Flooded by Critical Alerts after Management Pack Upgrades

Copper Contributor

After upgrading several Management Packs at the same time, the whole Alert Monitoring got flooded with Critical Alerts and I feel like a fool because there might be a better way to do this without alerting the whole global company. So i need your help :)

 

As you can see in the screenshot, while upgrading the MPs, they also generated new Run As Profiles (check date of modification) (Todays Date is the 12th December 2021) => 12/4/2021

RunAsProfiles(2).png

So what do I wanted to do? Just copy the same RunAsAccounts configuration as it is on the other ones. The issue i am facing here is, that these Accounts have "A selected class, group, or object:" configured BUT i cannot differentiate here if it is a class, group, or object which was chosen on the previous ones. No matter in which section i am searching, it is giving me a result. So how I can differentiate or does it not make any difference?!

 

rgencasl_0-1638643975552.png

 

Some other additional questions i am having here while we speak about this context/topic:

- How can i prevent such an situation happening again?

- I found many RunAsProfiles without any RunAsAccounts configured inside. What does that mean? Does it mean, that the monitoring for which we would need these Profiles/Accounts do not run OR does it maybe mean, that there is no need for a Profile/Account for that specific monitoring which is linked/depending on these Profiles/Accounts?! What is the best practice and how can i "cleanup" this mess?

- I just started working in this company recently and the SCOM Expert has left before i started. So whats the best method to discover/explore this area without causing issues or destoying some configurations?!?

 

Thanks a lot for helping me. Definitely appreciate each and every contribution to my current situation :)

 

Cheers!

0 Replies