Alert Enrichment V2.1
Use the Alert Enrichment API to define alert tags that help users understand incidents more quickly and enrich BigPanda functionality, including correlation patterns and maintenance plans.
Read more about how alerts are contextualized and the potential correlation and automation possibilities of alert enrichment in the Alert Intelligence documentation.
Mapping enrichment UI
Mapping Enrichments can be managed right in the BigPanda UI. Read more in the Enrichment Maps documentation.
Update existing processes
If you have previously configured API management of Alert Enrichment using the V1 or V2.0 API, you can update those processes.
No additional steps are necessary to configure a new API call using the V2.1 API.
Tag limitations
To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have:
1000 alert tags
500 enrichment items per alert tag
20,000 alert enrichment items total
200 mapping enrichment results tags
If more alert tags or enrichment items are needed, we recommend exploring normalization options to help streamline your alert data and improve incident quality.
Alert Enrichment 2.1
Authentication
All BigPanda APIs require Bearer Token Authorization in the call headers.
This API uses the User API Key type of Authorization token.
BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.
curl --request POST \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/ \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"name": "tag_name",
"active": true,
"description": "description",
"enrichments": [
{
"type": "extraction",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'curl --request POST \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/ \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"name": "tag_name",
"active": true,
"description": "description",
"enrichments": [
{
"type": "extraction",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'curl --request GET \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{TAG_NAME}
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{TAG_NAME}
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request PATCH \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"active": true,
"description": "the text of the description"
}
'curl --request PATCH \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"active": true,
"description": "the text of the description"
}
'curl --request DELETE \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{TAG_NAME}
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request DELETE \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{TAG_NAME}
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request PUT \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"alert_tags_order": [
"host",
"application",
"check"
]
}
'curl --request PUT \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"alert_tags_order": [
"host",
"application",
"check"
]
}
'curl --request PUT \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/order \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichment_order": [
"b6a7e384-ad82-4db4-b83b-9c87fabaf555",
"b6a7e384-ad82-4db4-b83b-9c87fa8a1555"
]
}'curl --request PUT \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/order \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichment_order": [
"b6a7e384-ad82-4db4-b83b-9c87fabaf555",
"b6a7e384-ad82-4db4-b83b-9c87fa8a1555"
]
}'curl --request POST \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichments": [
{
"type": "extraction",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"when":
{
"IN": [
"host",
[
"prod-api-1",
"prod-api-2"
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'curl --request POST \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichments": [
{
"type": "extraction",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"when":
{
"IN": [
"host",
[
"prod-api-1",
"prod-api-2"
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'curl --request PATCH \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichments": [
{
"type": "extraction",
"active": true,
"id" : "93a1649e-144c-4d7a-a2ce-bf6839647555",
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"id" : "5551649e-144c-4d7a-a2ce-bf6839647555",
"when":
{
"IN": [
"host",
[
"prod-api-1",
"prod-api-2"
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'curl --request PATCH \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichments": [
{
"type": "extraction",
"active": true,
"id" : "93a1649e-144c-4d7a-a2ce-bf6839647555",
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"id" : "5551649e-144c-4d7a-a2ce-bf6839647555",
"when":
{
"IN": [
"host",
[
"prod-api-1",
"prod-api-2"
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'curl --request DELETE \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'
--body'
{
"enrichments_ids": ["7c35c343-1029-4ebb-b555-99632738e555", "530c12ef-e358-555a-86c1-c3f6df88555"]
}'curl --request DELETE \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'
--body'
{
"enrichments_ids": ["7c35c343-1029-4ebb-b5b1-99632738e555", "530c12ef-e358-4f1a-86c1-c3f6df88555"]
}'curl --request POST \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"config": {
"fields": [
{
"title": "app",
"type": "result_tag",
"tag_name": "app",
"override_existing": true
},
{
"title": "workgroup",
"type": "query_tag",
"tag_name": "workgroup",
"override_existing": false
}
],
"name": "cmdb_application",
"case_insensitive": true,
"note": "Testing",
"id_generation_function": "use_md5"
},
"type": "mapping",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
}
}
'curl --request POST \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"config": {
"fields": [
{
"title": "app",
"type": "result_tag",
"tag_name": "app",
"override_existing": true
},
{
"title": "workgroup",
"type": "query_tag",
"tag_name": "workgroup",
"override_existing": false
}
],
"name": "cmdb_application",
"case_insensitive": true,
"note": "Testing",
"id_generation_function": "use_md5"
},
"type": "mapping",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
}
}
