Incidents V2

Use the Incidents API to retrieve incident data, merge incidents, or add comments to incidents in BigPanda

The Incidents API allows you to manage BigPanda incidents externally, and can be configured with external ticketing and monitoring tools. It provides the Incidents object, which represents a BigPanda incident containing correlated alerts from your integrated monitoring systems.

The Incident Search function uses BigPanda Query Language (BPQL) to filter the incidents in your BigPanda instance and return those that meet specific conditions. Set sort order, pagination rules, and query incidents by tag, time frame, source system, or more. The Incident Search function can be used to return all incidents in a specific environment.

Incident Actions allows you to seamlessly manage incidents through the API. Incidents can be merged, and commented on through the API.

👍

Environment ID

The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the Environments API

Relevant Permissions

Incident permissions are defined by environment role access. To search incidents, you will need permission to view incidents in the specified environment. To merge or comment incidents, you will need incident action permissions in the specified environment.

Name

Permissions

Environments_Read

Retrieve an incident or retrieve all incidents from any environment

Environments_Incident_Actions

Retrieve, comment, or merge incidents from any environment

Environments_Full_Access

Retrieve, comment, or merge incidents from any environment

*_Read

Granular - Retrieve an incident or retrieve all incidents from the specified environment

*_Incident_Actions

Granular - Retrieve, comment, or merge incidents from the specified environment

See the Working with Incidents documentation or a full explanation of the permissions required to access the Incidents Settings section and the Incident Actions API.

To learn more about how BigPanda's permissions work, see the RBAC - Role Based Access Control guide.

📘

Authentication Necessary

A User API Key is required for authentication

🚧

Rate Limitations

To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.

Available Objects & Actions

The Incidents API provides the following objects:

Object

Description

Supported Methods

API Endpoint

Incident

Represents an incident in BigPanda

POST, GET

https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}

Alert

Represents an alert that is contained in a BigPanda incident

GET

https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}?expand=alerts

Use the Incidents API to perform these actions:

Action

Definition

Description

Search Incidents

GET
/environments/{environment_id}/incidents?{query}

Retrieves all BigPanda incidents that meet specific conditions

Retrieve Incident by ID

GET /environments/{environment_id}/incidents/{incident_id}

Retrieves a specific incident from a specific environment

Split Incident

POST /environments/{environment_id}/incidents/{incident_id}/split

Pulls alerts from an existing incident to create a new incident with only those alerts

Merge Incidents

POST
/environments/{environment_id}/incidents/{incident_id}/merge

Merges a list of source incidents into a specific destination incident

Comment on Incident

POST
/environments/{environment_id}/incidents/{incident_id}/comments

Adds a comment to a specific incident

Assign Incident

PUT
/environments/{environment_id}/incidents/{incident_id}/assignment

Adds an Assigned User to a specific incident

Unassign Incident

DELETE
/environments/{environment_id}/incidents/{incident_id}/assignment

Removes the Assigned User from an incident

Snooze Incident

PUT
/environments/{environment_id}/incidents/{incident_id}/snooze

Adds the Snooze condition to an incident preventing share updates

Unsnooze Incident

DELETE
/environments/{environment_id}/incidents/{incident_id}/snooze

Removes the Snooze condition from an incident, reenabling share updates

Add Incident Tags

POST
/environments/{environment_id}/incidents/{incident_id}/tags

Adds an array of Incident Tags to an incident

Add Incident Tag

POST
/environments/{environment_id}/incidents/{incident_id}/tags/{tag_id}

Adds a specific singular Incident Tag to an incident