Fortinet black logo

Azure Resource Health

Azure Resource Health v1.0.0

1.0.0
Copy Link
Copy Doc ID 482cadeb-a21e-11ed-8e6d-fa163e15d75b:501

About the connector

Azure Resource Health helps you diagnose and get support for service problems that affect your Azure resources, it reports on the current and past health of your resources. This connector supports actions related to availability status and events.

This document provides information about the Azure Resource Health Connector, which facilitates automated interactions, with an Azure Resource Health server using FortiSOAR™ playbooks. Add the Azure Resource Health Connector as a step in FortiSOAR™ playbooks and perform automated operations with Azure Resource Health.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.3.1-2105 and later

Azure Resource Health Version Tested on: Cloud Instance

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-azure-resource-health

Prerequisites to configuring the connector

  • You must have the URL of the Azure Resource Health server to connect and perform automated operations and credentials to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Azure Resource Health server.

Minimum Permissions Required

  • Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Azure Resource Health connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL The service-based URL to which you connect and perform automated operations.
Client ID Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Client Secret Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, refer to https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Tenant ID ID of the tenant that you have been provided for your Azure Active Directory instance.
Auth Code The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section.
Redirect URL The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match the redirect_url you have registered in your app registration portal.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Availability Status Retrieves current availability status for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. get_availability_status
Investigation
Get Availability Transitions List Retrieves a list of historical availability transitions and impacting events for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. get_availability_status_list
Investigation
Get Current Availability Status by Resource Group Retrieves a list of current availability status for all the resources in the resource group from Azure Resource Health based on the resource type and resource name that you have specified. get_availability_status_by_resource_group
Investigation
Get Current Availability Status by Subscription ID Retrieves a list of current availability status for all the resources in the subscription from Azure Resource Health based on the subscription ID that you have specified. get_availability_status_by_subscription_id
Investigation
Get Event List for Resource Retrieves a list of current service health events for a given resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. get_event_list_for_resource
Investigation
Get Event List for Subscription ID Retrieves a list of service health events in the subscription from Azure Resource Health based on the subscription ID, query start time, and other filter criteria that you have specified. get_event_list_for_subscription_id
Investigation
Get Event List for Tenant ID Retrieves a list of current service health events in the tenant from Azure Resource Health based on the query start time and other filter criteria that you have specified. get_event_list_for_tenant_id
Investigation

operation: Get Availability Status

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Resource Provider Name Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute. For a list of resource providers, check Resource providers for Azure services.
Resource Type Specify the type of the resource from Azure portal. eg: virtualMachines
Resource Name Specify the name of the resource from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"reasonChronicity": "",
"detailedStatus": "",
"occuredTime": "",
"reportedTime": "",
"rootCauseAttributionTime": "",
"resolutionETA": ""
}
}

operation: Get Availability Transitions List

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Resource Provider Name Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute. For a list of resource providers, check Resource providers for Azure services.
Resource Type Specify the type of the resource from Azure portal. eg: virtualMachines
Resource Name Specify the name of the resource from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"healthEventType": "",
"healthEventCause": "",
"rootCauseAttributionTime": "",
"occuredTime": "",
"reasonChronicity": ""
}
}
]
}

operation: Get Current Availability Status by Resource Group

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}

operation: Get Current Availability Status by Subscription ID

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}

operation: Get Event List for Resource

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Resource Provider Name Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute. For a list of resource providers, check Resource providers for Azure services.
Resource Type Specify the type of the resource from Azure portal. eg: virtualMachines
Resource Name Specify the name of the resource from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"reason": "",
"platformInitiated": "",
"header": "",
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impact": "",
"isHIR": "",
"priority": ""
}
}
]
}

operation: Get Event List for Subscription ID

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Query Start Time Select a date from when to return events, based on the lastUpdateTime property.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}

operation: Get Event List for Tenant ID

Input parameters

Parameter Description
Query Start Time Select a date from when to return events, based on the lastUpdateTime property.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}

Included playbooks

The Sample - Azure Resource Health - 1.0.0 playbook collection comes bundled with the Azure Resource Health connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Resource Health connector.

  • Get Availability Status
  • Get Availability Transitions List
  • Get Current Availability Status by Resource Group
  • Get Current Availability Status by Subscription ID
  • Get Event List for Resource
  • Get Event List for Subscription ID
  • Get Event List for Tenant ID

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Azure Resource Health helps you diagnose and get support for service problems that affect your Azure resources, it reports on the current and past health of your resources. This connector supports actions related to availability status and events.

