One of our customers came to us asking for a way to easily log tickets created during the night shifts in order to allow team members to be up to date on any nightly occurrences even when the On-Call staff hadn’t been at the office yet. Our initial suggestion was to just send a broadcast message to the team members inboxes but due to concerns that such a setup would just add clutter we investigated alternate ways of providing this functionality. While talking to the customer we learned that they already used Microsoft Teams for their internal communication during the day and had already created a chatroom for discussing issues. With that knowledge, we explored the option of utilizing Microsoft Teams to provide an easy overview of issues that occurred overnight.

Design considerations

Our focus was on providing a solution that would be lightweight, easy to set up and wouldn’t require redesigning existing workflows. We did that by utilizing Enterprise Alert’s ability to automatically execute remote actions on triggered alert policies. This feature was initially implemented to allow On-Call people to utilize preconfigured remote actions for faster problem resolution. Like restarting servers/services or kicking of automated information gathering. In this case, we used it to trigger a PowerShell script that would forward key information from the event source to teams allowing them to start collaborating.

Add the Incoming Webhook add-on to Microsoft Teams

1. 1. Log in to https://teams.microsoft.com/
   2. Go to apps.
      
   3. Search for Incoming Webhook in the available Apps.
      
   4. Add a team and set up the connector.
      
   5. Provide a name for the connector and click on create.
      
   6. Copy the webhook URL and save it somewhere easily accessible to you.
      

REST Webhook Call via PowerShell Script

The PowerShell script will provide the core functionality in this setup by making the REST request. In this example, we will only work with 2 parameters, but this can be easily scaled. In order to set this up, the below steps are necessary.

1. Create a location for your script to be stored in. A local folder (e.g. C:\Scripts) is recommended as remote locations can cause unnecessary problems.
2. In this folder create a new ps1 file and give it a descriptive but short name.
3. Open the file and paste in the below example script and fill in the <REST_Endpoint> placeholder with your REST Endpoint URL from the previous section:

   param( 
   $Param1, 
   $Param2 
   ) 
   Invoke-RestMethod "<REST_Endpoint>" -Method POST -ContentType "application/json" -Body "{'title':'$Param1','text':'$Param2'}"
   

4. Save the script file and note down the file name and path.

Remote action to automatically forward alerts

To setup the remote action you first have to setup a task in Windows task scheduler and configure it to run a PowerShell script with two parameters we forward from Enterprise Alert.

1. In the Task scheduler make sure the Enterprise Alert Directory is present.
   
2. Create a new task and give it a name. Make sure you set the flags as shown below.
   
3. Within the task create a new action and configure it like displayed below. The used settings you can find below the screenshot.
   

   C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

   -ExecutionPolicy Bypass -File "C:\Scripts\Teams.ps1" -param1 "$(Arg0)" -param2 "$(Arg1)"

4. Log onto the EA Portal navigate to the remote action section.
   
5. Create a new remote action and make sure it is set to execute in the task scheduler. Since it is a remote action that will be run automatically you don’t have to configure anything else.
   
6. In the action tab select the task we previously created, and it will populate the configured parameters.
   

Add the Remote Action to the Alert Policy

The last step is to connect the remote action with your already existing alerting scenario.

1. Go to the action tab of your Policy and add the Remote Action. Take care that the action is flagged as auto-run.
   
2. Click on Edit mappings to link up the parameters you want to forward to Teams. In our case it is the external ID and the status description directly taken from the source event.
   

Now whenever the policy triggers you will get a new post on Teams you can use as a starting point for discussions.

Summary

Using the webhook of a chat channel in Microsoft Teams, we can easily forward alerts that are triggered through an alert policy in Enterprise Alert. This approach utilizes the filtering and targeting capabilities of alert policies of Enterprise Alert. It notifies an entire team channel in Microsoft Teams upon new alerts. By creating multiple scripts targeting different channels in Microsoft Teams you could easily route alerts based on responsibilities or other criteria. Opportunities are endless….

If you have any further questions on this topic please feel free to contact us under support@derdack.com.