Incident_identifier*

During alert correlation, BigPanda assigns correlated events an incident identifier. This id is used throughout the BigPanda system to recognize if two events are related to each other. Incident identifiers are created from the tags and event data sent to BigPanda for each event. By default, the incident identifier is a combination of the event’s host and check but it could be other fields depending on the properties of the correlating alerts The incident_identifier may also be called the incident_key.

🚧

Reserved Word

Incident-identifier is a reserved system word within BigPanda and cannot be changed or redefined for use in custom enrichment. When sending incident_identifier fields to BigPanda ensure that incident_identifier is lowercase only.