Skip to main content

Mapping Enrichment

Mapping Enrichment imports dynamic contextual information from external sources and adds that data to matching alerts. By leveraging existing relationship information, mapping enrichments quickly improve alert quality and reduce time to triage. 

The Mapping Enrichment dashboard helps you visualize the effectiveness of your BigPanda enrichment maps and highlights alerts that are slipping through the enrichment rules.

Key Features 

  • Understand how often enrichment is being applied via enrichment maps

  • Spot which hosts and source systems alerts are commonly missing enrichment

  • Identify gaps and areas for improvement

  • Filter by individual sources to evaluate effectiveness

Widgets 

The following widgets are available in the Mapping Enrichment dashboard:

Widget 

Description 

Enriched Alerts

Total number of alerts enriched by a map in the dashboard time frame, and the change over the past 30 days. 

Filtering on a specific map will show total alerts enriched by that map.

Total Alerts

Total number of alerts received by BigPanda in the dashboard time frame, and the change over the past 30 days.

Filtering on a specific map will show total alerts enriched by that map rather than the total number of alerts received.

Enrichment %

The percentage of received alerts that were enriched by a map and the change over the past 30 days.

Filtering on a specific map will display the percentage of alerts enriched by that map, which defaults to 100 percent. 

Enrichment Hit Rate

Number of alerts enriched by a map and unenriched alerts entering BigPanda per day over a period of time. The line displays the enrichment percentage over time.

Filtering on a specific map will show the percentage of alerts enriched by that map.

Alerts by Enrichment Map Name

Breaks down the number of alerts for each enrichment rule. The following information is displayed for each rule:

  • Enrichment Map Name

  • Alerts Enriched Count

  • % of Total Enriched Alerts

  • # of Days Since Last Alert

  • # of Source Systems

Note: The % of total enriched alerts is calculated based on the number of enriched alerts per map compared to the total number of all enriched alerts.

Alerts with No Enrichment by Host

Count of the alerts that were not enriched, organized by host.

Alerts with No Enrichment by Source System

Count of the alerts that were not enriched, organized by source system. 

Filters

The Mapping Enrichment dashboard allows you to filter by:

  • Incident Start Date (UTC)

  • Source System

  • Host

  • Enrichment Map Name

Learn more about using filters and widget options in the Filter Dashboards documentation. 

Next Steps

View Unified Analytics dashboards.

Learn how to Manage Unified Analytics.

Find definitions of Unified Analytics key metrics.

Dive into potential reporting fields in the Standard Data Model documentation.

In this section: