Supported Versions
SCOM 2019

Introduction

Microsoft SCOM is a cross-platform data center monitoring and reporting tool that checks the status of objects defined in operating systems and hypervisors.

OpsRamp uses the Webhook API to receive alerts.

The integration involves configurations in OpsRamp and SCOM. After the successful integration, OpsRamp displays the alerts.

OpsRamp configuration

Step 1: Install the integration

  1. From All Clients, select a client.
  2. Go to Setup > Account.
  3. Select the Integrations and Apps tab.
  4. The Installed Integrations page, where all the installed applications are displayed. Note: If there are no installed applications, it will navigate to the Available Integrations and Apps page.
  5. Click + ADD on the Installed Integrations page. The Available Integrations and Apps page displays all the available applications along with the newly created application with the version.
    Note: You can even search for the application using the search option available. Also yu can use the All Categories option to search.
  6. Click ADD in the System Center Operations Manager application and click Install.
  7. Select authentication type as WEBHOOK and click Save.
  8. Make a note of Tenant ID, Token and Webhook URL.
    These details are used while creating an HTTP Request template during System Center Operations Manager configuration.
  9. Click Save.

Using authentication, the authentication type can be configured to call OpsRamp APIs.

Step 2: Configure the integration

  1. From the API tab, enter:
    • Authentication:
      • Select WebHook as the authentication mechanism.
        The token and WebHook URL are generated.
      • Copy the tenant Id, token, and webhook URL for configuration.
    • Map Attributes: Enter the mapping information for the third-party application.
      1. From OpsRamp Entity, click Alert
      2. From the OpsRamp Property menu, click Status.
      3. Click + to define the mappings.
        See the following table for mapping attributes.
  2. From the Monitoring of Integration tab, click Assign Templates.
  3. From the Audit Logs, set up audit log criteria and time frame.

The following table shows the property mappings.

Third-Party EntityOpsRamp EntityThird-Party PropertyOpsRamp Property (non-editable)
ProblemAlertState
Third-Party Property ValueOpsRamp Property Value
InformationalInfo
WarningWarning
CriticalCritical
OkOk
alert.currentState
ProblemAlertMonitoringObjectFullNamealert.serviceName
ProblemAlertDescriptionalert.description
ProblemAlertMonitoringObjectDisplayNamealert.deviceName
ProblemAlertAlertIdalert.extAlertId
ProblemAlertNamealert.subject

Mappings can be modified when required.

SCOM configuration

Step 1: Create a channel

  1. From the Operations Console left pane, go to Administration, Notifications, Channels.
  2. Right-click Channels and click New Channel Command.
    The Command Notification Channel window opens.
  3. From Command Notification Channel, enter the following information in Descriptions and click Next.
    • Channel Name: Enter a unique name.
    • Description: Enter the detail.
  4. In the Settings screen, enter the information according to the location of the path.
    • For Full Path of the Command-Line, find and specify the path of powershell.exe file.
      For example, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    • For Command-Line Parameters, consider the following and specify details:
      • The path where you stored the script that is executed automatically when alerts are created in SCOM.
      • AlertID as a parameter.
        For example, “C:\scripts\Alert.ps1” ‘”$Data[Default=’Not Present’]/Context/DataItem/AlertId$”‘
    • On the command link, provide a path for a startup folder.
      For example: C:\Windows\System32\WindowsPowerShell\v1.0
  5. Click Finish. A confirmation message is displayed.

Step 2: Create subscriber

  1. From the Operations Console left pane, go to Administration, Notifications, Subscribers.
  2. Right click Subscribers and create New Subscriber.
    Notification Subscribe Wizard is displayed where you need to enter a description, schedule, and address.
  3. In Description, enter a unique name as Subscriber Name and click Next.
  4. In the Schedule tab, select one of the following options and click Next:
    • Always send notifications: Recommended
    • Notify only during the specific time: Specify the date range.
  5. In the Address tab, click ADD and enter the following in the Subscribe Address window:
    • General: Address name and click Next.
    • Channel: enter the following and click Next:
      • Channel Type: Select a command from the drop-down menu.
      • Command Channel: Select the name of the channel that you created.
      • Delivery address for the selected channel: Leave blank.
    • Schedule: select one of the following options and click Next:
      • Always send notifications: Recommended
      • Only send notification during the specified time: Specify the date range.
  6. Click Finish.

Step 3: Create a subscription

  1. From the Operations Console left pane, go to Administration, Notifications, Subscriptions.

  2. Right-click Subscriptions and click New Subscription.
    The Notification Subscription Wizard is displayed where you need to enter details in the respective tabs.

