Azure Resource Health helps you diagnose and get support for service problems that affect your Azure resources, it reports on the current and past health of your resources. This connector supports actions related to availability status and events.
This document provides information about the Azure Resource Health Connector, which facilitates automated interactions, with an Azure Resource Health server using FortiSOAR™ playbooks. Add the Azure Resource Health Connector as a step in FortiSOAR™ playbooks and perform automated operations with Azure Resource Health.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.3.1-2105 and later
Azure Resource Health Version Tested on: Cloud Instance
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-azure-resource-health
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Azure Resource Health connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The service-based URL to which you connect and perform automated operations. |
Client ID | Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API. |
Client Secret | Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, refer to https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp. |
Tenant ID | ID of the tenant that you have been provided for your Azure Active Directory instance. |
Auth Code | The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section. |
Redirect URL | The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match the redirect_url you have registered in your app registration portal. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Availability Status | Retrieves current availability status for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. | get_availability_status Investigation |
Get Availability Transitions List | Retrieves a list of historical availability transitions and impacting events for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. | get_availability_status_list Investigation |
Get Current Availability Status by Resource Group | Retrieves a list of current availability status for all the resources in the resource group from Azure Resource Health based on the resource type and resource name that you have specified. | get_availability_status_by_resource_group Investigation |
Get Current Availability Status by Subscription ID | Retrieves a list of current availability status for all the resources in the subscription from Azure Resource Health based on the subscription ID that you have specified. | get_availability_status_by_subscription_id Investigation |
Get Event List for Resource | Retrieves a list of current service health events for a given resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. | get_event_list_for_resource Investigation |
Get Event List for Subscription ID | Retrieves a list of service health events in the subscription from Azure Resource Health based on the subscription ID, query start time, and other filter criteria that you have specified. | get_event_list_for_subscription_id Investigation |
Get Event List for Tenant ID | Retrieves a list of current service health events in the tenant from Azure Resource Health based on the query start time and other filter criteria that you have specified. | get_event_list_for_tenant_id Investigation |
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Resource Provider Name | Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute . For a list of resource providers, check Resource providers for Azure services. |
Resource Type | Specify the type of the resource from Azure portal. eg: virtualMachines |
Resource Name | Specify the name of the resource from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"reasonChronicity": "",
"detailedStatus": "",
"occuredTime": "",
"reportedTime": "",
"rootCauseAttributionTime": "",
"resolutionETA": ""
}
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Resource Provider Name | Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute . For a list of resource providers, check Resource providers for Azure services. |
Resource Type | Specify the type of the resource from Azure portal. eg: virtualMachines |
Resource Name | Specify the name of the resource from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"healthEventType": "",
"healthEventCause": "",
"rootCauseAttributionTime": "",
"occuredTime": "",
"reasonChronicity": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Resource Provider Name | Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute . For a list of resource providers, check Resource providers for Azure services. |
Resource Type | Specify the type of the resource from Azure portal. eg: virtualMachines |
Resource Name | Specify the name of the resource from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"reason": "",
"platformInitiated": "",
"header": "",
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impact": "",
"isHIR": "",
"priority": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Query Start Time | Select a date from when to return events, based on the lastUpdateTime property. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}
Parameter | Description |
---|---|
Query Start Time | Select a date from when to return events, based on the lastUpdateTime property. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}
The Sample - Azure Resource Health - 1.0.0
playbook collection comes bundled with the Azure Resource Health connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Resource Health connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Azure Resource Health helps you diagnose and get support for service problems that affect your Azure resources, it reports on the current and past health of your resources. This connector supports actions related to availability status and events.
This document provides information about the Azure Resource Health Connector, which facilitates automated interactions, with an Azure Resource Health server using FortiSOAR™ playbooks. Add the Azure Resource Health Connector as a step in FortiSOAR™ playbooks and perform automated operations with Azure Resource Health.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.3.1-2105 and later
Azure Resource Health Version Tested on: Cloud Instance
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-azure-resource-health
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Azure Resource Health connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The service-based URL to which you connect and perform automated operations. |
Client ID | Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API. |
Client Secret | Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, refer to https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp. |
Tenant ID | ID of the tenant that you have been provided for your Azure Active Directory instance. |
Auth Code | The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section. |
Redirect URL | The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match the redirect_url you have registered in your app registration portal. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Availability Status | Retrieves current availability status for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. | get_availability_status Investigation |
Get Availability Transitions List | Retrieves a list of historical availability transitions and impacting events for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. | get_availability_status_list Investigation |
Get Current Availability Status by Resource Group | Retrieves a list of current availability status for all the resources in the resource group from Azure Resource Health based on the resource type and resource name that you have specified. | get_availability_status_by_resource_group Investigation |
Get Current Availability Status by Subscription ID | Retrieves a list of current availability status for all the resources in the subscription from Azure Resource Health based on the subscription ID that you have specified. | get_availability_status_by_subscription_id Investigation |
Get Event List for Resource | Retrieves a list of current service health events for a given resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. | get_event_list_for_resource Investigation |
Get Event List for Subscription ID | Retrieves a list of service health events in the subscription from Azure Resource Health based on the subscription ID, query start time, and other filter criteria that you have specified. | get_event_list_for_subscription_id Investigation |
Get Event List for Tenant ID | Retrieves a list of current service health events in the tenant from Azure Resource Health based on the query start time and other filter criteria that you have specified. | get_event_list_for_tenant_id Investigation |
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Resource Provider Name | Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute . For a list of resource providers, check Resource providers for Azure services. |
Resource Type | Specify the type of the resource from Azure portal. eg: virtualMachines |
Resource Name | Specify the name of the resource from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"reasonChronicity": "",
"detailedStatus": "",
"occuredTime": "",
"reportedTime": "",
"rootCauseAttributionTime": "",
"resolutionETA": ""
}
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Resource Provider Name | Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute . For a list of resource providers, check Resource providers for Azure services. |
Resource Type | Specify the type of the resource from Azure portal. eg: virtualMachines |
Resource Name | Specify the name of the resource from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"healthEventType": "",
"healthEventCause": "",
"rootCauseAttributionTime": "",
"occuredTime": "",
"reasonChronicity": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Resource Group Name | Specify the name of the resource group from the Azure portal. |
Resource Provider Name | Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute . For a list of resource providers, check Resource providers for Azure services. |
Resource Type | Specify the type of the resource from Azure portal. eg: virtualMachines |
Resource Name | Specify the name of the resource from the Azure portal. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"reason": "",
"platformInitiated": "",
"header": "",
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impact": "",
"isHIR": "",
"priority": ""
}
}
]
}
Parameter | Description |
---|---|
Subscription ID | Specify the subscription ID that you have been provided to use cloud services. |
Query Start Time | Select a date from when to return events, based on the lastUpdateTime property. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}
Parameter | Description |
---|---|
Query Start Time | Select a date from when to return events, based on the lastUpdateTime property. |
Filter | Specify filter expressions to filter and return only those results that match the specified expressions. |
The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}
The Sample - Azure Resource Health - 1.0.0
playbook collection comes bundled with the Azure Resource Health connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Resource Health connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.