The schema for incidents sent through the notifications webhook.
Notification Webhooks
A Notifications Webhook integration creates a sharing channel from BigPanda to a callback URL of your choosing. When an incident is shared via the channel, BigPanda sends an HTTP POST request to the callback URL. The data payload of the request is the Incident object with the expanded representation of the Alertobjects it contains. The application or service that receives the request can then process the data according to any business logic it has configured for new shares from BigPanda. For example, if the callback URL is an API endpoint for a service desk application, you may configure the application to create a ticket for the team that handles incident escalations.
Different Objects
The Incidents V2 API and Notifications Webhook return different fields and formatting. This object page lists the fields delivered by the Notifications Webhook to external tools.
To see the schema for data pulled through the Incidents V2 API, see the Incident Object.
Parameters
The webhook Incident object includes the following attributes:
| Parameter | Description | Type |
|---|---|---|
| id | System-generated unique identifier for the incident. | String |
| status | Current incident status, which is determined by the most severe status of the correlated alerts. Possible statuses: [critical, warning, unknown, ok]. | String |
| active | Whether the incident contains at least one active alert and has not been manually resolved. An incident is automatically resolved when all the alerts are resolved. | Boolean |
| severity | The highest status reached by any alert in the incident at any time | String |
| flapping | Signifies whether at least one correlated alert has changed states frequently enough to be treated as flapping | Boolean |
| snooze | Snooze options for the incident Attributes: snoozed - Whether the incident is currently snoozed. end_time - Time when the current snooze period expires, in Unix epochs. autoCancel - Whether the current snooze should be automatically canceled if a new alert is added, the severity of an existing alert increases, or the incident is resolved and then reopens. | Object |
| startedOn | Time when the earliest correlated alert was received, in Unix epochs. | Timestamp (in seconds) |
| changedOn | Time of the last change to the incident that triggered applicable sharing updates, in Unix epochs. | Timestamp (in seconds) |
| updatedOn | Time of last change to incident, in Unix epochs. | Timestamp (in seconds) |
| endedOn | Time when the incident status was set to ok, in Unix epochs. | Timestamp (in seconds) |
| alerts | Array of the alert objects correlated into the incident. Attributes: id - System-generated unique identifier for the alert. status - The most severe status the alert triggered Possible returns are: [critical, warning, unknown, ok] startedOn - Unix time when the initial alert started endedOn - Unix time when the alert was resolved changedOn - Unix time when the alert status last changed updatedOn - Unix time of last change to the alert active - Whether the alert is active and has not been manually resolved. primaryProperty - Main object that triggered the alert secondaryProperty - Secondary object or sub-item that triggered the alert sourceSystem - Integrated monitoring system that sent the alert to BigPanda description - Brief summary (max. 2048 characters) of the alert included by certain monitoring tools tags - Array of name-value pairs that represent alert properties. Each object includes: name and value of each tag | Array of Objects |
| links | The url where the incident preview can be accessed | String |
| incidentTags | An array of Incident tags associated with the incident Attributes: id - unique identifier for the tag value - value of the incident tag according to its type | Array of Objects |
| relatedChanges | Schema definitions for all RCC relations Attributes: suggested_by_bigpanda - A boolean field to indicate if the change was suggested by BigPanda history - An array of objects with related_changes history metadata change - The change object related to the incident incident_id - The unique identifier of the related incident comment - A comment included with the action match_certainty - The confidence level of the match. One of: None, Suspect, Match match_type - The type of match score - The relatedness score assigned to the change relation by the BigPanda algorithm created_at - Unix time when the match was created updated_at - Unix time of the last update id - The unique identifier of the incident match_weight_value - Weight of the match related to the incident | Array of Objects |
