Rule is used to process list of Active and Resolved Incidents for the Subscription via Office 365 API and generate or update corresponding Alerts in Operations Manager
The rule calls Office 365 Management API to get list of incidents for the Subscription.
Rule generates an Alert targeted to the Subscription in Operation Manager for each Active or Resolved Incident.
Alerts are suppressed using an unique Incident ID. Rule updates Alert payload and context in case if data provided by API for Incident changes.
Use 'Include Resolved Incidents' and 'Reopen Closed Alerts' to customize rule behavior
See the list of Active and Resovled Incidents in Office 365 Admin Center
Target | Microsoft.SystemCenter.O365.Subscription | ||
Category | Alert | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.SystemCenter.O365.DataSource.EventsAlerts | Default |
Detection | ConditionDetection | System.ExpressionFilter | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.SystemCenter.O365.Rules.IncidentsAlertingRule" Enabled="true" Target="Microsoft.SystemCenter.O365.Subscription" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.SystemCenter.O365.DataSource.EventsAlerts">
<TimeOut>300</TimeOut>
<IntervalSeconds>900</IntervalSeconds>
<SyncTime/>
<SubscriptionId>$Target/Property[Type="Microsoft.SystemCenter.O365.Subscription"]/SubscriptionId$</SubscriptionId>
<IncludeResolvedIncidents>true</IncludeResolvedIncidents>
<ReopenClosedAlerts>false</ReopenClosedAlerts>
</DataSource>
</DataSources>
<ConditionDetection ID="Detection" TypeID="System!System.ExpressionFilter">
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventType']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Incident</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<WriteActions>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.O365.Incident.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/Property[@Name='Title']$</AlertParameter1>
<AlertParameter2>$Data/Property[@Name='IncidentStatus']$</AlertParameter2>
<AlertParameter3>$Data/Property[@Name='ServicesAffected']$</AlertParameter3>
<AlertParameter4>$Data/Property[@Name='IncidentState']$</AlertParameter4>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/Property[@Name='IncidentId']$</SuppressionValue>
</Suppression>
<Custom1>$Data/Property[@Name='EventType']$</Custom1>
<Custom2>$Data/Property[@Name='IncidentState']$</Custom2>
<Custom3>$Data/Property[@Name='IncidentStatus']$</Custom3>
<Custom4>$Data/Property[@Name='IncidentId']$</Custom4>
<Custom5>$Data/Property[@Name='Title']$</Custom5>
<Custom6>$Data/Property[@Name='ServicesAffected']$</Custom6>
<Custom7>$Data/Property[@Name='ServiceFeaturesAffected']$</Custom7>
<Custom8>$Data/Property[@Name='View this incident in Office 365 service health dashboard']$</Custom8>
</WriteAction>
</WriteActions>
</Rule>