Jump to Content

Docs API Reference Changelog

BigPanda.io Log In Request Demo

Enrichments Object

Defines the schema for an enrichment.

API Endpoint	`https://api.bigpanda.io/resources/v1.0/enrichments`
Supported Methods	`POST`, `GET`, `PATCH`

Parameters

The Enrichments object schema includes the following attributes:

Attribute	Description	Example
active	Whether the enrichment is applied to all incoming alert data.	`"active": true`
id	System-generated unique identifier for the enrichment.	`"id": "1234a53b6789c12d3efg45h"`
version	Internal version number of the current data mapping table for this enrichment. This number is incremented automatically each time the table is updated.	`"version": 1`
type	Enrichment technique used to create custom tags (`mapping`).	`"type": "mapping"`
config	Configuration details associated with the enrichment technique. For a mapping enrichment, this attribute contains a description of the data mapping table. Attributes: `map_name` - (optional) Unique name that identifies the mapping schema. `fields` - Array of metadata that describes the mapping schema and enrichment instructions. See Map Configuration Fields.

Map Configuration Fields

The following attributes describe how to enrich alerts based on a given data mapping table.

Attribute	Description	Example
title	Column name in the data mapping table.	`"title": "Alert owner"`
type	How data in the column is used in the enrichment process: query_tag—to match a value in the alert. result_tag—to enrich a matching alert. To ensure the enrichment instructions are unambiguous, the schema must not contain duplicate columns of the same type (for example, two result_tag columns for the cluster tag).	`"type": "result_tag"`
tag_name	(Optional) Override the column name with a different tag name in BigPanda.	`"tag_name": "check"
override_existing	(Optional) Whether to override an existing tag with this value, if applicable.	`"override_existing": false`

`