SCOM 2019 UR1 REST-API

(New) SCOM 2019 UR1 supports Cross-Site Request Forgery (CSRF) tokens to prevent CSRF attacks: https://docs.microsoft.com/en-us/system-center/scom/manage-create-web-dashboard-custom?view=sc-om-2019

In order to test REST-API calls before using them in HTML code in Custom Widget, I am sharing below the script that has been adapted to support SCOM 2019 UR1 as well. Script needs to be supplied the SCOM Management Server name as parameter and it will retrieve the number of active (New) alerts. It can be adapted to retrieve any kind of information according to SCOM REST-API documentation.


param($MS)

# authentication part

$scomHeaders = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$scomHeaders.Add('Content-Type','application/json; charset=utf-8')

$bodyraw = "Windows"
$Bytes = [System.Text.Encoding]::UTF8.GetBytes($bodyraw)
$EncodedText =[Convert]::ToBase64String($Bytes)
$jsonbody = $EncodedText | ConvertTo-Json

$uri = "http://$MS/OperationsManager/authenticate"

$Request = Invoke-WebRequest `
	-Method POST `
	-Uri $uri `
	-Headers $scomHeaders `
	-body $jsonbody `
	-UseDefaultCredentials `
	-SessionVariable 'websession'

# Initialize the CSRF token if using SCOM 2019 UR1, else safe to ignore

foreach($value in $Request.Headers["Set-Cookie"].Split(";"))
{
	if ($value.contains("SCOM-CSRF-TOKEN"))
	{
		$ScomCsrfTokenValue = [System.Web.HttpUtility]::UrlDecode($value.Split("=")[1])
	}
}

# if using SCOM 2019 UR1 the line below is needed, ELSE just comment it

$scomHeaders.Add('SCOM-CSRF-TOKEN',$ScomCsrfTokenValue)

# data below is for all alerts, not filtered per group

$data = @"
{
	"classId": null,
	"objectIds": { },
	"criteria": "(ResolutionState = '0')",
	"displayColumns": [
		"id","severity", "monitoringobjectdisplayname", "monitoringobjectpath", "name", "age", "description", "owner", "timeadded"
	]
}
"@

$uri = "http://$MS/OperationsManager/data/alert"

$Response = Invoke-WebRequest `
	-Method POST `
	-Uri $uri `
	-Body $data `
	-Headers $scomHeaders `
	-UseDefaultCredentials `
	-WebSession $websession

$alerts = ConvertFrom-Json -InputObject $Response.Content
write-host "Active alerts found: "$alerts.rows.count

If you need help with developing SCOM custom HTML dashboards please contact me.

One response to “SCOM 2019 UR1 REST-API

  1. Pingback: System Center Nisan 2020 Bülten – Sertaç Topal

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: