Send SCOM Alerts to Slack

PowerShellSCOM School
Written By Nathan Foreman

Looking to get some traction for urgent alerts? If you've got fifteen minutes to follow the below steps you can setup an Alert Subscription that sends alerts directly to Slack.

Top-down view of the process

  1. Create an Incoming Webhook for slack

  2. Write a PowerShell script (or copy it below)

  3. Create a Notification Command Channel

  4. Create a Subscriber and Subscription

Create the Incoming Webhook

Open your slack instance and click the + on the Apps section

image.png

You'll need to have permissions in slack to add a new App

This will open up the Apps menu on slack where you'll have to option to search for a new app. Search for "Incoming WebHooks" and click [Add] on the option under Available Apps. On the next screen, you'll have the options to Add a new WebHook or modify existing WebHooks.

image-1-1024x414.png

On the creation page you'll come across all the key items, which are very well documented. The key one you'll need for the next step is the Webhook URL, it contains a unique code and password for your slack instance. Copy this URL for the next step.

Writing a PowerShell script

The Command Channel we'll create in the next step needs a PowerShell script to run. This script will be run for each alert that passes our subscription, and in our case we'll be accepting a single argument of the AlertId.

For my example I'll be saving the script into the C:\ScomScripts\PostToSlack.ps1 local file on each management server.

# Alert Params
param($alertId)
$alert = Get-SCOMAlert -Id ([guid]::Parse($alertId))
$alertMessage = @'*Monitoring Object:*{0}*Alert Name:*{1}*Description:*{2}:cookdown: <https://cookdown.com/?p=1498|Get the demo source and setup from the Cookdown Blog> :cookdown:'@
$alertMessage = $alertMessage -f $alert.MonitoringObjectDisplayName,$alert.Name,$alert.Description
$payloadObject = New-Object -TypeName psobject
$payloadObject | Add-Member -MemberType NoteProperty -Name "text" -Value ($alertMessage
$payload = $payloadObject | ConvertTo-Json -Compress
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-RestMethod -Uri "https://hooks.slack.com/services/T6FHVTNAY/B1234ABCDV/d1234ABCD1234ABCDMOB" -Method Post -Body $payload


Creating a Notification Command Channel

Head on over to the Microsoft documentation for the basics of creating a command channel, then follow the steps below to get the script you've created above configured. To reduce the typo-factor I've included the specific lines below, and you can see how they've been applied in the screenshot.

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe-ExecutionPolicy Bypass -File C:\ScomScripts\PostToSlack.ps1 "$Data/Context/DataItem/AlertId$"C:\ScomScripts

image-2.png

Create a Subscriber, Subscription, and Test it!

I'm going to duck out on this step and point you to Microsoft's documentation for Creating Notification Subscribers as well as Creating Notification Subscriptions.

Once you're setup, send across your first alert, it should look something like the screenshot below.

image-3-1024x217.png

Update your script to best fit what you need

Nathan Foreman
Previous

New ServiceNow Connector Available Now!
Next

Identify, Reconcile & Rock the Multi-Source CMDB: From Nathan Foreman, Solutions Architect - Cookdown