openapi: 3.1.1 info: title: BigPanda Public APIs description: |- BigPanda APIs allow you to integrate with external tools and manage incidents and BigPanda elements in bulk. They are a core tool for self-service driven customers and empower custom solutions and deep 2-way integrations. Checkout the [BigPanda Postman library here](https://www.postman.com/bigpandaio/workspace/bigpanda-public-workspace/overview). The Postman library works best with standard postman environments. Download the appropriate environment and apply it to your postman account before uploading the library: * [BigPanda US Postman Environment](https://www.postman.com/bigpandaio/bigpanda-public-workspace/environment/42728940-878aa6b5-764f-4dc5-a098-a842786576ef/my-bigpanda-us) * [BigPanda EU Postman Environment](https://www.postman.com/bigpandaio/bigpanda-public-workspace/environment/42728940-ede45616-7c3f-41f8-a8a1-c9f209dfae31/my-bigpanda-eu) > πŸ“˜ Custom settings for sample calls > > Use the widget on the right side of this page to define global settings for all sample code in this API library. BigPanda recommends adding Authentication only in the tool you use to send api calls. ------------- # General usage BigPanda APIs allow you to integrate with external tools and manage incidents and BigPanda elements in bulk. They are a core tool for self-service driven customers, and empower custom solutions and deep 2-way integrations. > 🚧 **Timestamp format** > > All timestamp fields should be in Epoch format, and should not include milliseconds. ## Using BigPanda REST APIs in Europe BigPanda APIs in the EU use different endpoints for data security and processing. See the [EU BigPanda API](https://eu-api-docs.bigpanda.io) documentation for detailed call parameters. ## Expandable Objects Some objects contain the ID of a related object in their response properties. For example, an `Incident` object may have associated `Alert ID`s. If the object is expandable, you can use the expand query parameter in your request to retrieve a full representation of it. For example, append `?expand=alerts` to the URL of an incident request to expand all the alert objects that the incident contains. ``` GET /incidents/{id}?expand=alerts ``` Objects that can be expanded are noted in the API reference documentation. Additionally, you can discover the identifiers for each expandable object by referencing the expand property in the parent object. You can expand multiple objects at once by identifying multiple items in the `expand` array. ## Synchronous and Asynchronous Calls API requests for potentially long-running actions are performed asynchronously. For example, uploading a mapping enrichment table. All asynchronous calls create a Job object and return the HTTP response code `202 Accepted` and a `location` header. To obtain the actual result of the call, you have to check the job status by sending a `GET` request to the Job resource URL. For example: ``` GET /enrichments/{id}/map/{job_id} ``` # Authentication and headers With each request to the BigPanda API, you must include an HTTP header with the authentication token for your organization. You may also need to specify the content type of the data payload and/or the response payload. All calls to BigPanda use Bearer-type authentication, but the token may have been issued in one of two ways: Org Token or User API Key. For example: ``` "Authorization: Bearer ${token}" "Accept: application/json" "Content-Type: application/json; charset=utf8" ``` ## Org Token vs. User API Key BigPanda APIs use two different types of bearer tokens, an organization-wide token or a user-specific API Key. ### Org Token Each organization has a single unique bearer token for authenticating API requests through integrations. To find your org token in BigPanda, log in as an administrator with integrations access and then click the Integrations tab at the top of screen. In the instructions for any integration using the Alerts API, your org bearer token appears in the example headers. ### User API Keys API Keys are managed on a user-specific basis within BigPanda's API Keys settings menu. Each key is associated to a specific user and is limited by the permissions assigned to the user's roles, enabling improved audit logging and security controls. To learn more about using User API Keys, see the [API Key Management](https://docs.bigpanda.io/docs/api-key-management) documentation. ## Content Types Include the appropriate `Content-Type` and `Accept` headers to specify the representation of data sent to and retrieved from BigPanda. Most BigPanda APIs accept and respond with JSON content as the data payload. Refer to the API reference documentation for supported content types of each request. > πŸ“˜ **Keep authentication secure** > > BigPanda recommends adding [Authentication](https://docs.bigpanda.io/reference/introduction#authentication-and-headers) headers only in the secure tool you use to make API calls. # Response codes BigPanda uses conventional HTTP response codes to indicate the success or failure of an API request. When a request is successful, BigPanda sends a response code to indicate that it received the message. If a request fails, the response code may help with troubleshooting an error. This table lists some of the common response codes you may receive from the BigPanda API. Refer to the API reference documentation for specific response codes and errors, where applicable. | Response | Description | | :-------- | :-------- | | 200 OK | Success. | | 201 Created | New resource created. | | 202 Accepted | The request has been accepted for processing. | | 204 No Content | There is no content to send for this request. | | 400 Bad Request | Default code for invalid requests. For example, it is missing a mandatory field. Check the error message and ensure that the JSON includes the correct parameters. | | 401 Unauthorized | Token is invalid or missing. Check that the request includes the correct HTTP headers. | | 403 Forbidden | Access denied. | | 404 Not Found | Requested endpoint isn't available. Ensure that the request uses one of the API endpoints specified in the documentation. | | 409 Conflict | Request cannot be performed due to a conflict. For example, attempting to resolve an incident that's already resolved. | | 410 Gone | Requested resource is no longer available and has been removed permanently. Consult the documentation to see what endpoints are supported currently. | | 429 Too Many Requests | Indicates the client has sent too many requests in a given amount of time. | | 500 Internal Server Error | Default code for errors that occur due to problems on BigPanda servers. Retry the request after some time. | | 501 Not Implemented | Unsupported method. | # Migrating to new API versions BigPanda is constantly improving our APIs for better functionality, reliability, and usability. While most of our updates are seamless and require no changes, occasionally a whole new API version is necessary. If you were using the older version, migrating to a V2 API only takes a few simple steps: - Update the call base URL. - Validate the Authentication Type - All new APIs require authentication through [User API Key](https://docs.bigpanda.io/docs/api-key-management). If your previous APIs was leveraging the [Org Token](https://api-docs.bigpanda.io/en/#description/org-token-vs-user-api-key), you'll need to issue and update new credentials. - Validate body fields or values - While we strive to keep payloads consistent, sometimes a change is necessary to make space for new or improved functionality. Always review payloads to ensure they match new parameters. - (Optional) Set pagination or filter rules - Some GET calls now have pagination or filtering enabled to improve readability, response times, and reliability. For large data sets, you may need to configure filters or pagination, and scripted recurring calls to retrieve all data. - Test the API - As when making any changes to your BigPanda configuration, we recommend sending sample API calls to test the changes. # BPQL object syntax BigPanda's APIs utilizes the BPQL **object** syntax when used for querying, which should not be confused with the [string formatted BPQL](https://docs.bigpanda.io/en/bigpanda-query-language--bpql-) when searching or filtering inside the UI itself. The below BPQL object cheatsheets explain how a conventional BPQL string is represented as a JSON object instead. Again, use this format whenever a certain API requires filling in a `bpql` parameter, like [Create a Plan](https://api-docs.bigpanda.io/en/#tag/maintenance-plans/POST/resources/v2.0/maintenance-plans). Basic query example: ```json {: [, ]} ``` | Command | BPQL String | BPQL Object | | :------------------------- | :------------------------------------ | :------------------------------------------------------- | | _equal_ `=` | `host = prod-api-1` | `{ "=": [ "host", "prod-api-1" ]}` | | _not equal_ `!=` | `host != prod-api-1` | `{ "!=": [ "host", "prod-api-1" ]}` | | _strong equal_ `===` | `host === prod-api-1` | `{ "===": [ "host", "prod-api-1" ]}` | | _in operator_ `IN` | `host IN [prod-api-1,prod-api-2]` | `{ "IN": [ "host", [ "prod-api-1", "prod-api-2" ]]}` | | _not in operator_ `NOT IN` | `host NOT IN [prod-api-1,prod-api-2]` | `{ "NOT IN": [ "host", [ "prod-api-1", "prod-api-2" ]]}` | Complex query example: ```json {: [,,...]} ``` | Command | BPQL String | BPQL Object | | :------ | :---------------------------------- | :------------------------------------------------------------------------- | | `AND` | `host = prod-api-1 AND check = cpu` | `{ "AND": [{ "=": [ "host", "prod-api-1" ]}, { "=": [ "check", "cpu" ]}]}` | | `OR` | `host = prod-api-1 OR check = cpu` | `{ "OR": [{ "=": [ "host", "prod-api-1" ]}, { "=": [ "check", "cpu" ]}]}` | ## Special Values For commands with special values, the value will be represented inside an object. Here are two examples. | Command | BPQL String | BPQL Object | | :-------------------- | :--------------------- | :---------------------------------------------------------------------- | | _wildcard_ `*` | `host = prod-api-*` | `{ "=": [ "host", { "type": "regex", "value": "prod-api-*" }]}` | | _Formal Regex Search_ | `host = /prod-api-.*/` | `{ "=": [ "host", { "type": "formal-regex", "value": "prod-api-.*" }]}` | > 🚧 **Wildcard limitations for Environments** > > Environment conditions do not support wildcards for the IN and NOT IN operators. # Available APIs ### Configure integrations | API | Description | | :--- | :--- | | [Email parser](https://api-docs.bigpanda.io/en/#tag/email-parser) | Create and manage configuration for inbound email integrations. | | [Open integration manager v2](https://api-docs.bigpanda.io/en/#tag/open-integration-manager-v2) | Create and manage configuration for Open Integration Manager integrations. | | [Open integration manager v1](https://api-docs.bigpanda.io/en/#tag/open-integration-manager-v1) | (Outdated OIM config for customers onboarded before 2023.) | | [Troubleshooting logs](https://api-docs.bigpanda.io/en/#tag/troubleshooting-logs) | Retrieve logs and metrics from various BigPanda integrations. | | [Destination tags](https://api-docs.bigpanda.io/en/#tag/destination-tags) | Retrieve tags that were recently ingested and normalized by monitoring integrations. | | [Notifications webhook](https://docs.bigpanda.io/en/notifications-webhook) | Configure webhooks to build custom integrations with messaging, ticketing, or other collaboration systems. | ### Send data | API | Description | | :--- | :--- | | [Send alerts](https://api-docs.bigpanda.io/en/#tag/send-alerts) | Build a custom integration between BigPanda and your monitoring system. | | [Send normalized alerts](https://api-docs.bigpanda.io/en/#tag/send-normalized-alerts) | Send alerts to the Open Integration Manager via API. | | [Change records](https://api-docs.bigpanda.io/en/#tag/change-records) | Connect your organization's change records to BigPanda. | ### Manage & filter alerts | API | Description | | :--- | :--- | | [Resolve alerts](https://api-docs.bigpanda.io/en/#tag/resolve-alerts) | Resolve individual alerts in bulk. | | [Alert filter plans](https://api-docs.bigpanda.io/en/#tag/alert-filter-plans) | Define rules to drop events created by known scenarios and testing services. Manages the post-enrichment Alert Filtering in the UI. | | [Alert filter schedules](https://api-docs.bigpanda.io/en/#tag/alert-filter-schedules) | Define time windows to automatically trigger alert filter plans. | | [Maintenance plans](https://api-docs.bigpanda.io/en/#tag/maintenance-plans) | Define time windows that parallel infrastructure changes of respective monitored services. Manages the suppression-type Maintenance Plans in the UI. | ### Alert enrichment v2.1 | API | Description | | :--- | :--- | | [Alert tags](https://api-docs.bigpanda.io/en/#tag/alert-tags-v2-1) | Manage alert tag configuration. | | [Enrichment run order](https://api-docs.bigpanda.io/en/#tag/enrichment-run-order-v2-1) | Manage the order in which alert tags and enrichment rules run. | | [Non-mapping enrichment rules](https://api-docs.bigpanda.io/en/#tag/non-mapping-enrichment-rules-v2-1) | Manage automatic enrichment rules. | | [Mapping enrichment schemas](https://api-docs.bigpanda.io/en/#tag/mapping-enrichment-schemas-v2-1) | Manage the parsing rules for an enrichment map. | | [Enrichment map records](https://api-docs.bigpanda.io/en/#tag/enrichment-map-records-v2-1) | Upload and manage enrichment map records. | ### Alert enrichment v2.0 | API | Description | | :--- | :--- | | [Alert tags](https://api-docs.bigpanda.io/en/#tag/alert-tags-v2) | Manage alert tag configuration. | | [Enrichment run order](https://api-docs.bigpanda.io/en/#tag/enrichment-run-order-v2) | Manage the order in which alert tags and enrichment rules run. | | [Manual enrichment rules](https://api-docs.bigpanda.io/en/#tag/manual-enrichment-rules-v2) | Manage non-mapping enrichment rules. | | [Mapping enrichment](https://api-docs.bigpanda.io/en/#tag/mapping-enrichment-v2) | Manage enrichment maps. | ### Incident processing | API | Description | | :--- | :--- | | [Correlation pattern rules](https://api-docs.bigpanda.io/en/#tag/correlation-pattern-rules) | Define how alerts are clustered into BigPanda incidents. | | [Correlation pattern order](https://api-docs.bigpanda.io/en/#tag/correlation-pattern-order) | Define what order correlation patterns act on incoming events. | | [Environments](https://api-docs.bigpanda.io/en/#tag/environments) | Define environments based on incident properties such as source, severity, or alert data. | | [Environment groups](https://api-docs.bigpanda.io/en/#tag/environment-groups) | Define environment groups to cluster workflow and visualization types. | | [Topology UI](https://api-docs.bigpanda.io/en/#tag/topology-ui/) | Customize the visual presentation of the topology graph. | ### Incident management v2 | API | Description | | :--- | :--- | | [Retrieve incidents](https://api-docs.bigpanda.io/en/#tag/retrieve-incidents) | Filter the incidents in your BigPanda instance and return those that meet specific conditions. | | [Incident actions](https://api-docs.bigpanda.io/en/#tag/incident-actions) | Merge, split, assign, snooze, and comment on incidents. | | [Incident activity log](https://api-docs.bigpanda.io/en/#tag/incident-activity-log) | A list of the actions that have been taken on an incident. | | [Incident tag definitions](https://api-docs.bigpanda.io/en/#tag/incident-tag-definitions) | Configure automatic tag rules. | | [Manage incident tags](https://api-docs.bigpanda.io/en/#tag/manage-incident-tags) | Assign tags to your incidents. | ### Incident management v1 | API | Description | | :--- | :--- | | [Incident management v1](https://api-docs.bigpanda.io/en/#tag/incident-management-v1) | Retrieve incident data or update an existing incident. (Deprecating soon) | ### AI features | API | Description | | :--- | :--- | | [Automated incident analysis](https://api-docs.bigpanda.io/en/#tag/automated-incident-analysis) | You can use the Automated Incident Analysis API to generate and re-generate incident summaries without using the BigPanda console. | | [Automated incident analysis configuration](https://api-docs.bigpanda.io/en/#tag/automated-incident-analysis-configuration) | Use the Automated Incident Analysis API to retrieve and adjust your AI analysis configurations. | | [Root cause change relationships](https://api-docs.bigpanda.io/en/#tag/root-cause-change-relationships) | Normalize and aggregate change data alongside incidents. | ### Access management | API | Description | | :--- | :--- | | [API keys](https://api-docs.bigpanda.io/en/#tag/api-keys) | Create and manage your organization's API keys. | | [Audit logs](https://api-docs.bigpanda.io/en/#tag/audit-logs) | Report on changes made to BigPanda resources. | | [Roles](https://api-docs.bigpanda.io/en/#tag/roles) | Manage user roles within BigPanda. | | [Service provider details](https://api-docs.bigpanda.io/en/#tag/service-provider-details) | Retrieve schemas from your SCIM service provider. | | [Users](https://api-docs.bigpanda.io/en/#tag/scim-users) | Provision and manage user accounts. | version: v2.1 servers: - url: https://api.bigpanda.io tags: - name: Raw OIM payload retrieval description: | Retrieve a recent raw event payload for a specific OIM integration. OIM event normalization processes event payloads. Retrieve these payloads to see the initial payload values and state. > 🚧 **Processing Delay** > > It can take up to an hour after initial processing for events to be catalogued and available through the API. > 🚧 **OIM Integrations Only** > > This endpoint does not retrieve events received through the Generic Rest Alerts API. ### Relevant Permissions | **Permission** | **Description** | | :--------------- | :------------------------------------------- | | Integrations | View, create, and edit integrations in BigPanda Settings. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. > πŸ“˜ **Authentication necessary** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. > 🚧 **Rate limitations** > > To maintain quality of service, the Raw Payload Retrieval API is limited to 10 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. - name: Alert enrichment 2.0 description: | Use the Alert Enrichment API to define alert tags that help users understand incidents more quickly and enrich BigPanda functionality, including correlation patterns and maintenance plans. Read more about how alerts are contextualized and the potential correlation and automation possibilities of alert enrichment in the [Alert Intelligence](https://docs.bigpanda.io/en/alert-intelligence) documentation. > πŸ“˜ **New API Version & Additional Functionality** > > The Alert Enrichments V2.1 API adds additional functionality and performance to Alert Enrichment API capabilities. When possible, BigPanda recommends leveraging the V2.1 API instead of the V2.0 functionality. > > If you have previously configured API management of Alert Enrichment using the V1 or V2.0 API, you can update those processes to the new version by following the steps in the [Migrating to Alert Enrichment V2.1](https://docs.bigpanda.io/en/alert-enrichment-v2-1#migrating-existing-workflows-to-alert-enrichment-2-1) documentation. > > No additional steps are necessary to configure a new API call using the V2.1 API. ## Relevant Permissions Roles with the following permissions can access the **Alert Enrichment API**: | Permission | Description | |---------------------------------------------------------|-------------------------------------------------------------------------------| | Alert Enrichment | View and use the Alert Enrichments UI and API. | | Mapping Enrichment (API Only) | Use the Mapping Enrichment API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. # JSON Format The Alert Enrichment API accepts only standard double quoted JSON formatting. Python JSON uses single quotes and will not be accepted by the API. If using Python, please sanitize your JSON to adhere to standard double quoted JSON formatting. See the sample payload below as an example of an acceptable JSON format. Example JSON formatted payload: ```json curl --request POST \ --url https://api.bigpanda.io/resources/v2.0/alert-enrichments \ --header "Authorization: Bearer ${your_api_key}" \ --header 'Content-Type: application/json' \ --data '{ "field": "states", "secondary_field": true, "object": { "subobject": [ { "field": "string", "secondary_field": "also string" ] }, "another_field": "url.com" }' ``` > 🚧 **Tag Limitations** > > To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have: > > - 1000 alert tags > - 500 enrichment items per alert tag > - 20,000 alert enrichment items total > - 200 mapping enrichment results tags > > If more alert tags or enrichment items are needed, we recommend exploring [normalization](https://docs.bigpanda.io/docs/alert-intelligence#event-normalization) options to help streamline your alert data and improve incident quality. > 🚧 **Rate Limitations** > > To maintain quality of service, the Alert Enrichment API is limited to 5 requests per route, per authentication token, per second. > Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-enrichment - name: Alert enrichment 2.1 description: | Use the Alert Enrichment API to define alert tags that help users understand incidents more quickly and enrich BigPanda functionality, including correlation patterns and maintenance plans. Read more about how alerts are contextualized and the potential correlation and automation possibilities of alert enrichment in the [Alert Intelligence](https://docs.bigpanda.io/docs/alert-intelligence) documentation. Learn more about best practices and UI options for mapping enrichments in the [Enrichment Maps](https://docs.bigpanda.io/en/enrichment-maps) documentation. > 🚧 **Updating existing processes** > > The Alert Enrichments V2.1 API adds additional functionality and performance to Alert Enrichment API capabilities. When possible, BigPanda recommends leveraging the V2.1 API instead of the V2.0 functionality. > > If you have previously configured API management of Alert Enrichment using the V1 or V2.0 API, you can update those processes to the new version by following the steps in the [Migrating to Alert Enrichment V2.1](https://docs.bigpanda.io/en/alert-enrichment-v2-1#migrating-existing-workflows-to-alert-enrichment-2-1) documentation. > > No additional steps are necessary to configure a new API call using the V2.1 API. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Relevant Permissions Roles with the following permissions can access the **Alert Enrichment API**: | Permission | Description | |---------------------------------------------------------|-------------------------------------------------------------------------------| | Alert Enrichment | View and use the Alert Enrichments UI and API. | | Mapping Enrichment (API Only) | Use the Mapping Enrichment API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. > 🚧 **Rate limitations** > > To maintain quality of service, the Alert Enrichment API is limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. ## Tag limitations To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have: - 1000 alert tags - 500 enrichment items per alert tag - 20,000 alert enrichment items total - 200 mapping enrichment results tags If more alert tags or enrichment items are needed, we recommend exploring [normalization](https://docs.bigpanda.io/docs/data-engineer#event-normalization) options to help streamline your alert data and improve incident quality. ## JSON Format The Alert Enrichment API accepts only standard double-quoted JSON formatting. Python JSON uses single quotes and will not be accepted by the API. If using Python, please sanitize your JSON to adhere to standard double-quoted JSON formatting. Example JSON formatted payload: ```json curl --request POST \ --url https://api.bigpanda.io/resources/v2.1/alert-enrichments \ --header "Authorization: Bearer ${your_api_key}" \ --header 'Content-Type: application/json' \ --data '{ "field": "states", "secondary_field": true, "object": { "subobject": [ { "field": "string", "secondary_field": "also string" ] }, "another_field": "url.com" }' ``` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-enrichment - name: Alert filter plans v1 description: | > πŸ“˜ **Renamed API** > > The Alert Filter Plans API was previously called V1 Maintenance Plans or V1 Plans. The functionality of the API has not changed, but the name has been updated to clarify which BigPanda feature the API manages. The Alert Filter Plans API enables users to set and maintain alert filters to reduce noise for operators. Plans are configured with BPQL queries and, once activated, will suppress alerts that match the criteria. Alert filters affect alerts after they have been normalized and enriched, enabling complex filters based on additional metadata and enrichment tags. The `plan ID` for alert filters is the last 24 characters in the filter URL. ### Relevant permissions See the [Manage Alert Filters](https://docs.bigpanda.io/en/manage-alert-filtering) documentation for a full explanation of the permissions required to access the **Alert Filter Plans API** and the **Alert Filter Schedules API**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) guide. > 🚧 **Plan limit** > > Each organization can have up to 3,500 alert filters. > 🚧 **Condition limitations** > > Alert Filter conditions cannot be longer than 25,000 characters long. > > All alert tags in filter conditions are case-insensitive. > > The `condition` body parameter uses special BPQL object formatting. See [BPQL Object Syntax](https://api-docs.bigpanda.io/en#description/bpql-object-syntax) for more information. > > Not all tags are available for alert filter conditions. See the [Tag Naming](https://docs.bigpanda.io/docs/tag-naming) documentation for a list of tags that have limited functionality in BigPanda. > πŸ“˜ **OK status** > > By default, alert filters ignore events that have an `ok` status. These events will still enter the system and resolve any related open alerts. > > This setting can be changed by explicitly including the `exclude_status` field as an empty array. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. > 🚧 **Authentication** > > All BigPanda APIs require bearer token authorization in the call headers. > > This API uses the org token type of authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-filtering - name: Alert filter schedules v1 description: | > πŸ“˜ **Renamed API** > > The Alert filter schedules API was previously called Schedules V1. The functionality of the API has not changed, but the name has been updated to clarify which BigPanda feature the API manages. Alert Filter Schedules allow you to control when an alert filter should start and stop. By default, alert filters apply to all matching alerts until deactivated. See the [Alert Filter API Quick Start guide](https://docs.bigpanda.io/en/alert-filter-api-quick-start) for more details on creating alert filter schedules. > ❗️ **Schedule ID** > > The schedule ID will be included in the success return. This ID is needed to add the schedule to a filter. > 🚧 **Authentication** > > All BigPanda APIs require bearer token authorization in the call headers. > > This API uses the org token type of authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` ### Relevant permissions See the [Manage Alert Filters](https://docs.bigpanda.io/en/manage-alert-filtering) documentation for a full explanation of the permissions required to access the **Alert Filter Plans API** and the **Alert Filter Schedules API**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) guide. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-filtering - name: Alert filter plans v2 description: | The Alert Filter Plans API enables users to set and maintain alert filters to reduce noise for operators. Plans are configured with BPQL queries and, once activated, will suppress alerts that match the criteria. Alert filters affect alerts after they have been normalized and enriched, enabling complex filters based on additional metadata and enrichment tags. The `plan ID` for alert filters is the last 24 characters in the filter URL. ### Relevant permissions See the [Manage Alert Filters](https://docs.bigpanda.io/en/manage-alert-filtering) documentation for a full explanation of the permissions required to access the **Alert Filter Plans API** and the **Alert Filter Schedules API**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) guide. > 🚧 **Plan limit** > > Each organization can have up to 3,500 alert filters. > 🚧 **Condition limitations** > > Alert Filter conditions cannot be longer than 25,000 characters long. > > All alert tags in filter conditions are case-insensitive. > > The `condition` body parameter uses special BPQL object formatting. See [BPQL Object Syntax](https://api-docs.bigpanda.io/en#description/bpql-object-syntax) for more information. > > Not all tags are available for alert filter conditions. See the [Tag Naming](https://docs.bigpanda.io/docs/tag-naming) documentation for a list of tags that have limited functionality in BigPanda. > πŸ“˜ **OK status** > > By default, alert filters ignore events that have an `ok` status. These events will still enter the system and resolve any related open alerts. > > This setting can be changed by explicitly including the `exclude_status` field as an empty array. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. > 🚧 **Authentication** > > All BigPanda APIs require bearer token authorization in the call headers. > > This API uses the org token type of authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-filtering - name: Alert filter schedules v2 description: | Alert Filter Schedules allow you to control when an alert filter should start and stop. By default, alert filters apply to all matching alerts until deactivated. See the [Alert Filter API Quick Start guide](https://docs.bigpanda.io/en/alert-filter-api-quick-start) for more details on creating alert filter schedules. > ❗️ **Schedule ID** > > The schedule ID will be included in the success return. This ID is needed to add the schedule to a filter. > 🚧 **Authentication** > > All BigPanda APIs require bearer token authorization in the call headers. > > This API uses the org token type of authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: >`Authorization: Bearer [YOUR_ORG_TOKEN]` ### Relevant permissions See the [Manage Alert Filters](https://docs.bigpanda.io/en/manage-alert-filtering) documentation for a full explanation of the permissions required to access the **Alert Filter Plans API** and the **Alert Filter Schedules API**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) guide. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-filtering - name: Alert tags v2 description: | BigPanda ingests raw event data from integrated monitoring systems and normalizes them into key-value pairs called tags. Tags drive alert normalization and deduplication, correlation into incidents, incident enrichment, and automation. In addition to the data sent in with raw events, you are also able to configure enrichment tags. These tags build on or interpret the raw data into more understandable, actionable tags for your team. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-enrichment - name: Alert tags v2-1 description: | BigPanda normalizes alert data from integrated monitoring systems into standard key-value pairs, called tags. Alert tags are the fundamental data model for your alerts and drive alert deduplication, correlation, and enrichment. In addition to the core properties such as name, active status, and description, all alert tags also include at least one enrichment item. Enrichment items set rules and conditions to populate values for the tag based on event-payload fields. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Enrichment Items Enrichment items define automatic rules to add tag values. Enrichment rules can be defined as part of tag management, or through enrichment-rule specific endpoints. Each tag is able to have multiple automatic enrichment rules. Each enrichment rule defines both a value formula, and when that value should be applied to incoming alerts. There are 3 types of enrichment items: - Composition - Extraction - Mapping Enrichment items are tied to their tag. If all enrichment items are deleted from a tag, the tag will also be removed from the system. Deleting a tag will remove all of the tag's enrichment items as well. > ❗️ **Unique Mapping Routes** > > Mapping enrichment items are added automatically to existing tags upon the upload of a mapping enrichment table with matching result_tag column names. If a map contains a result_tag column name that does not match an existing tag, a new tag is automatically created for the enrichment item. > > Tags and enrichment rules associated with an enrichment map should be managed through that enrichment map. See the [mapping enrichment routes](https://api-docs.bigpanda.io/en#tag/mapping-enrichment-schemas-v2-1) for details on managing enrichment maps. ## Tag limitations To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have: - 1000 alert tags - 500 enrichment items per alert tag - 20,000 alert enrichment items total - 200 mapping enrichment results tags If more alert tags or enrichment items are needed, we recommend exploring [normalization](https://docs.bigpanda.io/docs/data-engineer#event-normalization) options to help streamline your alert data and improve incident quality. > ❗️ **Naming Limitations** > > Alert tag names and values must meet character and size limits. > > Some words are already used for tagging and backend functions in BigPanda. These words may have limited functionality within BigPanda when used as tag names. > > When creating new alert or incident tags, we recommend users use an alternate name (i.e. "short_description") for the tag to bring that data into the BigPanda system. > > To see the full list of naming limitations, refer to [Tag Naming](https://docs.bigpanda.io/en/tag-naming). If more alert tags or enrichment items are needed, we recommend exploring [normalization](https://docs.bigpanda.io/docs/data-engineer#event-normalization) options to help streamline your alert data and improve incident quality. Read our guide to [Managing Alert Enrichment](https://docs.bigpanda.io/en/manage-alert-enrichment) to learn more. externalDocs: description: Learn more url: https://docs.bigpanda.io/docs/manage-alert-enrichment - name: API keys description: | API keys are used to securely authenticate calls to the BigPanda Public API. You can create and manage your organization's keys using the API Keys API. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. ### Relevant Permissions Roles with the following permission can access API Keys API: | Permission Name | Description | | :-------- | :-------- | | API Keys | View, edit, and create API Keys in BigPanda Settings. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) guide. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/api-key-management - name: Audit logs description: | Audit logs enable admins to keep track of changes in their configuration and settings across the BigPanda platform. The Audit Logs API gives admins a vital troubleshooting, investigation, and security tool. BigPanda audit logs report on **Create**, **Update**, and **Delete** actions for these resources: > πŸ“˜ **AI Assistant logs** > > Biggy configuration changes are tracked and audited directly within the Biggy web app. See the ​[Manage BigPanda Biggy Configuration​​](https://docs.bigpanda.io/en/manage-bigpanda-biggy-ai-configuration) documentation for details. - AIA configuration - Alert enrichment including: - Tags - Tags order - Tag enrichments - Tag enrichments order - Mapping enrichment schema - Mapping table upload - Alert correlation patterns - Alert filtering - API keys - AutoShare - Enrichment v1 custom tags - Environments - General settings - Integrations - JIT provisioning - Maintenance plans - Roles - SAML attribute mapping - Service accounts - SSO configuration - SSO testing - Users > πŸ“˜ **Users object** > > Currently, the audit log does not track changes to user phone number or name. In the future more details will be added to the Users audit log. ### Relevant Permissions Roles with the following permission can access the Audit Logs API: | Name | Description | | :---------------- | :----------------------------------------------------- | | Audit Logs | View the Audit Log in BigPanda Settings and the Audit Logs API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. > πŸ“˜ **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/use-the-audit-log - name: Automated incident analysis description: | The Automated Incident Analysis API generates and re-generates incident summaries without using the BigPanda console. This is helpful when you'd like to generate a summary for a specific incident in an environment where automatically generated analyses are not enabled. > 🚧 **Rate limitations** > > To maintain quality of service, the Incidents API is limited to 5 requests per route, per authentication token, per second. If an incident analysis is currently running, another request cannot be sent. Each incident can be analyzed up to 5 times. > > Additional requests will return a 429 response code and the request will need to be retried. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` ### Relevant permissions Roles with the following permissions can use the Automated Incident Analysis API: | Permission | Description | | :-------- | :-------- | | Environment - Incident Actions | Full access Ability to perform actions on all enrichment tags and incidents (assign, snooze, share, comment), minus environment configuration in the specified environment(s). | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. externalDocs: url: https://docs.bigpanda.io/en/automated-incident-analysis description: Learn more - name: Automated incident analysis configuration x-scalar-ignore: true description: | Automated Incident Analysis speeds up incident triage and collaboration by giving your team plain-language incident titles and detailed descriptions built from enriched, actionable incident data. Use the Automated Incident Analysis Configuration API to customize your Automated Incident Analysis settings. Select the alert tags used to generate the analysis, adjust instructions for the large language model (LLM) to use in generating summaries, and select the incident tags to use for similarity-based recommended actions. > 🚧 **Rate limitations** > > To maintain quality of service, the Incidents API is limited to 5 requests per route, per authentication token, per second. If an incident analysis is currently running, another request cannot be sent. Each incident can be analyzed up to 5 times. > > Additional requests will return a 429 response code and the request will need to be retried. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` ### Relevant Permissions Roles with the following permissions can use the Automated Incident Analysis Configuration API: | Permission | Description | | :-------- | :-------- | | AI Module Configuration | View and modify AI module configuration. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. externalDocs: url: https://docs.bigpanda.io/en/manage-automated-incident-analysis-configuration description: Learn more - name: Enrichment run order v2 description: | Run order is an important part of successful alert enrichment, allowing you to create tags that leverage the values of other tags. Alert tags and the enrichment items within each tag can be reordered so that tag values are populated in the needed order. Enrichment item order is based on the order it appears in the API call. When merging new or changing enrichment items, new enrichment items will be added to the top of the order. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-enrichment - name: Enrichment run order v2-1 description: | Run order is an important part of successful alert enrichment, allowing you to create tags that leverage the values of other tags. Alert tags and the enrichment items within each tag can be reordered so that tag values are populated in the needed order. Enrichment item order is based on the order it appears in the API call. When merging new or changing enrichment items, new enrichment items will be added to the top of the order. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-enrichment - name: Manual enrichment rules v2 description: | Each tag is able to have multiple automatic enrichment rules. Each enrichment rule defines both a value formula, and when that value should be applied to incoming alerts. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-enrichment - name: Mapping enrichment schemas v2-1 description: | Each enrichment map is made up of a map schema, and a mapping file. The mapping schema defines rules about how the system should interpret the mapping file. Mapping schemas determine enrichment map names and descriptions, conditions for when mapping rules apply, result tag names, override settings for result values, and which columns contain the lookup values. > 🚧 **Settings for overriding existing fields** > > If `override_existing` is set to false, mapping values will not be added to any alert where the field is already populated, even if the field is populated with a β€œnull.” For guidelines and parameters for creating your enrichment maps, read our documentation on [Mapping Enrichment Items](https://docs.bigpanda.io/en/mapping-enrichment-items). Read our [Best Practices for Mapping Enrichment](https://docs.bigpanda.io/en/best-practices-for-mapping-enrichment) guide to learn more about creating effective enrichment maps via the API. > 🚧 **CSV file size limits** > > The maximum size for a mapping enrichment table is 2GB when uploaded via an API call. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/enrichment-maps - name: Mapping enrichment v2 description: | Mapping enrichment imports dynamic contextual information from external sources and adds that data to matching alerts. By leveraging existing relationship information, mapping enrichments quickly improve alert quality and reduce time to triage. Enrichment maps match incoming alert data to lookup columns in the enrichment file. When there is a match, the map additional data to the alert from that row of the mapping table. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/enrichment-maps - name: Mapping enrichment records v2-1 description: | Mapping enrichment allows users to upload a CSV to map tag values to an enrichment table. Incoming alert data will be compared to the values in query_tag columns. If a match is found, the related tag will be updated with a value from the result_tag column. Mapping enrichment items are added automatically to existing tags upon the upload of a mapping enrichment table with matching result_tag column names. If a map contains a result_tag column name that does not match an existing tag, a new tag is automatically created for the enrichment item. Mapping enrichment items are created by pairing a mapping enrichment schema with a mapping enrichment file. ## Mapping Enrichment Schema The configuration of the Mapping Table to be uploaded. Defines properties such as: active status, source tag names (query_tag), BigPanda tag names (result_tag), and override settings. Individual tag values do not need to be configured, as values will be extracted from the uploaded table. > πŸ“˜ **Matching column names** > Result_tag columns are matched automatically to tags with the exact same name. > > If a result_tag column should match to a BigPanda tag with a name different from the column title, use the tag_name attribute. This will map the column to the BigPanda tag. No new tag will be created for the result_tag column title. ## Mapping Enrichment Table The dynamic table of values to populate into BigPanda based on the predefined query_tag and result_tag rules. This defines the actual data that will be used when enriching alerts. When the values of a mapping table should be updated, a new CSV file can be uploaded. > 🚧 **File size limit** > > The v2.1 enrichment map upload can handle map files up to 2 GB. ## Map table formatting Mapping Enrichment Tables are initially uploaded as CSV files. When managing individual map rows or retrieving mapping enrichment tables, the results will be returned as a JSON object. > ❗️ **Deleting Mapping Enrichment Items** > > To delete a tag with mapping enrichment items, you must first delete the associated mapping enrichment schema. > > Mapping enrichment schemas apply to multiple tags, and deleting a schema will remove the mapping enrichment from all associated tags. If any associated tags should remain in BigPanda, we recommend first creating the new schema, then deleting the old one. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/enrichment-maps - name: Non-mapping enrichment rules v2-1 description: | Automatic enrichment rules add the tag value based on raw event data. Each tag is able to have multiple automatic enrichment rules. Each non-mapping enrichment rule defines both a value formula, and when that value should be applied to incoming alerts. Use non-mapping enrichment rules to manage composition or extraction enrichment items. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Enrichment types There are 3 types of enrichment items: - Composition - Extraction - Mapping ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. > 🚧 **Config object required** > > The config object is required when creating an enrichment item. When adding your array of enrichment items, make sure to expand the config object and include all required parameters. > > Different fields are required for composition and extraction type enrichments. Enrichment items are tied to their tag. If all enrichment items are deleted from a tag, the tag will also be removed from the system. Deleting a tag will remove all of the tag's enrichment items as well. > ❗️ **Unique Mapping Routes** > > Mapping enrichment items are added automatically to existing tags upon the upload of a mapping enrichment table with matching result_tag column names. If a map contains a result_tag column name that does not match an existing tag, a new tag is automatically created for the enrichment item. > > Tags and enrichment rules associated with an enrichment map should be managed through that enrichment map. See the [mapping enrichment routes](https://api-docs.bigpanda.io/en#tag/mapping-enrichment-schemas-v2-1) for details on managing enrichment maps. ## Composition enrichment items Composition enrichment items are created by defining a value template. The Composition template is a simple formula to populate tag value using strings and other tag values. Use any tag value as a variable, using the format `${}`. For example: `mywiki.com/${host}/${check}` Special formatting is required for tag values that contain encoded characters for URLs. If the tag value contains encoded values for the characters `%`, `+`, or a space, use the format `${exact()}` to protect the values from being re-encoded. Composition configs must include the `source`, `destination`, and `value` properties. ## Extraction enrichment items Extraction enrichment items are created by defining a regular expression (regex formula). Extraction Regex: The [Regular expression](https://regex101.com/) to extract the new tag value from the source tag value. - Use a caret `^` to indicate starts with and a dollar sign `$` to indicate ends with. - Use parentheses to surround the capture group for the extraction. BigPanda uses the contents of the first capture group to create the value of the alert enrichment tag. - Use a [non-capturing group](https://stackoverflow.com/questions/3512471/what-is-a-non-capturing-group-in-regular-expressions) to ignore part of the contents. If a tag value doesn't match the pattern, the alert is not enriched with the alert enrichment item. Extraction configs must include the `source`, `destination`, and `regex` properties. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-alert-enrichment - name: Resolve alerts description: | The Batch Alert Resolution API allows you to resolve BigPanda alerts individually or in bulk. For each alert listed in the array, BigPanda schedules the status to set to 'ok', resolving the alert. If all alerts within an incident are resolved, the incident will resolve as normal. If BigPanda receives a status update other than 'ok' within the reopen window, the alert and incident will reopen as normal. > 🚧 Validation > > No validation happens during job scheduling to note bad alert ids. During resolution, bad ids are logged at the alert level, but ignored. > πŸ‘ Environment ID > > The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the [Environments API](https://api-docs.bigpanda.io/en/#tag/environments) > πŸ“˜ Alert IDs > > Alert IDs can be found using the Incidents V2 API. Use the [Search Incidents](https://api-docs.bigpanda.io/en/#tag/retrieve-incidents/GET/resources/v2.0/environments/{environment_id}/incidents) or [Retrieve Incidents by ID](https://api-docs.bigpanda.io/en/#tag/retrieve-incidents/GET/resources/v2.0/environments/{environment_id}/incidents/{incident_id}) call to retrive a list of alert IDs from within an incident. ### Relevant permissions Resolver permissions are defined by environment role access. To resolve alerts, a user will need access to take action on alerts in the specified environment or all environments. | Name | Permissions | | :------------------------------ | :------------------------------------------------------- | | `Environments_Incident_Actions` | Resolve alerts from any environment | | `Environments_Full_Access` | Resolve alerts from any environment | | `\*\_Incident_Actions` | Granular - Resolve alerts from the specified environment | To learn more about how BigPanda's permissions work, see our documentation on [Roles Management](https://docs.bigpanda.io/en/roles-management). > πŸ“˜ Authentication necessary > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 Rate limitations > > To maintain quality of service, the Batch Alert Resolution API is limited to 1 call per route, per authentication token, per second with no more than 500 alerts per request > > Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/events-to-incidents-lifecycle - name: Send alerts description: | The Alerts API allows you to easily integrate a custom monitoring system with BigPanda. Monitoring systems generally send out events when problems are detected and when problems have been resolved (fixed). For more guidance, see our documentation on [Building a Custom Integration](https://docs.bigpanda.io/en/building-a-custom-integration-with-the-alerts-api). > 🚧 **Incompatible with OIM integrations** > > Most standard integrations leverage the Open Integration Manager to normalize events during ingestion. To connect your tool to an OIM-enabled integration, use the [Normalized alerts](http://api-docs.bigpanda.io/en/#tag/send-normalized-alerts) endpoint. The Alerts API receives event payloads from a monitoring system. Incoming events sent via the API are processed according to the BigPanda alert correlation logic. Depending on the results of the correlation, the system then creates a new incident or updates an existing incident based on [Event Aggregation](https://docs.bigpanda.io/docs/data-engineer#event-aggregation) rules. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [Org Token](https://docs.bigpanda.io/en/authentication-and-headers#org-token) type of Authorization token. > > If the tool you are integrating with does not support HTTP headers, you can use the access_token URL parameter for authentication. For example: `https://api.bigpanda.io/data/v2/alerts?access_token=` > 🚧 **Rate limitations** > > If an integration generates more than a few hundred events per hour, review the guidelines for when to send events and ensure that the integration is properly configured. Even with hundreds of thousands of monitoring metrics, status changes do not happen very often. If an integration exceeds this guideline, it may be sending duplicate or erroneous events to BigPanda. > Under maximum load, the API can support up to a few hundred events per minute. Additional events will be queued and may be processed at a delay. > 🚧 **Nested objects** > > Nested objects are not supported when sending events to the Alerts API. If the nested object cannot be removed from the payload, you'll need to use the Open Integration Manager. See the [Send Normalized Alerts](http://api-docs.bigpanda.io/en/#tag/send-normalized-alerts) endpoint for more information. > ❗ **Sending multiple alerts** > > BigPanda uses the timestamp to determine the latest status of an incident. If it is not included, BigPanda uses the time when the alert is received. To ensure that BigPanda accurately reflects the current status, when sending multiple alerts, you must include the timestamp for each alert or sort the `alerts` array by when the events occurred, in ascending order. > ❗ **Sending duplicate events** > > When an event sent via the Alerts API is an exact duplicate of a previous event, BigPanda returns an HTTP response code of `204 No Content.` > πŸ‘ **Resolving alerts** > > To maintain only the most relevant information in the incident feed, we recommend configuring monitoring systems to send resolving events to BigPanda when an alert is no longer active. externalDocs: description: Learn more url: https://docs.bigpanda.io/docs/integrate-with-bigpanda - name: Send normalized alerts description: | The [Open Integration Manager](https://docs.bigpanda.io/en/open-integration-manager) enables you to create customizable inbound alert integrations through the configuration of a generic inbound integration rather than creating custom code. The integration manager sets parsing rules for incoming payloads, preprocessing the content to match incoming data requirements before it reaches the BigPanda enrichment engine. The OIM Alerts API allows you to easily integrate a monitoring system with BigPanda. Monitoring systems generally send out events when problems are detected and when problems have been resolved. The API receives event payloads from a monitoring system. Incoming events sent via the API are processed according to OIM settings and BigPanda alert correlation logic. Depending on the results of the correlation, the system then creates a new incident or updates an existing incident based on Event Aggregation rules. > πŸ“˜ **Integration configurations** > > To manage integration configuration rules for the Open Integration Manager via API, use the [OIM Configuration API](https://api-docs.bigpanda.io/en/#tag/open-integration-manager-v2). > ❗ **Payload size** > > Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda. > 🚧 **Integrations sending high volume of events** > > If an integration generates more than a few hundred events per hour, review the guidelines for when to send events and ensure that the integration is properly configured. Even with hundreds of thousands of monitoring metrics, status changes do not happen very often. If an integration exceeds this guideline, it may be sending duplicate or erroneous events to BigPanda. > > Under maximum load, the API can support up to a few hundred events per minute. Additional events will be queued and may be processed at a delay. > ❗**Resolving alerts** > > To maintain only the most relevant information in the incident feed, we recommend configuring monitoring systems to send resolving events to BigPanda when an alert is no longer active. ## Authentication The Open Integration Manager offers additional flexibility with authentication parameters. The following syntax can be used for the Token and App Key: **Auth Token:** query string: `access_token=` header: `Authorization: Bearer ` header: `x-auth-token: ` **App Key:** query string: `app_key=` header: `x-app-key: ` header: `app_key: ` body: `{ "app_key": "" }` This means that an alert can be sent to BigPanda even if the monitoring tool is not able to include any information in the API call's header, like in the example below: `https://integrations.bigpanda.io/oim/api/alerts?access_token=xxx&app_key=xxx` ## Event Properties The attributes included in the JSON payload become tags in BigPanda. You can add any number of custom JSON attributes with a string, integer, or array value to the payload. Common fields include host, host, service, application, device, check, sensor, cluster, node, data center, region, and description. When configuring the data to send through the OIM Alerts API, send attributes that: - Drive deduplication, correlation, and UI titling. Event attributes enable BigPanda to turn noisy events into high-quality alerts and actionable incidents. - Add context about the event, including where or when the alert triggered. Additional information helps your team understand the full situation while investigating an issue. - Enable automation and categorization. Tags such as business element or team help you build environments, AutoShare rules, analytics, and workflows. - Set next steps for triage and remediation. Including links to runbook wikis or investigation tools helps your team take action quicker. If a tag value starts with http, BigPanda automatically adds a link button. ## Sending Multiple Alerts If you want to send more than one alert in a single API call, you can modify the JSON payload to send an array of alert objects. When sending multiple alerts at the same time, you can choose to specify the app_key one time instead of for each alert. > ❗ **Sending multiple alerts with the OIM Alerts API** > > BigPanda uses the timestamp to determine the latest status of an incident. If it is not included, BigPanda uses the time when the alert is received. To ensure that BigPanda accurately reflects the current status, when sending multiple alerts, you must include the timestamp for each alert or sort the `alerts` array by when the events occurred, in ascending order. > > To send multiple alerts, you must also select the **Create multiple alerts using** checkbox within OIM and specify the name of the alerts array (which may be alerts or something else), and save your integration configuration. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/open-integration-manager - name: Change records description: | Use the Changes REST API to push change feed updates into BigPanda. The change data is then ingested by BigPanda, where all the original change system's fields and active states are converted into BigPanda's Change object. The resulting data is displayed in the Changes table. The data fields in the table can be customized using the Changes REST API. To learn more about integrating change record tools, see the [Changes integration documentation](https://docs.bigpanda.io/en/changes). > ❗️ **Change records rate limitations** > > To maintain optimal system health, the BigPanda rate limitation for Root Cause Changes is capped at max. 400 changes per minute and 50K changes per week. > > Additional requests will return a 429 response code and the request will need to be retried. > 🚧 **Retrieve All Changes results limit** > > By default, the results limit is set to 200. The limit can be set up to 999. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/changes - name: Root cause change relationships description: | Use the Root Cause Changes REST API to connect your organization's change records to BigPanda and manage RCC suspect changes and relations. Read the [Root Cause Changes documentation](https://docs.bigpanda.io/en/root-cause-changes--rcc-) to learn more. > ❗️ **RCC rate limitations** > > To maintain optimal system health, the BigPanda rate limitation for Root Cause Changes is capped at max. 400 changes per minute and 50K changes per week. > > Additional requests will return a 429 response code and the request will need to be retried. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/root-cause-changes--rcc- - name: Correlation pattern rules description: | Alert correlation logic sets rules to correlate alerts into BigPanda incidents. You can customize the correlation patterns to better fit your infrastructure at any time. Read our documentation on [Managing Alert Correlation](https://docs.bigpanda.io/en/manage-alert-correlation) to learn more about the parameters and process for creating correlation patterns and rules. You can also check out our guide to [Correlation Best Practices](https://docs.bigpanda.io/en/correlation-best-practices) for ideas on how to maximize the effectiveness of this feature. ## Filtering source systems By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. For example: - `source_system=api.*` - All Alerts API sources will be included - `source_system=api.restapi` - Only Alerts from the Rest API will be included Alerts from multiple sources can be correlated together if [cross-source correlation](https://docs.bigpanda.io/en/manage-alert-correlation#create-new-correlation-patterns) is enabled. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. ## Relevant Permissions Roles with the following permission can access Correlation Patterns in the API and BigPanda Settings: | Role Name | Description | | :------------------------- | :-------------------------------------------------------------------------------------------------------------- | | Alert Correlation | View, edit, and create new Correlation Patterns in BigPanda Settings and API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. ## Authentication necessary A [User API Key](https://docs.bigpanda.io/en/api-key-management) is required for authentication. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## BPQL filters Correlation Patterns can be configured using [BigPanda Query Language (BPQL)](https://docs.bigpanda.io/en/bigpanda-query-language--bpql-) to define rules on which alerts will be grouped together. The rules construct a simple and/or boolean expression that is evaluated against the alert properties. > 🚧 **Unique correlation patterns** > > The system will reject a request to create a correlation pattern that is identical to an existing one. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/correlation-best-practices - name: Correlation pattern order description: | By default, correlation patterns are run in order of time window, from longest time window to shortest. While this order is usually BigPanda's recommendation, there are scenarios where patterns with shorter time windows should be prioritized. For example, a data center outage is a high-priority incident, but will likely have a shorter time window setting to prevent over-correlating. If your organization encounters scenarios like these, you can manually order your correlation patterns to better reflect your system relationships. Read our [Correlation Pattern Run Order](https://docs.bigpanda.io/en/correlation-patterns-run-order) documentation to learn more. > ❗️ **Run order will be reset to time-window mode** > > Resetting the correlation pattern order via API will undo all run order changes, including those made in the BigPanda UI. After making this API call, all correlation patterns will be run in order of time window, from largest time window to shortest. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. ### Relevant Permissions Roles with the following permission can access Correlation Patterns in the API and BigPanda Settings: | Role Name | Description | | :------------------------- | :-------------------------------------------------------------------------------------------------------------- | | Alert Correlation | View, edit, and create new Correlation Patterns in BigPanda Settings and API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. > πŸ“˜ Authentication Necessary > > A [User API Key](https://docs.bigpanda.io/docs/api-key-management) is required for authentication. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Partial ordering** > > When you use the API to update the run order of a few correlation patterns instead of all of them, the correlation patterns you update will be moved to the top of the run order. For example, if you have a list of seven correlation patterns and you only update the run order for three of them, those three will become the first three patterns to run. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/correlation-best-practices - name: Data connector description: | The Data Connector API allows you to programmatically manage the connection between your ITSM tool and BigPanda. ### Relevant Permissions Roles with the following permission can access the Data Connector API: | Name | Description | | :-------- | :-------- | | Integrations | View, edit, and create new Integrations in the Integrations tab and API. | Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/rbac-role-based-access-control) guide. Data connector credentials can be changed or adjusted at any time through the auth-uri page. ## How it Works The data connector creates a unique connection between a single ServiceNow environment and the BigPanda data lake. To secure data, credentials are set up using an auth-uri that is generated by the auth-uri endpoint where ServiceNow credentials and system information is required. The connector then syncs ITSM data into BigPanda every 2 hours. As data enters BigPanda, it is normalized into the [Standard Data Model](https://docs.bigpanda.io/docs/unified-analytics-standard-data-model) in the ITSM table. You can access this data using the [Open Analytics Hub](https://docs.bigpanda.io/docs/open-analytics-hub) or use it to create custom Unified Analytics dashboards. The first time the connection is established, BigPanda syncs the last 13 months of historical ITSM data so that you have all the context you need to understand current issues. > πŸ“˜ Empty fields > > Once enabled for your system, the BigPanda data lake holds space for the ITSM table. You may see an empty `Knowledge_base` table, or `null` fields for data that has not yet been synced. > 🚧 1 to 1 sync > > Only a single ServiceNow environment can be synced to BigPanda at a time. > πŸ“˜ Data Retention > > Data is retained according to your data retention plan with BigPanda. The default retention period is 400 days. ## Prerequisites - **BigPanda permissions** - The APIs are accessible only for administrators with full Integrations access. ITSM data in BigPanda is only visible for users with view access for Unified Analytics. See the [Roles Management](https://docs.bigpanda.io/docs/roles-management) documentation for more information. - **ServiceNow permissions** - To set up connector authentication, enable table auditing and use a ServiceNow Service Account with access to these tables: - sys_db_object - sys_dictionary - sys_audit_delete - task - incident - sys_user - sys_user_group - cmdb_ci - sys_choice - Add all required fields and any additional fields you would like to see in reporting. ### Required Fields The following ServiceNow fields must be sent to create ITSM dashboards: > 🚧 Field names > > Actual field names may vary for your organization. Ensure that you send the equivalent required field.Β  > ❗️ Add fields before initializing > > ServiceNow incident fields that are created after the first initialization will not be synced. Ensure you add all required fields before initializing the integration. | **ServiceNow Field** | **Descripton** | | :-------- | :-------- | | Number | The ticket number used as a unique identifier. | | State/Status | The current progress or stage of an incident in its lifecycle. | | Opened | Timestamp for when the ticket opened. | | Resolved | Timestamp for when the ticket was resolved.Β 
