Adding MachineID in teams notification

I tried to add the MachineID in my teams notifications. Unfortunately it didn’t work. The variable is empty.
It would be awesome if someone could have a look at my code.

# Don't change this
type: http

name: http_default # this must match with the registered plugin in the profile
log_level: debug # Options include: trace, debug, info, warn, error, off

format: |
  {
    "type": "message",
    "attachments": [
      {
        "contentType": "application/vnd.microsoft.card.adaptive",
        "content": {
          "$schema": "https://adaptivecards.io/schemas/adaptive-card.json",
          "type": "AdaptiveCard",
          "version": "1.2",
          {{- range . -}}
          {{- $machineID := .MachineID -}}

          {{- $decisions_len := len .Decisions -}}
          {{- range $index, $element := .Decisions -}}
          
          {{- $isCrowdsec := eq (printf .Origin) "crowdsec" -}}
          "body": [
            {
              "type": "TextBlock",
              "text": "[Info] CrowdSec",
              "wrap": true,
              "size": "large",
              "weight": "bolder",
              "fontType": "Default"
            },
            {
              "type": "FactSet",
              "facts": [
                {
                  "title": "IP:",
                  "value": "{{$element.Value}}"
                },
                {
                  "title": "Dauer:",
                  "value": "{{$element.Duration}}"
                },
                {
                  "title": "Grund:",
                  "value": "{{$element.Scenario}}"
                },
                {
                  "title": "Server:",
                  "value": "{{$machineID}}"
                },
                {
                  "title": "Herkunft:",
                  "value": "{{$element.Origin}}"
                },
                {
                  "title": "Simulation:",
                  "value": "{{$element.Simulated}}"
                }
              ]
            },
            {
              "type": "RichTextBlock",
              "inlines": [
                {
                  "type": "TextRun",
                  "text": "Die IP \"{{ $element.Value }}\" wurde aufgrund {{ $element.Scenario }} für {{ $element.Duration }} geblockt."
                }
              ]
            },
            {
              "type": "ActionSet",
              "actions": [
                {
                  "type": "Action.OpenUrl",
                  "title": "Whois",
                  "url": "https://www.whois.com/whois/{{ $element.Value }}",
                  "style": "positive"
                },
                {
                  "type": "Action.OpenUrl",
                  "title": "Shodan",
                  "url": "https://www.shodan.io/host/{{ $element.Value }}",
                  "style": "positive"
                },
                {
                  "type": "Action.OpenUrl",
                  "title": "AbuseIPDB",
                  "url": "https://www.abuseipdb.com/check/{{ $element.Value }}",
                  "style": "positive"
                }
              ]
            }
            {{- if $isCrowdsec -}}
            ,
            {
            "type": "ActionSet",
            "actions": [
                {
                    "type": "Action.OpenUrl",
                    "title": "IP in der CAPI freischalten",
                    "url": "https://crowdsec.net/unban-my-ip/",
                    "style": "positive"
                }
            ]
            }
            {{- end -}}
            {{- if lt $index (sub $decisions_len 1) -}}
            ,
            {{- end -}}
            {{- end -}}
          {{- end -}}
          ]
        }
      }
    ]
  }

# CrowdSec-Channel
url: https://mycompany.webhook.office.com/webhookb2/TOKEN

# Test mit netcat
#url: "http://127.0.0.1:5555"

method: POST # eg either of "POST", "GET", "PUT" and other http verbs is valid value. 

headers:
  Content-Type: application/json
#   Authorization: token 0x64312313
# skip_tls_verification:  # either true or false. Default is false
# group_wait: # duration to wait collecting alerts before sending to this plugin, eg "30s"
# group_threshold: # if alerts exceed this, then the plugin will be sent the message. eg "10"
# max_retry: # number of tries to attempt to send message to plugins in case of error.
# timeout: # duration to wait for response from plugin before considering this attempt a failure. eg "10s"

Hey @lamera,

I looked at the code and it’s a bug, the MachineID was populated after profiles/plugins evaluation.
It will be fixed into the next version, but it’s not a bug on your side :+1:

cf. ensure machineID is included early enough into the alert by buixor · Pull Request #1004 · crowdsecurity/crowdsec · GitHub

Thanks for the report,