DocsAPI ReferenceRelease Notes
BigPanda.ioOpen BigPandaRequest Demo

Enrichments Object

Defines the schema for an enrichment.

API Endpoint

https://api.bigpanda.io/resources/v1.0/enrichments

Supported Methods

POST, GET, PATCH

Parameters

The Enrichments object schema includes the following attributes:

Attribute

Description

Example

active

Whether the enrichment is applied to all incoming alert data.

"active": true

id

System-generated unique identifier for the enrichment.

"id": "1234a53b6789c12d3efg45h"

version

Internal version number of the current data mapping table for this enrichment. This number is incremented automatically each time the table is updated.

"version": 1

type

Enrichment technique used to create custom tags (mapping).

"type": "mapping"

config

Configuration details associated with the enrichment technique. For a mapping enrichment, this attribute contains a description of the data mapping table.

Attributes:

  • map_name - (optional) Unique name that identifies the mapping schema.
  • fields - Array of metadata that describes the mapping schema and enrichment instructions. See Map Configuration Fields.

Map Configuration Fields

The following attributes describe how to enrich alerts based on a given data mapping table.

Attribute

Description

Example

title

Column name in the data mapping table.

"title": "Alert owner"

type

How data in the column is used in the enrichment process:
query_tag—to match a value in the alert.
result_tag—to enrich a matching alert.
To ensure the enrichment instructions are unambiguous, the schema must not contain duplicate columns of the same type (for example, two result_tag columns for the cluster tag).

"type": "result_tag"

tag_name

(Optional) Override the column name with a different tag name in BigPanda.

`"tag_name": "check"

override_existing

(Optional) Whether to override an existing tag with this value, if applicable.

"override_existing": false

`