Defines the schema for a mapping enrichment schema.
| API Endpoints | /resources/v2.1/mapping-enrichment/ /resources/v2.1/mapping-enrichment/{mapping_enrichment_id} |
| Supported Methods | POST, GET, PATCH, DELETE |
Parameters
The Mapping Enrichment object schema includes the following attributes:
| Attribute | Description | Type |
|---|---|---|
| id | System-generated unique identifier for the enrichment map schema. | String |
| type | Enrichment function type used to create enrichment items. Must be “mapping” for mapping enrichment endpoints. | String |
| active | Whether the mapping rules should be applied to incoming alerts. | Boolean |
| When | BPQL object query to filter incoming alerts. Only matched alerts will receive a value based on the automatic enrichment item. | String |
| Version | Internal version number of the current schema. This number is incremented automatically each time the schema is updated. | Integer |
| config | Rules for mapping tag values to event data. See the Mapping Enrichment Configuration table for details. | Object |
| created_by | The unique ID associated with the user who created the mapping enrichment rule. | String |
| updated_by | The unique ID associated with the user who last updated the mapping enrichment rule. | String |
| note (optional) | A description of the mapping rule purpose or functionality. | String |
Mapping Enrichment Configuration Parameters
The mapping enrichment configuration schema sets mapping rules for the related mapping tables and includes the following attributes:
| Attribute | Description | Type |
|---|---|---|
| name | A system name for the mapping table. This name will appear in the UI. | String |
| fields | Settings for each field included in the mapping table. Attributes: title - column name on the mapping table type - whether query_tag or result_tag tag_name - (Optional) the name of the tag in BigPanda override_existing - (Optional) if a value has been populated for this tag by another map or enrichment rule, whether this value should replace that value optional - (optional) whether or not the tag must be applied to all incoming alerts. Default is false. | Array of Objects |
| id_generation_function | Method for id creation in system. System field. | String |
| case_insensitive | Whether the field names for this configuration take character case into consideration. | Boolean |
If
override_existingis set to false, mapping values will not be added to any alert where the field is already populated, even if the field is populated with a “null.”
Sample Objects:
{
"type":"mapping",
"active": true,
"when": {},
"config":{
"name": "mapping_rule",
"fields":[
{
"title":"application",
"type":"query_tag"
},
{
"title":"yes",
"type":"result_tag",
"override_existing":false
},
{
"title":"very_cool",
"type":"result_tag",
"tag_name":"very_cool",
"override_existing":false
}
],
"case_insensitive": false
},
"note": ""
}