public void CheckIncidentsStatus(ILogger log)
{
log.LogInformation("Starting incident status check with service management system...");
List <AlertIncidentEntity> alertIncidents = GetAllAlertIncidents();
log.LogInformation($"Found {alertIncidents.Count} open incidents, checking status if necessary..");
ServiceManagementStatusResponseDto incidentsStatus = serviceManagemement.GetIncidentsStatus(alertIncidents, log);
foreach (string incidentId in incidentsStatus.result.Keys)
{
ServiceManagementStatus status = incidentsStatus.result[incidentId];
log.LogInformation($"Got new service management status for incident {incidentId}: {status.state}");
if (status.state == "Resolved" || status.state == "Closed")
{
AlertIncidentEntity alertIncident = GetAlertIncident("SNOW", incidentId);
if (alertIncident != null)
{
AlertEntity alert = GetAlert(alertIncident.AlertPartitionId, alertIncident.AlertRowId);
if (alert != null)
{
DeleteAlert(alert);
}
DeleteAlertIncident(alertIncident);
}
}
}
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
string result = "Alert successfully confirmed.";
// parse query parameter
string IncidentId = "";
if (req.GetQueryParameterDictionary().ContainsKey("incidentid"))
{
IncidentId = req.GetQueryParameterDictionary()["incidentid"];
log.LogInformation($"Preparing to confirm SNOW incident {IncidentId}");
AlertIncidentEntity alertIncident = alertUtils.GetAlertIncident("SNOW", IncidentId);
if (alertIncident != null)
{
AlertEntity alert = alertUtils.GetAlert(alertIncident.AlertPartitionId, alertIncident.AlertRowId);
alertUtils.DeleteAlert(alert);
alertUtils.DeleteAlertIncident(alertIncident);
}
}
else
{
log.LogInformation("NO incidentid was passed, so checking all open incidents..");
alertUtils.CheckIncidentsStatus(log);
}
log.LogInformation("Finished checking incident status");
return((ActionResult) new OkObjectResult(result));
}
public ServiceManagementStatusResponseDto GetIncidentStatus(AlertIncidentEntity incident, ILogger log)
{
ServiceManagementStatusResponseDto result = new ServiceManagementStatusResponseDto();
result.result.Add(incident.IncidentId, new ServiceManagementStatus()
{
state = "Closed", short_description = "Nothing to say.."
});
return(result);
}
public void DeleteAlertIncident(AlertIncidentEntity alert)
{
// Retrieve the storage account from the connection string.
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(System.Environment.GetEnvironmentVariable("StorageConnectionString"));
// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
// Create the CloudTable object that represents the "people" table.
CloudTable table = tableClient.GetTableReference("AlertIncidents");
table.CreateIfNotExistsAsync().Wait();
// Create the TableOperation object that inserts the customer entity.
TableOperation deleteOperation = TableOperation.Delete(alert);
// Execute the insert operation.
table.ExecuteAsync(deleteOperation);
}
public ServiceManagementStatusResponseDto GetIncidentStatus(AlertIncidentEntity incident, ILogger log)
{
ServiceManagementStatusResponseDto response = null;
using (HttpClient client = new HttpClient())
{
string serviceManagementCredentials = System.Environment.GetEnvironmentVariable("ServiceManagementCredentials");
if (!String.IsNullOrEmpty(serviceManagementCredentials))
{
var byteArray = Encoding.ASCII.GetBytes(serviceManagementCredentials);
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", Convert.ToBase64String(byteArray));
}
string serviceManagementUserAgent = System.Environment.GetEnvironmentVariable("ServiceManagementUserAgent");
if (!String.IsNullOrEmpty(serviceManagementUserAgent))
{
client.DefaultRequestHeaders.Add("User-Agent", serviceManagementUserAgent);
}
string snowUrl = System.Environment.GetEnvironmentVariable("ServiceManagementUrl") + "/state?number=" + incident.IncidentId;
HttpResponseMessage msg = client.GetAsync(snowUrl).Result;
if (msg.IsSuccessStatusCode)
{
var JsonDataResponse = msg.Content.ReadAsStringAsync().Result;
response = Newtonsoft.Json.JsonConvert.DeserializeObject <ServiceManagementStatusResponseDto>(JsonDataResponse);
}
else
{
var JsonDataResponse = msg.Content.ReadAsStringAsync().Result;
string responseMessage = "";
if (JsonDataResponse != null)
{
responseMessage = JsonDataResponse.ToString();
}
log.LogError($"Could not reach SNOW server: {msg.ToString()} - {responseMessage}");
}
}
return(response);
}
public void CheckAlertsStatus(ILogger log)
{
log.LogInformation("Starting alert status check with service management system...");
List <AlertEntity> alerts = GetAllAlerts();
log.LogInformation($"Found {alerts.Count} open incidents, checking if incident id exists..");
foreach (AlertEntity alert in alerts)
{
if (System.DateTime.Now.Subtract(alert.CreationTimestamp).TotalMinutes > 10)
{
if (String.IsNullOrEmpty(alert.IncidentId))
{
// We did not get a valid incident id from the service management system, retry..
ServiceManagementResponseDto incident = serviceManagemement.CreateIncident(alert, log);
if (incident != null && incident.result != null)
{
alert.IncidentId = incident.result.number;
alert.IncidentUrl = incident.result.url;
if (!String.IsNullOrEmpty(alert.IncidentId))
{
// Woohoo we have an incident
InsertUpdateAlert(alert);
// Insert record of incident ID
AlertIncidentEntity incidentEntity = new AlertIncidentEntity("SNOW", alert.IncidentId);
incidentEntity.AlertPartitionId = alert.PartitionKey;
incidentEntity.AlertRowId = alert.RowKey;
incidentEntity.IncidentUrl = alert.IncidentUrl;
InsertUpdateAlertIncident(incidentEntity);
}
}
}
}
}
}
/// <summary>
/// The GetAlertParameters method returns the SubscriptionId and AlertRuleName if they are available in the payload
/// </summary>
/// <param name="payload">The JSON payload from Azure Alerting</param>
/// <returns>AlertParameters object with SubscriptionId and AlertRuleName</returns>
public AlertEntity[] LoadOrCreateAlerts(string payload, ILogger log)
{
List <AlertEntity> results = new List <AlertEntity>();
Newtonsoft.Json.Linq.JObject obj = Newtonsoft.Json.Linq.JObject.Parse(payload);
if (obj != null && obj["data"] != null)
{
string AlertRuleName = "NO-NAME-FOUND";
if (obj["data"]["AlertRuleName"] != null)
{
AlertRuleName = obj["data"]["AlertRuleName"].ToString();
}
string LogAnalyticsUrl = "";
if (obj["data"]["LinkToSearchResults"] != null)
{
LogAnalyticsUrl = obj["data"]["LinkToSearchResults"].ToString();
}
AlertResult[] alertResults = GetAlertResults(AlertRuleName, payload, obj, log);
foreach (AlertResult result in alertResults)
{
// Add computer to AlertRuleName
if (!String.IsNullOrEmpty(result.PartitionKey) && !String.IsNullOrEmpty(AlertRuleName))
{
AlertEntity alert = GetAlert(result.PartitionKey, AlertRuleName);
if (alert == null)
{
alert = new AlertEntity(result.PartitionKey, AlertRuleName);
alert.Payload = payload;
alert.SearchIntervalStartTimeUtc = DateTime.Parse(obj["data"]["SearchIntervalStartTimeUtc"].ToString());
alert.SearchIntervalEndTimeUtc = DateTime.Parse(obj["data"]["SearchIntervalEndtimeUtc"].ToString());
alert.LogAnalyticsUrl = LogAnalyticsUrl;
alert.Resource = result.ResourceName;
alert.ClientInstance = result.InstanceName;
alert.Description = result.Description;
alert.Type = result.Type.ToString();
}
else
{
alert.LastOccuranceTimestamp = DateTime.Now;
alert.Counter++;
}
results.Add(alert);
if (String.IsNullOrEmpty(alert.IncidentId))
{
// We don't yet have an IncidentId for this alert
ServiceManagementResponseDto incident = serviceManagemement.CreateIncident(alert, log);
if (incident != null && incident.result != null)
{
alert.IncidentId = incident.result.number;
alert.IncidentUrl = incident.result.url;
}
}
log.LogInformation("Update Alerts table: " + Newtonsoft.Json.JsonConvert.SerializeObject(alert));
InsertUpdateAlert(alert);
if (!String.IsNullOrEmpty(alert.IncidentId))
{
// Insert record of incident ID
AlertIncidentEntity incidentEntity = new AlertIncidentEntity("SNOW", alert.IncidentId);
incidentEntity.AlertPartitionId = alert.PartitionKey;
incidentEntity.AlertRowId = alert.RowKey;
incidentEntity.IncidentUrl = alert.IncidentUrl;
InsertUpdateAlertIncident(incidentEntity);
}
}
}
}
return(results.ToArray());
}
