Integrating with BMC Netreo via webhook

BMC Netreo is an enterprise-class network monitoring system where you can see everything across your enterprise with no clients, agents, or probes. BMC Netreo proactively manages IT resources, prevents issues, and automates your monitoring from infrastructure to applications.

Configure a connection with BMC Netreo to collect incidents from BMC Netreo hosted on an on-premises or SaaS environment.

BMC Helix application	Type of data collected or viewed	Benefits
BMC Helix Operations Management	Events (Netreo incidents received as events)	Use a centralized event view to monitor and manage events, perform event operations, and filter events. Identify actionable events from a large volume of event data by processing events. For more information, see Monitoring events and reducing event noise.

Supported versions

BMC Helix Intelligent Integrations versions earlier than 25.2.02 support BMC Netreo 25.2 (On premises). BMC Helix Intelligent Integrations version 25.2.02 or later supports BMC Netreo 25.2 (SaaS, On premises).

Task 1: To plan for the connection

Depending on the location of the third-party product (SaaS, on-premises), choose one or more BMC Helix Intelligent Integrations deployment modes and review the corresponding port requirements. For information about various deployment modes and port requirements, see Deployment-scenarios.
Based on the deployment mode, use the BMC Helix Intelligent Integrations SaaS deployment or the BMC Helix Intelligent Integrations on-premises gateway or both. For more information about the gateway, see Deploying-the-BMC-Helix-Intelligent-Integrations-on-premises-gateway.

In the preceding list, third-party product refers to BMC Netreo.

Task 2: To configure the connection with BMC Netreo

Depending on the deployment mode, perform one of the following steps to access BMC Helix Intelligent Integrations:
- BMC Helix Intelligent Integrations SaaS – Log on to BMC Helix Portal, and click Launch on BMC Helix Intelligent Integrations.
- BMC Helix Intelligent Integrations on-premises gateway – Use the following URL to access BMC Helix Intelligent Integrations: https://<hostName>:<portNumber>/swpui
On the CONNECTORS tab, click in the SOURCES panel.
Click the Netreo Events Webhook tile.
Specify a unique instance name and then click VALIDATE AND CREATE.
Best practice
We recommend that you specify the instance name in the following format:
<sourceType>_<sourceControllerServerName>_<InstanceQualifier>
The instance qualifier helps you to distinguish the multiple instances configured from the same source server. For example, you can name your instances as Netreo_Host_PROD, Netreo_Host_TEST, and so on.
Click CREATE COLLECTORS to create the collector stream for the BMC Netreo events.

Configure the distributors for the BMC Netreo events in the Distributors section by specifying the parameters for the data type, as explained in the following table:

