Defines the schema for a mapping enrichment schema.
| API Endpoints | /resources/v2.1/mapping-enrichment/ /resources/v2.1/mapping-enrichment/{mapping_enrichment_id} |
| Supported Methods | POST, GET, PATCH, DELETE |
Parameters
The Mapping Enrichment object schema includes the following attributes:
| Attribute | Description | Type | Example |
|---|---|---|---|
| id | System-generated unique identifier for the enrichment map schema. | String | 1234a53b6789c12d3efg45h |
| type | Enrichment function type used to create enrichment items. Must be “mapping” for mapping enrichment endpoints. | String | mapping |
| active | Whether the mapping rules should be applied to incoming alerts. | Boolean | true |
| When | BPQL query to filter incoming alerts. Only matched alerts will receive a value based on the automatic enrichment item. | { "IN": \[ "source_system", [ { "type": "regex", "value": "*" } ] ] } | |
| Version | Internal version number of the current schema. This number is incremented automatically each time the schema is updated. | Integer | 1 |
| config | Rules for mapping tag values to event data. See the Mapping Enrichment Configuration table for details. | Object | { "name": "example", "fields": [ { "title": "application", "type": "query_tag", "tag_name": "yes", "override_existing": true, "optional": false }, { "title": "walla", "type": "result_tag", "tag_name": "walla", "override_existing": false }, { "title": "very_cool", "type": "result_tag", "tag_name": "very_cool", "override_existing": false } ], "id_generation_function": "use_md5", "case_insensitive": false } |
| created_by | The unique ID associated with the user who created the mapping enrichment rule. | String | 58d77efa5eafe459163f4555 |
| updated_by | The unique ID associated with the user who last updated the mapping enrichment rule. | String | 58d77efa5eafe459163f4555 |
| note (optional) | A description of the mapping rule purpose or functionality. | String | CMDB tableORCurrent runbook table |
Mapping Enrichment Configuration Parameters
The mapping enrichment configuration schema sets mapping rules for the related mapping tables and includes the following attributes:
| Attribute | Description | Type | Example |
|---|---|---|---|
| name | A system name for the mapping table. This name will appear in the UI. | String | "example" |
| fields | Settings for each field included in the mapping table. Attributes: title - column name on the mapping table type - whether query_tag or result_tag tag_name - (Optional) the name of the tag in BigPanda override_existing - (Optional) if a value has been populated for this tag by another map or enrichment rule, whether this value should replace that value optional - (optional) whether or not the tag must be applied to all incoming alerts. Default is false. | Array of Objects | [ { "title": "application", "type": "query_tag", "tag_name": "yes", "override_existing": true, "optional": false }, { "title": "walla", "type": "result_tag", "tag_name": "walla", "override_existing": false } ] |
| id_generation_function | Method for id creation in system. System field. | String | "use_md5" |
| case_insensitive | Whether the field names for this configuration take character case into consideration. | Boolean | false |
If
override_existingis set to false, mapping values will not be added to any alert where the field is already populated, even if the field is populated with a “null.”
{
"type":"mapping",
"active": true,
"when": {},
"config":{
"name": "mapping_rule",
"fields":[
{
"title":"application",
"type":"query_tag"
},
{
"title":"yes",
"type":"result_tag",
"override_existing":false
},
{
"title":"very_cool",
"type":"result_tag",
"tag_name":"very_cool",
"override_existing":false
}
],
"case_insensitive": false
},
"note": ""
}