This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

JSON AcknowledgedBy Inbound using xMatters Integration Agent

I am working on our integration with xMatters.  One of my goals is to have the ACK passed from xMatters into Orion include the user who initiated the ACK within xMatters.  Today an inbound ACK is marked as being made by our xMatters User in Orion.  xMatters does pass in a message that explains who did ACK in xMatters but that is not visible on the Active Alert List.

In the xMatters Integration Agent they do talk about acknowledgedBy and in the context where they use it, it refers to injecting the xMatters ACK into Orion.  I also found in the REST · solarwinds/OrionSDK Wiki · GitHub  but there it almost sounds like this is used to retrieve who ACK'd in Orion.

So is it possible to reflect on the Active Alerts List who exactly ACK'd the Alert within xMatters?

  • To acknowledge an Orion alert programmatically, invoke the Orion.AlertActive.Acknowledge verb, as documented in https://github.com/solarwinds/OrionSDK/wiki/Alerts#orionalertactive. Orion will record the alert as having been acknowledged by the username the API call is authenticated by.

    Of course, in most automation environments you don't have access to the passwords of all the users who might be acknowledging alerts. To allow for this scenario, you can provide one set of credentials to authenticate the API call, but then impersonate another user, overriding the profile that will be used for audit purposes, including alert acknowledgement.

    To impersonate another user when making an HTTPS API call to Orion, provide the basic authentication header as normal:

    Authorization: Basic xxxxxxxxxxxx

    (where "xxxxxxxxxxxxx" is the base64 of the username:password of some Orion admin user). But also provide an extra custom header to specify which user to impersonate:

    X-SolarWinds-Impersonate: bob

    For this to work, bob must be a valid Orion user and bob must have rights to perform the action requested. When X-SolarWinds-Impersonate is specified, the credentials in the Authorization header are only used to authorize the impersonation, not the actual API call. The API call, including authorization and auditing, are performed as if the impersonated user had made the call directly.

  • I'm running into this scenario as well.  I've built a Django application to provide an Acknowledge button for an alert which then calls a custom Python function and passes it to the Solarwinds swisclient using Invoke:  swis.invoke('Orion.AlertActive', 'Acknowledge', alert_list, note).  But the alert is acknowledged by the API account.

    In the case of using the Python SWIS client, is there any method for passing a custom X-SolarWinds-Impersonate header?  Or would I need to modify swisclient.py "class SwisClient" and conditionally add the custom header somehow?

  • You don't need to modify the SwisClient class. When you create your instance of SwisClient, you can pass in a requests.Session object with some default headers already filled in. Like this (not tested):

    import requests
    import orionsdk
    
    session = requests.Session()
    session.headers.update({'X-SolarWinds-Impersonate': 'mickeymouse'})
    swis = orionsdk.SwisClient('orion.corp.local', 'myusername', 'mypassword', False, session)
    swis.invoke(...)
  • how would you do the OpenSwis in PowerShell using 'X-SolarWinds-Impersonate'?

    TIA

  • SwisPowerShell does not support impersonation. The protocol that SwisPowerShell uses to talk to SWIS does support impersonation, it's just not exposed in the powershell module.

  • Asking for the audience:

    If someone wanted that in the SwisPowerShell module, would you recommend we put that in the GitHub Issues as a feature request or put in an Orion Platform Feature Request.

    My gut says GitHub because it's a module, but full clarity would be nice.

  • My situation is the same as the title here implies so I will continue this discussion here.  Basically I have a JSON script running on the xMatters Agent which is running on my Orion Primary Polling Engine server.

    I had thought about using curl similar to the discussion in Acknowledge Alerts with a curl but I don't like the idea of putting the creds into the xMatters JSON script.  If I was going to do this, I would want the JSON script to instead kick off an Orion server-based PowerShell script that then does a curl or something similar to ACK the Alert with impersonation.

    Is curl the best solution for doing something like this and, whatever you do feel is the best method, can you provide a PowerShell example?

    TIA

    Mike

  • , you could probably do an invoke rest method and see if you can leverage the impersonation that way. I've not tried something like that out so i don't have any examples, but below i have a couple of articles that might be able to help. The most beneficial one IMO is the second one, if you can get it to work using postman with the impersonation you can hove postman give you the code snippet for the request in PowerShell.

    clan8blog.wordpress.com/.../

    learning.postman.com/.../

  • I do this stuff frequently (convert curl logic to Invoke-RestMethod calls), and it would probably work this way:

    $Headers = @{
       'Content-Type' = 'application/json';
                                    # Impersonate Mickey Mouse
       'X-SolarWinds-Impersonate' = 'mickeymouse'
    }
    #          +- Array of Alert Object IDs on which to operate
    #          |
    #          |             +- Notes for the alert acknowledgement
    #          |             |
    #          v             v
    $Body = '[[48, 49], "Put Your Notes Here"]'
    <#
    A little easier to comprehend if this way
    $Body = @'[
      [
        48,
        49
      ],
      "Put Your Notes Here"
    ]
    '@
    #>
    
    $SwisCreds = New-Object -TypeName System.Net.NetworkCredential -Property @{ UserName = 'admin'; Password = '@ppStack1' }
    
    $Results = Invoke-RestMethod -Method Post -Uri "https://MyOrionServer.Domain.Local:17778/SolarWinds/InformationService/v3/Json/Invoke/Orion.AlertActive/Acknowledge" -Body $Body -Headers $Headers -Credential $SwisCreds
    $Results
    

    Note that I can't test this at the moment because my lab server is acting the fool.

    You may need to disable the certificate checking if the Orion certificate isn't from a trusted PKI.

    PowerShell function to suppress HTTPS self-signed certificate errors » Kevin's Ramblings (kmsigma.com)

  • , did you try what posted above?

    You may need to disable the certificate checking if the Orion certificate isn't from a trusted PKI.

    PowerShell function to suppress HTTPS self-signed certificate errors » Kevin's Ramblings (kmsigma.com)