Parameter name	Description
Max Batching Size	Specify the maximum number of data items to send in a single POST request to the destination API. The batch size depends on the destination’s ability to buffer the incoming data. Default: 250
Max Batching Delay	Specify the maximum time (in seconds) to wait before building and processing a batch. Default: 3 seconds
Base Retry Delay	Specify the initial time (in seconds) for which to wait before retrying to build and process a batch. The waiting time increases in the following sequence: n¹, n², n³, and so on, where n indicates the number of seconds. Default: 2 seconds Example: Base Retry Delay is set to 2 seconds. Retry is performed after 2, 4, 8, 16, ... seconds.
Max Intra-Retry Delay	Specify the maximum limit for the base retry delay. Default: 60 seconds Example:Max Intra-Retry Delay is set to 60 seconds. Base Retry Delay is set to 2 seconds. Retries are performed 2, 4, 8, 16, 32,... seconds later.
Max Retry Duration	Specify the total time for retrying a delivery. For REST destinations, a delivery is a batch of data items in one POST request. Default: 5 minutes Example: Max Retry Duration is set to 8 hours. Base Retry Delay is set to 2 seconds. Requests are sent for 2+4+8+16+32+64+132... until 8 hours in total duration is reached. After that, no subsequent attempts are made to retry the delivery. The assumption here is that if there is an outage or other issue with the destination tool, recovery should take less than the value of the Max Retry Duration parameter to be completed.
Attributes To Be Dropped When Updating Events	Specify the event attributes that you do not want to be updated in BMC Helix Operations Management when events are updated. For example, if you do not want an event's severity, source address, source category, and subcategory to be updated in BMC Helix Operations Management, you need to specify those attributes in a comma-separated format: severity,source_address,source_category,source_subcategory. Important:You can obtain the event attribute names in BMC Helix Operations Management, by exporting any event data in JSON, BAROC, XML, or CSV format . The exported file contains all attributes of the event data, and from there you can identify the attributes to be dropped.
Events FiltersEvents filters help remove unwanted data and send only the required events to BMC Helix applications. The data is filtered by using the regular expression (regex) provided for host, message, and detailed message and is sent to BMC Helix applications.
Host Regex	Specify the regex for the host name. Events for the hosts whose names match the regex are sent to BMC Helix applications. Examples: To send data for the host name /inventory/pricing, specify the regex as ^/inventory/pricing$. To filter out data whose host name contains the string inventory, specify the regex as *^(?!.inventory).**. To send the data for the host whose names start with the string inventory, specify the regex as ^inventory.. Important: If you are using multiple regex, make sure that the regex do not conflict. For example, do not enter .(inventory). and ^(?!.inventory).** together. The former regex sends events for the hosts whose names contain the string inventory, while the latter regex sends events for the hosts whose names do not contain the string inventory.
Message Regex	Specify the regex for the event message. Messages for the events that match the regex are sent to BMC Helix applications. Examples: To send events whose messages contain the string HRV alert, specify the regex as *.HRV alert**. To filter out the events whose message contains the string HRV alert, specify the regex as ^(?!.HRV alert).**. To send events whose message starts with the string HRV alert, specify the regex as ^(HRV alert).. Important: If you are using multiple regex, make sure that the regex do not conflict. For example, do not enter .HRV alert. and ^(?!.HRV alert).** together. The former regex sends events whose message contains the string HRV alert, while the latter regex sends events whose message do not contain the string HRV alert.
Detailed Message Regex	Specify the regex for the detailed message. Detailed messages for the events that match the regex are sent to BMC Helix applications. Examples: To send events whose detailed message contains the string ci_display_name: easyTravel-k8s, specify the regex as *.ci_display_name: easyTravel-k8s.**. To filter out the events whose detailed message contains the string ci_display_name: easyTravel-k8s, specify the regex as ^(?!.ci_display_name: easyTravel-k8s).**. To send the events whose detailed message starts with the string ci_display_name: easyTravel-k8s, specify the regex as ^(ci_display_name: easyTravel-k8s).. Important: If you are using multiple regex, make sure that the regex do not conflict. For example, do not enter .ci_display_name: easyTravel-k8s. and ^(?!.ci_display_name: easyTravel-k8s).** together. The former regex sends events whose detailed message contains the string ci_display_name: easyTravel-k8s, while the latter regex sends events whose message do not contain the string ci_display_name: easyTravel-k8s.

Click CREATE DISTRIBUTORS to create the required distributor stream for the BMC Netreo events.
Click SAVE STREAM.
After you save the stream, the connector that you just created is listed on the SOURCES panel.
On the SOURCES panel, click Configure Mediator for the source connection that you created and then expand NETREO EVENTS.
Click copy to copy the auto-generated BMC Netreo webhook collector URL and save it in a temporary file.
For example, https://hostA/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdf?token=API-KEY.
Depending on whether you are using only a SaaS deployment of BMC Helix Intelligent Integrations or BMC Helix Intelligent Integrations on-premises gateway, perform the following steps:
- If you are using only SaaS deployment of BMC Helix Intelligent Integrations or the on-premises gateway with authentication enabled, perform the following steps:
  1. Log on to BMC Helix Portal and generate an access key.
    For instructions, see Setting up access keys for programmatic access.
  2. Copy the generated API key and save it in a temporary file.
    The key is generated in the format: <accessKey>::<secretKey>::<tenantID>.
    For example, Y40OSC49QZA11Q8A1H9H6::MnVLk69TNyCEponsthHJ1Hj1uKcjTB::385261281.
  3. Change the format of the API key to <tenantID>::<accessKey>::<secretKey>.
    For example, 385261281::Y40OSC49QZA11Q8A1H9H6::MnVLk69TNyCEponsthHJ1Hj1uKcjTB
  4. In a temporary file, modify the auto-generated collector URL by replacing API-KEY with the API key that you formatted in the previous step.
    For example, https://host.ab.com/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdfd?token=385261281::Y40OSC49QZA11Q8A1H9H6::MnVLk69TNyCEponsthHJ1Hj1uKcjTB.
  5. Configure BMC Netreo to forward incidents data to BMC Helix Intelligent Integrations.
- If you are using the on-premises gateway with authentication disabled, perform the following steps:
  1. Save the URL in a temporary file.
  2. Remove the following string from the collector URL:?token=API-KEY
    The updated collector URL looks like the following example:
    https://hostA/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdf.
  3. (If you are collecting data in a high availablity environment) Replace the host name with the DNS record that you have created for the VIP. For example, if the DNS record is named VIP_HII, the updated collector URL looks like the following:
    https://VIP_HII/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdf.
  4. Configure BMC Netreo to forward incidents data to BMC Helix Intelligent Integrations.
On the SOURCES panel, move the slider to the right to start the data stream for the connector you created in step 8.
Important
For a data stream, the Run Latency (max/avg), Items (Avg per Run), and Last Run Status columns on the Streams page might show the status as No Runs during the data collection process. After completion of the process, these columns are updated with an appropriate status.

