You can use the HTTP Server profiles to allow your PAN-OS appliance to send messages to Slack and Teams.

This page has details on how to configure Slack integration. Manage existing Apps here (There should be an option for 'Incoming Webhooks').

This page contains formatting information for Slack messages.

Slack give you the following test command. Replace the full URL with your web hook URL

curl -X POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}' https://hooks.slack.com/services/A012BCDEFG3/B0123456ABC/ABCdef1234567890ZYXtests

On Windows, we have to change the command to the following

curl -X POST -H "Content-type:application/json" --data "{\"text\":\"HelloWorld\"}" https://hooks.slack.com/services/A012BCDEFG3/B0123456ABC/ABCdef1234567890ZYXtests

1. On Device > Server Profiles > HTTP create a new server profile.
2. Add a new server with the following values
   • Name : hooks.slack (or anything you like)
   • Address : hooks.slack.com
   • Protocol : HTTPS
   • Port : 443
   • TLS Version : 1.2
   • Certificate Profile : None
   • HTTP Method : POST
   • Username : Blank
   • Password : Blank
3. You then set a payload format. You can create a seperate server profile for each type of message though if you want to get very specific. Each payload format consists of the following
   • Name : describe the action (e.g. alert-on-login)
   • URI Format : /services/A012BCDEFG3/B0123456ABC/ABCdef1234567890ZYXtests
   • HTTP Headers :
     • Header : content-type
     • Value : application/json
   • Payload :

     {
         "attachments": [
             {
                 "pretext": "$time_generated",
     
                 "title": "Title to put above the text. Can contain variables.",
     
                 "fallback": "Text to put in the pop up notifications.",
     
                 "text": "Main message. You can add in variables as listed below using the $ sign before the name.\n.e.g. $opaque.",
     
                 "color": "danger"
             }
         ]
     }

{
    "attachments": [
        {
            "pretext": "$time_generated",

            "title": "$time_generated COMMIT STARTED",
			
            "fallback": "$time_generated $admin committed configuration to $device_name",
			
            "text": "$time_generated $admin committed configuration to $device_name (Job #$seqno)\n----------",
			
            "color": "good"
        }
    ]
}

{
    "attachments": [
        {
            "pretext": "$time_generated",

            "title": "Admin Login on $device_name",

            "fallback": "Admin Login on $device_name",
			
            "text": "$time_generated\n$opaque",
        }
    ]
}

{
    "attachments": [
        {
            "pretext": "$time_generated",

            "title": "$time_generated $severity system event $eventid on $device_name",

            "fallback": "Critical System Event",

            "text": "----------\n$opaque\n----------",

            "color": "danger"
        }
    ]
}

{
    "attachments": [
        {
            "fallback": "$time_generated VPN ALERT $object VPN tunnel is DOWN on $device_name",

            "pretext": "$time_generated",

            "title": "VPN tunnel DOWN",

            "text": "$opaque on $device_name",

            "color": "danger"
        }
    ]
}

{
    "attachments": [
        {
            "fallback": "$time_generated VPN ALERT $object VPN tunnel is UP on $device_name",

            "pretext": "$time_generated",

            "title": "VPN tunnel UP",

            "text": "$opaque on $device_name",

            "color": "good"
        }
    ]
}

{
    "attachments": [
        {
            "pretext": "$time_generated",

            "title": "Threat Detected",

            "fallback": "THREAT - $severity $thr_category threat detected.",

            "text": "----------\n*$device_name* detected a *$severity* $thr_category $subtype\n*Threat ID*: $threatid\n*Action*: $action\n*Direction*: $direction\n*Source*: $src\nDestination: $dst\n*Application*: $app\n$time_generated\n----------",

            "color": "danger"
        }
    ]
}