| API Endpoint | https://api.bigpanda.io/resources/v2.0/correlation-patterns |
| Supported Methods | POST, GET, PATCH, DELETE |
Parameters
The correlation-patterns object schema includes the following attributes:
| Parameter | Description | Type |
|---|---|---|
| id | System-generated unique identifier for a correlation pattern | UUID |
| active | Whether the correlation pattern is active. Default condition is true | Boolean |
| tags | Array of tag name(s) to correlate within the pattern. At least 1 item must appear in the array. No more than 5 items in the array. No duplicate names in the array. | Array |
| time_window | Time frame to determine correlation in minutes | Integer |
| filter | BPQL Filter to set conditions for the correlation pattern | String |
| cross_source | Determines if alerts can be correlated from different source systems into the same incident Default condition is true | Boolean |
| note | Brief description of the correlation pattern | String |
| created_at | Unix epoch time when the correlation pattern was created (in seconds). | Timestamp (in seconds) |
| created_by | The ID of the user who created the correlation pattern | User ID |
| updated_at | Unix epoch time when the correlation pattern was last updated (in seconds). | Timestamp (in seconds) |
| updated_by | The ID of the user who last updated the correlation pattern | User ID |
| suggested_at | Unix epoch time when the correlation pattern was suggested (in seconds). | Timestamp (in seconds) |
| execution_order | The field to identify the correlation pattern run order. For GET calls: Returned as a single integer as part of the correlation pattern object. For PUT calls: An array of correlation pattern ids in order by desired run order. | String or Integer |
Execution_Order Field
The
execution_orderparameter is part of the Correlation Patterns Run Order feature. This feature is available in a limited release. Please note that if this feature is not enabled in your organization, this field will not work. If you’re interested in enabling this feature for your organization, contact your BigPanda account team.
Sample Correlation Pattern Object
{
"id": "393968c0-43ee-431b-9234-6cefe812ebd9",
"active": false,
"tags": [
"dc"
],
"cross_source": false,
"time_window": 120,
"filter": "source_system IN [ \"*\" ]",
"created_by": "63bd568977a8d60012bf3dbe",
"created_at": 1673374612,
"updated_by": "63bd568977a8d60012bf3dbe",
"updated_at": 1675360021,
"source_systems": [
"*"
],
"execution_order": 1
},
BPQL Filters
Correlation Patterns can be configured using BigPanda Query Language (BPQL) to define rules on which alerts will be grouped together. The rules construct a simple and/or boolean expression that is evaluated against the alert properties.