Correlation Patterns
Alert Correlation Logic sets rules to correlate alerts into BigPanda incidents. BigPanda's open machine learning engine will automatically create correlation patterns based on the alerts received, and will suggest new patterns as situations arise. You can customize the correlation patterns to better fit your infrastructure at any time.
Correlation Patterns
Authentication
All BigPanda APIs require Bearer Token Authorization in the call headers.
This API uses the User API Key type of Authorization token.
BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.
Parameters
The correlation-patterns object schema includes the following attributes:
Parameter | Description | Type |
|---|---|---|
id | System-generated unique identifier for a correlation pattern | UUID |
active | Whether the correlation pattern is active. Default condition is true | Boolean |
tags | Array of tag name(s) to correlate within the pattern. At least 1 item must appear in the array. No more than 5 items in the array. No duplicate names in the array. | Array |
time_window | Time frame to determine correlation in minutes | Integer |
filter | BPQL Filter to set conditions for the correlation pattern | String |
cross_source | Determines if alerts can be correlated from different source systems into the same incident Default condition is true | Boolean |
note | Brief description of the correlation pattern | String |
created_at | Unix epoch time when the correlation pattern was created (in seconds). | Timestamp (in seconds) |
created_by | The ID of the user who created the correlation pattern | User ID |
updated_at | Unix epoch time when the correlation pattern was last updated (in seconds). | Timestamp (in seconds) |
updated_by | The ID of the user who last updated the correlation pattern | User ID |
suggested_at | Unix epoch time when the correlation pattern was suggested by machine learning (in seconds). | Timestamp (in seconds) |
execution_order | The field to identify the correlation pattern order. For GET calls: Returned as a single integer as part of the correlation pattern object. For PUT calls: An array of correlation pattern ids in order by desired run order. | String or Integer |
Execution_order field
The execution_order parameter is part of the Correlation Patterns Run Order feature. This feature is available in a limited release. Please note that if this feature is not enabled in your organization, this field will not work. If you’re interested in enabling this feature for your organization, contact your BigPanda account team.
Sample Correlation Pattern Object
{
"id": "393968c0-43ee-431b-9234-6cefe812ebd9",
"active": false,
"tags": [
"dc"
],
"cross_source": false,
"time_window": 120,
"filter": "source_system IN [ \"*\" ]",
"created_by": "63bd568977a8d60012bf3dbe",
"created_at": 1673374612,
"updated_by": "63bd568977a8d60012bf3dbe",
"updated_at": 1675360021,
"source_systems": [
"*"
],
"execution_order": 1
},