The primary property is one of the key fields for incoming alerts and is used for correlation and deduplication within BigPanda. This field is displayed as the main title of alerts and incidents in the UI until a correlation pattern has been matched. Alerts must include a primary property when sent to BigPanda in order to be processed.
"primary_property"="tag_name" is not specified, the primary property will be defined as one of the following:
device. Some integrations may allow you to customize which field a tool uses as the primary property. See the integration-specific instructions for details on primary property field defaults and customization.
primary_property is a reserved system word within BigPanda and cannot be changed or redefined for use in custom enrichment. When sending primary_property fields to BigPanda ensure that primary_property is lowercase only.
Updated 5 months ago