🚧

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the Org Token type of Authorization token.

🚧

Tag Limitations

To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have:

• 1000 alert tags
• 500 enrichment items per alert tag
• 20,000 alert enrichment items total
• 200 mapping enrichment results tags

If more alert tags or enrichment items are needed, we recommend exploring normalization options to help streamline your alert data and improve incident quality.

Sample Calls

curl --request POST
     --url https://api.bigpanda.io/resources/v1.0/enrichments/8ded2313-0ebd-42e5-a36c-120420674863/map \
     --header 'Authorization: Bearer <ORG TOKEN>' \
     --header 'Content-Type: text/csv; charset=utf8' \
     --data 'application,owner,Runbook URL
        billing,Adina Terry,https://acme-wiki.com/billing+SOP
        sales,Madison Dor,https://acme-wiki.com/salesapp+SOP
'

curl --request POST \
     --url https://api.bigpanda.io/resources/v1.0/enrichments/8ded2313-0ebd-42e5-a36c-120420674863/map \
     --header 'Authorization: Bearer <ORG TOKEN>' \
     --header 'Content-Type: text/csv; charset=utf8' \
     --data-binary @operationsTeamSpreadsheet.csv

curl --request POST
     --url https://eu-api.bigpanda.io/resources/v1.0/enrichments/8ded2313-0ebd-42e5-a36c-120420674863/map \
     --header 'Authorization: Bearer <ORG TOKEN>' \
     --header 'Content-Type: text/csv; charset=utf8' \
     --data 'application,owner,Runbook URL
        billing,Adina Terry,https://acme-wiki.com/billing+SOP
        sales,Madison Dor,https://acme-wiki.com/salesapp+SOP
'

Usage

Use this API to create a new table for a mapping enrichment or to completely replace the existing table. Send the entire table as comma-separated values (CSV) in the body of the request or in a CSV file. The data table must meet these requirements:

• The structure matches the mapping schema definition. For example, the column names must match the titles in the schema definition. Similarly, the table must include all of the columns in the definition
• The table contains at least two rows—the title row and at least one row of enrichment values
• Each row is unique; the table must not contain duplicate rows
• The field values do not exceed 32K in length

❗️

No Line Breaks

New line characters (\n or \r) or line breaks are not supported.

🚧

The CSV file cannot be more than 500MB

Because it is a potentially long-running action, the table upload is performed asynchronously. Therefore, the immediate response indicates only whether the request was properly formatted and, if it was, provides a URL for checking the status of the upload. The entire table upload must complete successfully for the changes to take effect; the API does not support partial success.

A typical asynchronous upload negotiation consists of these steps:

1. Upload the table.
   A Job object is created and a URL for checking the status is returned.
2. Use the URL to periodically check the job status until it is set to done or failed.
3. If the job was not successful, you can retry the request.
   If necessary, debug any connectivity issues or data formatting issues that may have contributed to the failed upload. For example, ensure the CSV file follows the enrichment schema definition.

❗️

Table as CSV in Request Body

The payload must end with an empty new line. Make sure there are no spaces before the closing quotation marks on the last line.

❗️

Table in Separate CSV File

The CSV file must use standard line feed characters for line endings and must end with an empty new line. Some programs use different line ending formats. If you receive the following error, you may need to convert the line endings or add an empty new line to your file.

Stream finished but there was a truncated final frame in the buffer