Creates a new alert enrichment item (Enrichment V2)
Authentication
All BigPanda APIs require Bearer Token Authorization in the call headers.
This API uses the User API Key type of Authorization token.
Literal Pipes in Tag Values
Pipes: | are used in BigPanda as a delimiter for array values.
If the value should have a literal pipe, wrap the entire cell in three quotes:
"""this is a | literal pipe"""
If the value should have both a literal pipe and quotation marks, then the cell should be wrapped in three quotes, and the quoted text needs to be wrapped in four quotes:
"""this is a | literal pipe with """"quoted"""" text"""
Mapping Enrichments Only
Extraction and Composition tags can be created in the BigPanda UI. For more information on creating extraction and composition tags, see the Automatic Incident Enrichment documentation.
Filtering by Source or Integration
You can use the
whenparameter to filter by source or integration.Example:
"when": "source_system IN [nagios*, datadog, api.integration]"