'curl --request GET \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id} \
--header 'Authorization: Bearer <User API key>' \
--header 'accept: application/json'curl --request GET \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request PATCH \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"active": true,
"when": {},
"note": ""
}`curl --request PATCH \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"active": true,
"when": {},
"note": ""
}`curl --request DELETE \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request DELETE \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request POST \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'Content-Type: text/csv; charset=utf8' \
--data-binary @synthetic_monitor_playbook.csvcurl --request POST \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'Content-Type: text/csv; charset=utf8' \
--data-binary @synthetic_monitor_playbook.csvcurl --request PATCH \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"op": "create",
"value": {
"application": "centdb"
}
}
'curl --request PATCH \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"op": "create",
"value": {
"application": "centdb"
}
}
'curl --request PATCH \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"op": "update",
"value": {
"application": "centodds"
}
}
'curl --request PATCH \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"op": "update",
"value": {
"application": "centodds"
}
}
'curl --request PATCH \
--url https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"op": "delete",
"value": {
"application": "centdb"
}
}
'curl --request PATCH \
--url https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"op": "delete",
"value": {
"application": "centdb"
}
}
'curl --request GET \
--url 'https://api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map?page=1&per_page=20' \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url 'https://eu-api.bigpanda.io/resources/v2.1/mapping-enrichment/{mapping_enrichment_id}/map?page=1&per_page=20' \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url https://api.bigpanda.io/resources/v2.1/alert-enrichments-jobs/{job_id} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'curl --request GET \
--url https://eu-api.bigpanda.io/resources/v2.1/alert-enrichments-jobs/{job_id} \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json'Migrating existing workflows to Alert Enrichment 2.1
The Alert Enrichments V2.1 API allows you to programmatically create custom tags and enrichment items that add contextual information to alerts. It supports the mapping enrichment technique, which creates alert custom tags by looking up values in a data mapping table.
Use the Alert Enrichment V2.1 API to define alert tags and enrichment maps to add vital context to ongoing alerts.
Read more about how alerts are contextualized and the potential correlation and automation possibilities of alert enrichment in the Alert Intelligence documentation.
Mandatory migration
All customers will need to move to the V2.1 API. The Enrichment V1 and V2.0 API will be deprecated in the future.
API Improvements
Improved composition and extraction enrichment item functionality and features
Alert tags can now be duplicated, marked inactive, and have a description
Mapping tables now automatically enrich existing alert tags
Mapping enrichment items can be reordered on a per-tag basis
Enabling future audit-log functionality
Bulk operations now available for enrichment items
In order to leverage these improved capabilities, your organization will need to migrate your analytics into the new tool and data set.
Preparing for migration
Migrating to the Alert Enrichment V2.1 API is a simple, seamless process. **During the initial migration phase**, you will have access to the V2.0 API as well as the new V2.1.
Before beginning migration, review all manual and automated processes that leverage the existing Alert Enrichment APIs. This includes any mapping enrichment APIs leveraging the V1.0 and V2.0 Enrichment API.
Simple migration
If you are only using the Alert Enrichment V1 API to manage mapping enrichments, the migration process will require only a few steps:
1. Change the endpoint name attached to Mapping Enrichment calls to the new `/v2.1/mapping-enrichment/` endpoint
2. Validate payload format matches the new requirements
3. Test an enrichment map to ensure it is uploading correctly
4. (Optional) If choosing to implement API management of composition and extraction tags, use the new V2.1 endpoints and JSON payload formats.
Complex migration
If you are using the Enrichment V2.0 API to manage composition and extraction enrichments, the migration process will require a few additional updates:
1. Change the endpoint name attached to all enrichment calls to the new endpoints:
/v2.0/alert-enrichments (mapping type) --> /v2.1/mapping-enrichment
/v2.0/alert-enrichments (non-mapping type) --> /v2.1/enrichments-config/tags/<TAG_NAME>/enrichments
2. Validate payload format matches the new requirements
The object payload for Tag Rules or Enrichment Items is changing from a single object to an array of objects. Composition and extraction enrichments will be nested within the enrichment array.
curl Enrichment Items Array Format{
"name": "tag_name",
"active": true,
"description": "",
"enrichments": [
{
"type": "extraction",
"active": true,
"when": {},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)",
"template": null
},
"note": null
},
{
"type": "composition",
"active": true,
"when": {},
"config": {
"destination": "tag_name",
"value": "val-${host6666}"
},
"note": "wiki.com"
}
]
}
3. Test each enrichment and call type to ensure it is functioning correctlyThe [Alert Enrichments V2.1 API](https://docs.bigpanda.io/reference/alert-enrichment-v2-1-api) allows you to programmatically create custom tags and enrichment items that add contextual information to alerts. It supports the mapping enrichment technique, which creates alert custom tags by looking up values in a data mapping table.