  3. For the Description tab, enter a unique subscription name,
    provide a description to create a notification subscription, and click Next.

  4. For the Scope tab, modify the subscription scope only if necessary and click Next.

  5. For the Criteria tab, click +Insert, provide an expression, enter the following details as provided in the example in the Subscription Criteria window, and click Next:

    • Criteria: Severity
    • Operator: Equals
    • Value: All (Information, Warning, Critical)

    Unless specified do not insert any expression and leave the fields empty.

  6. In the Subscriber tab, click ADD and enter:

    1. Enter the subscriber name created earlier in the Filter by box and click Search.
      The subscriber detail is displayed in the Available subscribers column.
    2. Click Add to reflect in the Selected subscribers column.
    3. Click OK.
    4. Click Next.
  7. In the Channels tab, click ADD and enter:

    1. Enter the channel name created earlier in the filter by box and click Search. The channel detail is displayed in the available channels column.
    2. Click Add to reflect in the selected channels column.
    3. Click OK.
    4. In the Channels tab, for Alert aging, select Send notifications without delay.
    5. Click Next.
  8. In the Summary tab, review the details, select Enable the notification subscription.

  9. Click Finish.

After configuration, alerts are sent directly to OpsRamp using the channel created using the Webhook URL.

Example script

$postFile = "C:\scripts\postResult10.txt"
$args | Out-File $postFile -Append
function Create-Body {
param(
[parameter(Mandatory=$true)]$alert
)

$ResolutionStates=0,247,248,249,250
$SeverityStates=0,1,2

$bodyObject = @{
AlertId = $alert.Id;
Name = $alert.Name;
Description = $alert.Description;
UnformattedDescription = $alert.UnformattedDescription;
MonitoringObjectId = $alert.MonitoringObjectId;
MonitoringClassId = $alert.MonitoringClassId;
ClassId = $alert.ClassId;
MonitoringObjectDisplayName = $alert.MonitoringObjectDisplayName;
MonitoringObjectName = $alert.MonitoringObjectName;
MonitoringObjectPath = $alert.MonitoringObjectPath;
MonitoringObjectFullName = $alert.MonitoringObjectFullName;
IsMonitorAlert = $alert.IsMonitorAlert;
ProblemId = $alert.ProblemId;
MonitoringRuleId = $alert.MonitoringRuleId;
RuleId = $alert.RuleId;
ResolutionState = $alert.ResolutionState;
Priority = $alert.Priority;
Severity = $alert.Severity;
Category = $alert.Category;
Owner = $alert.Owner;
ResolvedBy = $alert.ResolvedBy;
TimeRaised = $alert.TimeRaised;
TimeAdded = $alert.TimeAdded;
LastModified = $alert.LastModified;
LastModifiedBy = $alert.LastModifiedBy;
TimeResolved = $alert.TimeResolved;
TimeResolutionStateLastModified = $alert.TimeResolutionStateLastModified;
CustomField1 = $alert.CustomField1;
CustomField2 = $alert.CustomField2;
CustomField3 = $alert.CustomField3;
CustomField4 = $alert.CustomField4;
CustomField5 = $alert.CustomField5;
CustomField6 = $alert.CustomField6;
CustomField7 = $alert.CustomField7;
CustomField8 = $alert.CustomField8;
CustomField9 = $alert.CustomField9;
CustomField10 = $alert.CustomField10;
TicketId = $alert.TicketId;
Context = $alert.Context;
ConnectorId = $alert.ConnectorId;
LastModifiedByNonConnector = $alert.LastModifiedByNonConnector;
MonitoringObjectInMaintenanceMode = $alert.MonitoringObjectInMaintenanceMode;
MonitoringObjectHealthState = $alert.MonitoringObjectHealthState;
ConnectorStatus = $alert.ConnectorStatus;
RepeatCount = $alert.RepeatCount;
NetbiosComputerName = $alert.NetbiosComputerName;
NetbiosDomainName = $alert.NetbiosDomainName;
PrincipalName = $alert.PrincipalName;
SiteName = $alert.SiteName;
MaintenanceModeLastModified = $alert.MaintenanceModeLastModified;
StateLastModified = $alert.StateLastModified;
Parameters = $alert.Parameters;
TfsWorkItemId = $alert.TfsWorkItemId;
TfsWorkItemOwner = $alert.TfsWorkItemOwner;
ManagementGroupId = $alert.ManagementGroupId;
}

if(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 2))
{
$bodyObject.State="Critical"
}
elseif(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 1))
{
$bodyObject.State="Warning"
}
elseif(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 0))
{
$bodyObject.State="Informational"
}
elseif(($ResolutionStates -notcontains $alert.ResolutionState) -and ( $SeverityStates -contains $alert.Severity))
{
$bodyObject.State="Ok"
}

return $bodyObject
}
function Send-Alert {
param(
[parameter(Mandatory=$true)]$body = ""
)
$method = "POST"
$uri ="https://example.opsramp.net/integrations/alertsWebhook/{tenant_id}/alerts?vtoken=cEhsdfwqejq3939dnlsMUDa6efQqeA9BQ8"

