Azure alert configuration with CMP Summary Topic 1 Azure Alerts and Events 2 Servicenow supported Alerts and Pre-Requisites 3 Configuration requirement at Azure 4 Configure the Azure Alert service to auto-update the CMDB5 The cloud event table at ServiceNow Instance and its parameters.6 Cloud Event Scheduler 7 Known Limitations 1 Azure Alerts and Events Activity log alerts are the alerts that get activated when a new activity log event occurs that matches the conditions specified in the alert. These alerts are for Azure resources and can be created by using an Azure Resource Manager template. They also can be created, updated, or deleted in the Azure portal. Typically, you create activity log alerts to receive notifications when specific changes occur to resources in your Azure subscription. Alerts are often scoped to particular resource groups or resources. For example, you might want to be notified when any virtual machine in the sample resource group myProductionResourceGroup is deleted. Or, you might want to get notified if any new roles are assigned to a user in your subscription. Reference: Azure AlertsAzure Monitor REST API referenceCreate, view, and manage activity log alerts by using Azure Monitor List of Azure Alerts Alerts - ListSupported resources for metric alerts in Azure Monitor 2 Servicenow supported Alerts and Pre-Requisites ServiceNow supports all the alerts supported in a Resource Group if an alert/event has been generated to the resources in a Resource Group, CMP captures. Pre-Requisites Cloud Management Plugins must be activated. Plugin Name Status Plugin ID Cloud APIActivecom.snc.cloud.apiCloud Config ManagementActivecom.snc.config.mgmtCloud Management Activecom.snc.cloud.mgmtCloud Management CoreActivecom.snc.cloud.core Azure Credentials and Service Account configured successfully Service Account needs to successfully execute "Discover Datacenters"All the Logical Datacenters of Azure discovered successfullyOne or multiple Datacenters must need to have minimum one Resource Group discovered successfully.A valid MID server with either ALL or "Clod Management" & "Azure" capabilities must need to be available always. Mandatory Role in Azure Console Contributor role should be added in the subscription. 3 Configuration requirement at Azure console There are no configuration needs to specifically required from the Azure side for Azure Alert integration with CMP.The only requirement is to have the above-mentioned Pre-Requisites available at the instance side. 4 Configure the Azure Alert service to auto-update the CMDB Configuration, please refer Configure the Azure Alert service to auto-update the CMDB Service Account: Valid Service Account which has the Datacenters and Resource Groups discovered successfully. Resource Group: One resource group from the Service AccountUser and Password: The user from the instance who must have "sn_cmp.cloud_event_integration" roles Note: If the User is not having the correct roles the integration fails and the user is not from the Azure Console but from the Instance. Status: "Active" Once the above configuration is successful, the status changes from Started to Active, "Error" If the MID server configured is not available.The Service Account Discovery failed for any reasonThe Resource Group has been terminated in the background 5 The cloud event table at ServiceNow Instance and its parameters. Once the above configuration is successful, the user can see the events populated to "sn_cmp_cloud_event_list" All the Azure events will be populated with Source "azure activity log"Event Name is the actual event generated from the Azure console.The Events are generated with Resource ID associated in the instance.Resource Type: The resource type event has been generated.Event Time: Only populates for Greenfield resources(Processed is the actual time of the Event time). Once the Event is populated, the important fields need to be noted. Event Name: VmPowerOffEvent Resource ID: CMP deals or identifies the VMs based on Resource ID, but not on the name.Payload: Contains the SysID of the resource.Error Message: Actual Error message generated in Azure console The information in the payload will be forwarded to IRE (CMDB Identification and Reconciliation) The IRE now responds to the CI using the SysID and take necessary action. 6 Cloud Event Scheduler Once an event has been generated from Azure the "Cloud Event Scheduler" scheduled jobs execute in the background https://<instancename>.service-now.com/sysauto_script.do?sys_id=fb9dc69dd754320097eb6ccf6e6103b5&sysparm_record_rows=1&sysparm_record_scope=80d50579eb203200979aa5115206fedd&sysparm_record_target=sysauto&sysparm_record_list=nameCONTAINScloud+event%5EORDERBYname&sysparm_nostack=true&sysparm_record_row=1 The scheduled job "Cloud Event Scheduler" is designed to execute every 10 seconds by default User has the ability to change the Repeat interval from the default 10 seconds to the required interval level.The job responsibility is to pass the Event Payload to IRE and IRE then takes the necessary actions to modify the state of the resources as per the event Known Limitations Unable to configure Azure Alerts from multiple Resource groups from the same ServiceAccountThe Alert configuration will continue to ping the Alerts even the MID server is down, it causes the ECC to high with errors and user needs to manually deactivate the Azure Alert configuration if there is no MID available.