Send SCOM alerts to Slack

Hello Everyone,

This post will be about how you can send alerts from SCOM to a Slack channel. I used a powershell module which you can find on this blog post.
Slack is a free tool that offers real-time messaging, archiving and search for modern teams. It also has premium paid features, but to send SCOM alerts to Slack, this is not required.
For people that don’t have Slack, I would strongly recommend it, as the free tier already offers quite nice features. An alternative to Slack is Microsoft Teams.

Alright here we go.

There are a few prerequisites before we start:

• You’ll need Windows Management Framework 5.0 installed on your SCOM Management Server which is sending out the messages to Slack. This can be found here.
• Once WFM 5.x is installed, you need to install the following PS module on your management servers, just open a powershell and execute:

  Install-Module PSSlack -Force

• The SCOM Management servers require internet access.
• When using a web proxy to go to the internet, you’ll need to create an AD account which can access the internet.
• You’ll need slack (duh :)), and you have to create a token for your team. This can be done here.
  

The next step is required if your management servers require a proxy to send notifications. Otherwise, this can be skipped.
Open the Operations Console -> Go to Administration -> Run As Configuration -> Profiles

Look for the Noficiation Account

Add the Run as account that has internet access. Click Save.

Next download the script that will send these notifications. You can find this here

Place this script under a folder on each management server(s), f.e. C:\SCOM\Scripts. Make sure the account we created earlier has access to this folder! If you don’t use a proxy server to access the internet, this is not required, as the system account has access to this folder.

Run the following command if you are using a proxyserver on your management servers:

Open the downloaded script with Powershell ISE or another editor, fill in your token from Slack (as described in prerequisites):

 

And change the weblink, as outlined in the example, change to your environment. I use squared up to drill down into alerts.

Change the channel name to the slack channel you want to send your monitoring notifications to:

Next up we create the Command channel

Fill in the description, click Next

Full path is: c:\windows\system32\windowspowershell\v1.0\powershell.exe

Command line parameters: <Path to the PSScript> -AlertID ‘$Data/Context/DataItem/AlertId$’ -AlertName ‘$Data[Default=’Not Present’]/Context/DataItem/AlertName$’ -AlertDescription ‘$Data[Default=’Not Present’]/Context/DataItem/AlertDescription$’ -Severity ‘$Data[Default=’Not Present’]/Context/DataItem/Severity$’ -DisplayName ‘$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityPath$\$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityDisplayName$’ -ResolutionState ‘$Data[Default=’Not Present’]/Context/DataItem/ResolutionStateName$’

Startup folder: c:\windows\system32\windowspowershell\v1.0\

Next we’ll need to create a subscription to fire alerts towards Slack.

Give the subscription a name, click Next.

Under criteria, choose what suits your need, but I would recommend using the criteria above to test the command channel.

Create a new subscriber.

Fill in the description, go to Addresses. Click Add.

Fill in address name, click Next

Choose our command channel we created, click Next -> Finish

That’s it! Alerts should be coming in, and clicking on them immediately forwards you to the Web console / Squared Up interface. Feel free to contact me should you have any issues.

Best regards,

Jasper