This script is designed to be run as a scheduled task. It gets all recent SCOM alerts, finds the Management Pack display name of the rule or monitor that triggered the alert, and assigns this value to CustomField1. The Custom Field can then be used to create alert views or subscriptions based on Management Pack.

Update-CustomField.ps1

<#
.Synopsis
   Adds Management Pack display name to CustomField1 of SCOM alerts.
.DESCRIPTION
   This script is designed to be run as a scheduled task every 5 minutes. It gets all SCOM alerts raised in the past 6 minutes, finds the Management Pack display name  of the rule or monitor that triggered the alert, 
   and assigns this value to CustomField1. The Custom Field can then be used to create alert views or subscriptions based on Management Pack.
.NOTES
   Created by Lee Sartorelli 08/11/2017
   The time overlap (run every 5 minutes, but get alerts from the past 6 minutes) is designed to ensure alerts aren't missed.
#>

# Convert the current time to UTC, and calculate time minus 6 minutes
$TimeNow = (Get-Date).ToUniversalTime()
$TimeAgo = $TimeNow.AddMinutes(-6)

# Get all alerts from 6 minutes ago to now
$alerts = Get-SCOMAlert | Where-Object {$_.Timeraised -le $TimeNow -And $_.Timeraised -ge $TimeAgo}

foreach($a in $alerts)
{
    # Check if the alert already has data in CustomField1. If it has, do not proceed.
    if (!$a.CustomField1)
        {
        # Check if the alert is raised from a Rule
        if ($a.IsMonitorAlert -like 'False')
            {
            # Get the Management Pack Display Name from the rule ID, and assign this to CustomField1
            $a.CustomField1 = ((get-scomrule -id $a.monitoringruleid).getmanagementpack()).displayname
            $a.Update("") 
            }
        else
            {
            # Get the Management Pack Display Name from the monitor ID, and assign this to CustomField1
            $a.CustomField1 = ((get-scommonitor -id $a.problemid).getmanagementpack()).displayname
            $a.Update("")
            }
        }
}