Create Enrichment Item

Creates a new composition or extraction enrichment item for the tag.

🚧

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

🚧

Tag Limitations

To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have:

  • 1000 alert tags
  • 500 enrichment items per alert tag
  • 20,000 alert enrichment items total
  • 200 mapping enrichment results tags

If more alert tags or enrichment items are needed, we recommend exploring normalization options to help streamline your alert data and improve incident quality.

❗️

Config Object Required

The config object is required when creating an enrichment item. When adding your array of enrichment items, make sure to expand the config object and include all required parameters.

Sample Calls

curl --request POST \
     --url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
     "enrichments": [
      {
        "type": "extraction",
        "active": true,
        "when": {
       		 "IN": [
       			 "source_system",
       			 [
       			 {
       			 "type": "regex",
       			 "value": "*"
      		  }
    		    ]
    	    ]
        },
        "config": {
          "source": "host",
          "destination": "tag_name",
          "regex": "(.*)"
          },
        "note": "note"
    },
    {
        "type": "composition",
        "active": true,
        "when":
        {
        "IN": [
        		"host",
            [
            "prod-api-1",
            "prod-api-2"
            ]
            ]
            },
        "config": {
          "source": "nagios",
          "destination": "tag_name",
          "value": "val-${host6666}\"
          },
        "note": "wiki.com"
    }
  ]
}
'
curl --request POST \
     --url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
     "enrichments": [
      {
        "type": "extraction",
        "active": true,
        "when": {
       		 "IN": [
       			 "source_system",
       			 [
       			 {
       			 "type": "regex",
       			 "value": "*"
      		  }
    		    ]
    	    ]
        },
        "config": {
          "source": "host",
          "destination": "tag_name",
          "regex": "(.*)"
          },
        "note": "note"
    },
    {
        "type": "composition",
        "active": true,
        "when":
        {
        "IN": [
        		"host",
            [
            "prod-api-1",
            "prod-api-2"
            ]
            ]
            },
        "config": {
          "source": "nagios",
          "destination": "tag_name",
          "value": "val-${host6666}\"
          },
        "note": "wiki.com"
    }
  ]
}
'
Language