SCOM (Microsoft System Center Operations Manager)
Supported Versions | Type | Authentication Type |
|---|---|---|
System Center 2016, 2019, 2022 | Custom Script | Org Bearer Token |
Microsoft System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. Using this integration, you can automatically pull SCOM alerts into BigPanda.
Open Integration Manager
The Open Integration Manager is available for use with SCOM. For more information, see the Open Integration Manager documentation.
How it Works
The SCOM integration works by polling the SCOM service at a regular interval. New and updated alert data found during polling is sent to BigPanda as individual events.
By default the polling interval is 90 seconds.
BigPanda then processes and correlates the alert from SCOM to create and maintain up-to-date incidents in BigPanda.
Payload size
Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.
When Alerts are Updated and Closed
The life cycle of a SCOM alert in BigPanda reflects the status in SCOM.
Some alerts are not closed automatically: For alerts from monitors, SCOM updates when the error is resolved. The alert is then automatically closed in BigPanda. For alerts from rules, SCOM may not resolve the alert, so the related alert in BigPanda remains open. You may manually resolve alerts in BigPanda, or they will be automatically closed in BigPanda after the time-based alert resolution window has passed with no updates.
Install SCOM Integration
Microsoft System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. Using this integration, you can configure SCOM to automatically send alerts to BigPanda. The SCOM integration provides streamlined installation, debugging, and supports installations that use an HTTP proxy server.
Open Integration Manager
The Open Integration Manager is available for use with this integration. For more information, see the Open Integration Manager documentation.
Additional details on the capabilities, supported versions, and troubleshooting can be found in the SCOM (Microsoft System Center Operations Manager) documentation.
Create an App Key
Create an app key in BigPanda.
Integration specific
You'll need a separate app key for each integrated system.
App Key Configuration in BigPanda
Download the BigPanda SCOM Integration Utility
The bigpanda-scom-service utility is a small Windows service configuring your BigPanda SCOM integration.
Download the compressed archive of the utility: Windows 64-bit
Extract the archive, and note the path to the extracted directory. You will use this to install the utility.
Execute
Unblock-File {dir path}/bigpanda-scom-service.exe
CLI Not Supported
SCOM v2 Integrations with OIM is not compatible with CLI commands. Launch the SCOM Integration as a service.
Preinstall Requirements
System Requirements
The BigPanda-SCOM-Service can be installed on any windows system that has access to SCOM Management Servers(s) or on a SCOM Management Server.
The system must have:
The
OperationsManagerlibraries installedThe ability to communicate via the network to the SCOM server that is configured
The ability to send the alerts to the BigPanda endpoint configured for SCOM (usually
https://integrations.bigpanda.io/oim/scom_v2/alerts)Do not run the service from a mapped user folder such as downloads - this can cause credential problems downstream
Verify that the OperationsManager modules are present on the system where the BigPanda-SCOM-Service will be running with these commands:
Import-Module -Name OperationsManager Get-Command –module OperationsManager
A list of the available SCOM Cmdlets should display.
Local Admin Required
If the service account is not in the local admin group for the system it is running on, the service will fail immediately. Double check the registry or directory path permissions for the account before continuing.
Account Credentials
The service should be run as a service account. This account can be in any group that has:
READ ALL access in Operations Manager - Operations Manager Read-Only Administrators (or equivalent) User-Role
Able to read/write to the directory that it is running in
Able to read/write to the registry key:
HKLM:\Software\Wow6432Node\BigPanda-SCOM-ServiceLog on as a Service (for the system that the service is running on)
Install the BigPanda SCOM Integration Service
In the same PowerShell console, go to the path where you extracted the utility.
Run the following command, replace
<SCOM Server>with the Management server to poll. If the-scomserveroption is not supplied, the first available SCOM Management server in the service broadcast will be used.Without Proxy
./bigpanda-scom-service.exe -appkey <Your App Key> -authtoken <Your Org Bearer Token> -url https://integrations.bigpanda.io/scom_v2/alerts -scomserver <SCOM Server> -service install
Using an HTTP/S Proxy. You must replace
<Proxy server URL>with the full URL to your proxy server../bigpanda-scom-service.exe -appkey <Your App Key> -authtoken <Your Org Bearer Token> -url https://integrations.bigpanda.io/scom_v2/alerts -scomserver <SCOM Server> -proxy <Proxy server URL> -service install
Using an HTTP/S Proxy with credentials. You must replace
<Proxy server URL>with the full URL to your proxy server, replace<Proxy User>and<Proxy Password>with the relevant values../bigpanda-scom-service.exe -appkey <Your App Key> -authtoken <Your Org Bearer Token> -url https://integrations.bigpanda.io/scom_v2/alerts -scomserver <SCOM Server> -proxy <Proxy server URL> -proxyuser <Proxy User> -proxypassword <Proxy Password> -service install
Verify the service Configuration with the following command
./bigpanda-scom-service.exe --helpthe following will be displayed, and describe configuration options:powershell PS D:\BigPanda> .\bigpanda-scom-service.exe --help Usage of D:\BigPanda\bigpanda-scom-service.exe: -appkey string Integration App Key (default "<Your App Key>") -authtoken string Integration Bearer Token (default "<Your Org Bearer Token>") -batchsize int Alert Batch size (default 150) -interval string Service Polling Interval, EG '5m' or '1m30s' (default "1m") -logage string Log Roll Duration, EG '24h' or '12h30m' (default "24h") -loglocation string Log Location (default "D:\BigPanda\bigpanda-scom-service.log") -proxy string Proxy URL -proxypassword string Proxy Password -proxyuser string Proxy User -scomserver string SCOM Host (default "<SCOM Management Server>") -script string Service Script (default "D:\BigPanda\bigpanda-scom-service-script.ps1") -service string Control the system service. -url string Integration endpoint URL (default "https://integrations.bigpanda.io/scom_v2/alerts")
Before Starting the service, the service must be configured with a Log On account.
This can be performed using Powershell >v7 with the following command:
Set-Service -Name "BigPanda SCOM Service 2024" -Credential @(Get-Credential)
Or using the Services App > BigPanda SCOM Service 2024 > Log On > This Account (Enter an account that can access the SCOM Management Servers)
Configure custom Resolution States (if applicable)
From PowerShell, check for custom resolution states. If there are ResolutionStates which are not listed here, e.g. any ResolutionState with an enumeration value between 1-246, the "Name" string value must be added to the Integration Status Map.
PS D:\BigPanda> Get-SCOMAlertResolutionState|Select-Object ResolutionState,Name ResolutionState Name --------------- ---- 0 New 247 Awaiting Evidence 248 Assigned to Engineering 249 Acknowledged 250 Scheduled 254 Resolved 255 ClosedStart the BigPanda-SCOM-Service
PS D:\BigPanda> .\bigpanda-scom-service.exe -service start
or
Start-Service 'BigPanda SCOM Service 2024'
check the service status
Get-Service 'BigPanda SCOM Service 2024'
Note: The service configuration is stored in the windows registry at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigPanda-SCOM-Service
SCOM Data Model
BigPanda normalizes alert data from SCOM.
You can rename the Custom Field names to better fit your data normalization and standardization practices.
The primary and secondary properties are key fields used during the deduplication and correlation processes.
Data Model Tags
Tags received by BigPanda include alert properties and additional fields calculated from those properties.
Custom Fields enable you to send additional contextual or operational tags. The name for each custom field can be changes to better fit your data normalization and standardization practices.
Tag | Source Field | Notes |
or
|
or
| Monitored object that generated the alert. |
|
| Name of the alert in SCOM. |
|
| |
|
| |
|
| |
|
| Calculated field |
|
| Calculated field Level of the alert (OK, Warning, Critical) |
|
| Calculated field |
|
| |
|
| Converted to string |
|
| |
|
| |
|
| |
|
| |
|
| Calculated field |
|
| Calculated field |
|
| Calculated field |
|
| |
|
| |
|
| |
|
| Automatically generates timestamp based on polling time |
|
| Converted to string |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| Calculated field |
|
| |
|
| |
|
| Calculated field |
|
| |
|
| |
|
| |
|
| Calculated field |
|
| Calculated field |
|
| Calculated field |
|
| Calculated field |
(Optional) Use SCOM with a Proxy Server
The SCOM service can be run through a proxy by amending the registry to include proxy information.
bigpanda-scom-service.exe -proxy <url> -proxyuser <user> -proxypassword <password>
Debug SCOM
The DEBUG setting can help you troubleshoot issues with your SCOM integration.
Turn on SCOM DEBUG logging to record all outbound packets, including comments and path.
To enable debugging, navigate in the SCOM service to the Registry and define:
-DEBUG true
Uninstall the Integration
Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.
Caution during replacement
When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.
Deactivate Inbound Integration
If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.
To deactivate an inbound integration:
In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.
In the integrations list, inactive integrations will be marked with a gray bar.
Alert Resolution for Inactive Integrations
Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.
Stop Sending Data to BigPanda
Use the following command to uninstall the SCOM service:
```Uninstall powershell .\bigpanda-scom-service.exe -service uninstall ```
Delete the Integration in BigPanda
Take the following steps to delete the integration from BigPanda:
In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.
️Automatic alert resolution for deleted integrations
All active alerts from the integration will be resolved after deletion.
Data removal
This procedure does not remove any data from the integrated system.