$body = ConvertTo-Json $body
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri $uri -Body $body -Method $method -ContentType application/json
}

#Import-Module OperationsManager

Import-Module "C:\Program Files\Microsoft System Center\Operations Manager\Powershell\OperationsManager\OperationsManager.psm1"

try {
write-output "Connection to OpsRamp Status" | Out-File $postFile -Append
}
catch {
out-file -InputObject "Exception Type: $($_.Exception.GetType().FullName) Exception Message: $($_.Exception.Message)" -FilePath $postFile -Append
}
$alert_info = Get-SCOMAlert -Id $([String]$args)
$body = Create-Body $alert_info
Send-Alert -body $body
$alert_info | Out-File $postFile -Append

Be sure to replace the URI with the Webhook URL and in the Import Module and specify the path of the OperationsManager.psm1 file.

For example: C:\Program Files\Microsoft System Center\Operations Manager\Powershell\OperationsManager\OperationsManager.psm1.

Example request payload

{
"ClassId": "b9bce7fb-0053-7c3d-933b-496a197e503d",
"Description": "The \u0027Print Spooler\u0027 service on computer WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP has stopped running",
"MonitoringObjectHealthState": 3,
"TimeResolutionStateLastModified": "\/Date(1583324728293)\/",
"IsMonitorAlert": true,
"TfsWorkItemId": null,
"StateLastModified": "\/Date(1583324728293)\/",
"MonitoringObjectPath": "WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP",
"TimeAdded": "\/Date(1583324728607)\/",
"MonitoringObjectInMaintenanceMode": false,
"CustomField4": null,
"TimeResolved": null,
"ResolutionState": 0,
"ConnectorStatus": 1,
"MonitoringClassId": "b9bce7fb-0053-7c3d-933b-496a197e503d",
"CustomField1": null,
"TfsWorkItemOwner": null,
"RuleId": "7f061679-7e44-5766-4a42-e3cf1bc61d67",
"MonitoringObjectFullName": "ServiceStateProbePage_fab70142d90240f7a3894afe177f727c:WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP;Spooler",
"Priority": 2,
"ProblemId": "7f061679-7e44-5766-4a42-e3cf1bc61d67",
"Severity": 2,
"ManagementGroupId": "55dd0f32-ecfa-0717-70f5-884769171c24",
"CustomField6": null,
"CustomField10": null,
"ResolvedBy": null,
"CustomField5": null,
"TimeRaised": "\/Date(1583324728293)\/",
"Category": 8,
"SiteName": null,
"CustomField8": null,
"Parameters": ["Print Spooler", "WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP"],
"LastModifiedBy": "Connector Framework Alert Write Action",
"LastModified": "\/Date(1583324778873)\/",
"CustomField3": null,
"ConnectorId": "7431e155-3d9e-4724-895e-c03ba951a352",
"Owner": null,
"NetbiosDomainName": "INTEGRATIONS",
"MaintenanceModeLastModified": "\/Date(-2208960000000)\/",
"CustomField2": null,
"UnformattedDescription": "The \u0027Print Spooler\u0027 service on computer WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP has stopped running",
"PrincipalName": "WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP",
"CustomField7": null,
"LastModifiedByNonConnector": "\/Date(1583324778873)\/",
"NetbiosComputerName": "WIN-MBPBJ0U32JV",
"State": "Critical",
"MonitoringObjectId": "ca84aabb-cbfc-1574-b6c8-fbefdd3faf96",
"CustomField9": null,
"TicketId": null,
"RepeatCount": 0,
"MonitoringObjectDisplayName": "Print Spooler",
"Name": "Windows Service Stopped",
"AlertId": "77cdc39c-2da3-4349-a673-ef23343ee2e5",
"MonitoringObjectName": "Spooler",
"MonitoringRuleId": "7f061679-7e44-5766-4a42-e3cf1bc61d67"
}

Viewing alerts

  1. Go to the Alerts page, search with the source name as SCOM.
    Related alerts are displayed.
  2. Click Alert ID to view.