| metadata | Information on the share action itself Attributes: sender - object with name and email of the user who initiated the share. Autoshares will list BigPanda as the sender. environment - name of the environment in BigPanda where the incident was shared from environment_id - system ID of the environment in BigPanda where the incident was shared from | Object |
| event_types | Information on the different events that occurred within the scope of the incident. Attributes: incident#become-flapping - The incident entered or exited the flapping state in which at least one correlated alert is changing states too frequently.incident#reopen - The incident reopened within BigPanda.incident#closed - The incident was closed in BigPanda.incident#updated - A new alert was correlated to the incident OR an alert was resolved within the incident, but not all alerts.incident#new - A new incident was autoshared from BigPanda.incident#commented - A comment was added to the incident in BigPanda.incident#snoozed - The incident was snoozed.incident-tag#upserted - A change was made to an incident tag. | Array of Objects |
Sample Webhook Payloads:
{
"incident": {
"id": "5555370aabc20a001145d6g9",
"status": "Critical",
"active": true,
"severity": "Critical",
"flapping": false,
"resolved": false,
"snooze": {
"snoozed": false,
"wake": null,
"autoCancel": false
},
"startedOn": 1649576282,
"changedOn": 1649576282,
"updatedOn": 1652897578,
"endedOn": null,
"alerts": [
{
"id": "5555370aabc20a001145c5e9",
"status": "Critical",
"startedOn": 1649576282,
"endedOn": null,
"changedOn": 1649576282,
"updatedOn": 1649576282,
"active": true,
"primaryProperty": "host",
"secondaryProperty": "check",
"sourceSystem": "nagios.est",
"description": "CPU is 98%",
"tags": [
{
"name": "check",
"value": "CPU"
},
{
"name": "_cluster",
"value": "modiin-prod"
},
{
"name": "run-book",
"value": "https://mywiki.com/Evyatar-11/modiin-prod"
},
{
"name": "host",
"value": "Evyatar-11"
}
]
},
{
"id": "555537133ec0020012c96a28",
"status": "Critical",
"startedOn": 1649576282,
"endedOn": null,
"changedOn": 1649576282,
"updatedOn": 1649576282,
"active": true,
"primaryProperty": "host",
"secondaryProperty": "check",
"sourceSystem": "nagios.est",
"description": "CPU is 98%",
"tags": [
{
"name": "check",
"value": "CPU"
},
{
"name": "host",
"value": "web3"
},
{
"name": "_cluster",
"value": "modiin-prod"
},
{
"name": "run-book",
"value": "https://mywiki.com/web3/modiin-prod"
}
]
}
]
},
"links": {
"landingPage": "http://bigp.io/9ad55554d5c116e4"
},
"incidentTags": [
{
"id": "itd_priority_1",
"value": 1000
}
],
"relatedChanges": [
{
"suggested_by_bigpanda": true,
"history": [
{
"updated_at": "2023-09-13T22:30:44.808Z",
"comment": "The Host dev-Billing-02 has similar occurrences in both incident tag host and change tag summary",
"match_certainty": "SUSPECT",
"match_type": "ALGO_RCC",
"suggested_by_bigpanda": true,
"score": 3.194454072790294
}
],
"change": {
"maintenance_condition": null,
"id": "6501f5ac064d3de47a2dd3de",
"identifier": "Mando-001",
"source_system": "changes.changesintegration",
"tags": {
"team": "Network",
"assignee": "Din Djarin",
"ci": "i-sdf32fs2319iwa",
"change location": "Mandalore",
"risk impact": "Medium",
"approval": "Approved"
},
"ticket_url": "https://your.url",
"summary": "change.summary",
"end": 1580369039,
"start": 1540884139,
"status": "Done"
},
"incident_id": "6501f5adb2eca000122c540d",
"comment": "The Host dev-Billing-02 has similar occurrences in both incident tag host and change tag summary",
"match_certainty": "SUSPECT",
"match_type": "ALGO_RCC",
"score": 3.194454072790294,
"created_at": 1694627262,
"updated_at": 1694645444,
"id": "6501f5bed7972c001d228d00",
"match_weight_value": 10
}
],
"metadata": {
"sender": {
"name": "Engineer",
"email": "[email protected]"
},
"environment": "All",
"environment_id": "55550bc8c481fd1100abc398"
},
"event_types": [
{
"event": "incident#new",
"time": 1697123962
},
{
"event": "incident-tag#upserted",
"time": 1697123963
},
{
"event": "incident-tag#upserted",
"time": 1697123964
}
]
}