Manage SCOM Alerts Using REST API

In this blog post, I will walk through how to get alerts from SCOM using REST API.

REST API is applicable from 1801 version which support a set of HTTP operations, in this guide I’ll explained how to filter the alerts to get only the scope you need.

In the examples in the following article – demonstrated only on how to make calls to use a “custom widget” in the new HTML web console, in this guide I’ll explain how to get the alerts by REST API to forward it to another systems for example, by Powershell script.

All available operations you can call, is listed here – 

Powershell Script – output only new critical alerts:

# Set header and the body

$scomHeaders = New-Object “System.Collections.Generic.Dictionary[[String],[String]]”

$scomHeaders.Add(‘Content-Type’,’application/json; charset=utf-8′)

$bodyraw = “Windows”

$Bytes = [System.Text.Encoding]::UTF8.GetBytes($bodyraw)

$EncodedText =[Convert]::ToBase64String($Bytes)

$jsonbody = $EncodedText | ConvertTo-Json


$uriBase = ‘http://<Your SCOM MS>/OperationsManager/authenticate’

$auth = Invoke-RestMethod -Method POST -Uri $uriBase -Headers $scomheaders -body $jsonbody -UseDefaultCredentials -SessionVariable websession

# Add Criteria – Specify the criteria (such as severity, priority, resolution state, etc.)

# Display Columns – Specify the columns which needs to be displayed.

$query = @(@{ “classId”= “”

                  # Criteria output the critical new alerts

                    “criteria” = “((Severity = ‘2’) AND (ResolutionState = ‘0’))”

                    “displayColumns” =”severity”,”monitoringobjectdisplayname”,”name”,”age”,”repeatcount”,”lastModified”


$jsonquery = $query | ConvertTo-Json

$Response = Invoke-RestMethod -Uri “http:// <Your SCOM MS> /OperationsManager/data/alert” -Method Post -Body $jsonquery -ContentType “application/json” -UseDefaultCredentials -WebSession $websession

$alerts = $Response.Rows


#Using Powershell script above and set the query without criteria, will retrieve All alerts

$query = @(@{ “classId”= “”

                  # Get All Alerts

                    “displayColumns” =”severity”,”monitoringobjectdisplayname”,”name”,”age”,”repeatcount”,”lastModified”


#In “DisplayColumns” value, you can add any alert property, for example add alert description:

$query = @(@{ “classId”= “”

            “criteria” = “((Severity = ‘2’) and (ResolutionState = ‘0’))”

                      “displayColumns” = “id”,”name”,”description”


#Id, Name, and Description: