Microsoft Azure Monitor Event Source

The Microsoft Azure Event Source allows users to configure Azure to send Events to FireHydrant for creating Alerts. Alert Rules can be configured to scan the payloads and ensure the right teams are notified of events they care about.

Configuration

Follow Microsoft's documentation for configuring monitoring alerts. FireHydrant supports Metric-type alerts - other alert types should be configured with Custom Event Sources.

In FireHydrant, copy the Microsoft Azure ingress URL on the Event Sources page and use that as the destination webhook URL for your Azure monitor alerts.

Field Mappings

FireHydrant's Azure transposer will map the following fields to FireHydrant's Events Data Model.

Azure Parameter	FireHydrant Parameter
`data.essentials.originAlertId`	`idempotency_key`
`data.essentials.severity` `data.essentials.alertRule`	`summary` - Will be in the format of `[Severity] Alert Rule`
`data.essentials.description` `data.essentials.alertTargetIDs[]` `data.essentials.configurationItems[]`	`body`
	`level` - Always `ERROR`
`data.essentials.monitorCondition`	`status` - Open when `monitorCondition` is "Fired" otherwise closed
`data.essentials.monitoringService` `data.essentials.severity` `data.essentials.signalType`	`annotations['azure.monitoringService']` `annotations['azure.severity']` `annotations['azure.signalType']`

These mappings mean that an inbound webhook from Azure with the following content:

{
  "schemaId": "azureMonitorCommonAlertSchema",
  "data": {
    "essentials": {
      "alertId": "/subscriptions/testsubid/providers/Microsoft.AlertsManagement/alerts/b9569717-bc32-442f-add5-83a997729330",
      "alertRule": "WCUS-R2-Gen2",
      "severity": "Sev3",
      "signalType": "Metric",
      "monitorCondition": "Fired",
      "monitoringService": "Platform",
      "alertTargetIDs": [
        "/subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2"
      ],
      "configurationItems": [
        "wcus-r2-gen2"
      ],
      "originAlertId": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
      "firedDateTime": "2019-03-22T13:58:24.3713213Z",
      "description": "foobar",
      "essentialsVersion": "1.0",
      "alertContextVersion": "1.0"
    },
    "alertContext": {
      "properties": null,
      "conditionType": "SingleResourceMultipleMetricCriteria",
      "condition": {
        "windowSize": "PT5M",
        "allOf": [
          {
            "metricName": "Percentage CPU",
            "metricNamespace": "Microsoft.Compute/virtualMachines",
            "operator": "GreaterThan",
            "threshold": "25",
            "timeAggregation": "Average",
            "dimensions": [
              {
                "name": "ResourceId",
                "value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e"
              }
            ],
            "metricValue": 7.727
          }
        ]
      }
    },
    "customProperties": {
      "Key1": "Value1",
      "Key2": "Value2"
    }
  }
}

...will result in the following mapped Signal on FireHydrant:

{
  "summary": "[Sev3] WCUS-R2-Gen2",
  "body": "foobar\n\n**Alert Target IDs:**\n```\n- /subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2\n```\n\n**Configuration Items:**\n```\n- wcus-r2-gen2\n```\n",
  "idempotency_key": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
  "level": "ERROR",
  "annotations": {
    "azure.monitoringService": "Platform",
    "azure.severity": "Sev3",
    "azure.signalType": "Metric"
  }
}