Azure Automation Runbook: Test-OMSAlertRemediation

1 minute read

Couple of weeks ago, I published a post titled OMS Alerting Walkthrough. I mentioned in the post that I have written a test runbook called Test-OMSAlertRemediation that extracts information from the OMS alert JSON input sends to you via email.

Once you have created this rnbook in your Azure Automation account, you can use it as the remediation runbook for any OMS alerts.

Source code:

param ([object]$WebHookData)
#Process inputs from webhook data
Write-Verbose "Processing inputs from webhook data."
$WebhookName    =   $WebhookData.WebhookName
Write-Verbose "Webhook name: '$WebhookName'"
$WebhookHeaders =   $WebhookData.RequestHeader
$WebhookBody    =   $WebhookData.RequestBody
Write-Verbose "Webhook body:"
Write-Verbose $WebhookBody
$SearchResults = (ConvertFrom-JSON $WebhookBody).SearchResults
$SearchResultsId = $SearchResults.id
$SearchResultsValue = $SearchResults.value
$SearchResultsMetaData = $SearchResults.__metadata
#$SearchResult = $Inputs.SearchResult
Write-Verbose "Search Results:"
Write-Verbose $SearchResults
$SMTPConnection = Get-AutomationConnection SMTPNotification
$Subject = "Alert Remediation Runbook Input'"
$Body = @"
Search Results:
Id:
$SearchResultsId

Value:
$($SearchResultsValue | out-String)

Meta Data:
$SearchResultsMetaData
"@
Send-Email `
-Body $Body `
-HTMLBody $false `
-SMTPSettings $SMTPConnection `
-Subject $Subject `
-To your@email.address

Requirements

This runbooks uses the SendEmail module for sending emails. You can install it to your automation account directly from PowerShell gallery(https://www.powershellgallery.com/packages/SendEmail/), or download the source code from GitHub(https://github.com/tyconsulting/SendEmail_PowerShellModule). Once the module is deployed to your Automation Account, you will then need to create a connection with type “SMTPServerConnection” with the name “SMTPNotification”:

SNAGHTML2d83c96

You will also need to place your email address in the last line of the runbook.

The email below is a sample of what this runbook produces:

SNAGHTML2e18888

Hopefully this runbook would help you when you are designing your OMS alerting solutions.

Leave a comment