.
  • ZeroNorth also sends to Azure the Remediation events for a prior Issue, automatically closing the ticket.
  • When a previously remediated (and therefore closed in Azure) ZeroNorth Issue is re-detected, a new Azure ticket is created by this mechanism.


The steps described in this article assume that you have:

  • An Azure account with valid credentials (user name and API token/key)
  • The Azure project name
  • ZeroNorth platform license and valid credentials

Set Up Procedure

Sending notification to Azure to create Azure tickets is a part of the Target definition. Sign in to your ZeroNorth UI account:

  • Go to znOPS > Targets .
  • To add Azure integration to a new Target, click on Add Target . Follow the instructions in this article for defining a new target, and then continue below.
  • To add Azure integration to an existing Target, click on the Target name to bring up the details for edit.

In the Target edit screen, go to the Notifications section near the bottom:

Check the Azure checkbox and then enter the necessary information:

Click Save .

Things to Keep in Mind

  • Azure Ticket Fields - When creating the Azure issue, ZeroNorth sends Issue Summary, Issue Description, and a comment that has a link back to the original ZeroNorth Synthetic Issue.
  • For a new Target , alerts will be sent when Issues are detected on the first run.
  • For an existing Target , alerts will be sent only for net new Issues or Remediation events.
  • If you have Rulesets set up to ignore Issues or Remediation events, no alert is send to Azure for the affected events.