This document provides information about the Azure Resource Health Connector, which facilitates automated interactions, with an Azure Resource Health server using FortiSOAR™ playbooks. Add the Azure Resource Health Connector as a step in FortiSOAR™ playbooks and perform automated operations with Azure Resource Health.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.3.1-2105 and later

Azure Resource Health Version Tested on: Cloud Instance

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-azure-resource-health

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Azure Resource Health connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL The service-based URL to which you connect and perform automated operations.
Client ID Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Client Secret Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, refer to https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Tenant ID ID of the tenant that you have been provided for your Azure Active Directory instance.
Auth Code The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section.
Redirect URL The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match the redirect_url you have registered in your app registration portal.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Availability Status Retrieves current availability status for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. get_availability_status
Investigation
Get Availability Transitions List Retrieves a list of historical availability transitions and impacting events for a single resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. get_availability_status_list
Investigation
Get Current Availability Status by Resource Group Retrieves a list of current availability status for all the resources in the resource group from Azure Resource Health based on the resource type and resource name that you have specified. get_availability_status_by_resource_group
Investigation
Get Current Availability Status by Subscription ID Retrieves a list of current availability status for all the resources in the subscription from Azure Resource Health based on the subscription ID that you have specified. get_availability_status_by_subscription_id
Investigation
Get Event List for Resource Retrieves a list of current service health events for a given resource from Azure Resource Health based on the subscription ID, resource type, resource name, and other details that you have specified. get_event_list_for_resource
Investigation
Get Event List for Subscription ID Retrieves a list of service health events in the subscription from Azure Resource Health based on the subscription ID, query start time, and other filter criteria that you have specified. get_event_list_for_subscription_id
Investigation
Get Event List for Tenant ID Retrieves a list of current service health events in the tenant from Azure Resource Health based on the query start time and other filter criteria that you have specified. get_event_list_for_tenant_id
Investigation

operation: Get Availability Status

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Resource Provider Name Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute. For a list of resource providers, check Resource providers for Azure services.
Resource Type Specify the type of the resource from Azure portal. eg: virtualMachines
Resource Name Specify the name of the resource from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"reasonChronicity": "",
"detailedStatus": "",
"occuredTime": "",
"reportedTime": "",
"rootCauseAttributionTime": "",
"resolutionETA": ""
}
}

operation: Get Availability Transitions List

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Resource Provider Name Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute. For a list of resource providers, check Resource providers for Azure services.
Resource Type Specify the type of the resource from Azure portal. eg: virtualMachines
Resource Name Specify the name of the resource from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"healthEventType": "",
"healthEventCause": "",
"rootCauseAttributionTime": "",
"occuredTime": "",
"reasonChronicity": ""
}
}
]
}

operation: Get Current Availability Status by Resource Group

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}

operation: Get Current Availability Status by Subscription ID

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"location": "",
"properties": {
"availabilityState": "",
"title": "",
"summary": "",
"reasonType": "",
"category": "",
"context": "",
"occuredTime": "",
"reasonChronicity": "",
"reportedTime": ""
}
}
]
}

operation: Get Event List for Resource

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Resource Group Name Specify the name of the resource group from the Azure portal.
Resource Provider Name Specify the name of the resource provider from the Azure portal. For example: Microsoft.Compute. For a list of resource providers, check Resource providers for Azure services.
Resource Type Specify the type of the resource from Azure portal. eg: virtualMachines
Resource Name Specify the name of the resource from the Azure portal.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"reason": "",
"platformInitiated": "",
"header": "",
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impact": "",
"isHIR": "",
"priority": ""
}
}
]
}

operation: Get Event List for Subscription ID

Input parameters

Parameter Description
Subscription ID Specify the subscription ID that you have been provided to use cloud services.
Query Start Time Select a date from when to return events, based on the lastUpdateTime property.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}

operation: Get Event List for Tenant ID

Input parameters

Parameter Description
Query Start Time Select a date from when to return events, based on the lastUpdateTime property.
Filter Specify filter expressions to filter and return only those results that match the specified expressions.

Output

The output contains the following populated JSON schema:
{
"value": [
{
"id": "",
"name": "",
"type": "",
"properties": {
"eventType": "",
"eventSource": "",
"status": "",
"title": "",
"summary": "",
"header": "",
"article": {
"articleContent": ""
},
"links": [
{
"type": "",
"displayText": {
"value": "",
"localizedValue": ""
},
"extensionName": "",
"bladeName": "",
"parameters": {
"trackingId": "",
"rcaRequested": ""
}
}
],
"level": "",
"eventLevel": "",
"impactStartTime": "",
"impactMitigationTime": "",
"impact": [
{
"impactedService": "",
"impactedRegions": [
{
"impactedRegion": "",
"status": "",
"impactedSubscriptions": "",
"impactedTenants": "",
"lastUpdateTime": ""
}
]
}
],
"recommendedActions": {
"message": "",
"actions": [
{
"groupId": "",
"actionText": ""
}
],
"localeCode": ""
},
"faqs": [
{
"question": "",
"answer": "",
"localeCode": ""
}
],
"isHIR": "",
"enableMicrosoftSupport": "",
"enableChatWithUs": "",
"priority": "",
"lastUpdateTime": "",
"hirStage": ""
}
}
],
"nextLink": ""
}

Included playbooks

The Sample - Azure Resource Health - 1.0.0 playbook collection comes bundled with the Azure Resource Health connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Resource Health connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next