final

docs/configuration.rst

@@ -22,7 +22,9 @@ Global configuration
    :width: 1000px
    :class: with-border
 
-- **Default MS team channel:**
+
+Default MS team channel
+^^^^^^^^^^^^^^^^^^^^^^^
 
 This defines a default Webhook URL to be used by default for the publication of messages.
 
@@ -32,19 +34,34 @@ Finally, the default channel Webhook URL can be overridden on a per alert basis,
 
 This setting is optional and can be let unset in the global app configuration.
 
-- **Default MS teams image link:**
+Default MS teams image link
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 In a similar fashion, this defines the icon link to be used by default when publishing to channels, this setting can be overridden on a per alert basis as well.
 
 This setting is optional and  and can be let unset in the global app configuration.
 
-- **URL regex compliancy checker:**
+URL regex compliancy checker
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 To avoid allowing the target URL to be set to a free value, and prevent data exflitration, you use this option to define a valid regular expression that will be applied automatically when the alert action triggers.
 
 If the regular expression does not match the target URL, the alert action will be refused and the Python backend will not proceed to the Webhook call.
 
-- **SSL certificate validation:**
+**For instance, you can include a simple litteral expression to match your tenant ID:**
+
+*https://mydomain.ic365.webhook.office.com/webhookb2/*
+
+If an alert is attempting to publish a message that does not comply with the regex check, the Add-on logs will return an error and the publication will not be executed:
+
+.. image:: img/regex_checker.png
+   :alt: regex_checker.png
+   :align: center
+   :width: 1400px
+   :class: with-border
+
+SSL certificate validation
+^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 If the option is checked, the Python backend will require the SSL certificate to be a valid certificate.
 
@@ -58,37 +75,43 @@ Per alert configuration
    :align: center
    :class: with-border
 
-- **Override default Webhook URL**
+Override default Webhook URL
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 This defines the Webhook URL for the message publication, and will override any existing global configuration.
 
 This item is optional only if the global equivalent has been set (obvious), similarly to global https is automatically enforced.
 
-- **Message Activity Title**
+Message Activity Title
+^^^^^^^^^^^^^^^^^^^^^^
 
 This defines the main title of the message to be published, this setting is required.
 
-- **Message fields list**
+Message fields list
+^^^^^^^^^^^^^^^^^^^
 
 This defines a comma separated list of fields which result from the alert, these fields will be automatically extracted and formatted to be part of the published message.
 
 This setting is required, and at least one field needs to be defined.
 
-- **Override MS teams image link for publication**
+Override MS teams image link for publication
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 This defines the icon link to be used for the message publication, and will override any global setting that has been set.
 
-- **Theme color**
+Theme color
+^^^^^^^^^^^
 
 Specifies a custom brand color for the card in hexadecimal code format. (optional, defaults to 0076D7)
 
-- **Potential Action Name** and **Potential Action URL**
+Potential Action Name and URL
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 These two items define the action link button and target that can automatically be added when the message is published in Microsoft Teams.
 
 For this option to be activated, both of these items need to be configured, note that the URL can accept dynamic input fields resulting from the search.
 
-**A second OopenURI action can be added in addition.**
+*A second OopenURI action can be added.*
 
 **Message example:**
 
@@ -97,7 +120,8 @@ For this option to be activated, both of these items need to be configured, note
    :align: center
    :class: with-border
 
-- **HttpPOST Action:**
+HttpPOST Action
+^^^^^^^^^^^^^^^
 
 You can add an HttpPOST action which users can use directly in Microsoft Teams, this is allows interacting with Splunk or an external system directly within the Teams interface.
 

docs/index.rst

@@ -17,10 +17,20 @@ Welcome to the Splunk Microsoft Teams messages publication addon documentation
 .. image:: img/overview.png
    :alt: overview.png
    :align: center
+   :width: 1000px
+   :class: with-border
+
+.. image:: img/config2.png
+   :alt: config2.png
+   :align: center
+   :width: 1000px
+   :class: with-border
 
 .. image:: img/config3.png
    :alt: config3.png
    :align: center
+   :width: 600px
+   :class: with-border
 
 Overview:
 =========