Task 3: To configure BMC Netreo to forward incidents data to BMC Helix Intelligent Integrations

To forward incidents data from BMC Netreo to BMC Helix Intelligent Integrations , create actions for the host, service, and threshold entity types.

Log on to BMC Netreo as an Admin or SuperAdmin user.
Select Administration > Alerts > Actions.
Click Action Cloud Library.
All the actions available in the BMC Netreo action cloud library appear.
Click Download for the following actions to download them:
- BMC_II_Host
- BMC_II_Service
- BMC_II_Threshold
Select Actions Administration > Alerts > Actions.
On the Actions Administration page, click Collapse/Expand to view all the actions.
Configure the actions:
1. Click Edit Method for the BMC_II_Host action.
2. Replace the following line with the webhook URL you saved in a temporary file in step 11:
  https://<XYZ>/hii/api/mediator/v3/push/5cb5d8df-fbe7?token=<API-KEY>
  The sample payload for the BMC_II_Host action looks like the following example:
  https://hostA.abc.com/hii/api/mediator/v3/push/5cb5d8df-fbe7 ?token=385261281::Y4B0OSC49QZ::MnVLk69TNyCE
  
  [header]
  {
  "Content-Type" : "application/json"
  }
  [header]
  
  {
  "incident_id": "{INCIDENTID}",
  "source_entity_uri" : "{INCIDENT_URL}",
  "creation_time": "{INCIDENTTIMET}",
  "status": "{NOTIFICATIONTYPE}",
  "severity": "{HOSTSTATE}",
  "user_severity": "<User Defined>",
  "incident_type": "Host",
  "site" : "{SITENAME}",
  "source_geo_location": "{SITEGEOLAT}, {SITEGEOLONG}",
  "category": "{CATEGORYNAME}",
  "source_strategic_group": "{STRATEGICGROUP}",
  "msg": "{SUBJ}",
  "tags": "[{DEVICE_DOCUMENTATION}]",
  "related_alarms": "{RELATED_OPENALARMS}",
  
  "uid": "{UID}",
  "source_hostname": "{HOSTNAME}",
  "source_address" : "{HOSTADDRESS}",
  "metric_name":"{HOSTNAME}",
  "metric_value":"{HOSTSTATE}",
  "metric_note": "{HOSTNOTE}",
  "source_statistical_group": "{STATISTICALGROUP}",
  
  "details" : "On {DATETIME}, device {HOSTNAME} ({HOSTADDRESS}) went host {HOSTSTATE}, at site {SITENAME}. {OUTPUT}"
3. Click Edit Method to save the action.
4. Repeat steps a to c for the BMC_II_Service and BMC_II_Threshold actions.
5. Go to step 12 to start the data stream.

Task 4: To verify the connection

From BMC Helix Intelligent Integrations, on the SOURCES panel, confirm that the event stream for the connection you created is running.

A moving blue arrow ( ) indicates that the event stream is running. Event data will be pushed as soon as incidents are available.

To view events in BMC Helix Operations Management

In BMC Helix Operations Management, select Monitoring > Events.
Filter the events by the NetreoIncident class.

Incoming events from BMC Netreo are processed in BMC Helix Operations Management through a set of deduplication rules to determine whether the incoming event is a duplicate event or a new event. For more information, see Event-deduplication-suppression-and-closure-for-reducing-event-noise.

For more information about events, see Monitoring and managing events.