DocsAPI ReferenceRelease Notes
BigPanda AppRequest DemoBigPanda UniversityBigPanda Community

Create Enrichment

post https://api.bigpanda.io/resources/v1.0/enrichments

Creates a new definition for an enrichment schema.

🚧

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the Org Token type of Authorization token.

Sample Calls

curl --request POST \
     --url https://api.bigpanda.io/resources/v1.0/enrichments \
     --header 'Authorization: Bearer <ORG TOKEN>' \
     --header 'Content-Type: application/json; charset=utf8' \
     --data '{
            "type": "mapping",
            "config" : {
                "map_name": "operations team spreadsheet",
                "fields": [
                    {
                        "title": "application",
                        "type": "query_tag"
                    },
                    {
                        "title": "owner",
                        "type": "result_tag",
                        "override_existing": false
                    },
                    {
                        "title": "Runbook URL",
                        "type": "result_tag",
                        "tag_name": "wiki",
                        "override_existing": false
                    }
                ]
            }
       }'

curl --request POST \
     --url https://eu-api.bigpanda.io/resources/v1.0/enrichments \
     --header 'Authorization: Bearer <ORG TOKEN>' \
     --header 'Content-Type: application/json; charset=utf8' \
     --data '{
            "type": "mapping",
            "config" : {
                "map_name": "operations team spreadsheet",
                "fields": [
                    {
                        "title": "application",
                        "type": "query_tag"
                    },
                    {
                        "title": "owner",
                        "type": "result_tag",
                        "override_existing": false
                    },
                    {
                        "title": "Runbook URL",
                        "type": "result_tag",
                        "tag_name": "wiki",
                        "override_existing": false
                    }
                ]
            }
       }'

Literal Pipes in Tag Values

Pipes: | are used in BigPanda as a delimiter for array values.
If the value should have a literal pipe, wrap the entire cell in three quotes:
"""this is a | literal pipe"""
If the value should have both a literal pipe and quotation marks, then the cell should be wrapped in three quotes, and the quoted text needs to be wrapped in four quotes:
"""this is a | literal pipe with """"quoted"""" text"""

🚧

Tag Limitations

To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have:

  • 1000 alert tags
  • 500 enrichment items per alert tag
  • 20,000 alert enrichment items total
  • 200 mapping enrichment results tags

If more alert tags or enrichment items are needed, we recommend exploring normalization options to help streamline your alert data and improve incident quality.

Language