Microsoft SCOM

Microsoft SCOM Integration Guide

Microsoft System Center Operations Manager (SCOM) is a cross-platform data center monitoring system for operating systems and hypervisors. Integrate AlertOps’ alert management platform with SCOM to receive and respond to critical alerts through email, SMS, push notification, and phone alerts. AlertOps ensures that alerts received from SCOM always reach the correct, available team member by utilizing escalation policies and on-call schedules.

Microsoft SCOM Configuration

To start sending SCOM alerts to Microsoft Teams we first need to create a SCOM Notification Channel.

1. From the Notifications submenu select Channels>New Channel>>Command 
2. Name this Notification channel and click Next. In this example we have named the channel SendToTeams. At this stage, you may want to create a command channel for each technology stream that will send to different Microsoft Teams channels.
   
3. On the Settings page, choose which alert dynamic fields will be included in your notification.
   The following settings have been used to configure this example: 
   • Full path of the command file:

     C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

   • Command line parameters: Note: Edit this webhook URL with your unique AlertOps Inbound Integration webhook.

     -Command ” &{Invoke-RestMethod -Method Post -Uri ‘https://outlook.office.com/webhook/123456@123456/IncomingWebhook/123456/123456’ -Body (ConvertTo-Json -InputObject @{‘Title’=’$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityPath$\$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityDisplayName$ : $Data[Default=’Not Present’]/Context/DataItem/AlertName$’;’Text’=’Resolution State: $Data[Default=’Not Present’]/Context/DataItem/ResolutionStateName$
     Time Raised: $Data[Default=’Not Present’]/Context/DataItem/TimeRaisedLocal$
     Alert Description: $Data[Default=’Not Present’]/Context/DataItem/AlertDescription$
     Alert Severity: $Data[Default=’Not Present’]/Context/DataItem/Severity$
     Last Modified Time: $Data[Default=’Not Present’]/Context/DataItem/LastModifiedLocal$’}) -ErrorAction Stop}”
     

   • Startup folder for the command line:

     C:\Windows\System32\WindowsPowerShell\v1.0\

4. Finally, create a subscriber that makes use of the above command channel and a subscription that makes use of the subscriber (command action). Inside the subscription, you get to choose the actual alerts that are forwarded, just like any other SCOM subscription.

AlertOps Configuration

1. From the main menu, click on Integrations and then select Inbound Integrations from the sub menu.
2. Select API tab
3. Select the 'ADD API INTEGRATION' button.
4. You should now be on the API Integration Detail page. Select SCOM from the pre-built Integration Templates.
5. Enter a name for the integration. Select an escalation rule to determine the integration's escalation policy. And enter the names of recipient group(s) and recipient user(s). Click 'SAVE.' Then, click 'COPY URL' to copy the URL endpoint to be used in the SCOM configuration.

Alert Triggering Information

AlertOps will automatically create an incident when a new alert is received from SCOM with an IncidentStatus status of “New.”

If an alert with status “New” matches an existing Open Alert, AlertOps will recognize the new alert as a duplicate and ignore the alert. The alert will be recorded in the Inbound Messages table as “Mapped Appended.”

AlertOps will automatically close the same incident when an alert with an IncidentStatus status “Resolved” or “Closed” is received.

Testing and Troubleshooting

Click here to read about Web API Testing and Troubleshooting.