Tickets that are still open are not expected to have a value. This is different than the time when a ticket closed.Β  For MTTR calculation purposes, a resolved date and time is required. | | Opened_by | Who opened the ticket. This could be BigPanda or another source.Β 
All sources should be included. | | Priority | The end state priority of the ticket | | Short description | Short description of the ticket. This field is leveraged to find the top recuring tickets.
This field is also sometimes referred to as the ticket title. | | BP_incident | The related BigPanda Incident ID for BigPanda-opened incidents. | | Made SLA | Identifies if the SLA was broken or not. This is a boolean field. | | Business impact | Identifies if there was business impact. | | Assignment_group | Represents the end state assignment group the ticket belongs to. | | Business duration | How long the incident was worked on, in minutes. | | Category | The end state category associated with the ticket. | | Caused by change | A link to the change that was listed as causing the incident. | | Close notes | Close notes associated with ticket. | | Closure_code | Resolution code assigned at ticket closure by the operator.Β 
This field is helpful in analyzing tickets that were closed with no action and may represent noise. | | Cmdb ci | Represents the end state configuration item (CI) on the ticket. | | Configuration item | Configuration item associated with ticket. | | Problem | A link to a problem ticket related to the incident. | | Reassignment_count | The number of times an incident was reassigned.Β 
This field is used to identify inefficiencies for tickets that bounce between groups are or routed to the incorrect resolution group | | Reopen count | The number of times an incident changed from resolved to an active status. | | Service (Affected Service) | The end state business service identified as impacted by the ticket. | | Subcategory | The end state subcategory associated with the ticket. | ### Connector Status The connector status allows you to quickly determine which step needs to be taken next during setup or to implement changes: - **required_auth** - The connector is created but credentials have not been provided. Navigate to the auth-uri to define credentials for the integration. - **auth_error** - Credentials are provided but are invalid. Navigate to the auth-uri and adjust credentials for the integration. - **pending_initialization** - Credentials are provided, valid and the connector is pending initiation to begin data stream flow. Reach out to BigPanda support to ensure the backend configuration is complete before initializing the connector. - **initial_sync** - The initial sync is in progress. Wait for the sync to finish to see data in BigPanda analytics. - **active** - The initial sync is done. The connector is active and will sync data at the next scheduled sync. You can begin working with the data, or reach out to BigPanda support to adjust column mapping. - **running** - The connector is active, and a data stream is in progress. - **sync_error** - There was an issue with the last attempt to sync data. Contact BigPanda support for assistance. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/itsm-data-connector x-scalar-ignore: true - name: Destination tags description: | The Destination Tags API allows you to retrieve the tags created by ingested monitoring events after event filtering, deduplication, preprocessing, and tag mapping. Destination tags can be filtered by the incoming integration source system, and pagination is available to search older event tags. Destination tags are retrieved in reverse order by the date they were added to an alert in BigPanda from an incoming event, with more recent tags returned first. ### Relevant Permissions Roles with the following permission can access the Destination Tags API: | Name | Description | | :-------- | :-------- | | Integrations | View, edit, and create new Integrations in the Integrations tab and API. | > πŸ“˜ **Enrichment tags** > > Destination tags include only tags created as part of the event payload processing. Alert and incident enrichment tags are created later in the pipeline. See the [Alert Enrichment](https://api-docs.bigpanda.io/en/#tag/alert-enrichment-21) or [Incident Tags](https://api-docs.bigpanda.io/en/#tag/manage-incident-tags) API for tags added later in BigPanda. > > Some destination tags may share names with alert or incident enrichment tags. These tags will be merged during enrichment and may appear different in the BigPanda console based on your Alert Enrichment rules. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route, per authentication token, per second. Additional requests will return a 429 response code and the request will need to be retried. > πŸ“˜ *Authentication necessary** > > A [User API Key](https://docs.bigpanda.io/docs/api-key-management) is required for authentication. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/open-integration-manager#tag-mapping-90032 - name: Environments description: | Environments group related incidents together in a filtered incident list view, allowing your team to focus on the incidents relevant to their role. Environments are configured using [BigPanda Query Language (BPQL)](https://docs.bigpanda.io/en/bigpanda-query-language--bpql-) to define rules on which incidents will be grouped together. The rules construct a simple and/or boolean expression that is evaluated against the incident properties. > ❗️ **Advanced editor only** > > The basic environment builder in the BigPanda UI guides users through the creation of environments without the need for a BPQL filter. However, once an environment has been created or edited using the Environments API, the basic environment builder will no longer be available for that environment. ## Relevant Permissions Roles with the following permission can access the Environments API: | Name | Description | | :-------- | :-------- | | Environments | View, edit, and create Environments in the UI and API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) guide. ## Authentication protocol A [User API Key](https://docs.bigpanda.io/docs/api-key-management) is required for authentication. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Reserved words in BPQL Certain words in BigPanda are reserved when using BPQL. When using these words to build environments, the system builds the environment according to the reserved meaning and is not able to treat them as a custom alert tag. - `zero_impact` = if `false` this means the environment has no incidents with the acknowledged or maintenance status - `status` = the current status of the incident. Possible statuses are: Critical, Warning, Unknown, Ok, or Acknowledged - `severity` = the max status reached by alerts in an incident. Possible statuses are: Critical, Warning, Unknown, Ok, or Acknowledged - `source_system` = the ID of the source system that produced the incident > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-environments - name: Environment groups description: | Your BigPanda environment groups can be customized to better fit the organizational structure and processes of your organization. Create, edit, or delete environment groups to help your teams stay focused on the most relevant information to them. ### Relevant Permissions Roles with the following permission can access the Environments API: | Name | Description | | :-------- | :-------- | | Environments | View, edit, and create Environments in the UI and API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) guide. > πŸ“˜ API key authentication protocol > > A [User API Key](https://docs.bigpanda.io/docs/api-key-management) is required for authentication. > 🚧 Rate limitations > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-environments - name: Incident management v1 description: | > 🚧 Deprecation coming > > BigPanda has a new Incidents API with additional functionality including: > > - Query searches with incident tag, folder and environment support > - The ability to split, merge, comment, snooze, and assign incidents through the API. > > See the Incidents v2 API for additional routes and functionality. > > You can continue to use this V1 API, but we recommend moving to the V2 API wherever possible. The Incidents API allows you to build integrated functionality between an external ticketing or collaboration system and BigPanda. It provides the `Incidents` object, which represents a BigPanda incident containing correlated alerts from your integrated monitoring systems. Use the Incidents API to retrieve, snooze, or resolve an incident in BigPanda. > 🚧 **Rate limitations** > > To maintain quality of service, the Incidents API is limited to 150 requests per minute. Additional requests will return a 429 response code and the request will need to be retried. > πŸ“˜ **API Key authentication protocol** > > An [Org token](https://api-docs.bigpanda.io/en/#description/org-token-vs-user-api-key) is required for authentication. - name: Retrieve incidents description: | The Incidents API allows you to manage BigPanda incidents externally, and can be configured with external ticketing and monitoring tools. It provides the `Incidents` object, which represents a BigPanda incident containing correlated alerts from your integrated monitoring systems. The Search Incidents function uses [BigPanda Query Language (BPQL)](https://docs.bigpanda.io/en/bigpanda-query-language--bpql-) to filter the incidents in your BigPanda instance and return those that meet specific conditions. Set sort order, pagination rules, and query incidents by tag, time frame, source system, or more. The Search Incidents function can be used to return all incidents in a specific environment. ## Expanding alert data To include the full alert object for each retrieved incident, include `expand=alerts` in the query. When making a call with alerts expanded, page_size cannot be larger than 10. An expanded call with a page size greater than 10 will return a 400 error. > πŸ‘ Environment ID > > The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the [Environments API](https://api-docs.bigpanda.io/en/#tag/environments) ## Relevant Permissions | **Permission** | **Description** | | :------------------------------ | :------------------------------------------------------------------------------------ | | Manage Environments | View, create, edit, and delete Environments in the UI and API, and view the incidents environments contain. | | Environment - Incident Actions | Full access Ability to perform actions on all enrichment tags and incidents (assign, snooze, share, comment), minus environment configuration in the specified environment(s). | | Environment - View | Read-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action. | | Incident Enrichment | View, create, and edit Incident Tags in BigPanda Settings. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. ## Authentication necessary All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. > 🚧 **Rate limitations** > > To maintain quality of service, the Incidents API is limited to 10 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/incidents-in-bigpanda - name: Incident actions description: | Incident Actions allows you to seamlessly manage incidents through the API. Incidents can be merged, split, assigned, snoozed, and commented on through the API. A list of the actions that have been taken on an incident can be retrieved using the Get Activities function. > πŸ‘ **Environment ID** > > The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the [Environments API](https://api-docs.bigpanda.io/en/#tag/environments) ## Asynchronous calls Some actions, like merge and split, are heavy asynchronous operations that will have a small delay before being reflected in your data. Multiple retries for an asynchronous call will result in an error. > 🚧 **Different objects** > > The Incidents V2 API and Notifications Webhook return different fields and formatting. This object page lists the fields for calls made to the Incidents V2 API. > > To configure a sharing integration or notifications webhook, see the ​​[Webhook Incident Object](https://docs.bigpanda.io/en/notifications-webhook#webhook-incident-object)​​. ## Relevant Permissions | **Permission** | **Description** | | :------------------------------ | :------------------------------------------------------------------------------------ | | Manage Environments | View, create, edit, and delete Environments in the UI and API, and view the incidents environments contain. | | Environment - Incident Actions | Full access Ability to perform actions on all enrichment tags and incidents (assign, snooze, share, comment), minus environment configuration in the specified environment(s). | | Environment - View | Read-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action. | | Incident Enrichment | View, create, and edit Incident Tags in BigPanda Settings. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. ## Authentication necessary All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Rate limitations** > > To maintain quality of service, the Incidents API is limited to 10 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/triage-incidents - name: Incident activity log description: | A list of the actions that have been taken on an incident can be retrieved using the Get Activities function. > πŸ‘ Environment ID > > The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the [Environments API](https://api-docs.bigpanda.io/en/#tag/environments) ### Relevant Permissions | **Permission** | **Description** | | :------------------------------ | :------------------------------------------------------------------------------------ | | Manage Environments | View, create, edit, and delete Environments in the UI and API, and view the incidents environments contain. | | Environment - Incident Actions | Full access Ability to perform actions on all enrichment tags and incidents (assign, snooze, share, comment), minus environment configuration in the specified environment(s). | | Environment - View | Read-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action. | | Incident Enrichment | View, create, and edit Incident Tags in BigPanda Settings. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. > πŸ“˜ **Authentication necessary** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Rate limitations** > > To maintain quality of service, the Incidents API is limited to 10 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/the-activity-tab - name: Incident tag definitions description: | Configure Incident Tags Definitions in the BigPanda Settings to attach additional fields to your incidents, adding context specific to your organization. Incident tags can be added and edited directly from the BigPanda UI or using this API. Once you create an incident tag definition, you can apply it to incidents. To learn more about how the Incident Tags feature works, see our [Manage Incident Enrichment](https://docs.bigpanda.io/en/manage-incident-enrichment) user guide. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-incident-enrichment - name: Manage incident tags description: | Incident Tags allow you to add context specific to your organization. You can add Incident Tags to Incidents through the BigPanda UI or via this API. Note that you will first need to configure an incident tag definition in order to apply it to incidents. To learn more about how the Incident Tags feature works, see our [Manage Incident Enrichment](https://docs.bigpanda.io/en/manage-incident-enrichment) user guide. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 30 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. ## Relevant Permissions Incident Tags permissions are defined by environment role access. To search incident tags, you will need permission to view incidents in the specified environment. To edit incident tags, you will need incident action permissions in the specified environment. > πŸ‘ **Environment ID** > > The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the [Environments API](https://api-docs.bigpanda.io/en/#tag/environments) | **Permission** | **Description** | | :------------------------------ | :------------------------------------------------------------------------------------ | | Manage Environments | View, create, edit, and delete Environments in the UI and API, and view the incidents environments contain. | | Environment - Incident Actions | Full access Ability to perform actions on all enrichment tags and incidents (assign, snooze, share, comment), minus environment configuration in the specified environment(s). | | Environment - View | Read-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action. | | Incident Enrichment | View, create, and edit Incident Tags in BigPanda Settings. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-incident-enrichment - name: Open integration manager v1 description: | > ❗ Open Integration Manager v1 Configuration > > The Open Integration Manager v1 API configuration should only be used by customers who onboarded the BigPanda platform prior to 2023 and have not upgraded their integration to leverage the v2 configuration. The Open Integration Manager enables you to create custom inbound alert integrations through the configuration of a generic inbound integration rather than creating custom code. The integration manager sets parsing rules for incoming payloads, pre-processing the content to match incoming data requirements before it reaches the BigPanda enrichment engine. > πŸ“˜ **Pre-configuration** > > Before leveraging the Integration Configuration API, the integration must be created within the UI. For OIM-enabled integrations, follow the full [installation instructions in BigPanda](https://a.bigpanda.io/#/app/integrations) before configuring OIM rules. ### Relevant Permissions Roles with the following permission can access the Open Integration Manager API: | Name | Description | | :-------- | :-------- | | Integrations | View, edit, and create new Integrations in the Integrations tab and API. | To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) documentation. > 🚧 **Waiting period between UI and API** > > After first creating an OIM-enabled integration in the BigPanda UI, wait ten minutes before attempting to create or update rules using the API. POST requests sent immediately after saving an integration within the UI may not be successful. Make note of the **[app key](https://docs.bigpanda.io/docs/integrate-with-bigpanda#app-keys)** as you'll need it for the API. > πŸ“˜ **Org token authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [Org Token](https://api-docs.bigpanda.io/en/#description/org-token-vs-user-api-key) type of Authorization token. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to **5** requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. ### Sample Payload For field validation, BigPanda checks against an existing sample JSON payload from the integration. For all create and update calls to the API, a sample must be included in the body of all calls. > πŸ“˜ **Size limits** > > The payload size limit that OIM can accept is 6 MB. > ❗️ **Change to defaults** > > As of October 2024, new OIM integrations will not flatten arrays by default. Existing integrations will not be affected by this change. If you would like to turn off array flattening for an integration created before October 2024, please reach out to support to update the array flattening setting. All payload fields referenced in configuration settings must be included in the sample. To generate a sample payload: - Send a test or sample event to BigPanda after integration installation, but before configuration - Generate an event preview in your tool - Manually enter payload field values into the interactive code generator on the BigPanda docs site When included in the API body, the sample payload should be JSON formatted with double quotes. The payload can include nested objects. **Example JSON Sample Payload** ``` "sample_payload": { "alerts": [ { "generatorURL": "https://some-url.io", "fingerprint": "123456789", "annotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "startsAt": "2022-07-05T19:59:25.661Z", "endsAt": "0001-01-01T00:00:00Z", "status": "firing", "labels": { "severity": "page", "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" } } ], "commonLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "externalURL": "https://external-url.io", "groupLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "receiver": "bigpanda", "version": "4", "commonAnnotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "status": "firing" } ``` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/open-integration-manager - name: Email parser description: | The Email Parser Configuration API enables you to create and manage email parser configurations, setting specific parsing rules to extract alert data from the subject and body of an email. Ideal for monitoring tools and systems that do not support REST API, email parser integrations extract alert data such as status, description, and additional properties right from the email's subject or body. The parser supports both text and HTML content. Each alert should be sent in a separate email. The parser is not able to parse attachments - all alert data must be in the subject or body of the email. For details on configuring the Email Parser, refer to our [Email Parser](https://docs.bigpanda.io/en/email-parser-configuration) documentation. > πŸ“˜ **Single source** > > A unique email parser must be configured for each source that will be sending emails to BigPanda. ## Relevant Permissions Roles with the following permission can access the Data Connector API: | Name | Description | | :-------- | :-------- | | Integrations | View, edit, and create new Integrations in the Integrations tab and API. | To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) documentation. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the [Org Token](https://api-docs.bigpanda.io/en/#description/org-token-vs-user-api-key) type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_ORG_TOKEN]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/email-parser - name: Open integration manager v2 description: | The Open Integration Manager enables you to create custom inbound alert integrations through the configuration of a generic inbound integration rather than creating custom code. The integration manager sets parsing rules for incoming payloads, pre-processing the content to match incoming data requirements before it reaches the BigPanda enrichment engine. Read our [Open Integration Manager](https://docs.bigpanda.io/en/open-integration-manager) documentation to learn how to configure integrations with OIM. > πŸ“˜ **Pre-configuration** > > Before leveraging the OIM API, you must first create an integration within the UI. For OIM-enabled integrations, follow the full [installation instructions in BigPanda](https://a.bigpanda.io/#/app/integrations) before configuring OIM rules. ### Relevant Permissions Roles with the following permission can access the Open Integration Manager API: | Name | Description | | :-------- | :-------- | | Integrations | View, edit, and create new Integrations in the Integrations tab and API. | To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) documentation. > 🚧 **Initial delay** > > After first creating an OIM-enabled integration in the BigPanda UI, wait ten minutes before attempting to create or update rules using the API. POST requests sent immediately after saving an integration within the UI may not be successful. Make note of the **[app key](https://docs.bigpanda.io/docs/integrate-with-bigpanda#app-keys)** as you'll need it for the API. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the [Org Token](https://api-docs.bigpanda.io/en/#description/org-token-vs-user-api-key) type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to **5** requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. ## Sample Payload For field validation, BigPanda checks against an existing sample JSON payload from the integration. For all create and update calls to the API, a sample must be included in the body of all calls. > πŸ“˜ **Size limits** > > The payload size limit that OIM can accept is 6 MB. ## New default As of October 2024, new OIM integrations will not flatten arrays by default. Existing integrations will not be affected by this change. If you would like to turn off array flattening for an integration created before October 2024, please reach out to support to update the array flattening setting. All payload fields referenced in configuration settings must be included in the sample. To generate a sample payload: - Send a test or sample event to BigPanda after integration installation, but before configuration - Generate an event preview in your tool - Manually enter payload field values into the interactive code generator on the BigPanda docs site When included in the API body, the sample payload should be JSON formatted with double quotes. The payload can include nested objects. **Example JSON Sample Payload** ``` "sample_payload": { "alerts": [ { "generatorURL": "https://some-url.io", "fingerprint": "123456789", "annotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "startsAt": "2022-07-05T19:59:25.661Z", "endsAt": "0001-01-01T00:00:00Z", "status": "firing", "labels": { "severity": "page", "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" } } ], "commonLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "externalURL": "https://external-url.io", "groupLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "receiver": "bigpanda", "version": "4", "commonAnnotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "status": "firing" } ``` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/open-integration-manager - name: Troubleshooting logs description: | The Integrations Diagnostics API allows handling error messages received from BigPanda's integrations. Use the Integrations Diagnostics API to retrieve and handle received error messages. Learn more about Integrations Diagnostics at [Troubleshooting Integrations](doc:troubleshooting-integrations). > 🚧 **Rate Limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route per second, for an individual authentication token. > Additional requests will return a 429 response code and the request will need to be retried. > 🚧 **Authentication** > > All BigPanda APIs require bearer token authorization in the call headers. > > This API uses the user API key type of authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` ### Relevant Permissions Roles with the following permission can access the Integrations Diagnostics API: | Name | Description | | :-------- | :-------- | | Integrations | View, edit, and create new Integrations in the Integrations tab and API. | To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) documentation. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/troubleshoot-an-integration - name: Maintenance plans description: | Use the Maintenance plans API to define time windows that parallel infrastructure changes of respective monitored services. [Maintenance plans](https://docs.bigpanda.io/en/manage-planned-maintenance) are configured in [BPQL Object](https://api-docs.bigpanda.io/en/#description/bpql-object-syntax) format and, once activated, mark events that match the criteria for maintenance. Origin tags supplied by a monitoring source and enriched tags automatically generated by the [Enrichment API](https://api-docs.bigpanda.io/en/#tag/alert-enrichment-21) are also supported for querying. ## Relevant Permissions Roles with the following permission can access the Maintenance plans API: | Name | Description | | :-------- | :-------- | | Maintenance plans | View, edit, and create new Maintenance plans in the UI and API. | To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/en/roles-management) documentation. > 🚧 **Plan limit** > > Each organization can only have 3,500 maintenance plans at a time. ## Condition limitations Maintenance plan conditions cannot be longer than 25,000 characters long. All alert tags in maintenance plan conditions are case-insensitive. Not all tags are available for maintenance plan conditions. See the [Tag Naming](https://docs.bigpanda.io/docs/tag-naming) documentation for a list of tags that have limited functionality in BigPanda. ## Authentication A [User API Key](https://docs.bigpanda.io/docs/api-key-management) is required for authentication. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. ## Time zones and Daylight Savings The time zone of a maintenance plan is determined by the browser time zone settings of the user who created the plan. For example, if a user in the EST time zone creates a maintenance plan that starts at 5 AM EST, users in the PST time zone will see the plan begin at 2 AM PST. Maintenance plans use a fixed Unix epoch time, so plan windows will not adjust for Daylight Savings Time. Additional object parameters will be added in-system upon creation of a maintenance plan. These fields should not be included in Post or Patch calls. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/manage-planned-maintenance - name: Roles description: | The Roles API is a tool to help you manage user roles in the BigPanda system, enabling you to bulk manage even large and complex permissions. Use the Roles API to create, retrieve, update, and delete roles from the BigPanda UI. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` externalDocs: description: Learn more url: https://docs.bigpanda.io/en/roles-management - name: Service provider details description: | The Service Provider Details API retrieves schemas from your SCIM service provider to help you bulk manage users in the BigPanda system. ### Relevant Permissions Roles with the following permission can use the SCIM Users API: | Permission | Description | | :------------------ | :------------------------------------------------ | | User Management | View, add, edit and delete Users in BigPanda Settings and the Users API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. > πŸ“˜ **Authentication necessary** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Rate limitations for SCIM APIs** > > To maintain quality of service, the Service Provider Details API is limited to 2 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/reference/scim-users-api - name: SCIM users description: | The Users API is a tool to help you manage users in the BigPanda system, enabling you to bulk manage even large and complex userbases. The SCIM Users API is based on the open standard ​[System for Cross-domain Identity Management (SCIM): Protocol 1.1​​](http://www.simplecloud.info/specs/draft-scim-core-schema-01). SCIM is an open standard used for automating the exchange of user identity information between identity domains or IT systems. Its purpose is to facilitate and ease the management of user identities in cloud based applications. BigPanda uses JSON-based formats for SCIM. ## Relevant Permissions Roles with the following permission can use the SCIM Users API: | Permission | Description | | :------------------ | :------------------------------------------------ | | User Management | View, add, edit and delete Users in BigPanda Settings and the Users API. