Microsoft Azure Monitor Event Source

The Microsoft Azure Event Source allows users to configure Azure to send Events to FireHydrant for creating Alerts. Alert Rules can be configured to scan the payloads and ensure the right teams are notified of events they care about.

Configuration

Follow Microsoft's documentation for configuring monitoring alerts. FireHydrant supports Metric-type alerts - other alert types should be configured with Custom Event Sources.

In FireHydrant, copy the Microsoft Azure ingress URL on the Event Sources page and use that as the destination webhook URL for your Azure monitor alerts.

Field Mappings

FireHydrant's Azure transposer will map the following fields to FireHydrant's Events Data Model.

Azure Parameter

FireHydrant Parameter

data.essentials.originAlertId

idempotency_key

data.essentials.severity
data.essentials.alertRule

summary - Will be in the format of [Severity] Alert Rule

data.essentials.description
data.essentials.alertTargetIDs[]
data.essentials.configurationItems[]

body

level - Always ERROR

data.essentials.monitorCondition

status - Open when monitorCondition is "Fired" otherwise closed

data.essentials.monitoringService
data.essentials.severity
data.essentials.signalType

annotations['azure.monitoringService']
annotations['azure.severity']
annotations['azure.signalType']

These mappings mean that an inbound webhook from Azure with the following content:

{
  "schemaId": "azureMonitorCommonAlertSchema",
  "data": {
    "essentials": {
      "alertId": "/subscriptions/testsubid/providers/Microsoft.AlertsManagement/alerts/b9569717-bc32-442f-add5-83a997729330",
      "alertRule": "WCUS-R2-Gen2",
      "severity": "Sev3",
      "signalType": "Metric",
      "monitorCondition": "Fired",
      "monitoringService": "Platform",
      "alertTargetIDs": [
        "/subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2"
      ],
      "configurationItems": [
        "wcus-r2-gen2"
      ],
      "originAlertId": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
      "firedDateTime": "2019-03-22T13:58:24.3713213Z",
      "description": "foobar",
      "essentialsVersion": "1.0",
      "alertContextVersion": "1.0"
    },
    "alertContext": {
      "properties": null,
      "conditionType": "SingleResourceMultipleMetricCriteria",
      "condition": {
        "windowSize": "PT5M",
        "allOf": [
          {
            "metricName": "Percentage CPU",
            "metricNamespace": "Microsoft.Compute/virtualMachines",
            "operator": "GreaterThan",
            "threshold": "25",
            "timeAggregation": "Average",
            "dimensions": [
              {
                "name": "ResourceId",
                "value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e"
              }
            ],
            "metricValue": 7.727
          }
        ]
      }
    },
    "customProperties": {
      "Key1": "Value1",
      "Key2": "Value2"
    }
  }
}

...will result in the following mapped Signal on FireHydrant:

{
  "summary": "[Sev3] WCUS-R2-Gen2",
  "body": "foobar\n\n**Alert Target IDs:**\n```\n- /subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2\n```\n\n**Configuration Items:**\n```\n- wcus-r2-gen2\n```\n",
  "idempotency_key": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
  "level": "ERROR",
  "annotations": {
    "azure.monitoringService": "Platform",
    "azure.severity": "Sev3",
    "azure.signalType": "Metric"
  }
}