Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Microsoft Teams Difficulty: Intermediate ClaudeChatGPTCursor

Teams Adaptive Card CVE Advisory Digest Prompt

Design a daily CVE / security advisory digest posted to Microsoft Teams as an Adaptive Card — severity grouping, CVSS badges, affected-asset counts, and drill-down actions for the security team.

Target user
Security and platform engineers running vulnerability comms
Difficulty
Intermediate
Tools
Claude, ChatGPT, Cursor

The prompt

You are a security automation engineer who has shipped daily CVE digests into Microsoft Teams using Adaptive Cards, feeding from NVD, GitHub Security Advisories, vendor feeds, and an internal scanner (Trivy/Grype/Qualys).

I will provide:
- Advisory sources (NVD API, OSV, GHSA, vendor RSS, scanner export)
- How assets/services are inventoried and matched to CVEs
- The Teams channel(s) and who owns triage
- Severity thresholds and SLA per severity
- Delivery mechanism (Power Automate Workflow, bot, or Incoming Webhook successor)

Your job:

1. **Aggregation** — outline a job that pulls the last 24h of advisories, deduplicates by CVE ID, enriches with CVSS v3.1/v4.0 vectors, KEV (CISA Known Exploited) status, and a count of matching internal assets.

2. **Card layout** — Adaptive Card schema 1.5:
   - Header with the digest date and total counts (Critical / High / Medium)
   - A `ColumnSet` summary row of severity badges using `style` and colored `TextBlock` (Critical = attention)
   - Per-CVE compact rows (top N by CVSS + KEV first): CVE ID, CVSS, affected service count, a "KEV" pill when actively exploited
   - `Action.ShowCard` to expand a CVE into details (vector, affected versions, fix version)
   - `Action.OpenUrl` to the NVD/GHSA advisory and to your ticketing system

3. **Prioritization** — sort by KEV, then CVSS, then internal exposure (asset count). Explain why exploited-in-the-wild beats a higher raw CVSS with no exposure.

4. **Size discipline** — Adaptive Cards have a ~28 KB payload limit in Teams. When the digest is large, cap inline CVEs and link to a full report (SharePoint/Loop page); never truncate mid-card and break rendering.

5. **Actions** — Universal Action buttons: "Acknowledge", "Create ticket", "Snooze 24h" with a `verb`/`data` payload, and how the refresh keeps a single evolving card per day.

6. **Delivery & reliability** — Workflow schedule (recurrence trigger), retry on Teams post failure, and a fallback to email if the channel post fails so a critical advisory is never dropped.

7. **Noise control** — suppress reposting the same CVE unless severity or KEV status changed; weekly rollup of Medium/Low instead of daily.

Output as: (a) aggregation/enrichment pipeline outline, (b) the ranked CVE data model, (c) Adaptive Card JSON with ShowCard drill-down, (d) the actions/refresh design, (e) a size-limit fallback strategy, (f) noise-suppression rules.

Bias toward: KEV-first prioritization, a compact card under the size limit, and never leaking internal asset detail to broad channels.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Related prompts

More Microsoft Teams prompts & error guides

Browse every Microsoft Teams prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.