Incidents V2

Use the Incidents API to retrieve incident data, merge incidents, or add comments to incidents in BigPanda

The Incidents API allows you to manage BigPanda incidents externally, and can be configured with external ticketing and monitoring tools. It provides the Incidents object, which represents a BigPanda incident containing correlated alerts from your integrated monitoring systems.

The Incident Search function uses BigPanda Query Language (BPQL) to filter the incidents in your BigPanda instance and return those that meet specific conditions. Set sort order, pagination rules, and query incidents by tag, time frame, source system, or more. The Incident Search function can be used to return all incidents in a specific environment.


Expanding Alert Data

To include the full alert object for each retrieved incident, include expand=alerts in the query.

When making a call with alerts expanded, page_size cannot be larger than 10. An expanded call with a page size greater than 10 will return a 400 error.

Incident Actions allows you to seamlessly manage incidents through the API. Incidents can be merged, split, assigned, snoozed, and commented on through the API.

A list of the actions that have been taken on an incident can be retrieved using the Get Activities function.


Environment ID

The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the Environments API

Relevant Permissions

Manage EnvironmentsView, create, edit, and delete Environments in the UI and API, and view the incidents environments contain.
Environment - Incident ActionsFull access Ability to perform actions on all enrichment tags and incidents (assign, snooze, share, comment), minus environment configuration in the specified environment(s).
Environment - ViewRead-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action.
Incident EnrichmentView, create, and edit Incident Tags in BigPanda Settings.

Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.

To learn more about how BigPanda's permissions work, see the Roles Management guide.


Authentication Necessary

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.


Rate Limitations

To maintain quality of service, the Incidents API is limited to 10 requests per route, per second.
Additional requests will return a 429 response code and the request will need to be retried.

Available Objects & Actions

The Incidents API provides the following objects:

ObjectDescriptionSupported MethodsAPI Endpoint
IncidentRepresents an incident in BigPandaPOST, GET{environment_id}/incidents/{incident_id}
AlertRepresents an alert that is contained in a BigPanda incidentGET{environment_id}/incidents/{incident_id}?expand=alerts
ActivitiesRepresents an action taken on a Bigpanda incident. Each type of Activity has a unique schema.GET{incident_id}/activities

Use the Incidents API to perform these actions:

Search IncidentsGET /environments/{environment_id}/incidents?{query}Retrieves all BigPanda incidents that meet specific conditions
Retrieve Incident by IDGET /environments/{environment_id}/incidents/{incident_id}Retrieves a specific incident from a specific environment
Split IncidentPOST /environments/{environment_id}/incidents/{incident_id}/splitPulls alerts from an existing incident to create a new incident with only those alerts
Merge IncidentsPOST /environments/{environment_id}/incidents/{incident_id}/mergeMerges a list of source incidents into a specific destination incident
Comment on IncidentPOST /environments/{environment_id}/incidents/{incident_id}/commentsAdds a comment to a specific incident
Snooze IncidentPUT /environments/{environment_id}/incidents/{incident_id}/snoozeAdds the Snooze condition to an incident preventing share updates
Unsnooze IncidentDELETE /environments/{environment_id}/incidents/{incident_id}/snoozeRemoves the Snooze condition from an incident, reenabling share updates
Assign IncidentPUT /environments/{environment_id}/incidents/{incident_id}/assignmentAdds an Assigned User to a specific incident
Unassign IncidentDELETE /environments/{environment_id}/incidents/{incident_id}/assignmentRemoves the Assigned User from an incident
Resolve IncidentPOST /environments/{environment_id}/incidents/{incident_id}/resolveResolves a BigPanda incident
Add Incident TagsPOST /environments/{environment_id}/incidents/{incident_id}/tagsAdds an array of Incident Tags to an incident
Add Incident TagPOST /environments/{environment_id}/incidents/{incident_id}/tags/{tag_id}Adds a specific singular Incident Tag to an incident
Get ActivitiesGET /incidents/{incident_id}/activitiesRetrieves a list of actions taken on an incident