Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 12

JSON AcknowledgedBy Inbound using xMatters Integration Agent

I am working on our integration with xMatters.  One of my goals is to have the ACK passed from xMatters into Orion include the user who initiated the ACK within xMatters.  Today an inbound ACK is marked as being made by our xMatters User in Orion.  xMatters does pass in a message that explains who did ACK in xMatters but that is not visible on the Active Alert List.

In the xMatters Integration Agent they do talk about acknowledgedBy and in the context where they use it, it refers to injecting the xMatters ACK into Orion.  I also found in the REST · solarwinds/OrionSDK Wiki · GitHub  but there it almost sounds like this is used to retrieve who ACK'd in Orion.

So is it possible to reflect on the Active Alerts List who exactly ACK'd the Alert within xMatters?

0 Kudos
3 Replies
Level 19

To acknowledge an Orion alert programmatically, invoke the Orion.AlertActive.Acknowledge verb, as documented in Orion will record the alert as having been acknowledged by the username the API call is authenticated by.

Of course, in most automation environments you don't have access to the passwords of all the users who might be acknowledging alerts. To allow for this scenario, you can provide one set of credentials to authenticate the API call, but then impersonate another user, overriding the profile that will be used for audit purposes, including alert acknowledgement.

To impersonate another user when making an HTTPS API call to Orion, provide the basic authentication header as normal:

Authorization: Basic xxxxxxxxxxxx

(where "xxxxxxxxxxxxx" is the base64 of the username:password of some Orion admin user). But also provide an extra custom header to specify which user to impersonate:

X-SolarWinds-Impersonate: bob

For this to work, bob must be a valid Orion user and bob must have rights to perform the action requested. When X-SolarWinds-Impersonate is specified, the credentials in the Authorization header are only used to authorize the impersonation, not the actual API call. The API call, including authorization and auditing, are performed as if the impersonated user had made the call directly.

0 Kudos

I'm running into this scenario as well.  I've built a Django application to provide an Acknowledge button for an alert which then calls a custom Python function and passes it to the Solarwinds swisclient using Invoke:  swis.invoke('Orion.AlertActive', 'Acknowledge', alert_list, note).  But the alert is acknowledged by the API account.

In the case of using the Python SWIS client, is there any method for passing a custom X-SolarWinds-Impersonate header?  Or would I need to modify "class SwisClient" and conditionally add the custom header somehow?

0 Kudos

You don't need to modify the SwisClient class. When you create your instance of SwisClient, you can pass in a requests.Session object with some default headers already filled in. Like this (not tested):

import requests
import orionsdk

session = requests.Session()
session.headers.update({'X-SolarWinds-Impersonate': 'mickeymouse'})
swis = orionsdk.SwisClient('orion.corp.local', 'myusername', 'mypassword', False, session)
0 Kudos