Defines the schema for an enrichment.
| API Endpoint | https://api.bigpanda.io/resources/v1.0/enrichments |
| Supported Methods | POST, GET, PATCH |
Parameters
The Enrichments object schema includes the following attributes:
| Attribute | Description | Example |
|---|---|---|
| active | Whether the enrichment is applied to all incoming alert data. | "active": true |
| id | System-generated unique identifier for the enrichment. | "id": "1234a53b6789c12d3efg45h" |
| version | Internal version number of the current data mapping table for this enrichment. This number is incremented automatically each time the table is updated. | "version": 1 |
| type | Enrichment technique used to create custom tags (mapping). | "type": "mapping" |
| config | Configuration details associated with the enrichment technique. For a mapping enrichment, this attribute contains a description of the data mapping table. Attributes: - map_name - (optional) Unique name that identifies the mapping schema.- fields - Array of metadata that describes the mapping schema and enrichment instructions. See Map Configuration Fields. |
Map Configuration Fields
The following attributes describe how to enrich alerts based on a given data mapping table.
| Attribute | Description | Example |
|---|---|---|
| title | Column name in the data mapping table. | "title": "Alert owner" |
| type | How data in the column is used in the enrichment process: query_tag—to match a value in the alert. result_tag—to enrich a matching alert. To ensure the enrichment instructions are unambiguous, the schema must not contain duplicate columns of the same type (for example, two result_tag columns for the cluster tag). | "type": "result_tag" |
| tag_name | (Optional) Override the column name with a different tag name in BigPanda. | `"tag_name": "check" |
| override_existing | (Optional) Whether to override an existing tag with this value, if applicable. | "override_existing": false |
`