Creating incidents from Azure Monitor alerts via BMC Helix Integration Service

Azure Monitor provides analytics and insights about your cloud and on-premises resources and applications by analyzing telemetry. Azure Monitor enables you to configure alerts on multiple Azure resources such as metrics, search queries, log events, website availability, and so on. BMC Helix Multi-Cloud Broker receives the Azure alert metadata (JSON) and creates incidents in BMC Helix ITSM based on the set of flows, connectors, and connector targets, or the integration templates and third-party application data that you configure in BMC Helix Multi-Cloud Broker.

This integration provides the following capabilities:

Incidents are created in BMC Helix ITSM based on the following Azure Monitor alerts:
- Metric alerts
- Activity log alerts

After the incident is created in BMC Helix ITSM, you can attach the affected CI and business service to categorize the incidents. For example, an incident is created in BMC Helix ITSM, whenever a virtual machine in Azure has CPU consumption greater than 70% and server response time more than four hours.

Alerts are updated in Azure Monitor based on updates to the BMC Helix ITSM incident.
Information about Azure Monitor alerts or events is displayed on the BMC Helix ITSM: Smart IT interface.

Before you begin

Complete all preconfiguration tasks before you configure the Azure Monitor integration.

To select the integration option for Azure Monitor

Log in to BMC Helix Innovation Suite.
On Workspace, click Multi-Cloud Broker.
To launch BMC Helix Multi-Cloud Broker, click Visit Deployed Application.
Tip
You can access BMC Helix Multi-Cloud Broker directly by entering the URL https://hostName:portNumber/helix/index.html#/com.bmc.dsm.mcsm/login and logging in as a tenant administrator.
To open the configuration page, click Settings .
Select Start Here > Quick Configuration Guide.
In the Step 1: Choose configuration tab, perform the following steps:
1. From the Choose configuration list, select the Helix integration service.

b. For the notification feature, under Notification, select Azure Alert to ITSM Incident, and click Next.

The Perform configurations tab displays a list of the common configurations, connectors, flows, and connector targets and processes that you need to configure as described in the next tasks.

To map Azure Monitor alert data to ITSM or BMC Helix ITSM: Smart IT

Configuring vendor data includes setting up a vendor organization and defining vendor mappings for the technology provider. The Configuration Links page provides links to both options.

Best practice
We recommend that you set up the vendor organizations before starting the BMC Helix Multi-Cloud Broker configuration. For more information about adding vendor organizations, see Performing-common-preconfiguration-tasks.

If you have not done so already, on the Perform configurations tab page, click Manage Vendor Organizations to create or modify a vendor organization.
To add or update the vendor mapping, on the Perform configurations tab, click Manage Vendor Metadata.
To open the Map New Vendor page, on the Configure Vendor Metadata page, click .
Enter a Description that makes it easy for you to identify the vendor metadata configuration.
Select the Ticketing Technology Provider.
The Ticketing Technology Provider is the application the vendor uses to manage tickets. For example, the Ticketing Technology Provider for Azure Monitor is Azure Alerts.
Add or update the Instance name for the provider.
Click Add Mapping .
BMC Helix Multi-Cloud Broker displays the default Instance URL , and Display Field Mapping .
To add or delete values, click { } to open the JSON editor, and modify the field mappings.
1. Display Field Mapping: Map vendor ticket fields to the fields on the Smart IT console.

Vendor Specific section for Activity Log type alerts

Vendor Specific section for Metrics type alerts

9. From the Integration Platform list, select Integration Service.

To configure connectors for integrating ITSM and Azure Monitor with BMC Helix Multi-Cloud Broker

For each feature you selected, complete the following procedure for the connectors listed on the Configuration Links page.

To navigate to BMC Helix Integration Service, on the Configuration Links page, click Configure connectors in Integration Studio under Required Common Configurations.
You must configure the connectors listed for each feature, in addition to the connectors listed under Required Common Configuration.
To enter field values, select a connector, such as ITSM, and click Configuration.
You might need to click the arrow on the ribbon in the lower section of the screen to open the Configuration pane.
To update the configuration defaults, enter the appropriate field values by referring to the list of connectors at the end of this procedure.
To add or update the user account that is used to access the vendor application, click Accounts.