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. ## Authentication necessary All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the [User API Key](https://docs.bigpanda.io/docs/api-key-management) type of Authorization token. > 🚧 **Rate limitations for SCIM APIs** > > To maintain quality of service, the Users API is limited to 2 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. externalDocs: description: Learn more url: https://docs.bigpanda.io/docs/user-management - name: Topology UI description: | The BigPanda Topology UI API allows users to manually structure the visual appearance of the topology between alert tag nodes, charting information that can be used to aid in investigating the root cause of the incident and assessing potential impact. Learn more in our [Real-Time Topology Mesh documentation](https://docs.bigpanda.io/en/topology). > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. ## Permissions Roles with the following permission can use the Topology UI API: | Permission | Description | | :--------------------- | :--------------------------------------------------------------------------------------- | | Topology View | View, upload, or edit topology maps via API, and view the Topology section in incident details. | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/topology - name: Notifications Webhook v2 description: | Customize share triggers and notification payloads when sending data from BigPanda to external tools like ticket and messaging systems. These payloads can include customized headers and URL paths for each notification and leverage dynamic variables for incident tags and metadata. Learn more in the [Notifications webhook v2](https://docs.bigpanda.io/en/notifications-webhook-v2) documentation. > 🚧 **Rate limitations** > > To maintain quality of service, BigPanda APIs are limited to 5 requests per route per second, for an individual authentication token. Additional requests will return a 429 response code and the request will need to be retried. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Permissions Roles with the following permission can use the Topology UI API: | Permission | Description | | :--------------------- | :--------------------------------------------------------------------------------------- | | Integrations | View, install, and edit integrations in the [Integrations tab](https://docs.bigpanda.io/en/the-integrations-tab). | | Notifications | View, add, edit, and delete [AutoShare rules](https://docs.bigpanda.io/en/manage-autoshare). | Permission access levels can be adjusted by selecting either **View** or **Full Access**. To learn more about how BigPanda's permissions work, see the [Roles Management](https://docs.bigpanda.io/docs/roles-management) guide. externalDocs: description: Learn more url: https://docs.bigpanda.io/en/notifications-webhook-v2 x-tagGroups: - name: Configure integrations tags: - Email parser - Open integration manager v2 - Open integration manager v1 - Troubleshooting logs - Raw OIM payload retrieval - Destination tags - Notifications Webhook v2 - name: Send data tags: - Send alerts - Send normalized alerts - Change records - Data connector - name: Manage & filter alerts tags: - Resolve alerts - Alert filter plans v2 - Alert filter schedules v2 - Alert filter plans v1 - Alert filter schedules v1 - Maintenance plans - name: Alert enrichment 2.1 tags: - Alert enrichment 2.1 - Alert tags v2-1 - Enrichment run order v2-1 - Non-mapping enrichment rules v2-1 - Mapping enrichment schemas v2-1 - Mapping enrichment records v2-1 - name: Alert enrichment 2.0 tags: - Alert enrichment 2.0 - Alert tags v2 - Enrichment run order v2 - Manual enrichment rules v2 - Mapping enrichment v2 - name: Incident processing tags: - Correlation pattern rules - Correlation pattern order - Environments - Environment groups - Topology UI - name: Incident management v2 tags: - Retrieve incidents - Incident actions - Incident activity log - Incident tag definitions - Manage incident tags - name: Incident management v1 tags: - Incident management v1 - name: AI features tags: - Automated incident analysis - Automated incident analysis configuration - Root cause change relationships - name: Access management tags: - API keys - Audit logs - Roles - Service provider details - SCIM users paths: /resources/v2.1/integration-alerts: parameters: - $ref: '#/components/parameters/x-bp-auth-details' get: summary: Get Integration Alerts tags: - Raw OIM payload retrieval parameters: - name: app_key in: query description: Integration app key required: true schema: type: string - name: limit in: query description: Maximum number of alerts to return per page required: false schema: type: integer minimum: 1 - name: page in: query description: Page number to return required: false schema: type: integer minimum: 1 - name: since in: query description: Optional string to filter alerts from this unix epoch time in seconds required: false schema: type: string responses: '200': description: OK content: application/json: schema: $ref: '#/components/parameters/IntegrationAlerts' '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/error-response-v1' '401': description: Unauthorized '404': description: Not found content: application/json: schema: $ref: '#/components/schemas/error-response-v1' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/error-response-v1' /resources/v2.1/fields-resolver/workflows: get: tags: - Notifications Webhook v2 summary: Retrieve available dynamic variables description: | The available dynamic variables API allows you to retrieve a list of incident and alert fields that can be used as a variable within outbound messaging templates and workflows. This endpoint will return all dynamic variables available for use in a webhook v2 integration configuration. This includes a list of standard system fields as well as any unique incident and alert tags created by your organization. > 🚧 **AI Processing delay** > > AI tags are generated at a 1-3 minute delay after initial incident processing. To include AI tags in static messages such as email, ensure the AutoShare is configured at a 3 minute delay. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Only webhook v2 dynamic variables will be retrieved** > > Custom email templates have a different set of available variables than webhook v2 integrations. Fields retrieved by the Dynamic Variables API are explicitly for webhook v2 and may not be available for email templates. See our [dynamic variables](https://docs.bigpanda.io/en/dynamic-variables) documentation for the list of fields available for email templates. security: - BearerUser: [] responses: '200': description: | List of valid fields retrieved successfully. Variables can be added to paths, headers, and the payload body by framing the variable value with double brackets: `{{variable.name}}`. content: application/json: schema: $ref: '#/components/schemas/dynamicvariables200response' '401': description: Unauthorized /resources/v2.1/integrations: get: summary: Retrieve all existing webhook v2 configurations tags: - Notifications Webhook v2 security: - BearerUser: [] description: | Customize share triggers and notification payloads when sending data from BigPanda to external tools like ticket and messaging systems. These payloads can include customized headers and URL paths for each notification and leverage dynamic variables for incident tags and metadata. responses: '200': description: Integration updated successfully content: application/json: schema: $ref: '#/components/schemas/webhookv2-200response' '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/generic400response' '401': description: Unauthorized post: summary: Create a new webhook v2 workflow integration tags: - Notifications Webhook v2 description: | The webhook v2 API allows you to programmatically manage the configuration for outbound webhook integrations. The webhook v2 integration is currently API-only, so integrations can only be created and updated via the Notifications Webhook v2 API. Once the new integration is created via API, you will be able to access it via the share configuration screen for either AutoShare rules or manual shares. The webhook v2 integration will also appear on the Integrations tab with your other integrations, where it can be deactivated or deleted. > 🚧 **AI Processing delay** > > AI tags are generated at a 1-3 minute delay after initial incident processing. To include AI tags in static messages such as email, ensure the AutoShare is configured at a 3 minute delay. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Only webhook v2 dynamic variables ** > > Custom email templates have a different set of available variables than webhook v2 integrations. Fields retrieved by the Dynamic Variables API are explicitly for webhook v2 and may not be available for email templates. See our [dynamic variables](https://docs.bigpanda.io/en/dynamic-variables) documentation for the list of fields available for email templates. security: - BearerUser: [] requestBody: required: true content: application/json: schema: type: object properties: name: type: string description: The name of the integration defined upon creation example: p0channel parent_system_id: type: string description: The type of Integration example: webhook_v2 workflow_config: $ref: '#/components/schemas/WorkflowConfig' responses: '201': description: Integration created successfully content: application/json: schema: $ref: '#/components/schemas/webhookv2-200response' '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/generic400response' '401': description: Unauthorized /resources/v2.1/integrations/{integration_id}: get: summary: Retrieve an existing webhook v2 configuration description: Retrieve a specific webhook v2 workflow configuration. tags: - Notifications Webhook v2 security: - BearerUser: [] parameters: - name: integration_id in: path required: true schema: type: string example: webhook_v2.p0channel responses: '200': description: Integration updated successfully content: application/json: schema: $ref: '#/components/schemas/webhookv2-200response' '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/generic400response' '401': description: Unauthorized '404': description: Integration not found content: application/json: schema: $ref: '#/components/schemas/generic404response' patch: summary: Update an existing webhook v2 workflow integration tags: - Notifications Webhook v2 description: | The webhook v2 API allows you to programmatically manage the configuration for outbound webhook integrations. > 🚧 **Complete integration ID needed** > > When updating a webhook v2 configuration, you will need the complete integration ID, including the parent integration (For example: snmp.la_site_east). If you don’t know your integration ID, you can find it by opening the integration details in the Integrations tab. The webhook v2 integration is currently API-only, so integrations can only be created and updated via the Notifications Webhook v2 API. Once the new integration is created via API, you will be able to access it via the share configuration screen for either AutoShare rules or manual shares. The webhook v2 integration will also appear on the Integrations tab with your other integrations, where it can be deactivated or deleted. > 🚧 **AI Processing delay** > > AI tags are generated at a 1-3 minute delay after initial incident processing. To include AI tags in static messages such as email, ensure the AutoShare is configured at a 3 minute delay. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. > 🚧 **Only webhook v2 dynamic variables** > > Custom email templates have a different set of available variables than webhook v2 integrations. Fields retrieved by the Dynamic Variables API are explicitly for webhook v2 and may not be available for email templates. See our [dynamic variables](https://docs.bigpanda.io/en/dynamic-variables) documentation for the list of fields available for email templates. security: - BearerUser: [] parameters: - name: integration_id in: path required: true schema: type: string example: webhook_v2.p0channel requestBody: required: true content: application/json: schema: type: object properties: workflow_config: $ref: '#/components/schemas/WorkflowConfig' responses: '200': description: Integration updated successfully content: application/json: schema: $ref: '#/components/schemas/webhookv2-200response' '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/generic400response' '401': description: Unauthorized '404': description: Integration not found content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.1/integrations/{app_key}: delete: summary: Delete a webhook v2 workflow integration tags: - Notifications Webhook v2 description: | The DELETE route requires the integration app-key rather than the integration ID. The app key can be retrieved by going to the Integrations tab and selecting the desired integration. > 🚧 **Complete integration ID needed** > > When updating a webhook v2 configuration, you will need the complete integration ID, including the parent integration (For example: snmp.la_site_east). If you don’t know your integration ID, you can find it by opening the integration details in the Integrations tab. security: - BearerUser: [] parameters: - name: app_key in: path required: true schema: type: string example: webhook_v2.p0channel responses: '204': description: Integration deleted successfully content: application/json: schema: $ref: '#/components/schemas/generic204response' '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/generic400response' '401': description: Unauthorized '404': description: Integration not found content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/ai/analysis: post: tags: - Automated incident analysis summary: Generate an AI Analysis security: - BearerUser: [] description: | Generate or regenerate an AI analysis for a specific incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/generic200response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.1/ai-analysis/configuration: post: tags: - Automated incident analysis configuration summary: Create a new AI Analysis Configuration security: - BearerUser: [] description: | Create a new AI analysis configuration. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` requestBody: content: application/json: schema: $ref: '#/components/schemas/aia_config_object' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/generic200response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.1/ai-analysis/configurations: get: tags: - Automated incident analysis configuration summary: Retrieve all AI Analysis configurations security: - BearerUser: [] description: | Retrieves all AI analysis configurations. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/aia_retrieve_200' /resources/v2.1/ai-analysis/configuration/{aia_config_id}: get: tags: - Automated incident analysis configuration summary: Retrieve an AI Analysis configuration by ID description: | Retrieve a specific AI analysis configuration by ID. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` parameters: - $ref: '#/components/parameters/aia_config_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/aia_retrieve_200' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' patch: tags: - Automated incident analysis configuration summary: Update an AI Analysis configuration security: - BearerUser: [] description: | Updates a specific AI Analysis configuration. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` parameters: - $ref: '#/components/parameters/aia_config_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/aia_config_object' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/generic200response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' delete: tags: - Automated incident analysis configuration summary: Delete an AI Analysis configuration security: - BearerUser: [] description: | Deletes a specific AI Analysis configuration. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` parameters: - $ref: '#/components/parameters/aia_config_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/generic200response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.0/enrichments-config/tags/{alerttag_name}: get: tags: - Alert tags v2 summary: List All Enrichment Items of a Tag description: | Lists all enrichment items for a tag (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: list-all-enrichments-2 parameters: - $ref: '#/components/parameters/alerttag_name' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_item' '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.0/enrichments-config/tags: get: tags: - Alert tags v2 summary: List All Alert Tags description: | Lists all alert tags in the organization (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: list-all-alert-tags responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_tag_object' /resources/v2.0/enrichments-config: get: tags: - Enrichment run order v2 summary: Retrieve tags order description: | Retrieves the execution order of tags (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retreive-tags-order responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_tags_order' '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/alert_tags_order' put: tags: - Enrichment run order v2 summary: Update tag order description: | Changes the order tags appear in the 'alert_tags_order' array (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-tags-order parameters: - name: alert_tags_order in: query schema: $ref: '#/components/schemas/alert_tags_order' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_tags_order' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.0/enrichments-config/tags/{alerttag_name}/order: get: tags: - Enrichment run order v2 summary: Retrieve enrichment item order description: | Retrieves the execution order of a tag's enrichment items (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-tags-order parameters: - $ref: '#/components/parameters/alerttag_name' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_order' '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/enrichment_order' put: tags: - Enrichment run order v2 summary: Update Enrichment Items Order description: | Updates the execution order of a tag's enrichment items. By default this list is empty and the execution order runs based on the creation time, any update to the tag items order will be added automatically to the 'enrichment_order' list (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-enrichment-items-order-of-a-tag parameters: - $ref: '#/components/parameters/alerttag_name' requestBody: content: application/json: schema: $ref: '#/components/schemas/enrichment_order' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_order' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.0/alert-enrichments: post: tags: - Manual enrichment rules v2 summary: Create Alert Enrichment Item description: | Creates a new alert enrichment item (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-enrichment-1 requestBody: content: application/json: schema: $ref: '#/components/schemas/enrichment_item' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_item' /resources/v2.0/alert-enrichments/{enrichment_id}: get: tags: - Manual enrichment rules v2 summary: Retrieve Alert Enrichment Item description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-enrichment-1 parameters: - $ref: '#/components/parameters/enrichment_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_item' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' delete: tags: - Manual enrichment rules v2 summary: Delete Alert Enrichment Item description: | Deletes a specific enrichment item (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-enrichment-1 parameters: - $ref: '#/components/parameters/enrichment_id' responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/generic202response' '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' patch: tags: - Manual enrichment rules v2 summary: Update Alert Enrichment Item description: | Update parameters for a specific enrichment item (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-enrichment-1 parameters: - $ref: '#/components/parameters/enrichment_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/enrichment_item' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_item' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.0/alert-enrichments/{mapschema_id}/map: get: tags: - Mapping enrichment v2 summary: Retrieve Mapping Enrichment description: | Retrieves a specific enrichment map (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-mapping-enrichment-1 parameters: - $ref: '#/components/parameters/mapschema_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/map_object_return' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' post: tags: - Mapping enrichment v2 summary: Create Mapping Enrichment Table Rows description: | Adds specific rows to an existing mapping enrichment table (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-mapping-enrichment-table-rows parameters: - $ref: '#/components/parameters/mapschema_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/map_row_change' required: false responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/mapping_enrichment_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' patch: tags: - Mapping enrichment v2 summary: Update Mapping Enrichment Table Rows description: | Updates specific rows of an existing mapping enrichment table (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-mapping-enrichment-table-rows-1 parameters: - $ref: '#/components/parameters/mapschema_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/map_row_change' required: false responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/mapping_enrichment_response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.0/alerts-enrichments-jobs/{job_id}: get: tags: - Mapping enrichment v2 summary: Check Status of Upload Job description: | Checks the status of an asynchronous job to upload or update a mapping enrichment table (Enrichment V2) > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: check-status-of-upload-job parameters: - $ref: '#/components/parameters/job_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_item' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.1/enrichments-config/tags: get: tags: - Alert tags v2-1 summary: Retrieve All Alert Tags description: | List all alert tags configured in BigPanda. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-tags responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/alert_tag_response' post: tags: - Alert tags v2-1 summary: Create Alert Tag description: | Creates a new tag. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Config object required** > > The config object is required when creating an enrichment item. When adding your array of enrichment items, make sure to expand the config object and include all required parameters. > > Different fields are required for composition and extraction type enrichments. ## Composition enrichment items Composition enrichment items are created by defining a value template. The Composition template is a simple formula to populate tag value using strings and other tag values. Use any tag value as a variable, using the format `${}`. For example: `mywiki.com/${host}/${check}` Special formatting is required for tag values that contain encoded characters for URLs. If the tag value contains encoded values for the characters `%`, `+`, or a space, use the format `${exact()}` to protect the values from being re-encoded. Composition configs must include the `source`, `destination`, and `value` properties. ## Extraction enrichment items Extraction enrichment items are created by defining a regular expression (regex formula). Extraction Regex: The [Regular expression](https://regex101.com/) to extract the new tag value from the source tag value. - Use a caret `^` to indicate starts with and a dollar sign `$` to indicate ends with. - Use parentheses to surround the capture group for the extraction. BigPanda uses the contents of the first capture group to create the value of the alert enrichment tag. - Use a [non-capturing group](https://stackoverflow.com/questions/3512471/what-is-a-non-capturing-group-in-regular-expressions) to ignore part of the contents. If a tag value doesn't match the pattern, the alert is not enriched with the alert enrichment item. Extraction configs must include the `source`, `destination`, and `regex` properties. security: - BearerUser: [] operationId: create-tag requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_tag_object' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/alert_tag_response' /resources/v2.1/enrichments-config/tags/{alerttag_name}: get: tags: - Alert tags v2-1 summary: Retrieve Alert Tag description: | Retrieves a specific alert tag. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-tag parameters: - $ref: '#/components/parameters/alerttag_name' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_tag_response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' delete: tags: - Alert tags v2-1 summary: Delete Alert Tag description: | Deletes an alert tag. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-tag parameters: - $ref: '#/components/parameters/alerttag_name' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_tag_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' patch: tags: - Alert tags v2-1 summary: Update Alert Tag Data description: | Updates tag fields for name, active state, or description. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-tag-data parameters: - $ref: '#/components/parameters/alerttag_name' requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_tag_object' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_tag_response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.1/enrichments-config/tags/{alerttag_name}/enrichments: post: tags: - Non-mapping enrichment rules v2-1 summary: Create Enrichment description: | Creates a new composition or extraction enrichment item for the tag. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Config object required** > > The config object is required when creating an enrichment item. When adding your array of enrichment items, make sure to expand the config object and include all required parameters. > > Different fields are required for composition and extraction type enrichments. ## Composition enrichment items Composition enrichment items are created by defining a value template. The Composition template is a simple formula to populate tag value using strings and other tag values. Use any tag value as a variable, using the format `${}`. For example: `mywiki.com/${host}/${check}` Special formatting is required for tag values that contain encoded characters for URLs. If the tag value contains encoded values for the characters `%`, `+`, or a space, use the format `${exact()}` to protect the values from being re-encoded. Composition configs must include the `source`, `destination`, and `value` properties. ## Extraction enrichment items Extraction enrichment items are created by defining a regular expression (regex formula). Extraction Regex: The [Regular expression](https://regex101.com/) to extract the new tag value from the source tag value. - Use a caret `^` to indicate starts with and a dollar sign `$` to indicate ends with. - Use parentheses to surround the capture group for the extraction. BigPanda uses the contents of the first capture group to create the value of the alert enrichment tag. - Use a [non-capturing group](https://stackoverflow.com/questions/3512471/what-is-a-non-capturing-group-in-regular-expressions) to ignore part of the contents. If a tag value doesn't match the pattern, the alert is not enriched with the alert enrichment item. Extraction configs must include the `source`, `destination`, and `regex` properties. security: - BearerUser: [] operationId: create-tag-rule parameters: - $ref: '#/components/parameters/alerttag_name' requestBody: content: application/json: schema: $ref: '#/components/schemas/enrichment_item' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_itemresponse' '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/enrichment_itemresponse' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' delete: tags: - Non-mapping enrichment rules v2-1 summary: Delete Enrichment Item description: | Deletes a composition or extraction enrichment item for the tag. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-tag-rule parameters: - $ref: '#/components/parameters/alerttag_name' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' patch: tags: - Non-mapping enrichment rules v2-1 summary: Update Enrichment Item description: | Updates a composition or extraction enrichment item for the tag. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Config object required** > > The config object is required when creating an enrichment item. When adding your array of enrichment items, make sure to expand the config object and include all required parameters. > > Different fields are required for composition and extraction type enrichments. ## Composition enrichment items Composition enrichment items are created by defining a value template. The Composition template is a simple formula to populate tag value using strings and other tag values. Use any tag value as a variable, using the format `${}`. For example: `mywiki.com/${host}/${check}` Special formatting is required for tag values that contain encoded characters for URLs. If the tag value contains encoded values for the characters `%`, `+`, or a space, use the format `${exact()}` to protect the values from being re-encoded. Composition configs must include the `source`, `destination`, and `value` properties. ## Extraction enrichment items Extraction enrichment items are created by defining a regular expression (regex formula). Extraction Regex: The [Regular expression](https://regex101.com/) to extract the new tag value from the source tag value. - Use a caret `^` to indicate starts with and a dollar sign `$` to indicate ends with. - Use parentheses to surround the capture group for the extraction. BigPanda uses the contents of the first capture group to create the value of the alert enrichment tag. - Use a [non-capturing group](https://stackoverflow.com/questions/3512471/what-is-a-non-capturing-group-in-regular-expressions) to ignore part of the contents. If a tag value doesn't match the pattern, the alert is not enriched with the alert enrichment item. Extraction configs must include the `source`, `destination`, and `regex` properties. security: - BearerUser: [] operationId: update-tag-rule parameters: - $ref: '#/components/parameters/alerttag_name' requestBody: content: application/json: schema: $ref: '#/components/schemas/enrichment_item' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_itemresponse' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.1/enrichments-config: put: tags: - Enrichment run order v2-1 summary: Update Alert Tag Order description: | Updates tag run order. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-tag-order requestBody: content: application/json: schema: $ref: '#/components/schemas/enrichment_order' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_order_response' /resources/v2.1/enrichments-config/tags/{alerttag_name}/order: put: tags: - Enrichment run order v2-1 summary: Update Enrichment Item Order for an Alert Tag description: | Updates enrichment item order for a composition or extraction tag. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-rule-order-for-a-tag parameters: - $ref: '#/components/parameters/alerttag_name' requestBody: content: application/json: schema: $ref: '#/components/schemas/enrichment_order' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/enrichment_order_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.1/mapping-enrichment: get: tags: - Mapping enrichment schemas v2-1 summary: Retrieve All Mapping Enrichment Schemas description: | Lists all mapping enrichment schemas in BigPanda. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-mapping-enrichment-rule responses: '200': description: '200' content: application/json: schema: type: object items: $ref: '#/components/schemas/mapping_config_response' post: tags: - Mapping enrichment schemas v2-1 summary: Create Mapping Enrichment Schema description: | Creates a mapping enrichment schema. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **override_existing** > > If ​​`override_existing`​​ is set to false, mapping values will not be added to any alert where the field is already populated, even if the field is populated with a `null`. security: - BearerUser: [] operationId: create-mapping-enrichment-rule requestBody: content: application/json: schema: $ref: '#/components/schemas/mapping_enrichment' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/mapping_config_response' /resources/v2.1/mapping-enrichment/{mapschema_id}: get: tags: - Mapping enrichment schemas v2-1 summary: Retrieve Mapping Enrichment Schema description: | Retrieves a specific mapping enrichment schema. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-mapping-enrichment-rule parameters: - $ref: '#/components/parameters/mapschema_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/mapping_config_response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' delete: tags: - Mapping enrichment schemas v2-1 summary: Delete Mapping Enrichment Schema description: | Deletes a mapping enrichment schema. