(New) SCOM 2019 UR1 supports Cross-Site Request Forgery (CSRF) tokens to prevent CSRF attacks:

In order to test REST-API calls before using them in HTML code in Custom Widget, I am sharing below the script that has been adapted to support SCOM 2019 UR1 as well. Script needs to be supplied the SCOM Management Server name as parameter and it will retrieve the number of active (New) alerts. It can be adapted to retrieve any kind of information according to SCOM REST-API documentation.


# authentication part

$scomHeaders = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$scomHeaders.Add('Content-Type','application/json; charset=utf-8')

$bodyraw = "Windows"
$Bytes = [System.Text.Encoding]::UTF8.GetBytes($bodyraw)
$EncodedText =[Convert]::ToBase64String($Bytes)
$jsonbody = $EncodedText | ConvertTo-Json

$uri = "http://$MS/OperationsManager/authenticate"

$Request = Invoke-WebRequest `
	-Method POST `
	-Uri $uri `
	-Headers $scomHeaders `
	-body $jsonbody `
	-UseDefaultCredentials `
	-SessionVariable 'websession'

# Initialize the CSRF token if using SCOM 2019 UR1, else safe to ignore

foreach($value in $Request.Headers["Set-Cookie"].Split(";"))
	if ($value.contains("SCOM-CSRF-TOKEN"))
		$ScomCsrfTokenValue = [System.Web.HttpUtility]::UrlDecode($value.Split("=")[1])

# if using SCOM 2019 UR1 the line below is needed, ELSE just comment it


# data below is for all alerts, not filtered per group

$data = @"
	"classId": null,
	"objectIds": { },
	"criteria": "(ResolutionState = '0')",
	"displayColumns": [
		"id","severity", "monitoringobjectdisplayname", "monitoringobjectpath", "name", "age", "description", "owner", "timeadded"

$uri = "http://$MS/OperationsManager/data/alert"

$Response = Invoke-WebRequest `
	-Method POST `
	-Uri $uri `
	-Body $data `
	-Headers $scomHeaders `
	-UseDefaultCredentials `
	-WebSession $websession

$alerts = ConvertFrom-Json -InputObject $Response.Content
write-host "Active alerts found: "$alerts.rows.count

If you need help with developing SCOM custom HTML dashboards please contact me.

2 responses to “SCOM 2019 UR1 REST-API

  1. Pingback: System Center Nisan 2020 Bülten – Sertaç Topal

  2. Emil G July 2, 2020 at 10:16 am

    This was golden, thank you so much!
    The official documentation isn’t super clear on how to do this in powershell. 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: