public ServiceManagementResponseDto CreateIncident(AlertEntity alert, ILogger log) { string number = System.DateTime.Now.Ticks.ToString(); ServiceManagementResponseDto result = new ServiceManagementResponseDto(); result.result = new ServiceManagementResponse() { number = number, url = $"https://yyy.servicenow.com/yyyyyy/yyy?incident={number}" }; return(result); }
public void CheckAlertsStatus(ILogger log) { log.LogInformation("Starting alert status check with service management system..."); List <AlertEntity> alerts = GetAllAlerts(); log.LogInformation($"Found {alerts.Count} open incidents, checking if incident id exists.."); foreach (AlertEntity alert in alerts) { if (System.DateTime.Now.Subtract(alert.CreationTimestamp).TotalMinutes > 10) { if (String.IsNullOrEmpty(alert.IncidentId)) { // We did not get a valid incident id from the service management system, retry.. ServiceManagementResponseDto incident = serviceManagemement.CreateIncident(alert, log); if (incident != null && incident.result != null) { alert.IncidentId = incident.result.number; alert.IncidentUrl = incident.result.url; if (!String.IsNullOrEmpty(alert.IncidentId)) { // Woohoo we have an incident InsertUpdateAlert(alert); // Insert record of incident ID AlertIncidentEntity incidentEntity = new AlertIncidentEntity("SNOW", alert.IncidentId); incidentEntity.AlertPartitionId = alert.PartitionKey; incidentEntity.AlertRowId = alert.RowKey; incidentEntity.IncidentUrl = alert.IncidentUrl; InsertUpdateAlertIncident(incidentEntity); } } } } } }
public ServiceManagementResponseDto CreateIncident(AlertEntity alert, ILogger log) { ServiceManagementResponseDto response = null; using (HttpClient client = new HttpClient()) { string serviceManagementCredentials = System.Environment.GetEnvironmentVariable("ServiceManagementCredentials"); if (!String.IsNullOrEmpty(serviceManagementCredentials)) { var byteArray = Encoding.ASCII.GetBytes(serviceManagementCredentials); client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", Convert.ToBase64String(byteArray)); } string serviceManagementUserAgent = System.Environment.GetEnvironmentVariable("ServiceManagementUserAgent"); if (!String.IsNullOrEmpty(serviceManagementUserAgent)) { client.DefaultRequestHeaders.Add("User-Agent", serviceManagementUserAgent); } ServiceManagementDto payload = new ServiceManagementDto() { caller_id = System.Environment.GetEnvironmentVariable("ServiceManagementCallerId"), opened_by = System.Environment.GetEnvironmentVariable("ServiceManagementUser"), business_service = System.Environment.GetEnvironmentVariable("ServiceManagementBusinessService"), it_service = System.Environment.GetEnvironmentVariable("ServiceManagementITService"), contact_type = System.Environment.GetEnvironmentVariable("ServiceManagementContactType"), short_description = alert.AlertName + " " + alert.ClientInstance, description = alert.Description + " " + alert.LogAnalyticsUrl, assignment_group = System.Environment.GetEnvironmentVariable("ServiceManagementAssignmentGroup"), location = System.Environment.GetEnvironmentVariable("ServiceManagementLocation"), gravity = System.Environment.GetEnvironmentVariable("ServiceManagementGravity"), impact = System.Environment.GetEnvironmentVariable("ServiceManagementImpact"), stage = System.Environment.GetEnvironmentVariable("ServiceManagementStage") }; if (alert.Type == Common.AlertTypes.Disk) { payload.short_description = alert.AlertName + " (" + alert.Resource + ") " + alert.ClientInstance; } var content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json"); string snowUrl = System.Environment.GetEnvironmentVariable("ServiceManagementUrl") + "/create_incident"; HttpResponseMessage msg = client.PostAsync(snowUrl, content).Result; if (msg.IsSuccessStatusCode) { var JsonDataResponse = msg.Content.ReadAsStringAsync().Result; response = Newtonsoft.Json.JsonConvert.DeserializeObject <ServiceManagementResponseDto>(JsonDataResponse); } else { var JsonDataResponse = msg.Content.ReadAsStringAsync().Result; string responseMessage = ""; if (JsonDataResponse != null) { responseMessage = JsonDataResponse.ToString(); } log.LogError($"Could not reach SNOW server: {msg.ToString()} - {responseMessage}"); } } return(response); }
/// <summary> /// The GetAlertParameters method returns the SubscriptionId and AlertRuleName if they are available in the payload /// </summary> /// <param name="payload">The JSON payload from Azure Alerting</param> /// <returns>AlertParameters object with SubscriptionId and AlertRuleName</returns> public AlertEntity[] LoadOrCreateAlerts(string payload, ILogger log) { List <AlertEntity> results = new List <AlertEntity>(); Newtonsoft.Json.Linq.JObject obj = Newtonsoft.Json.Linq.JObject.Parse(payload); if (obj != null && obj["data"] != null) { string AlertRuleName = "NO-NAME-FOUND"; if (obj["data"]["AlertRuleName"] != null) { AlertRuleName = obj["data"]["AlertRuleName"].ToString(); } string LogAnalyticsUrl = ""; if (obj["data"]["LinkToSearchResults"] != null) { LogAnalyticsUrl = obj["data"]["LinkToSearchResults"].ToString(); } AlertResult[] alertResults = GetAlertResults(AlertRuleName, payload, obj, log); foreach (AlertResult result in alertResults) { // Add computer to AlertRuleName if (!String.IsNullOrEmpty(result.PartitionKey) && !String.IsNullOrEmpty(AlertRuleName)) { AlertEntity alert = GetAlert(result.PartitionKey, AlertRuleName); if (alert == null) { alert = new AlertEntity(result.PartitionKey, AlertRuleName); alert.Payload = payload; alert.SearchIntervalStartTimeUtc = DateTime.Parse(obj["data"]["SearchIntervalStartTimeUtc"].ToString()); alert.SearchIntervalEndTimeUtc = DateTime.Parse(obj["data"]["SearchIntervalEndtimeUtc"].ToString()); alert.LogAnalyticsUrl = LogAnalyticsUrl; alert.Resource = result.ResourceName; alert.ClientInstance = result.InstanceName; alert.Description = result.Description; alert.Type = result.Type.ToString(); } else { alert.LastOccuranceTimestamp = DateTime.Now; alert.Counter++; } results.Add(alert); if (String.IsNullOrEmpty(alert.IncidentId)) { // We don't yet have an IncidentId for this alert ServiceManagementResponseDto incident = serviceManagemement.CreateIncident(alert, log); if (incident != null && incident.result != null) { alert.IncidentId = incident.result.number; alert.IncidentUrl = incident.result.url; } } log.LogInformation("Update Alerts table: " + Newtonsoft.Json.JsonConvert.SerializeObject(alert)); InsertUpdateAlert(alert); if (!String.IsNullOrEmpty(alert.IncidentId)) { // Insert record of incident ID AlertIncidentEntity incidentEntity = new AlertIncidentEntity("SNOW", alert.IncidentId); incidentEntity.AlertPartitionId = alert.PartitionKey; incidentEntity.AlertRowId = alert.RowKey; incidentEntity.IncidentUrl = alert.IncidentUrl; InsertUpdateAlertIncident(incidentEntity); } } } } return(results.ToArray()); }