Creates a new alert enrichment item (Enrichment V2)
Authentication
All BigPanda APIs require Bearer Token Authorization in the call headers.
This API uses the User API Key type of Authorization token.
Tag Limitations
To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have:
- 1000 alert tags
- 500 enrichment items per alert tag
- 20,000 alert enrichment items total
- 200 mapping enrichment results tags
If more alert tags or enrichment items are needed, we recommend exploring normalization options to help streamline your alert data and improve incident quality.
Literal Pipes in Tag Values
Pipes: | are used in BigPanda as a delimiter for array values.
If the value should have a literal pipe, wrap the entire cell in three quotes:
"""this is a | literal pipe"""
If the value should have both a literal pipe and quotation marks, then the cell should be wrapped in three quotes, and the quoted text needs to be wrapped in four quotes:
"""this is a | literal pipe with """"quoted"""" text"""
Mapping Enrichments Only
Extraction and Composition tags can be created in the BigPanda UI. For more information on creating extraction and composition tags, see the Automatic Incident Enrichment documentation.
Filtering by Source or Integration
You can use the
whenparameter to filter by source or integration.Example:
"when": "source_system IN [nagios*, datadog, api.integration]"