List of connectors and configuration values for integration with Azure Monitor

ITSM

Configuration
If you are integrating BMC Helix Multi-Cloud Broker with an on-premises instance of ITSM, enter the following values:
Field
Value
Site
Select the site that you created for Remedy.
AR server
Enter the name of your on-premises AR System server.
AR server port
Enter the port number for your on-premises AR System server.

Field	Value
Site	Select the site that you created for Remedy.
AR server	Enter the name of your on-premises AR System server.
AR server port	Enter the port number for your on-premises AR System server.

Account
Add a ITSM user account that has permissions to view business service requests and permissions to update incidents, change, or problem requests.

Multi-Cloud

Configuration
While activating BMC Helix Multi-Cloud Broker, BMC configures the Multi-Cloud connector. Do not modify the default Multi-Cloud connector configuration.

Account
BMC sets up the account for the Multi-Cloud connector.
Click to re-authenticate after you have changed the password for your tenant administrator user account in BMC Helix Innovation Studio.
For information about changing the user password, see Creating or modifying People data.

Azure Alerts

Configuration
If you are integrating BMC Helix Multi-Cloud Broker with Azure Monitor, enter the following values:

Field	Value
Name	Enter a name for your connector configuration.
Description	Enter a description for your connector configuration.
Site	Select the site required to establish a connection between Azure Monitor and BMC Helix Integration Service. You can either use the default cloud site or create your own site.
Number of instances	Retain the default value.
WebHook Message Type	Select Basic or Secure. Select the same type when creating actions on Azure alerts in Microsoft Azure.
Azure Tenant Id	Required only when you use secure webhook method.
Application Id	Required only when you use secure webhook method.
Application ID URI	Required only when you use secure webhook method.

SMTP Email

Configuration
To send email notifications for errors, specify values for the following fields:
Field
Value
Name
Enter a name for the connector configuration.
Site
Select the appropriate site for your email server.
Connection type
Select the type of connection for your email server.

Field	Value
Name	Enter a name for the connector configuration.
Site	Select the appropriate site for your email server.
Connection type	Select the type of connection for your email server.

Account
Add an email account to be used for sending error notifications.

To configure flow triggers and field mappings between ITSM, BMC Helix Multi-Cloud Broker, and Azure Monitor

For each feature you selected, complete this procedure for the flows listed on the Configuration Links page.

To navigate to BMC Helix Integration Service, on the Configuration Links page, click Configure flows in Integration Studio under Required Common Configurations.
You need to configure the flows listed for each feature, in addition to the flows listed under Required Common Configuration.
To open the flow template page, on the Catalog tab in Integration Studio, click the flow you want to configure.
To create a copy of the flow template, click .
Select the appropriate accounts for the end-point connectors of the selected flow.
You specify the connector accounts when configuring connectors.
To update the name of the flow that you have copied from the flow template, select My Flow, open the flow that you copied, and update the title.
Specify the trigger Conditions and Field mapping, and click OK.
For more information about trigger conditions and field mappings, see the list of flows at the end of this procedure.
Click My Flows and select the flow that you created from the flow template.
To verify the target values for the trigger conditions and the field mappings, in the right pane, click Details.

List of flows and configuration values for integration with Azure Monitor

The out-of-the-box flow settings are based on common field mappings. You can update the trigger conditions or field mappings.

Create Incident from Azure Alerts

Trigger
Field
Value
Alert Type
Metric, Log, or Activity Log

Field	Value
Alert Type	Metric, Log, or Activity Log

Field Mapping

Do not change the following default field mappings.

