SCOM (Microsoft System Center Operations Manager)
Send monitoring events from Microsoft System Center Operations Manager (SCOM) to BigPanda.
| Supported Versions | Type | Authentication Type |
|---|---|---|
| System Center 2016, 2019, 2022 | Custom Script | Org Bearer Token |
Microsoft System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. Using this integration, you can automatically pull SCOM alerts into BigPanda.
Open Integration Manager
The Open Integration Manager is available for use with SCOM. For more information, see the Open Integration Manager documentation.
How it Works
The SCOM integration works by polling the SCOM service at a regular interval. New and updated alert data found during polling is sent to BigPanda as individual events.
By default the polling interval is 90 seconds.
BigPanda then processes and correlates the alert from SCOM to create and maintain up-to-date incidents in BigPanda.
Payload size
Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.
When Alerts are Updated and Closed
The life cycle of a SCOM alert in BigPanda reflects the status in SCOM.
Some alerts are not closed automatically: For alerts from monitors, SCOM updates when the error is resolved. The alert is then automatically closed in BigPanda. For alerts from rules, SCOM may not resolve the alert, so the related alert in BigPanda remains open. You may manually resolve alerts in BigPanda, or they will be automatically closed in BigPanda after the time-based alert resolution window has passed with no updates.
SCOM Data Model
BigPanda normalizes alert data from SCOM.
You can rename the Custom Field names to better fit your data normalization and standardization practices.
The primary and secondary properties are key fields used during the deduplication and correlation processes.
Data Model Tags
Tags received by BigPanda include alert properties and additional fields calculated from those properties.
Custom Fields enable you to send additional contextual or operational tags. The name for each custom field can be changes to better fit your data normalization and standardization practices.
| Tag | Source Field | Notes |
|---|---|---|
MonitoringObjectFullNameor MonitoringObjectName | $alert.MonitoringObjectFullNameor $alert.MonitoringObjectName | Primary Property Monitored object that generated the alert. |
AlertName | $alert.Name | Secondary Property. Name of the alert in SCOM. |
AlertDescription | $alert.Description | |
AlertId | $alert.Id | |
AlertParams | $alert.AlertParams | |
AlertPriority | $alertPriority | Calculated field |
AlertSeverity | $alertSeverity | Calculated field Level of the alert (OK, Warning, Critical) |
AlertState | $alertState | Calculated field |
AlertStringId | $alert.AlertStringId | |
Category | $alert.Category.ToString() | Converted to string |
ConnectorId | $alert.ConnectorId | |
ConnectorStatus | $alert.ConnectorStatus | |
CustomField<1-10> | $alert.CustomField<1-10> | |
DisplayName | $alert.MonitoringObjectDisplayName | |
Elevation | $elevation | Calculated field |
History | $history | Calculated field |
HostID | $hostid | Calculated field |
IsMonitorAlert | $alert.IsMonitorAlert | |
LastModified | $LastModified | |
LastModifiedBy | $alert.LastModifiedBy | |
LastModifiedByNonConnector | Get-Date($alert.LastModifiedByNonConnector)-Format 'yyyy-MM-ddTHH:mm:ssZ' | Automatically generates timestamp based on polling time |
ManagementGroup | $alert.ManagementGroup.ToString() | Converted to string |
MonitoringObjectDisplayName | $alert.MonitoringObjectDisplayName | |
MonitoringObjectPath | $alert.MonitoringObjectPath | |
NetbiosComputerName | $alert.NetbiosComputerName | |
NetbiosDomainName | $alert.NetbiosDomainName | |
Owner | $alert.Owner | |
Parameters | $alert.Parameters | |
PrincipalName | $alert.PrincipalName | |
Priority | $alert.Priority | |
ProblemId | $alert.ProblemId | |
RepeatCount | $alert.RepeatCount | |
ResolutionState | $alert.ResolutionState | |
ResolvedBy | $alert.ResolvedBy | |
RuleId | $alert.RuleId | |
SCOM_Server | $SCOMServer | Calculated field |
Severity | $alert.Severity | |
SiteName | $alert.SiteName | |
Status | $alertStatus | Calculated field |
TfsWorkItemId | $alert.TfsWorkItemId | |
TfsWorkItemOwner | $alert.TfsWorkItemOwner | |
TicketId | $alert.TicketId | |
TimeAdded | Get-Date($alert.TimeAdded)-Format 'yyyy-MM-ddTHH:mm:ssZ' | Calculated field |
TimeRaised | Get-Date($alert.TimeRaised)-Format 'yyyy-MM-ddTHH:mm:ssZ' | Calculated field |
TimeResolutionStateLastModified | Get-Date($alert.TimeResolutionStateLastModified)-Format 'yyyy-MM-ddTHH:mm:ssZ' | Calculated field |
TimeResolved | $TimeResolved | Calculated field |
Install The Integration
Administrators can install the integration by following the SCOM Installation instructions.
(Optional) Use SCOM with a Proxy Server
The SCOM service can be run through a proxy by amending the registry to include proxy information.
bigpanda-scom-service.exe
-proxy <url>
-proxyuser <user>
-proxypassword <password>
Debug SCOM
The DEBUG setting can help you troubleshoot issues with your SCOM integration.
Turn on SCOM DEBUG logging to record all outbound packets, including comments and path.
To enable debugging, navigate in the SCOM service to the Registry and define:
-DEBUG true
Uninstall the Integration
Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.
Caution during replacement
When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.
Deactivate Inbound Integration
If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.
To deactivate an inbound integration:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
- At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.
In the integrations list, inactive integrations will be marked with a gray bar.
Alert Resolution for Inactive Integrations
Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.
Stop Sending Data to BigPanda
Use the following command to uninstall the SCOM service:
.\bigpanda-scom-service.exe
-service uninstall
Delete the Integration in BigPanda
Take the following steps to delete the integration from BigPanda:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
- In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.
️Automatic alert resolution for deleted integrations
All active alerts from the integration will be resolved after deletion.
Data removal
This procedure does not remove any data from the integrated system.
Updated 17 days ago