DocsAPI ReferenceRelease Notes
BigPanda.ioOpen BigPandaRequest Demo

Correlation Pattern Object

❗️

Enrichment V2 Required

The Correlation Patterns API uses the underlying systems of the Enrichment V2 Engine. Your organization must have migrated to Enrichment V2 before using the Correlation API.

DO NOT USE the API without Enrichment V2 enabled or existing V1 Correlation patterns may be damaged.

API Endpoint

https://api.bigpanda.io/resources/v2.0/correlation-patterns

Supported Methods

POST, GET, PATCH, DELETE

Parameters

The Correlation Pattern object schema includes the following attributes:

Parameter

Description

Type

Example

id

System-generated unique identifier for a correlation pattern

UUID

"id" : "12344"

active

Whether the correlation pattern is active.
Default condition is true

Boolean

"active": true

tags

Array of tag name(s) to correlate within the pattern.
At least 1 item must appear in the array.
No more than 5 items in the array.
No duplicate names in the array.

Array

"tags": ["service","check"]

time_window

Time frame to determine correlation in minutes

Integer

1-4320

filter

BPQL Filter to set conditions for the correlation pattern

String

"filter" : "cluster=*prod*"]"

cross_source

Determines if alerts can be correlated from different source systems into the same incident
Default condition is true

Boolean

"cross_source": true

note

Brief description of the correlation pattern

String

"note": unique change

created_at

The date and time that the correlation pattern was created in Unix Epoch format

Timestamp (in seconds)

"created_at" : 1493922189

created_by

The ID of the user who created the correlation pattern

User ID

"created_by" : "3123kjlhfasdlkjfh"

updated_at

The date and time that the correlation pattern was last updated in Unix Epoch format

Timestamp (in seconds)

"updated_at" : 1372854204

updated_by

The ID of the user who last updated the correlation pattern

User ID

"updated_by" : "3123kjlhfasdlkjfh"

suggested_at

The date and time that the correlation pattern was suggested by Machine Learning

Timestamp (in seconds)

"suggested_at" : 1372854204

Suggested Schema

JSON:
{
"id": "5a8fb59d-0b40-4428-95d0-f8da5aee27c0",
"active": true,
"tags": ["service", "check"],
"time_window": 120,
"filter": "cluster=bin78",
"cross_source": false,
"note": "this is my note",
"created_at": 1576421825,
"created_by": "3123kjlhfasdlkjfh",
"updated_at": 1576421825,
"updated_by": "3123kjlhfasdlkjfh",
"suggested_at": 1576421825,
}

📘

BPQL Filters

Correlation Patterns can be configured using BigPanda Query Language (BPQL) to define rules on which alerts will be grouped together. The rules construct a simple and/or boolean expression that is evaluated against the alert properties.