Field	Value
Summary	Monitoring Service, Monitor Condition and so on
Priority	Monitoring Service, Monitor Condition and so on
Description	Description
Urgency	Severity
Incident Type	User Service Restoration
Vendor Ticket Id	Short Alert Id

Note

While configuring Create Incident from Azure Alerts flow, you can extract the Azure asset name for which the alert is generated by mapping the LogAffected Configuration Item fields and Metric Condition Dimensions fields in the flow, and by adding transformations for the properties of these fields.

Send Error Notification

Trigger
Field
Value
Flow Target
Multi-Cloud

Field	Value
Flow Target	Multi-Cloud

Field Mapping
Field
Value
To
Enter the email account that will receive the error notification.
Subject
Flow Title
From
Note: The value of this field is set to Integration Service.
NA
Note
You can change the following out-of-the-box field mappings:
- Subject
- From
However, BMC recommends that you retain the existing mappings.

Field	Value
To	Enter the email account that will receive the error notification.
Subject	Flow Title
From Note: The value of this field is set to Integration Service.	NA

Update Azure Alert State

Trigger
Field
Value
Condition is
Retain the webhook condition
Source ID contains
Azure Alerts
Field Mapping
The following values are mapped out-of-the-box.
Field
Value
Parent Ticket Id
source ID
Alert Id
Vendor Ticket Data
Alert State
Status

Field	Value
Condition is	Retain the webhook condition
Source ID contains	Azure Alerts

Field	Value
Parent Ticket Id	source ID
Alert Id	Vendor Ticket Data
Alert State	Status

To define connector targets to enable integration with Azure Monitor

BMC preconfigures the out-of-the-box connector targets for all BMC Helix Multi-Cloud Broker features. If you want to update the connector configuration or account information, update the connector target for the feature.

Warning

Do not delete the out-of-the-box connector targets.

To navigate to BMC Helix Innovation Suite, in the Configuration Links page, click Configure Connector Targets in Innovation Studio under Required Common Configurations.
You need to configure the connector targets listed for each feature on the Configuration Links page, in addition to the ones listed under Required Common Configuration.
Click the connector target you want to configure or click to configure a new connector target.

Enter or update the following values and save the configuration.

Field	Instructions
Name	Enter a unique name for the configuration. The name is associated with the process that is related to the connector you are configuring.
Connector Type	Select the connector type from the list of connectors available to you in BMC Helix Integration Service.
Configuration	Select a configuration from the list. For example, if you select qradar as the Connector Type, all the configurations that you have made for qradar are displayed in the Configuration list.
Profile	Select a profile. For example, if you select qradar as the Connector Type, all the profiles that you have created for qradar are displayed in the Configuration list.

List of connector targets for integration with Azure Monitor

MCSM Remedy ITSM

For the MCSM ITSM connector target, define the connection configuration and profile required by the connector process.

To configure Azure Alerts webhooks

Log in to Integration Studio.
Search for the Create Incident from Azure Alerts flow.
Copy the WebHook URL value from the flow by clicking the Flow in Use button.
To add a webhook to an action, follow the instructions for a basic webhook or a secure webhook.

- To configure a basic webhook, perform the following steps:

1. 1. In the Webhook panel, set Secure webhook to No.
  2. Paste the WebHook URL from step 3 to URI.
  3. Set Common Alert Schema to Yes.
  4. The following image shows a sample webhook action.

- To configure a secure webhook, perform the following steps:

1. 1. If you have not registered the app, register the apphere.
    After you have registered your app, you can find the Object ID in the Overview tab. You will also need Application ID and Tenant ID for configuration in the Azure Alerts connector.
  2. In the Overview tab, copy Object ID of your registered app.
  3. In the Webhook panel, set Secure webhook to Yes.
  4. Paste the Object ID that you copied from the registered app.
  5. Paste the WebHook URL from step 3 to URI.
  6. Set Common Alert Schema to Yes.
    The following image shows a sample webhook action

For more details about Azure Monitor, refer to the Azure Monitor documentation.

When you complete the configuration for all the components, verify that incidents are created in ITSM based on different Azure Alerts such as Metric alerts and Activity log alerts.