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-mapping-enrichment-rule parameters: - $ref: '#/components/parameters/mapschema_id' responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/generic204response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' patch: tags: - Mapping enrichment schemas v2-1 summary: Update Mapping Enrichment Schema description: | Updates a mapping enrichment schema. The only fields that can be modified in the update request are the `active`, `when`, and `note` parameters. The mapping schema config cannot be edited. Any other fields that are changed in the Patch call will be ignored. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **override_existing** > > If ​​`override_existing`​​ is set to false, mapping values will not be added to any alert where the field is already populated, even if the field is populated with a `null`. security: - BearerUser: [] operationId: update-mapping-enrichment-rule parameters: - $ref: '#/components/parameters/mapschema_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/update_mapping_enrichment' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/mapping_config_response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v2.1/mapping-enrichment/{mapschema_id}/map: get: tags: - Mapping enrichment records v2-1 summary: Retrieve Mapping Enrichment Table description: | Retrieve a specific enrichment map. Mapping Enrichment Tables are initially uploaded as CSV files. When managing individual map rows or retrieving mapping enrichment tables, the results will be returned as a JSON object. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-map parameters: - $ref: '#/components/parameters/mapschema_id' - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/per_page' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/map_object_return' post: tags: - Mapping enrichment records v2-1 summary: Create mapping enrichment table using CSV description: | Uploads an enrichment map. Mapping Enrichment Tables are initially uploaded as CSV files. When managing individual map rows or retrieving mapping enrichment tables, the results will be returned as a JSON object. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-map-using-csv parameters: - $ref: '#/components/parameters/mapschema_id' - $ref: '#/components/parameters/mapupload' requestBody: content: '': schema: type: string format: binary required: false responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/job_status' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' patch: tags: - Mapping enrichment records v2-1 summary: Create, Update, or Delete Mapping Enrichment Row description: | Create, update, or delete a specific map row. Mapping Enrichment Tables are initially uploaded as CSV files. When managing individual map rows or retrieving mapping enrichment tables, the results will be returned as a JSON object. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: patch-map-row parameters: - $ref: '#/components/parameters/mapschema_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/mapping_enrichment' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/mapping_enrichment_response' /resources/v2.1/alert-enrichments-jobs/{job_id}: get: tags: - Mapping enrichment records v2-1 summary: Retrieve Mapping Table Job Status description: | Retrieves the status of a previous enrichment change. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Asynchronous upload Because it is a potentially long-running action, the table upload is performed asynchronously. Therefore, the immediate response indicates only whether the request was properly formatted and, if it was, provides a URL for checking the status of the upload. The entire table upload must complete successfully for the changes to take effect; the API does not support partial success. A typical asynchronous upload negotiation consists of these steps: 1. Upload the table: A Job object is created and a ​location​​ URL for checking the status is returned. 2. Use the URL to periodically check the job status until it is set to done or failed. 3. If the job was not successful, you can retry the request. If necessary, debug any connectivity issues or data formatting issues that may have contributed to the failed upload. For example, ensure the CSV file follows the enrichment schema definition. security: - BearerUser: [] operationId: retrieve-job-status parameters: - $ref: '#/components/parameters/job_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/job_status' /resources/v2.0/environments/{environment_id}/batch-resolve/alerts: post: tags: - Resolve alerts summary: Resolve Alerts description: | Sets the alert status to "OK" for a list of alerts. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: resolve-alerts parameters: - $ref: '#/components/parameters/environment_id' requestBody: description: The resolution request. content: application/json: schema: $ref: '#/components/schemas/resolve_alerts' required: true responses: '202': description: Success content: application/json: schema: $ref: '#/components/schemas/generic202response' /resources/v2.0/audit/logs: get: tags: - Audit logs summary: Search Audit Logs description: | Retrieve a subset of audit logs. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-audit-logs parameters: - name: resource_type in: query description: Comma separated list of resource types. schema: type: string - name: action_type in: query description: Comma separated list of action types. schema: type: string - name: start in: query description: >- The earliest time audit logs should come from. Unix epoch time (in seconds). schema: type: string - name: end in: query description: >- The latest time audit logs should come from. Unix epoch time (in seconds). schema: type: string - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/per_page' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/audit_log' /data/changes: post: tags: - Change records summary: Create or Update a Change description: | Creates or updates a single change. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-or-update-a-change parameters: - $ref: '#/components/parameters/x-bp-app-key' requestBody: content: application/json: schema: $ref: '#/components/schemas/change_object' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/change_object' /resources/v2.0/changes/{change_id}: get: tags: - Change records summary: Retrieve a Change description: | Retrieve a specific change record. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-a-change parameters: - $ref: '#/components/parameters/change_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/change_object' /resources/v2.0/changes: get: tags: - Change records summary: Retrieve All Changes description: | Retrieves all change records. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-changes parameters: - name: start_time_frame in: query description: >- Retrieves all the changes starting after this timeframe. Default is set to 4 hours before end timeframe. Unix epoch time (in seconds). required: true schema: type: string - name: end_time_frame in: query description: >- Retrieves all the changes starting after this timeframe. Unix epoch time (in seconds). required: true schema: type: string - name: search in: query description: >- Search text within one of three 3 fields (identifier, summary, status). The search term should be enclosed in double quotes " schema: type: string - name: limit in: query description: Maximum number of results to be returned. schema: type: string - name: cursor in: query description: >- Used to query a new page of results, provided by the Link header in the previous call. schema: type: string - name: incident_id in: query description: Whether to return related metadata for a specific incident schema: type: string - name: sort in: query description: >- The field to sort results by. One of (start_time_frame, end_time_frame) schema: type: string - name: include in: query description: Whether or not to include the change object in the response schema: type: string default: change responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/change_object' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.0/rcc: get: tags: - Root cause change relationships summary: Retrieve All RCC Relations (for an incident or change) description: | Retrieves the schema definitions for all RCC relations. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-rcc-relations parameters: - name: incident_id in: query description: | The incident to query. Required if retrieving RCC relations for an incident. schema: $ref: '#/components/parameters/incident_id' - name: include in: query description: >- (Retrieve for Incident) Whether or not to include the change object in the response. Use only if retrieving RCC relations for an incident. schema: type: string default: change - name: change_id in: query description: >- System id of the change in BigPanda. Required if retrieving RCC relations for a change. schema: type: string - name: include_history in: query description: >- (Retrieve for Change) Whether to include a record of historical change relations. schema: type: boolean default: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/related_change' post: tags: - Root cause change relationships summary: Create an RCC Relation description: | Creates a new schema definition for creating a new RCC relation. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-related-change-rcc requestBody: description: The change relation to create content: application/json: schema: $ref: '#/components/schemas/Change-relation-object' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/generic201response' /resources/v2.0/rcc/{related_change_id}: get: tags: - Root cause change relationships summary: Retrieve an RCC Relation description: | Retrieves the schema definition for a specific RCC relation. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-an-rcc-change parameters: - name: related_change_id in: path description: System id of the RCC relation. required: true schema: type: string responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/related_change' put: tags: - Root cause change relationships summary: Update an RCC Relation description: | Updates a specific RCC relation. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-related-change-rcc parameters: - name: related_change_id in: path description: System id of the RCC relation. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/related_change' required: true responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/related_change' /resources/v2.0/correlation-patterns: get: tags: - Correlation pattern rules summary: Retrieve All Correlation Patterns description: | Retrieve all correlation patterns. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-correlation-patterns parameters: - name: active in: query description: | When set to true, the request will return all active correlation patterns schema: $ref: '#/components/parameters/active' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/pattern' post: tags: - Correlation pattern rules summary: Create Correlation Pattern description: | Create a new correlation pattern. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Pattern parameters Correlation patterns define the relationships between alerts. - Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog. - Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check. - Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another. - Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources. By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. Examples - `​source_system=api.*​​` - All Alerts API sources will be included - ​​`source_system=api.restapi`​​ - Only Alerts from the Rest API will be included Alerts from multiple sources can be correlated together if cross-source correlation is enabled. security: - BearerUser: [] operationId: create-correlation-pattern requestBody: description: The schema of the correlation pattern content: application/json: schema: $ref: '#/components/schemas/pattern' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/pattern' /resources/v2.0/correlation-patterns/{pattern_id}: get: tags: - Correlation pattern rules summary: Retrieve a Correlation Pattern by ID description: | Retrieve the configuration for a specific correlation pattern. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Pattern parameters Correlation patterns define the relationships between alerts. - Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog. - Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check. - Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another. - Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources. By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. Examples - `​source_system=api.*​​` - All Alerts API sources will be included - ​​`source_system=api.restapi`​​ - Only Alerts from the Rest API will be included Alerts from multiple sources can be correlated together if cross-source correlation is enabled. security: - BearerUser: [] operationId: retrieve-a-correlation-pattern-by-id parameters: - $ref: '#/components/parameters/pattern_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/pattern' delete: tags: - Correlation pattern rules summary: Delete Correlation Pattern description: | Delete a specific correlation pattern. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-correlation-pattern parameters: - $ref: '#/components/parameters/pattern_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/pattern' patch: tags: - Correlation pattern rules summary: Update Correlation Pattern description: | Update the configuration for a specific correlation pattern. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Pattern parameters Correlation patterns define the relationships between alerts. - Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog. - Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check. - Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another. - Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources. By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. Examples - `​source_system=api.*​​` - All Alerts API sources will be included - ​​`source_system=api.restapi`​​ - Only Alerts from the Rest API will be included Alerts from multiple sources can be correlated together if cross-source correlation is enabled. security: - BearerUser: [] operationId: update-correlation-pattern parameters: - $ref: '#/components/parameters/pattern_id' requestBody: description: The configuration of the correlation pattern content: application/json: schema: $ref: '#/components/schemas/pattern' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/pattern' /resources/v2.1/correlation-patterns-order: put: tags: - Correlation pattern order summary: Update Correlation Pattern Order description: | Update the run order for BigPanda correlation rules. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-correlation-pattern-order requestBody: content: application/json: schema: $ref: '#/components/schemas/pattern_order' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/pattern_order' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.1/correlation-patterns-order/reset: post: tags: - Correlation pattern order summary: Reset Correlation Patterns Order description: | Reset the correlation pattern order to run in order by time window. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: reset-correlation-patterns-order responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/pattern_order' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.0/tags: get: tags: - Destination tags summary: Retrieve destination tags description: | Retrieves destination tags in reverse order by most recent received time in BigPanda. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: get-destination-tags parameters: - name: source_system in: query description: The ID of the integration that sent the tag. schema: type: string - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/per_page' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/destination_tags' /resources/v2.0/environments: get: tags: - Environments summary: Retrieve All Environments description: | Retrieve all environments for an organization. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-environments responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/environment_object' post: tags: - Environments summary: Create an Environment description: | Create a new environment. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-an-environment requestBody: content: application/json: schema: $ref: '#/components/schemas/environment_object' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/environment_object' /resources/v2.0/environments/{environment_id}: get: tags: - Environments summary: Retrieve an Environment by ID description: | Retrieve details for a specific environment. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: get-an-environment parameters: - $ref: '#/components/parameters/environment_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/environment_object' delete: tags: - Environments summary: Delete Environment description: | Delete an environment. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-environment parameters: - $ref: '#/components/parameters/environment_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/generic200response' patch: tags: - Environments summary: Update Environment description: | Update an environment configuration. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-environment parameters: - $ref: '#/components/parameters/environment_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/environment_object' required: false responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/environment_object' /resources/v2.0/environments-groups: get: tags: - Environment groups summary: Retrieve All Environment Groups description: | Get details for all environment groups. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-environment-groups responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/environment_object' post: tags: - Environment groups summary: Create an Environment Group description: | Create a new environment group. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-environment-groups requestBody: content: application/json: schema: $ref: '#/components/schemas/environment_group_object' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/environment_group_response' /resources/v2.0/environments-groups/{group_id}: put: tags: - Environment groups summary: Update Environment Group description: | Update configuration for a specific environment group. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-environment-group parameters: - $ref: '#/components/parameters/group_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/environment_group_object' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/environment_group_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' delete: tags: - Environment groups summary: Delete Environment Group description: | Delete an environment group. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-environment-group parameters: - $ref: '#/components/parameters/group_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' '404': description: '404' content: application/json: schema: $ref: '#/components/schemas/generic404response' /resources/v1.0/incidents/{incident_id}: get: tags: - Incident management v1 summary: Retrieve an Incident description: | Retrieves the requested BigPanda incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerOrg: [] operationId: incidents-get parameters: - name: expand in: query description: Option to return the full representation of an expandable object. schema: type: string - $ref: '#/components/parameters/incident_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incidents-v1inline_response_200' post: tags: - Incident management v1 summary: Resolve/Comment Incident description: | Resolves or adds a comment to the requested BigPanda incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` - BearerOrg: [] operationId: resolve-incident parameters: - $ref: '#/components/parameters/incident_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/incidents-v1body' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}: get: tags: - Retrieve incidents summary: Retrieve Incident by ID description: | Retrieves a specific BigPanda incident. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-incident-by-id parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incidents_v2_response' /resources/v2.0/environments/{environment_id}/incidents: get: tags: - Retrieve incidents summary: Search Incidents description: | Retrieves all BigPanda incidents that meet query parameters within an environment. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Expanding alert data To include the full alert object for each retrieved incident, include `expand=alerts` in the query. When making a call with alerts expanded, page size cannot be larger than 10. An expanded call with a page size greater than 10 will return a 400 error. security: - BearerUser: [] operationId: search-incidents parameters: - $ref: '#/components/parameters/environment_id' - name: query in: query description: | The [URL encoded](https://en.wikipedia.org/wiki/Percent-encoding) [BPQL query](https://docs.bigpanda.io/docs/bigpanda-query-language) to filter incidents. Default is All Incidents (β€œ*”). 2000 characters max schema: type: string - name: from in: query description: | Unix epoch time when the start time of the search window occurred (in seconds). Incidents that were active at any point during the window will be returned. schema: type: integer format: int32 - name: to in: query description: | Unix epoch time when the end of the search window occurred (in seconds). Incidents that were active at any point during the window will be returned. Default is Query Timestamp schema: type: integer format: int32 - name: sort_by in: query description: Sort option. One of [`last_change`, `status`, `start`, `alerts`]. schema: type: string default: last_change - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/page_size' - name: expand in: query description: | When set to 'alerts' the payload will contain the alerts payload by their schema. Page_size cannot be larger than 10 for expanded queries. schema: type: string - name: folder in: query description: | One of: 'active', 'shared', 'snoozed', 'resolved', 'unhandled', 'maintenance'. If no folder is specified, the API will search all folders. schema: type: string responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incidents_v2_response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/split: post: tags: - Incident actions summary: Split Incident description: | Splits a list of alerts into a new BigPanda incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: split-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/split_incident' required: false responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/generic202response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/merge: post: tags: - Incident actions summary: Merge Incidents description: | Merges a list of BigPanda incidents into 1 incident. > 🚧 **Alert limit** > > The maximum number of alerts that can be correlated into a single incident is 300. > > If the combined number of alerts in the incidents being merged exceeds 300, the merge will fail. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: merge-incidents-1 parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' description: >- The unique identifier of the incident. This incident will be the destination incident for the merge. requestBody: content: application/json: schema: $ref: '#/components/schemas/merge_incidents' required: false responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/generic202response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/comments: post: tags: - Incident actions summary: Comment on Incident description: | Add a comment to a BigPanda incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: comment-on-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/incident_comments' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/snooze: put: tags: - Incident actions summary: Snooze Incident description: | Place an incident in the snooze state. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: snooze-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/snooze' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' delete: tags: - Incident actions summary: Unsnooze Incident description: | Remove the snooze state from an incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: unsnooze-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/assignment: put: tags: - Incident actions summary: Assign Incident description: | Assign a user to be responsible for an incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: assign-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/assign_incident' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' delete: tags: - Incident actions summary: Unassign Incident description: | Unassign a user from an incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: unassign-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/resolve: post: tags: - Incident actions summary: Resolve Incident description: | Resolve a BigPanda incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: resolve-incident-1 parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/incident_comment' required: false responses: '202': description: '202' content: application/json: schema: $ref: '#/components/schemas/generic202response' /resources/v2.0/incidents/{incident_id}/activities: get: tags: - Incident activity log summary: Get Incident Activities description: | Retrieve a list of enrichment actions taken on an incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Filter by activity Incident Activities can be filtered by activity type, using a comma separated query string of one or more activity types with the call. Example queries: - `​/activities?page=5`​​ - will return results from the 5th set of results - ​​`/activities?per_page=40​​` - will return 40 results per page instead of the default 20 - ​`/activities?types=incident_commented,incident_snoozed​​` - will return only comment and snooze activity - `/activities?types=incident_created,incident_resolved_ui_manually,incident_resolved_api,incident_resolved_by_alerts,incident_reopen`​​ - will return only opening and closing activity for the incident. Activities available for retrieval are:​ - incident_created​ - incident_assigned​ - incident_unassigned - incident_become_flapping - incident_commented​ - incident_resolved_ui_manually​ - incident_resolved_api - incident_alerts_resolved - incident_tag_removed - incident_tag_updated​ - incident_merged_destination - incident_merged_source - incident_rcc_update - incident_shared - incident_splitted_destination - incident_splitted_source - incident_snoozed - incident_unsnoozed - incident_opened - incident_reopen - incident_resolved_by_alerts ## Return order Activities are returned in reverse timestamp order, most recent activities to oldest. ## Time-based alert resolution activity type Stale incident resolution through time-based alert resolution is included under the ​`incident_resolved_api`​​ activity type. security: - BearerUser: [] parameters: - $ref: '#/components/parameters/incident_id' - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/per_page_20' - name: types in: query description: | A list of activity types to return, separated by commas. Leave blank to return all activity types. Activities available for retrieval are:​ - incident_created​ - incident_assigned​ - incident_unassigned - incident_become_flapping - incident_commented​ - incident_resolved_ui_manually​ - incident_resolved_api - incident_alerts_resolved - incident_tag_removed - incident_tag_updated​ - incident_merged_destination - incident_merged_source - incident_rcc_update - incident_shared - incident_splitted_destination - incident_splitted_source - incident_snoozed - incident_unsnoozed - incident_opened - incident_reopen - incident_resolved_by_alerts schema: type: string responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incident_activities' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/tags/{incidenttag_id}: get: tags: - Manage incident tags summary: Retrieve an Incident Tag from an Incident description: | Retrieve a single incident tag of a single incident by ID. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: retrieve-an-incident-tag-from-a-single-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' - $ref: '#/components/parameters/incidenttag_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incident_tag_return' post: tags: - Manage incident tags summary: Add an Incident Tag to an Incident description: | Create or update an incident tag for a single incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: create-and-incident-tag parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' - $ref: '#/components/parameters/incidenttag_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/tag_value_post' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/incident_tag_return' delete: tags: - Manage incident tags summary: Delete an Incident Tag from an Incident description: | Delete a single incident tag of a single incident by ID. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-an-incident-tag parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' - $ref: '#/components/parameters/incidenttag_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/environments/{environment_id}/incidents/{incident_id}/tags: get: tags: - Manage incident tags summary: Retrieve All Tags for an Incident description: | Retrieve all incident tags from a single incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: retrieve-multiple-incident-tags-from-a-single-incident parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/incident_tag' post: tags: - Manage incident tags summary: Add Multiple Incident Tags to an Incident description: | Create or update multiple incident tags for a single incident. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: create-multiple-incident-tags parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/tag_array' required: false responses: '204': description: '204' content: application/json: schema: type: array items: $ref: '#/components/schemas/incident_tag_return' delete: tags: - Manage incident tags summary: Delete All Tags for an Incident description: | Delete all incident tags for a single incident by ID. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: delete-all-incident-tags parameters: - $ref: '#/components/parameters/environment_id' - $ref: '#/components/parameters/incident_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/incidents/tags/definitions: get: tags: - Incident tag definitions summary: Get All Incident Tags Definitions description: | Get all incident tags definitions. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: get-all-incident-tags-definitions parameters: - $ref: '#/components/parameters/active' - name: type in: query description: | Incident tag definition's type. One of [`Text`, `MultiValue`, `Priority`, `ClosedListValuesMulti`, `ClosedListValuesSingle`]. schema: type: string responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incident_tag_schema_response' post: tags: - Incident tag definitions summary: Create an Incident Tag Definition description: | Create an incident tag definition. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: create-an-incident-tag-definition requestBody: content: application/json: schema: $ref: '#/components/schemas/incident_tag_schema' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/incident_tag_schema_response' /resources/v2.0/incidents/tags/definitions/{incidenttag_id}: get: tags: - Incident tag definitions summary: Get an Incident Tag Definition description: | Get incident tag definition by ID. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: get-an-incident-tag-definition parameters: - $ref: '#/components/parameters/incidenttag_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incident_tag_schema_response' put: tags: - Incident tag definitions summary: Update an Incident Tag Definition description: | Update an incident tag definition by ID. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` > 🚧 **Tag value format** > > Incident tag values are generally a single string. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' security: - BearerUser: [] operationId: update-an-incident-tag-definition parameters: - $ref: '#/components/parameters/incidenttag_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/incident_tag_schema' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/incident_tag_schema_response' /resources/v2.0/troubleshooting/logs: get: tags: - Troubleshooting logs summary: Retrieve All Troubleshooting Logs description: | Retrieves a specific definition for an enrichment schema. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-troubleshooting-logs parameters: - name: log_type in: query description: Type of logged event. style: form explode: true schema: type: array items: type: string - name: level in: query description: 'Level of logged event. Options are: ''error'', ''warning'', or ''info''.' style: form explode: true schema: type: array items: type: string - name: message in: query description: Textual search within the message field. schema: type: string - name: component_name in: query description: Brief message describing the event. schema: type: string - name: resource_id in: query description: System-generated unique identifier for the resource. style: form explode: true schema: type: array items: type: string - name: payload in: query description: Textual search within the payload object. schema: type: string - $ref: '#/components/parameters/start' - $ref: '#/components/parameters/end' - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/per_page' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/diagnostic_log' /resources/v2.0/maintenance-plans: get: tags: - Maintenance plans summary: Retrieve All Plans description: | Retrieves the schema definitions for all maintenance plans. ## Retrieval limits Maintenance plans can only be returned for 60 days after the end date. The API can only return up to 100,000 maintenance plans. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: maintenance-plan-v2-retrieve-all-plans parameters: - $ref: '#/components/parameters/active' responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/maintenance_plan_response' '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' post: tags: - Maintenance plans summary: Create a new maintenance plan description: | Creates a new schema definition for creating a new maintenance plan. ## Condition limitations Maintenance plan conditions cannot be longer than 25,000 characters long. All alert tags in maintenance plan conditions are case-insensitive. See the [Epoch Converter](http://www.epochconverter.com/#tools) to convert times to unix epoch format. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: maintenance-plan-v2-create-plan requestBody: content: application/json: schema: $ref: '#/components/schemas/maintenance_plan_object' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/maintenance_plan_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.0/maintenance-plans/{maintenance_id}: get: tags: - Maintenance plans summary: Retrieve a Plan description: | Retrieves the schema definition for a specific maintenance plan. ## Retrieval limits Maintenance plans can only be returned for 60 days after the end date. The API can only return up to 100,000 maintenance plans. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: maintenance-plan-v2-retrieve-plan parameters: - $ref: '#/components/parameters/maintenance_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/maintenance_plan_response' delete: tags: - Maintenance plans summary: Delete a Plan description: | Deletes a specific maintenance plan and removes it from the system. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: maintenance-plan-v2-delete-plan parameters: - $ref: '#/components/parameters/maintenance_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' patch: tags: - Maintenance plans summary: Update a Plan description: | Updates a specific maintenance plan. ## Update limitations In planned plans, any field can be updated. In running plans, only the plan's end field can be updated. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: maintenance-plan-v2-update-plan parameters: - $ref: '#/components/parameters/maintenance_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/maintenance_plan_object' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/maintenance-plans/{maintenance_id}/stop: post: tags: - Maintenance plans summary: Stop Plan description: | Stops a specific maintenance plan. Note: Only active plans can be stopped. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: maintenance-plan-v2-stop-plan parameters: - $ref: '#/components/parameters/maintenance_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/ordered-maintenance-plans: get: tags: - Maintenance plans summary: Retrieve All Plans v2 description: | Retrieve a list of all maintenance plans, or filter and search maintenance plans that meet specific conditions. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-plans-v2 parameters: - name: sort_by in: query description: | The field to define result order. One of: updated_at, created_at, next_run schema: type: string default: created_at - name: order in: query description: | Whether to return results in ascending or descending order. One of: asc, desc schema: type: string default: desc - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/per_page' - name: search_text in: query description: >- Enter a string value to search the plan name and description for that value. schema: type: string - name: status in: query description: | Filter results to plan status. One of: planned, running, done schema: type: string - name: frequency in: query description: | Filter by plan type. One of `one-time`, `recurring`. schema: type: string responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/maintenance_plan_response' /resources/v2.1/roles: get: tags: - Roles summary: Retrieve All Roles description: | The Roles API is a tool to help you manage user roles in the BigPanda system, enabling you to bulk manage even large and complex permissions. Use the Roles API to create, retrieve, update, and delete roles from the BigPanda UI. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-roles parameters: - $ref: '#/components/parameters/page' - $ref: '#/components/parameters/per_page_20' - name: direction in: query description: The direction to sort results by schema: type: string default: desc or asc - name: sort in: query description: | The field to sort results by. One of `id`, `name`, `created_at`. schema: type: string responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/role' post: tags: - Roles summary: Create a Role description: | Creates a new role. ## System fields System fields (​​id​​, ​created_by​​, ​created_at​​, and ​updated_at​​) will be set automatically. If included in the Create payload, these fields will be discarded. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-a-role requestBody: content: application/json: schema: $ref: '#/components/schemas/role_object' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/role' /resources/v2.1/roles/{role_id}: get: tags: - Roles summary: Retrieve Role by ID description: | Retrieves a specific role. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-role-by-id parameters: - $ref: '#/components/parameters/role_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/role' put: tags: - Roles summary: Update a Role description: | You are able to update name, users, and permissions in a single call. Any differences between the existing role and fields in the Update call will be applied. This includes incomplete parameters. The full list of users and permissions must be included in each update call. For example, if a role has eight permissions and only one is included in the call, the role will be updated to only have the one permission. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-a-role parameters: - $ref: '#/components/parameters/role_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/role_object' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/role' delete: tags: - Roles summary: Delete a Role description: | Deletes a role from the system. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-a-role parameters: - $ref: '#/components/parameters/role_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/scim/ServiceProviderConfigs: get: tags: - Service provider details summary: Retrieve Service Provider Configuration description: | Retrieves the service provider configuration details of BigPanda's SCIM API. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-configuration responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/service_provider_config' /resources/v2.0/scim/Users/{user_id}: get: tags: - SCIM users summary: Retrieve User by ID description: | Retrieves a specific user. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-user-by-id parameters: - $ref: '#/components/parameters/user_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/userreturn' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' delete: tags: - SCIM users summary: Delete a User description: | Deactivates a user account in the system. The account will no longer appear in the UI, and the user will not be able to log in. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-a-user parameters: - $ref: '#/components/parameters/user_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/userreturn' patch: tags: - SCIM users summary: Update a User description: | Updates field values for a user. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-users parameters: - $ref: '#/components/parameters/user_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/userupdate' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/userreturn' /resources/v2.0/scim/Schemas/urn:scim:schemas:core:1.0:User: get: tags: - Service provider details summary: Retrieve User Schema description: | Retrieves the User Schema details for the SCIM API. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-user-schemas responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/users_config' /resources/v2.0/scim/Users: get: tags: - SCIM users summary: Retrieve Users description: | Retrieves a list of all users within BigPanda, including inactive users. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_USER_API_KEY]` ## Filtering results When retrieving all users, all users in the system will be returned by default, including inactive users. Inactive users are defined as any user who has been deleted. Add a filter to the endpoint call to restrict returns based on the values of several standard fields. ### Filter syntax `​/scim/Users?filter={field} {SCIM operator} {filter value}` Filters can only apply to a subset of attribute fields within the user object: - displayName - userName - active All SCIM operators are supported. See the ​[SCIM Parameters](http://www.simplecloud.info/specs/draft-scim-core-schema-01)​​ documentation for details on available operators. For example, a filter to retrieve only active users: `https://api.bigpanda.io/resources/v2.0/scim/Users?filter=active eq true` ## Pagination By default, the retrieve users call returns the first 1000 users in the list. Pagination parameters can be used together to "page through" large numbers of returns. ### Pagination syntax `​/scim/Users?startIndex={return #}&count={# of returns}` ### Example To retrieve the first 10 users, set the startIndex to 1, and the count to 10 `https://api.bigpanda.io/resources/v2.0/scim/Users?startIndex=1&count=10` To then query the next set of 10, change the startIndex to 11, and send another call. > 🚧 **Pagination** > > Pagination is not session based. A request for a list of 10 users beginning with a startIndex of 1 may return different results when repeated as a user in the original result could be deleted or new ones could be added in-between requests. ## Sort results By default, retrieve users results are returned in ascending order, by active field. Add a sort field and order to the endpoint call to change the order results are listed. ### Sort syntax `/scim/Users?sortBy={field}&sortOrder={ascending/descending}​` SortBy fields include: - id - userName - displayName - active SortOrder is alphanumeric for ​`id`​​, `​userName`​​, `​displayName`​​. True, then false for `​active`​​. SortOrder options are: - ascending - descending Examples: `https://api.bigpanda.io/resources/v2.0/scim/Users?sortBy=userName​` `https://api.bigpanda.io/resources/v2.0/scim/Users?sortBy=id&sortOrder=descending​` security: - BearerUser: [] operationId: retrieve-all-users responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/userreturn' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' post: tags: - SCIM users summary: Create Users description: | Creates a new user. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-users requestBody: content: application/json: schema: $ref: '#/components/schemas/usercreate' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/userreturn' /resources/v2.0/scim/schemas: get: tags: - Service provider details summary: Retrieve All description: | Retrieves all schemas associated with the SCIM API. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-schemas responses: '200': description: '200' content: application/json: schema: type: object properties: users_config: $ref: '#/components/schemas/users_config' service_provider_config: $ref: '#/components/schemas/service_provider_config' /resources/v2.0/topologies: get: tags: - Topology UI summary: Retrieve All Topologies description: | Retrieves all of the organization’s topology models. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-topologies responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/topologyresponse' post: tags: - Topology UI summary: Create Topology description: | Creates a new topology model (only one per organization). > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-topology requestBody: description: The topology model configuration content: application/json: schema: $ref: '#/components/schemas/topologyobject' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/topologyresponse' /resources/v2.0/topologies/{model_id}: get: tags: - Topology UI summary: Retrieve a Topology description: | Retrieves a topology model. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-topology parameters: - $ref: '#/components/parameters/model_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/topologyresponse' put: tags: - Topology UI summary: Update a Topology description: | Updates the organization's topology model. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token.Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-topology parameters: - $ref: '#/components/parameters/model_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/topologyobject' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/topologyresponse' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' delete: tags: - Topology UI summary: Delete a Topology description: | Deletes the organization's topology model and removes it from the system. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your User API Key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-topology parameters: - $ref: '#/components/parameters/model_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v1.0/plans: get: tags: - Alert filter plans v1 summary: Retrieve All Alert Filters description: | Retrieves the schema for all existing alert filters. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: retrieve-all-alert-filters parameters: - $ref: '#/components/parameters/active' responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/alert_filter_return' post: tags: - Alert filter plans v1 summary: Create an Alert Filter description: | Creates a new alert filter. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: create-an-alert-filter requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_object' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' /resources/v1.0/plans/{filter_id}: get: tags: - Alert filter plans v1 summary: Retrieve an Alert Filter description: | Retrieves the schema for an existing alert filter. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: retrieve-an-alert-filter parameters: - $ref: '#/components/parameters/filter_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' delete: tags: - Alert filter plans v1 summary: Delete an Alert Filter description: | Deletes an existing alert filter and removes it from the system. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: delete-an-alert-filter parameters: - $ref: '#/components/parameters/filter_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' patch: tags: - Alert filter plans v1 summary: Update an Alert Filter description: | Updates an existing alert filter. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: update-an-alert-filter parameters: - $ref: '#/components/parameters/filter_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_object' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' /resources/v1.0/schedules: get: tags: - Alert filter schedules v1 summary: Retrieve All Alert Filter Schedules description: | Retrieves the schema for all existing schedules. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: retrieve-all-alert-filter-schedules responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/alert_filter_schedule' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' post: tags: - Alert filter schedules v1 summary: Create an Alert Filter Schedule description: | Creates a new schedule. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: create-an-alert-filter-schedule requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_schedule' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' '400': $ref: '#/components/schemas/generic400response' /resources/v1.0/schedules/{schedule_id}: get: tags: - Alert filter schedules v1 summary: Retrieve an Alert Filter Schedule description: | Retrieves the schema for an existing schedule. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerOrg: [] operationId: retrieve-an-alert-filter-schedule parameters: - $ref: '#/components/parameters/schedule_id' responses: '200': $ref: '#/components/schemas/alert_filter_schedule_response' '400': $ref: '#/components/schemas/generic400response' delete: tags: - Alert filter schedules v1 summary: Delete an Alert Filter Schedule description: | Deletes an existing schedule and removes it from the system. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: delete-an-alert-filter-schedule parameters: - $ref: '#/components/parameters/schedule_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' patch: tags: - Alert filter schedules v1 summary: Update an Alert Filter Schedule description: | Updates an existing alert filter schedule. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: update-an-alert-filter-schedule parameters: - $ref: '#/components/parameters/schedule_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_schedule' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/alert_filter_schedule_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.0/plans: get: tags: - Alert filter plans v2 summary: Retrieve All Alert Filters description: | Retrieves the schema for all existing alert filters. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-alert-filters parameters: - $ref: '#/components/parameters/active' responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/alert_filter_return' post: tags: - Alert filter plans v2 summary: Create an Alert Filter description: | Creates a new alert filter. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-an-alert-filter requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_object' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' /resources/v2.0/plans/{filter_id}: get: tags: - Alert filter plans v2 summary: Retrieve an Alert Filter description: | Retrieves the schema for an existing alert filter. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-an-alert-filter parameters: - $ref: '#/components/parameters/filter_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' delete: tags: - Alert filter plans v2 summary: Delete an Alert Filter description: | Deletes an existing alert filter and removes it from the system. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-an-alert-filter parameters: - $ref: '#/components/parameters/filter_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' patch: tags: - Alert filter plans v2 summary: Update an Alert Filter description: | Updates an existing alert filter. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-an-alert-filter parameters: - $ref: '#/components/parameters/filter_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_object' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' /resources/v2.0/schedules: get: tags: - Alert filter schedules v2 summary: Retrieve All Alert Filter Schedules description: | Retrieves the schema for all existing schedules. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-all-alert-filter-schedules responses: '200': description: '200' content: application/json: schema: type: array items: $ref: '#/components/schemas/alert_filter_schedule' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' post: tags: - Alert filter schedules v2 summary: Create an Alert Filter Schedule description: | Creates a new schedule. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: create-an-alert-filter-schedule requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_schedule' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/alert_filter_return' '400': $ref: '#/components/schemas/generic400response' /resources/v2.0/schedules/{schedule_id}: get: tags: - Alert filter schedules v2 summary: Retrieve an Alert Filter Schedule description: | Retrieves the schema for an existing schedule. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: retrieve-an-alert-filter-schedule parameters: - $ref: '#/components/parameters/schedule_id' responses: '200': $ref: '#/components/schemas/alert_filter_schedule_response' '400': $ref: '#/components/schemas/generic400response' delete: tags: - Alert filter schedules v2 summary: Delete an Alert Filter Schedule description: | Deletes an existing schedule and removes it from the system. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: delete-an-alert-filter-schedule parameters: - $ref: '#/components/parameters/schedule_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' patch: tags: - Alert filter schedules v2 summary: Update an Alert Filter Schedule description: | Updates an existing alert filter schedule. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerUser: [] operationId: update-an-alert-filter-schedule parameters: - $ref: '#/components/parameters/schedule_id' requestBody: content: application/json: schema: $ref: '#/components/schemas/alert_filter_schedule' required: false responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/alert_filter_schedule_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.1/apikeys: get: tags: - API keys summary: Retrieve all API Keys description: | Retrieve all API keys for an organization. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/api_key' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' post: tags: - API keys summary: Create API Key description: | Create an API key. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/api_key' required: false responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/api_key' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.1/service-accounts/{service_account_id}/api-keys: get: tags: - API keys summary: Retrieve API Keys for a Service Account description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] parameters: - name: service_account_id in: path description: The system-generated ID of the BigPanda service account. required: true schema: type: string responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/api_key' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /resources/v2.1/apikeys/{apikey_id}: get: tags: - API keys summary: Retrieve an API Key description: | Retrieve a specific API key. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] parameters: - $ref: '#/components/parameters/apikey_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/api_key' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' delete: tags: - API keys summary: Delete an API Key description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] parameters: - $ref: '#/components/parameters/apikey_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/api_key' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' patch: tags: - API keys summary: Update an API Key description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] parameters: - $ref: '#/components/parameters/apikey_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/api_key' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' /data/v2/alerts: post: tags: - Send alerts summary: Send alert monitoring events to BigPanda description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the User API Key type of Authorization token. Your user API key must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_USER_API_KEY]` security: - BearerOrg: [] operationId: alerts requestBody: content: application/json: schema: $ref: '#/components/schemas/standard_alert' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/generic201response' /resources/v2.0/data-connectors: get: tags: - Data connector summary: Retrieve all data connectors description: | Retrieves all data connectors the user has access to. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: retrieve-all-data-connectors responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/data_connector_response' post: tags: - Data connector summary: Create a data connector description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: create-a-data-connector requestBody: content: application/json: schema: $ref: '#/components/schemas/data_connector' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/data_connector_response' /resources/v2.0/data-connectors/{connector_id}: servers: - url: https://integrations.bigpanda.io get: tags: - Data connector summary: Retrieve a data connector description: | Retrieves a specific data connector. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io security: - BearerOrg: [] operationId: retrieve-a-data-connector parameters: - $ref: '#/components/parameters/connector_id' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/data_connector_response' '400': description: '400' content: application/json: schema: $ref: '#/components/schemas/generic400response' delete: tags: - Data connector summary: Delete a data connector description: | Remove a data connector integration. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` security: - BearerOrg: [] operationId: delete-a-data-connector parameters: - $ref: '#/components/parameters/connector_id' responses: '204': description: '204' content: application/json: schema: $ref: '#/components/schemas/generic204response' /resources/v2.0/data-connectors/{connector_id}/auth-uri: servers: - url: https://integrations.bigpanda.io post: tags: - Data connector summary: Add data connector authentication description: | Returns the secure URI where authentication and setup is configured. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io security: - BearerOrg: [] operationId: add-data-connector-authentication parameters: - $ref: '#/components/parameters/connector_id' responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/generic201response' /configurations/alerts/oim/{v1_app_key}: servers: - url: https://integrations.bigpanda.io get: tags: - Open integration manager v1 summary: Retrieve OIM Configuration description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your user org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io security: - BearerOrg: [] operationId: retrieve-oimv1-configuration parameters: - $ref: '#/components/parameters/v1_app_key' responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/oim_v1_config' post: tags: - Open integration manager v1 summary: Create/Update OIM Configuration description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io security: - BearerOrg: [] operationId: create-update-oimv1-configuration-test parameters: - $ref: '#/components/parameters/v1_app_key' requestBody: description: The oim v1 integration configuration content: application/json: schema: $ref: '#/components/schemas/oim_v1_config' required: true responses: '200': description: '200' content: application/json: schema: $ref: '#/components/schemas/oim_v1_config' /configurations/alerts/emailparser/{app_key_p}: servers: - url: https://integrations.bigpanda.io get: tags: - Email parser summary: Retrieve Email Parser Configuration description: | Get a specific parser configuration. ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io security: - BearerOrg: [] operationId: retrieve-email-parser-configuration parameters: - $ref: '#/components/parameters/app_key_p' responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/email_parser_config' post: tags: - Email parser summary: Create/Update Email Parser Configuration description: | ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io ## Pre-configuration Before an email integration can be configured using the Email Parser API, the integration must be created within the UI. Follow the in-product steps to create a new Alerts API Integration and make note of the app key and integration id. Once created, the integration can be configured through the Email Parser API security: - BearerOrg: [] operationId: create-update-email-parser-configuration parameters: - $ref: '#/components/parameters/app_key_p' requestBody: content: application/json: schema: $ref: '#/components/schemas/email_parser_config' required: true responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/email_parser_config' /configurations/alerts/oim/{app_key_p}: servers: - url: https://integrations.bigpanda.io get: tags: - Open integration manager v2 summary: Retrieve OIM Configuration description: | ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io security: - BearerOrg: [] operationId: retrieve-oim-configuration-v2 parameters: - $ref: '#/components/parameters/app_key_p' responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/oim_v2_config' post: tags: - Open integration manager v2 summary: Create/Update OIM Configuration description: | ## Authentication All BigPanda APIs require Bearer Token Authorization in the call headers. This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. Example: `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io ## New default As of October 2024, new OIM integrations will not flatten arrays by default. Existing integrations will not be affected by this change. If you would like to turn off array flattening for an integration created before October 2024, please reach out to support to update the array flattening setting. ## Sample payload object For field validation, BigPanda checks against an existing sample JSON payload from the integration. For all create and update calls to the API, a sample must be included in the body of all calls. All payload fields referenced in configuration settings must be included in the sample. To generate a sample payload: - Send a test or sample event to BigPanda after integration installation, but before configuration. - Generate an event preview in your tool. - Manually enter payload field values into the interactive code generator on the BigPanda docs site. When included in the API body, the sample payload should be JSON formatted with double quotes. The payload can include nested objects. ```JSON sample payload "sample_payload": { "alerts": [ { "generatorURL": "https://some-url.io", "fingerprint": "123456789", "annotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "startsAt": "2022-07-05T19:59:25.661Z", "endsAt": "0001-01-01T00:00:00Z", "status": "firing", "labels": { "severity": "page", "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" } } ], "commonLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "externalURL": "https://external-url.io", "groupLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "receiver": "bigpanda", "version": "4", "commonAnnotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "status": "firing" } ``` security: - BearerOrg: [] operationId: create-update-oim-configuration-v2 parameters: - $ref: '#/components/parameters/app_key_p' requestBody: description: The OIM configuration content: application/json: schema: $ref: '#/components/schemas/oim_v2_config' required: true responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/oim_v2_config' /oim/api/preprocess: servers: - url: https://integrations.bigpanda.io post: tags: - Send normalized alerts summary: Send alert events to an OIM integration and shorten the URL. description: | > ❗ API endpoint > > This API is called at `integrations.bigpanda.io` The Open Integration Manager enables you to create custom inbound alert integrations through the configuration of a generic inbound integration rather than creating custom code. The integration manager sets parsing rules for incoming payloads, pre-processing the content to match incoming data requirements before it reaches the BigPanda enrichment engine. This API allows you to send OIM payloads to this URL to first shorten the URL through specific tags. > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. security: - BearerOrg: [] parameters: - $ref: '#/components/parameters/app_key_h' requestBody: content: application/json: schema: $ref: '#/components/schemas/oim_alert_preprocessors' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/generic201response' /oim/api/alerts: servers: - url: https://integrations.bigpanda.io post: tags: - Send normalized alerts summary: Send alert events to an OIM integration. description: | > 🚧 **Authentication** > > All BigPanda APIs require Bearer Token Authorization in the call headers. > > This API uses the Organization token type of Authorization token. Your org token must be provided in the header, prefixed by the word `Bearer`. > > Example: > `Authorization: Bearer [YOUR_ORG_TOKEN]` > 🚧 **Incorrect URL in Builder** > > This endpoint is accessed at the https://integrations.bigpanda.io url, not https://api.bigpanda.io security: - BearerOrg: [] operationId: oim-send-alerts parameters: - $ref: '#/components/parameters/app_key_h' requestBody: content: application/json: schema: oneOf: - $ref: '#/components/schemas/oim_alert' - $ref: '#/components/schemas/multi_alert_payload' required: false responses: '201': description: '201' content: application/json: schema: $ref: '#/components/schemas/generic201response' components: parameters: alert_id: name: alert_id in: path required: true description: The system id of the alert in BigPanda. schema: type: string example: 60a4ee83bb7d9d046b8d7a93 aia_config_id: name: aia_config_id in: path required: true description: The system id of the AI Analysis configuration. schema: type: string example: 67f3df89886657bfa13913gf mapupload: name: Content-Type in: header required: true schema: type: string example: text/csv; charset=utf8 environment_id: name: environment_id in: path description: The system id of a BigPanda environment required: true schema: type: string example: 63bd568809cb331300ffa555 group_id: name: group_id in: path description: System id of a BigPanda environment group required: true schema: type: string example: incident_id: name: incident_id in: path description: The system id of a BigPanda incident required: true schema: type: string example: 681102f731824249f48df555 alerttag_name: name: alerttag_name in: path description: Tag name in BigPanda. May be a normalized tag name. required: true schema: type: string example: host alerttag_id: name: alerttag_id in: path description: System id of a BigPanda alert tag. required: true schema: type: string example: enrichment_id: name: enrichment_id in: path description: System id of a BigPanda enrichment rule. required: true schema: type: string example: 7a649631-1cf7-4dbc-9c9b-64cdc067c555 page: name: page in: query description: Which set of results to return. schema: type: integer example: 4 default: 1 per_page_10: name: per_page in: query description: Number of results to show for each page. schema: type: integer example: 30 default: 10 per_page_20: name: per_page in: query description: Number of results to show for each page. schema: type: integer example: 30 default: 20 per_page: name: per_page in: query description: Number of results to show for each page. schema: type: integer example: 30 default: 100 page_size: name: page_size in: query description: Number of results to show for each page. schema: type: integer example: 30 default: 10 mapschema_id: name: mapschema_id in: path description: System id of the enrichment map. required: true schema: type: string example: job_id: name: job_id in: path description: System id of the upload job. required: true schema: type: string example: 262762hh2 x-bp-app-key: name: x-bp-app-key in: header description: The app key for the associated integration. required: true schema: type: string example: 45h43j43y app_key_h: name: app_key_h in: header description: The app key for the associated integration. required: true schema: type: string example: q354h2hn34y app_key_p: name: app_key_p in: path description: The app key for the associated integration. required: true schema: type: string example: gag342351qgb v1_app_key: name: v1_app_key in: path description: The app key for the associated integration. required: true schema: type: string example: o87f875488g8745 change_id: name: change_id in: path description: System id of the change in BigPanda. required: true schema: type: string example: pattern_id: name: pattern_id in: path description: System ID of the correlation pattern. required: true schema: type: string example: incidenttag_id: name: incidenttag_id in: path description: The ID of the incident tag. required: true schema: type: string example: 1611g13t1461 active: name: active in: query description: Whether to filter results to only active items. schema: type: boolean default: true example: false start: name: start in: query description: Retrieve resources that occurred after this time(in Unix epoch seconds). schema: type: integer format: int32 example: 1751242926 end: name: end in: query description: Retrieve resources that occurred before this time(in Unix epoch seconds). schema: type: integer format: int32 example: 1753834926 maintenance_id: name: maintenance_id in: path description: System id for a maintenance plan in BigPanda. required: true schema: type: string example: 1231tyg2q34551 model_id: name: model_id in: path description: System id for the topology visual model in BigPanda. required: true schema: type: string example: 1234h13462 role_id: name: role_id in: path description: System id for the role in BigPanda. required: true schema: type: string example: 134g134y264 user_id: name: user_id in: path description: System id for the user in BigPanda. required: true schema: type: string example: 5f82d3495558352a180e51cb filter_id: name: filter_id in: path description: System id for the alert filter in BigPanda. required: true style: simple explode: false schema: type: string example: 312y23y3246y32 schedule_id: name: schedule_id in: path description: System id for the alert schedule in BigPanda. required: true style: simple explode: false schema: type: string example: 234y23yh3 apikey_id: name: apikey_id in: path description: System id of the API key in BigPanda. required: true schema: type: string example: 234y3246526 connector_id: name: connector_id in: path description: The unique identifier for the data connector. required: true schema: type: string example: 234yt3246 related_change_id: name: related_change_id in: path description: Unique identifier for the change-incident relationship. required: true schema: type: string example: 2346732y345y236 service_account_id: name: service_account_id in: path description: The unique ID of the BigPanda service account assigned to the API key. required: true schema: type: string example: 63bd568977a8d60012bf3xyz types: name: types in: query description: | A list of activity types to return, separated by commas. Leave blank to return all activity types. One of [incident_created, incident_assigned, incident_unassigned, incident_become_flapping, incident_commented, incident_resolved_ui_manually, incident_resolved_api, incident_alerts_resolved, incident_tag_removed, incident_tag_updated, incident_merged_destination, incident_merged_source, incident_rcc_update, incident_shared, incident_splitted_destination, incident_splitted_source, incident_snoozed, incident_unsnoozed, incident_opened, incident_reopen, incident_resolved_by_alerts] schema: type: string example: incident_shared resource_type: name: resource_type in: query description: Comma separated list of resource types. schema: type: string example: 234g23462u34y action_type: name: action_type in: query description: Comma separated list of action types. schema: type: string start_time_frame: name: start_time_frame in: query description: >- Retrieves all the items starting after this timeframe. Default is set to 4 hours before end timeframe. Unix epoch time (in seconds). required: true schema: type: string end_time_frame: name: end_time_frame in: query description: >- Retrieves all the items starting before this timeframe. Unix epoch time (in seconds). required: true schema: type: string search: name: search in: query description: >- Search text within one of three 3 fields (identifier, summary, status). The search term should be enclosed in double quotes " schema: type: string limit: name: limit in: query description: Maximum number of results to be returned. schema: type: string cursor: name: cursor in: query description: >- Used to query a new page of results, provided by the Link header in the previous call. schema: type: string include: name: include in: query description: Whether or not to include the change object in the response schema: type: string default: change include_history: name: include_history in: query description: >- (Retrieve for Change) Whether to include a record of historical change relations. schema: type: boolean default: false sort: name: sort in: query description: The field to sort results by schema: type: string sort_by: name: sort_by in: query description: Sort option schema: type: string folder: name: folder in: query description: >- One of: 'active', 'shared', 'snoozed', 'resolved', 'unhandled', 'maintenance'. If no folder is specified, the API will search all folders. schema: type: string source_system: name: source_system in: query description: The ID of the integration that sent the tag. schema: type: string component_name: name: component_name in: query description: Brief message describing the event. schema: type: string level: name: level in: query description: 'Level of logged event. Options are: ''error'', ''warning'', or ''info''.' style: form explode: true schema: type: array items: type: string message: name: message in: query description: Textual search within the message field. schema: type: string payload: name: payload in: query description: Textual search within the payload object. schema: type: string query: name: query in: query description: >- The URL encoded [BPQL query](https://docs.bigpanda.io/docs/bigpanda-query-language) to filter incidents. Default is All Incidents (β€œ*”). 2000 characters max schema: type: string order: name: order in: query description: >- Whether to return results in ascending or descending order. One of: asc, desc schema: type: string default: desc schemas: shorten_url: type: object description: Rules for url shortening properties: id: type: string description: Type of preprocessor. Must be shortenUrl for URL shortening. example: shortenUrl order: type: integer default: 1 example: 1 params: type: object properties: shortenAll: description: If false only shortens url inside tags longer than 512 characters. type: boolean default: false tags: type: array description: items: type: string example: "region_group_id" example: | [ "alert_severity", "other" ] webhookv2-200response: type: array description: A list of webhook v2 configurations. items: $ref: '#/components/schemas/workflow' workflow: type: object properties: name: type: string description: The name of the integration example: demo parent_system_id: type: string description: The name of the type of integration example: webhook_v2 workflow_config: $ref: '#/components/schemas/WorkflowConfig' WorkflowConfig: type: object properties: events: type: array items: $ref: '#/components/schemas/webhookv2_event' config: type: object properties: base_url: type: string description: A base url to receive webhook messages. This route will be used for any triggers that do not have an additional path route defined. Individual triggers can use static values or dynamic variables to extend this URL. expects_callbacks: type: boolean description: Whether to enable locking on first share, preventing updates from being sent until a callback is received or 15 minutes has passed. See the [Callback Service](https://docs.bigpanda.io/en/bigpanda-callback-service) for details on callback functionality. example: true webhookv2_event: type: object description: Notification settings for each trigger. properties: enabled: description: Boolean determining if this event type should trigger shares. type: boolean example: true body: description: JSON Payload to send. May contain templated values. type: object example: >- { "incident_start": "{{incident.start}}", "assigner": "Assigned by {{assigner.username}}", "assignee": "Assigned to {{assignee.username}}", "primary_alert_host": "{{primaryAlert.tags.host}}", "priority": "{{incidentTags.itd_priority_1}}", "nested_values": { "double_nested_values": { "primary_alert_check": "'{{primaryAlert.tags.check}}'", "incident_updated": "{{incident.updated_at}}" } } } headers: type: string description: Headers to be used in the request. May contain templated values. example: | "x-client-id" : "{{ primaryAlert.tags.host }}" path: type: string description: If present, path that will be appended to the `workflow_config.config.base_url`. May contain templated values. example: /incident/{{incident.id}} authorization: type: string description: An optional string to create an Authorization Header using Basic or Bearer format. The value is encrypted in our database. example: Bearer {{incidentTags.itd_applications_1}} method: type: string description: Define a specific HTTP method used for shares created by this event type, allowing for integration with tools that have strict method usage, such as only permitting only PATCH for updates, or POST for creating new objects. example: PUT enum: - POST - PUT - PATCH dynamicvariables200response: description: A list of dynamic variable fields available for use in webhook v2 workflows. type: Object properties: incident: description: Dynamic fields available with the `incident.` variable category. type: array items: - $ref: '#/components/parameters/dynamic_variable' incidentTags: description: Dynamic fields available with the `incidentTags.` variable category. type: array items: - $ref: '#/components/parameters/dynamic_variable' primaryAlert.tags: description: Dynamic fields available with the `primaryAlert.tags.` variable category. The primary alert is the oldest, most severe event associated with an incident. type: array items: - $ref: '#/components/parameters/dynamic_variable' primaryAlert: description: Dynamic fields available with the `primaryAlert.` category. The primary alert is the oldest, most severe event associated with an incident. type: array items: - $ref: '#/components/parameters/dynamic_variable' metadata: description: Dynamic fields available with the share `metadata.` category. These fields provide information on the share action itself. type: array items: - $ref: '#/components/parameters/dynamic_variable' links: description: Dynamic fields available with the `links.` category. type: array items: - $ref: '#/components/parameters/dynamic_variable' assignee: description: Dynamic fields available with the `assignee.` category. type: array items: - $ref: '#/components/parameters/dynamic_variable' assigner: description: Dynamic fields available with the `assigner.` category. type: array items: - $ref: '#/components/parameters/dynamic_variable' additional_fields: description: Dynamic fields available with the `additional_fields` category. type: array items: - $ref: '#/components/parameters/dynamic_variable' dynamic_variable: description: Details on the available dynamic variable. type: object properties: title: description: The name of the tag or metadata field. example: custom_tag type: string value: description: The full variable to include in workflows. example: category.custom_tag type: string similarity: description: The schema of the similarity config type: object properties: incident_id: $ref: '#/components/parameters/incident_id' overallSimilarityScore: description: Similarity score for the related incident. example: 86.67 type: integer llmGeneratedOverallSimilaritySummary: description: The AI-generated summary of why an incident was marked as similar. type: string example: Both incidents involve similar entities, problems, and impacts, but differ slightly in their specific details and topology. serviceNowTicket: description: (Optional) The similar incident ID in ServiceNow. type: string example: INC0010002 status: $ref: '#/components/schemas/status_mapping' alertCount: description: The number of alerts corresponding to this incident. type: integer example: 3 priority: description: (Optional) The priority tag assigned to the incident. type: string example: P1 primary: description: The primary property tag for the incident. type: string example: ntc-prod-syn448 secondary: description: (Optional) The secondary property tag for the incident. type: string example: synthetic failure assignee: $ref: '#/components/schemas/user_identity' incident_activities: description: A list of actions taken on the incident. type: array items: $ref: '#/components/schemas/activity' description: description: Comment or note about the purpose of the resource. created_by: description: System id of the user or tool that created the resource. type: string example: 63bd56897755560012bf3555 start_time: type: integer description: Start time in epoch seconds. example: 1662894455 end_time: type: integer description: End time in epoch seconds. example: 1662894462 job_id: type: string example: c750243a-39dd-4666-bf0c-f8715e19eb96_1662894455_indexcsv description: System id of the asynchronous job. enrichment_order: type: array description: List of enrichment IDs in the order they should run. By default, items are ordered by creation time. example: [ "49ff0d51-8e73-43a7-9cdd-6ffff242666", "5036032b-eb0c-461e-ff17-74a05785777", "d987df48-83f6-40ff-a985-ad6f8927888", "6cff549b-7c14-43f9-950f-3f73706ff99" ] items: type: string alerttag_name: type: string example: application alert_tags_order: type: array description: List of tag names in the order they should be run. example: ["wiki", "tagwith2rules"] items: type: string destination_tags: type: array description: List of tags in the reverse order from when they were received by BigPanda. items: $ref: '#/components/schemas/destination_tag' active: type: boolean description: Whether the new configuration should apply to future data. default: true example: false when: type: string description: | A [​BPQL object query](https://api-docs.bigpanda.io/en#description/bpql-object-syntax)​​ to filter incoming alerts. Only matched alerts will receive a value based on the enrichment item. example: { "IN": [ "source_system", [ { "type": "regex", "value": "*" } ] ] } note: type: string description: An optional comment or short description. example: Marking for regional similarity comment: type: string description: An optional comment or short description. example: Marking for regional similarity comments: type: string description: An optional comment or short description. example: Marking for regional similarity created_at: type: integer description: The time the resource was created(in Unix epoch seconds). example: 1613252381 updated_by: type: string description: System id of the user or tool that last updated the resource. example: 63bd56897755560012bf3555 updated_at: type: integer description: The time the resource was last updated(in Unix epoch seconds). example: 1613252381 generic400response: type: object description: | Call is missing parameters or malformed. properties: status: type: integer example: 400 errors: type: array items: type: string example: >- Call is missing parameters or malformed. generic404response: type: object description: | Requested endpoint or resource is not found. properties: status: type: integer example: 404 errors: type: array items: type: string example: >- Requested endpoint or resource is not found. generic200response: type: object description: | Call was successful. properties: status: type: integer example: 200 data: type: object properties: {} example: status: 200 data: {} generic201response: type: object description: | Call was successful. properties: status: type: integer example: 201 data: type: object properties: {} example: status: 201 data: {} generic204response: type: object description: | Call was successful. properties: status: type: integer example: 204 data: type: object properties: {} example: status: 204 data: {} generic202response: type: object description: | Call was successful. properties: status: type: integer example: 202 data: type: object properties: {} example: status: 202 data: {} incident_tag_schema: type: object description: A list of all matching tag schemas properties: data: type: array items: type: object properties: name: type: string description: Incident tag definition's name. Unique. 1-20 chars (Required) example: Affected_Services description: type: string description: Incident tag definition's description. 0-200 chars (Optional) example: List of affected services type: type: string description: Incident tag definition's type. Can be one of [`Text`, `MultiValue`, `Priority`, `ClosedListValuesMulti`, `ClosedListValuesSingle`]. (Required) example: Multivalue active: $ref: '#/components/schemas/active' canManualInput: type: boolean description: Determines if end users can manually enter or edit the value for the incident tag. example: true incident_tag_schema_response: type: object description: A list of all matching tag schemas properties: id: type: string description: System-generated unique identifier for the incident tag definition. Determined by the tag name. example: affected services name: type: string description: Incident tag definition's name. Unique. 1-20 chars (Required) example: Affected_Services description: type: string description: Incident tag definition's description. 0-200 chars (Optional) example: List of affected services type: type: string example: Multivalue description: Incident tag definition's type. Can be one of [`Text`, `MultiValue`, `Priority`, `ClosedListValuesMulti`, `ClosedListValuesSingle`]. (Required) active: $ref: '#/components/schemas/active' created_by: $ref: '#/components/schemas/created_by' created_at: $ref: '#/components/schemas/created_at' updated_by: $ref: '#/components/schemas/updated_by' updated_at: $ref: '#/components/schemas/updated_at' config: type: object description: Configuration object for the Priority and List type tags. (Required for Priority and Closed Lists) properties: ordered_list: type: array description: Array of objects that define display and calculation settings for individual priority levels items: type: string incident_tag_values: type: array description: Array of strings that define the value options for a closed-list tag items: type: string enrichment_config: type: object description: Configuration object to add automatic enrichment to the incident tag. properties: items: type: array description: Array of objects that define automatic enrichment rules for the incident tag. items: type: object properties: value: type: string description: The formula, regex, or text that should be added to incidents that match the condition. example: 1000 condition: type: string description: BPQL filter to define which incidents should receive the value. example: "priority = \"p0\"" id: type: string description: System generated field to identify the rule within BigPanda. example: d9e7a648-48b2-4d28-a42d-398a7b0da237 append_matching_items: type: boolean description: Whether the automatic enrichment will include the value of all matched conditions. When set to false, only the first matched value is applied. Required for closed-list multi-type tags. default: false incident_id: type: string description: The system id of a BigPanda incident example: 681102f731824249f48df555 app_key: description: The app key for the associated integration. type: string example: callback_item: type: object properties: event_type: type: string description: The type of incident change that triggered the share. incident_id: $ref: '#/components/schemas/incident_id' app_key: $ref: '#/components/schemas/app_key' oim_v2_config: type: object properties: config: type: object description: The schema for the integration configuration. properties: additional_attributes: type: array description: Array of payload mapping rules for additional tags. items: $ref: '#/components/schemas/additional_attributes' array_source: type: string description: Defines which payload property contains the tag values if is_array=true. example: alerts is_array: type: boolean description: Whether the payloads sent to the integration should be treated as single alerts, or multiple. example: true map_remaining: type: boolean description: Whether to create tags from fields not included in the mapping rules. example: false map_remaining_flatten_array: type: boolean description: Whether to flatten arrays to map remaining. example: false primary_property: type: array description: Mapping rule for the primary property. items: $ref: '#/components/schemas/tag_properties' example: - name: host - name: application - name: service secondary_property: type: array description: Mapping rule for the secondary property. items: $ref: '#/components/schemas/tag_properties' example: - name: check - name: description status: $ref: '#/components/schemas/status_mapping' bp_timestamp: type: object description: Defines an optional tag to add a human-readable timestamp. properties: is_selected: type: boolean example: true timestamp: type: object description: Object that defines mapping rules for the timestamp property. properties: source: type: array description: The field(s) that contain the timestamp value. items: type: string example: - "@alert.annotations.timestamp" - "@alert.startsat" - "@alert.endsat" event_filter: type: string description: A BPQL statement that dictates which events should be dropped upon initial ingestion (using Source Tags). example: '@alert.search_name = "OSS -- MINT Core -- *"' incident_identifier: type: array description: Optional override for the incident identifier. items: type: string example: - application - cluster version: type: string description: The version of the OIM API. example: "2.0" is_default: type: boolean example: true sample_payload: $ref: '#/components/schemas/sample_payload' additional_attributes: type: object properties: isDestinationAccepted: type: boolean description: (Optional) Whether the destination tag was accepted. example: true isSourceAccepted: type: boolean description: (Optional) Whether the source tag was accepted. example: true isSuggestion: type: boolean description: (Optional) Whether the tag was suggested by BigPanda Tag Normalization. example: true name: type: string description: (Optional) Set a name for the tag in BigPanda. example: check source: type: array description: Array of payload fields to match. items: type: string examples: - "@alert.labels.alertname" - "@alert.labels.check" suggestedDestination: type: string description: Suggested Destination tag name. example: check suggestedSources: type: array description: Array of payload fields to match for suggested tags. items: type: string example: - "@alert.labels.alertname" - "@alert.labels.check" flatten: type: boolean description: (Optional) Whether or not to flatten a nested object for improved mapping. example: false tag_properties: type: object properties: name: type: string description: Optional tag name to use in BigPanda. example: host status_mapping: type: object description: properties: default_to: type: string description: The value to populate if no matches are found. `​Critical​​` is default setting. example: critical source: type: array description: Is the value in the body or subject? items: type: string example: - "@alert.status" - "@alert.labels.severity" status_map: type: object description: Defines values that map to assigned statuses. Values will be matched in order, stopping at the first match. One of [`critical`, `warning`, `ok`, `acknowledged`] additionalProperties: type: array items: type: string example: critical: - page - critical warning: - warn - warning acknowledged: - acknowledged ok: - resolved oim_v1_config: type: object description: Configuration object schema for OIM v1. properties: is_array: type: boolean description: Whether the payloads sent to the integration should be treated as single alerts, or multiple. example: true array_source: type: string description: Defines which payload property contains the tag values if `is_array=true`. example: alerts status: $ref: '#/components/schemas/status_mapping' primary_property: $ref: '#/components/schemas/tag_properties' secondary_property: $ref: '#/components/schemas/tag_properties' timestamp: type: object description: Mapping rules for the timestamp property. properties: source: type: array items: type: string description: Payload fields to extract the timestamp from. example: ["@alert.annotations.timestamp", "@alert.startsAt", "@alert.endsAt"] bp_timestamp: type: object description: Optional tag to add a human-readable timestamp. properties: is_selected: type: boolean example: true force_lowercase: type: boolean description: Automatically convert all destination tag names to lowercase. example: true event_filter: type: string description: A BPQL statement for filtering incoming events. example: '@alert.search_name = "OSS -- MINT Core -- *"' additional_attributes: type: array items: $ref: '#/components/schemas/additional_attributes' map_remaining: type: boolean description: Whether to create tags from fields not included in the mapping rules. example: false incident_identifier: type: array items: type: string description: Optional override for the incident identifier. example: ["application", "cluster"] email_parser_config: type: object description: Configuration object schema for the email parser integration. properties: config: type: object description: Parsing rules for the email copy. properties: email_format: type: string description: Format of the email content. Options are `plain_text` or `html`. example: plain_text allow_list: type: array items: type: string description: An array of allowed sender emails. Use a wildcard to allow for a range of email addresses. If no address is provided, the parser will accept emails from any source and may lead to false alarms or issues. example: ["*@example.com"] status: $ref: '#/components/schemas/status_mapping' primary_property: type: object description: Mapping rule for the primary property. properties: name: type: string description: Title of property. Default is `​alert_title`​ example: host source: type: string description: Is the value in the body or subject? Default is ​`subject`​​ example: body extraction: type: string description: Regex rule to extract value example: host is (.*) default_to: type: string description: Value if nothing is extracted example: general issue secondary_property: type: object description: Mapping rule for the secondary property. properties: name: type: string description: Title of property example: region source: type: string description: Is the value in the body or subject? example: body extraction: type: string description: Regex rule to extract value example: region (.*) default_to: type: string description: Value if nothing is extracted example: us-west-1 additional_attributes: type: array description: Array of payload field objects to set mapping rules for additional tags. Each object must be defined. items: type: object properties: name: type: string description: Title of property example: region source: type: string description: Is the value in the body or subject? example: body extraction: type: string description: Regex rule to extract value example: "region: (.*)" default_to: type: string description: Value if nothing is extracted example: us-west-2 sample_payload: $ref: '#/components/schemas/sample_payload' permission: type: object properties: resource_type: type: string example: environments resource_id: type: string example: 624e114fb4d7581100179111 actions: type: string example: read meta: type: object description: Tags containing metadata about the user account. properties: created: type: string description: The DateTime ( ISO 8601) the resource was added to the Service Provider example: '2020-10-11T09:41:29.372Z' location: type: string description: The URI of the resource being returned example: https://api.bigpanda.io/resources/v2.0/scim/Users/5f82d3495558352a180e51cb phone_number: type: object properties: value: type: string description: the string with the phone number example: +555-634-5375 type: type: string description: what type of number. Options are [`work`, `home`, `other`] example: other auth_scheme: type: object properties: type: type: string description: What type of authentication token the authentication uses example: oauthbearertoken name: type: string description: The name of the authentication schema as set by IETF standard example: OAuth Bearer Token description: type: string description: The description of the authentication schema as set by IETF standard example: Authentication Scheme using the OAuth Bearer Token Standard specUrl: type: string description: The URL link to specifications for the authentication example: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-01 primary: type: boolean description: Determines whether this is the default authentication type for SCIM calls example: true link: type: object properties: source: type: string example: host target: type: string example: check role: type: object properties: name: type: string description: The name of the role as seen in the UI. example: Admin id: type: string description: Unique system identifier for the role. example: role-id-123 users: type: array description: An array of user IDs associated with the role. items: type: string example: - 60c5238222fa63633d935555 - 5555238222fa63633d93560c created_by: type: string description: The unique ID associated with the user who created the role. example: user-id-123 created_at: type: integer description: Unix epoch time when the role was created (in seconds). example: 1620000000 updated_at: type: integer description: Unix epoch time when the role was last updated (in seconds). example: 1620500000 permissions: type: array description: | A list of permissions associated with the role. Each permission grants access to a specific resource_type, which is an area in BigPanda. See ​[Roles and Resource Permissions](https://docs.bigpanda.io/en/roles-management)​​ for more information. items: $ref: '#/components/schemas/permission' service_provider_config: type: object properties: schemas: type: array description: Array of the ids of the schemas available through the Service Provider Configuration items: type: string example: - urn:scim:schemas:core:1.0 id: type: string description: Unique identifier of the schema example: urn:scim:schemas:core:1.0 patch: type: object description: Determines whether users are able to send patch calls properties: supported: type: boolean example: true bulk: type: object description: Bulk and return operations settings properties: supported: type: boolean description: Determines whether bulk returns are available during SCIM API calls example: false maxOperations: type: integer description: The maximum number of users that can be returned per bulk API calls example: 10000 maxPayloadSize: type: integer description: The character limit for bulk API call returns example: 10000000 filter: type: object description: Bulk and return operations settings properties: supported: type: boolean description: Determines whether users are able to use a filter on GET calls example: true maxResults: type: integer description: The maximum number of users that can be returned per API call example: 1000 changePassword: type: object description: Password change settings properties: supported: type: boolean description: Determines whether a patch call can be sent to update a user’s password field. example: false sort: type: object description: Sort settings properties: supported: type: boolean description: Determines whether users are able to change the order results are listed in example: true etag: type: object description: Etag support settings properties: supported: type: boolean description: Determines whether users are able to use the etag feature. example: false authenticationSchemes: type: array description: Array of the authentication schemas that will be accepted by SCIM API calls. items: $ref: '#/components/schemas/auth_scheme' xmlDataFormat: type: object description: xml format support options properties: supported: type: boolean description: Determines whether SCIM user data can be sent in an xml file example: false usercreate: type: object properties: userName: type: string description: Unique identifier for the User, typically used by the user to directly authenticate to BigPanda example: email@acme.com displayName: type: string description: The name of the user as displayed in the BigPanda UI example: Stella R active: type: boolean description: Indicates if the user's administrative status is active and can authenticate to BigPanda. example: true roles: type: array description: A list of BigPanda roles assigned to the user items: type: string example: - admin - user phoneNumbers: type: array description: The user’s phone number. BigPanda supports only 1 phone number per user. items: $ref: '#/components/schemas/phone_number' password: type: string description: The user's initial clear text password. This attribute is used to specify an initial password when creating a new User. This value will never be returned by a Service Provider in any form example: initial-password userupdate: type: object properties: displayName: type: string description: The name of the user as displayed in the BigPanda UI example: Stella R active: type: boolean description: Indicates if the user's administrative status is active and can authenticate to BigPanda. example: true roles: type: array description: A list of BigPanda roles assigned to the user items: type: string example: - admin - user phoneNumbers: type: array description: The user’s phone number. BigPanda supports only 1 phone number per user items: $ref: '#/components/schemas/phone_number' userreturn: type: object properties: id: type: string description: Unique identifier for the SCIM Resource as defined by the Service Provider example: 5f82d3495558352a180e51cb userName: type: string description: Unique identifier for the User, typically used by the user to directly authenticate to BigPanda example: email@acme.com displayName: type: string description: The name of the user as displayed in the BigPanda UI example: Stella R active: type: boolean description: Indicates if the user's administrative status is active and can authenticate to BigPanda. example: true meta: $ref: '#/components/schemas/meta' schemas: type: array items: type: string example: - urn:scim:schemas:core:1.0 roles: type: array items: type: string example: - admin - user phoneNumbers: type: array items: $ref: '#/components/schemas/phone_number' sample_payload: type: object description: An example event payload from the tool that includes all tags that need to be normalized or referred to in the schema. example: | { "sample_payload": { "alerts": [ { "generatorURL": "https://some-url.io", "fingerprint": "123456789", "annotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "startsAt": "2022-07-05T19:59:25.661Z", "endsAt": "0001-01-01T00:00:00Z", "status": "firing", "labels": { "severity": "page", "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" } } ], "commonLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "externalURL": "https://external-url.io", "groupLabels": { "instance": "bigpanda-server", "alertname": "BigPanda Test", "team": "metrics", "env": "test", "job": "CPU Check", "locale": "ca", "timestamp": "1.657051103137505e+09" }, "receiver": "bigpanda", "version": "4", "commonAnnotations": { "description": "This alert is used to check the CPU utilization of this non-existent server", "runbook_url": "https://runbook.io/cpu-check" }, "status": "firing" } users_attributes: type: object properties: name: type: string example: id type: type: string example: string multiValued: type: boolean example: false default: true description: type: string example: >- Unique identifier for the SCIM Resource as defined by the Service Provider schema: type: string example: urn:scim:schemas:core:1.0 readOnly: type: boolean example: true default: true required: type: boolean example: true default: true caseExact: type: boolean example: false default: true users_meta: type: object decsription: Tags containing metadata about the user account. properties: location: type: string description: The URI of the resource being returned example: | https://api.bigpanda.io/resources/v2.0/scim/Schemas/urn:scim:schemas:core:1.0:User users_config: type: object properties: name: type: string example: User description: type: string example: SCIM core resource for representing users schema: type: string example: urn:scim:schemas:core:1.0 endpoint: type: string example: Users attributes: type: array items: $ref: '#/components/schemas/users_attributes' id: type: string example: urn:scim:schemas:core:1.0:User meta: $ref: '#/components/schemas/users_meta' troubleshooting_log: type: object properties: log_id: type: string example: log_idABC log_type: type: string example: invalid_payload message: type: string example: 'alert 1: status must exist and be valid' level: type: string example: error timestamp: type: string example: '1610622725329' component_name: type: string example: inbound resource_id: type: string example: api.default payload: type: object example: host: production-database-1 check: CPU overloaded status: critical custom_tag: type: object properties: name: type: string example: App value: type: string example: esp maintenance_plan: type: object properties: id: type: string example: 64f0d836310000a6bc72fa7a status: type: string example: in progress maintenance_key: type: string example: MNT-a9b9030cbda7 name: type: string example: host3 maintenance condition: type: object example: '=': - host - prod-api-1 start: type: string example: '1718029999' end: type: string example: '1818029999' time_zone: type: string example: UTC description: type: string example: this is a description selected_source_system: type: string nullable: true example: '' custom_tags: type: array items: $ref: '#/components/schemas/custom_tag' created_by: type: string example: 63bd568977a8d60012bf3dbe created_at: type: integer example: 1693505590 updated_by: type: string example: 63bd568977a8d60012bf3dbe updated_at: type: integer example: 1718029640 frequency: type: string example: Daily frequency_data: $ref: '#/components/schemas/frequency_data' post_maintenance_action: type: string example: None jit_role: type: object properties: id: type: string description: The system-generated unique ID of the BigPanda role. example: 60c5238222fa63633d93d33f name: type: string description: The name of the BigPanda role. example: Jim Smith jit_domain: type: object properties: id: type: string description: The system-generated unique ID of the JIT domain. example: 60c5238222fa63633d9333f organization: type: string description: The system-generated unique ID of the BigPanda organization. example: 60c5238222fa63633d93d33f domain: type: string description: The name of the SSO domain. example: bigpanda.com role: $ref: '#/components/schemas/role' created_at: type: integer description: Unix epoch time when the domain was created (in seconds). example: 1597290898886 created_by: type: string description: The system-generated unique ID of the user who created the domain. example: 60c5238222fa63633d93d33f jit_role_mapping: type: object properties: organization: type: string description: The system-generated unique ID of the BigPanda organization associated with the role. example: 60c5238222fa63633d93d52f role: $ref: '#/components/schemas/role' key: type: string description: The name of the SAML attribute. example: Jim Smith value: type: string description: The name of the attribute mapped from your SAML properties. example: Jim Smith created_at: type: integer description: Unix epoch time when the role was created (in seconds). example: 1597290898886 created_by: type: string description: The unique ID associated with the user who created the role. example: 60c5238222fa63633d93d52f id: type: string description: The system-generated unique ID of the SAML attribute mapping. example: ed26694d8fd3ecb383b22141 incident_v1: type: object properties: id: type: string example: 1234a53b6789c12d3efg45h status: type: string example: critical active: type: boolean example: true flapping: type: boolean example: false resolved: type: boolean example: false snooze: type: object properties: snoozed: type: boolean example: false wake: type: integer example: '' autoCancel: type: boolean example: false example: snoozed: false wake: null autoCancel: false startedOn: type: integer example: 1466416853 changedOn: type: integer example: 1466417169 updatedOn: type: integer example: 1466417169 endedOn: type: integer example: '' alerts: type: array items: type: object properties: alertId: type: string example: - alertId: 57da76d24cdb1f3a54ce25a0 - alertId: 68eb89e35dca2g4b65df36b1 - alertId: 79fc79f46egh3h5c78rg78d2 alert_v1: type: object properties: id: type: string example: 57da76d24cdb1f3a54ce25a0 status: type: string example: critical active: type: boolean example: true startedOn: type: integer example: 146641685 changedOn: type: integer example: 1466417169 updatedOn: type: integer example: 1466417169 endedOn: type: integer example: '' primary_property: type: string example: host secondary_property: type: string example: check source_system: type: string example: nagios.nagios_east description: type: string example: CRITICAL - Host Unreachable tags: type: array items: type: object properties: name: type: string example: host value: type: string example: production-database-1 example: - name: host value: production-database-1 - name: check value: CPU load tag: type: object properties: name: type: string example: case value: type: string example: sensitive1 alert_reference: type: object properties: alert_id: type: string description: System-generated unique identifier for the alert. When the request comes with expand=alerts, it sends an array of alert object data. example: 60a4ee83bb7d9d046b8d7a93 user_identity: type: object properties: name: type: string example: evette+test2@bigpanda.io user_id: type: string example: 5ea5be5bd97cad2836891e88 email: type: string example: evette+test2@bigpanda.io pattern: type: object properties: correlation_id: type: string description: System-generated unique identifier for a correlation pattern example: a02fde2f-0ec3-4cc2-9cbd-74895cb13050 time_window: type: integer description: Time frame to determine correlation in minutes example: 7200 source_system: type: string example: api.backend_monitoring tags: type: array items: $ref: '#/components/schemas/tag' snooze: type: object properties: snoozed: type: boolean example: false end_time: type: integer example: '' cancel_on_incident_updates: type: boolean example: false incident_tag_ref: type: object properties: incident_id: type: string example: 5e60feb92fb6844e00125d827a tag_id: type: string example: itd-9ff554bc0c tag_value: type: string description: | The content of the incident tag. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' example: P1 incident: type: object properties: id: type: string description: System-generated unique identifier for the incident. example: 60a4ee83bb7d9d046b8d7a93 status: type: string description: Current incident status, which is determined by the most severe status of the correlated alerts. Possible statuses [critical, warning, unknown, ok]. example: Ok active: type: boolean description: Whether the incident contains at least one active alert and has not been manually resolved. An incident is automatically resolved when all the alerts are resolved. example: false severity: type: string description: The highest status the incident reached. example: Critical flapping: type: boolean description: Whether at least one correlated alert has changed states frequently enough to be treated as flapping. example: false shared: type: boolean description: Whether the incident has been shared. example: false maintenance: type: string description: Whether an incident is in maintenance. One of [`null` - not in maintenance, `partial` - one of the alerts is in maintenance, `active` - all alerts in maintenance]. example: partial start: type: integer description: Unix epoch time when the earliest correlated alert was received (in seconds). example: 1621421699 changed_at: type: integer description: Unix epoch time when the last incident change triggered applicable sharing updates (in seconds). example: 1629410549 updated_at: type: integer description: Unix epoch time when the last change to the incident occurred (in seconds). example: 1629410549 end: type: integer description: Unix epoch time when the incident was resolved, either manually or automatically when all alerts were resolved (in seconds). example: 1629410549 alerts: type: array description: Array of the alerts that the incident contains. items: $ref: '#/components/schemas/alert_reference' environments: type: array description: Environment IDs for all environments the incident appears in. items: type: string folders: type: array description: Folder name of all folders the incident appears in. items: type: string incident_tags: type: array description: Incident tags associated with the incident. items: $ref: '#/components/schemas/incident_tag' correlation_matchers_log: type: array description: Log of the correlation patterns matched to the incident over time. As more alerts are added to the incident, the matched correlation patterns may change. When this happens, another array is added that contains the matching correlation patterns at that time. items: type: array items: $ref: '#/components/schemas/pattern' snooze: $ref: '#/components/schemas/snooze' assignee: $ref: '#/components/schemas/user_identity' assigner: $ref: '#/components/schemas/user_identity' webhook_incident: type: object properties: id: type: string example: 60a4ee83bb7d9d046b8d7a93 status: type: string example: Ok active: type: boolean example: false severity: type: string example: Critical flapping: type: boolean example: false shared: type: boolean example: false maintenance: type: string example: '' start: type: integer example: 1621421699 changed_at: type: integer example: 1629410549 updated_at: type: integer example: 1629410549 end: type: integer example: 1629410549 alerts: type: array items: $ref: '#/components/schemas/alert_reference' environments: type: array items: type: string folders: type: array items: type: string incident_tags: type: array items: $ref: '#/components/schemas/incident_tag' correlation_matchers_log: type: array items: type: array items: $ref: '#/components/schemas/pattern' snooze: $ref: '#/components/schemas/snooze' assignee: $ref: '#/components/schemas/user_identity' assigner: $ref: '#/components/schemas/user_identity' similarities: type: array description: A list of similarities items: $ref: '#/components/schemas/similarity' activity: type: object properties: id: type: string description: System-generated unique identifier for the activity example: 161b4dc6c33740283e5416b0e6d6c70b type: type: string description: The type of activity example: incident_shared timestamp: type: integer description: Unix epoch time when the activity occurred in the system (in seconds) example: 1643700751 created_by: type: string description: User ID of the user who manually took action example: 61950bc8c481fd1100abc3a3 params: type: object description: Additional fields depending on activity type additionalProperties: true properties: anyOf: - $ref: '#/components/schemas/incident_assigned' - incident_become_flapping - incident_commented - incident_resolved_ui_manually - incident_resolved_api - incident_alerts_resolved - incident_tag_removed - incident_tag_updated - incident_merged_destination - incident_merged_source - incident_created - incident_rcc_update - incident_shared - incident_snoozed - incident_splitted_source - incident_unassigned - incident_unsnoozed - incident_reopened - incident_resolved_by_alerts example: share_target: webhook.whtest share_auto: false escalation_id: 61f8e20e89325b001201b9a3 firstTime: true incident_assigned: type: object description: A specific user was assigned responsibility to see the incident through resolution properties: id: type: string description: The unique ID of the user the incident was assigned to. example: 57da76d2 username: type: string example: Name Name description: The username of the user the incident was assigned to. incident_become_flapping: type: boolean description: The incident entered or exited the flapping state in which at least one correlated alert is changing states too frequently. example: true incident_commented: type: object description: A comment was added to the incident. properties: comment: type: string description: The comment string added to the action. example: Please let fgual take this incident_resolved_ui_manually: type: object description: The incident was resolved by a user through the BigPanda UI. properties: annotation: type: string description: The comment string added to the action. example: This is not an issue incident_resolved_api: type: object description: The incident was resolved by an API call or with ​​Time-Based Alert Resolution​​. properties: annotation: type: string description: The comment string added to the action. example: This is not an issue incident_alerts_resolved: type: object description: One or more of the alerts within the incident were manually resolved. properties: annotation: type: string description: The comment string added to the action. example: This is not an issue resolution_type: type: string description: The method through which the alerts were resolved. One of [`manual-ui`, `manual-api`] example: manual-ui ids_to_resolve: type: string description: The unique id of the alerts that were resolved. example: q239t8yq029utq incident_tag_removed: type: object description: An incident tag was removed from the incident. properties: tag_id: type: string description: System-generated unique identifier for the incident tag. example: q239t8yq029utq incident_tag_updated: type: object description: One or more of the alerts within the incident were manually resolved. properties: tag_id: type: string description: System-generated unique identifier for the incident tag. example: q239t8yq029utq tag_value: type: string description: | The content of the incident tag. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' example: sys45 incident_merged_destination: type: object description: The incident was the destination of a merge action. properties: source_incident_ids: type: string description: A list of incidents that were merged into this destination incident. example: q239t8yq029utq incident_merged_source: type: object description: The incident was merged into a different incident. properties: targetIncidentId: type: string description: The destination incident this incident was merged into. example: q239t8yq029utq source_incident_ids: type: array description: A list of incidents to merge into the destination incident defined in the URL path. example: q239t8yq029utq incident_created: type: string description: The incident was created in the system. example: 97510157193 incident_rcc_update: type: object description: The relationship between the incident and a potential root cause change match was updated. properties: change_object: $ref: '#/components/schemas/change_object' rcc_metadata_object: $ref: '#/components/schemas/rcc_metadata_object' incident_shared: type: object description: The incident was shared to an external channel. properties: share_target: type: string description: The channel or address the incident was sent to. example: q239t8yq029utq share_auto: type: boolean description: Whether the share was triggered by an AutoShare rule. example: true escalation_id: type: string description: An internal system id for the rule-match that triggers the share. example: q239t8yq029utq annotation: type: string description: An optional comment added to the share action. example: Escalating to prods7 team firstTime: type: boolean description: Wwhether this was the first time this incident was shared to the destination. example: true incident_snoozed: type: object description: The incident was snoozed. properties: annotation: type: string description: The comment string added to the action. example: This is not an issue incident_splitted_destination: type: object description: The incident was created from a subset of alerts as part of a split action. properties: alert_ids: type: array description: A list of the ID of each alert that was moved into this new incident. example: "{q239t8yq029utq, 5q239t8yq029utq5}" source_incident_id: type: string description: The ID of the incident the alerts originally belonged to. example: q239t8yq029utq incident_splitted_source: type: object description: One or more alerts within the incident were split into a new incident. properties: alert_ids: type: array description: A list of the ID of each alert that was moved into this new incident. example: "{q239t8yq029utq, 5q239t8yq029utq5}" new_incident_id: type: string description: The ID of the new incident created with the selected alerts. example: q239t8yq029utq incident_unassigneded: type: object description: The user assigned responsibility to see the incident through resolution was removed. properties: unassigned_on_reopen: type: boolean description: Whether the incident was unassigned through the incident reopen process. example: false incident_unsnoozed: type: string description: The incident had the snooze status removed. incident_reopened: type: string description: The incident reopened within BigPanda. incident_resolved_by_alerts: type: string description: The incident was resolved automatically by BigPanda when all associated alerts received an 'ok' status. alert: type: object properties: id: type: string example: 57da76d24cdb1f3a54ce25a0 status: type: string example: critical active: type: boolean example: true start: type: integer example: 1466416853 end: type: integer example: '' changed_at: type: integer example: 1466417169 updated_at: type: integer example: 1466417169 last_event_at: type: integer example: 1466417169 primary_property: type: string example: host secondary_property: type: string example: check source_system: type: string example: api.backend_monitoring incident_key: type: string example: prod-mwv2-demo-1__Host is down maintenance_plans: type: array items: type: string example: - 60450a8012d7dd0464f1b87dl description: type: string example: CRITICAL - Host Unreachable tags: type: array items: type: object properties: name: type: string example: host value: type: string example: production-database-1 example: - name: host value: production-database-1 - name: check value: CPU load webhook_tag: type: object properties: name: type: string example: host value: type: string example: Evyatar-11 webhook_alert: type: object properties: id: type: string example: 5555370aabc20a001145c5e9 status: type: string example: Critical startedOn: type: integer example: 1649576282 endedOn: type: integer example: '' changedOn: type: integer example: 1649576282 updatedOn: type: integer example: 1649576282 active: type: boolean example: true primaryProperty: type: string example: host secondaryProperty: type: string example: check sourceSystem: type: string example: nagios.est description: type: string example: CPU is 98% tags: type: array items: $ref: '#/components/schemas/tag' webhook_incident_tag: type: object properties: id: type: string example: itd_priority_1 value: type: integer example: 1000 webhook_snooze: type: object properties: snoozed: type: boolean example: false wake: type: integer example: '' autoCancel: type: boolean example: false sender: type: object properties: name: type: string example: Engineer email: type: string example: email@org.com change: type: object properties: identifier: type: string example: Mando-001 ticket_url: type: string example: https://your.url summary: type: string example: change.summary start: type: integer example: 1540884139 end: type: integer example: 1580369039 status: type: string example: Done tags: type: object example: team: Network assignee: Din Djarin ci: i-sdf32fs2319iwa metadata: type: string example: changefull: type: object properties: id: type: string example: 6501f5ac064d3de47a2dd3de identifier: type: string example: Mando-001 source_system: type: string example: changes.changesintegration ticket_url: type: string example: https://your.url summary: type: string example: change.summary start: type: integer example: 1540884139 end: type: integer example: 1580369039 status: type: string example: Done tags: type: object example: team: Network assignee: Din Djarin ci: i-sdf32fs2319iwa related_change: type: object properties: change_id: $ref: '#/components/parameters/change_id' incident_id: $ref: '#/components/parameters/incident_id' comment: $ref: '#/components/schemas/comment' match_certainty: type: string example: SUSPECT related_change_full: type: object properties: suggested_by_bigpanda: type: boolean example: true history: type: array items: type: object properties: updated_at: $ref: '#/components/schemas/updated_at' comment: $ref: '#/components/schemas/comment' match_certainty: type: string example: SUSPECT match_type: type: string example: ALGO_RCC score: type: number example: 3.194 suggested_by_bigpanda: type: boolean example: true change: $ref: '#/components/schemas/change' incident_id: $ref: '#/components/parameters/incident_id' comment: $ref: '#/components/schemas/comment' match_certainty: type: string example: SUSPECT match_type: type: string example: ALGO_RCC score: type: number example: 3.194 created_at: type: integer example: 1694627262 updated_at: type: integer example: 1694645444 id: type: string example: 6501f5bed7972c001d228d00 match_weight_value: type: integer example: 10 webhook_event_type: type: object properties: event: type: string example: incident#new time: type: integer example: 1697123962 webhook_notification: type: object properties: incident: type: object properties: id: type: string example: 5555370aabc20a001145d6g9 status: type: string example: Critical active: type: boolean example: true severity: type: string example: Critical flapping: type: boolean example: false resolved: type: boolean example: false snooze: $ref: '#/components/schemas/snooze' startedOn: type: integer example: 1649576282 changedOn: type: integer example: 1649576282 updatedOn: type: integer example: 1652897578 endedOn: type: integer example: '' alerts: type: array items: $ref: '#/components/schemas/alert' links: type: object properties: landingPage: type: string example: http://bigp.io/9ad55554d5c116e4 incidentTags: type: array items: $ref: '#/components/schemas/incident_tag' relatedChanges: type: array items: $ref: '#/components/schemas/related_change' metadata: type: object properties: sender: $ref: '#/components/schemas/sender' environment: type: string example: All environment_id: type: string example: 55550bc8c481fd1100abc398 event_types: type: array items: $ref: '#/components/schemas/webhook_event_type' api_key: type: object description: Schema for a BigPanda API key object. properties: created_by: $ref: '#/components/schemas/created_by' name: type: string description: Name of the API key. example: Test Key description: type: string description: Description of the API key. example: Testing API keys active: $ref: '#/components/parameters/active' organization: type: string description: The system-generated ID of the BigPanda organization where the API key was generated. example: 63bd568709cb331300ffaabc key_suffix: type: string description: The last four characters of the API key. example: 2387 key_hash: type: string description: Hashed version of the API key. example: 6e48c296a7199d3035c259fd9114471aa6cacd11a7d53010cbc250df33be1a97e680a890657f603ae20ef3dc13808h41 created_at: $ref: '#/components/schemas/created_at' last_used: type: integer description: Unix epoch time when the API key was last used (in seconds). example: 1703001639 roles: type: array description: The BigPanda role(s) associated with the API key. items: type: string example: - admin - user - Testing user_id: type: string description: The unique ID of the BigPanda user assigned to the API key. example: 63bd568977a8d60012bf3abc service_account_id: type: string description: The unique ID of the BigPanda service account assigned to the API key. example: 63bd568977a8d60012bf3xyz id: type: string description: The unique ID of the BigPanda API key. example: 63f5262a263ad112002d1ab8 enrichment_config_composition: type: object description: Configuration for a composition enrichment item. properties: source: type: string description: Optional filter for event source. destination: type: string description: Destination tag to populate. value: type: string description: Template value to apply to destination tag. required: - destination - value enrichment_config_extraction: type: object description: Configuration for an extraction enrichment item. properties: source: type: string description: Field from which to extract the value. destination: type: string description: Destination tag for extracted value. regex: type: string description: Regex pattern for value extraction. template: type: string description: (System field) Extracted value template. required: - source - destination - regex enrichment_itemresponse: type: object description: Schema for an enrichment item, including composition and extraction types. properties: id: type: string description: Unique identifier for the enrichment item. type: type: string description: Type of enrichment (composition or extraction). active: type: boolean description: Whether enrichment is active. when: $ref: '#/components/schemas/when' version: type: integer description: Internal system version of the schema. This number is incremented automatically each time the item is updated. config: oneOf: - $ref: '#/components/schemas/enrichment_config_composition' - $ref: '#/components/schemas/enrichment_config_extraction' created_by: type: string description: ID of user who created the enrichment. updated_by: type: string description: ID of user who last updated the enrichment. note: type: string nullable: true description: Optional notes about the enrichment. enrichment_config_mapping: type: object description: Schema for a mapping enrichment rule. properties: name: type: string description: | fields: type: array items: $ref: '#/components/schemas/enrichment_field' enrichment_item: type: object description: Schema for an enrichment item. properties: type: type: string description: | Type of enrichment item. One of: `composition`, `extraction`, `mapping` active: type: boolean description: Whether enrichment is active. when: $ref: '#/components/schemas/when' config: oneOf: - $ref: '#/components/schemas/enrichment_config_composition' - $ref: '#/components/schemas/enrichment_config_extraction' - $ref: '#/components/schemas/enrichment_config_mapping' note: type: string nullable: true description: Optional notes about the enrichment. alert_tag_response: type: object description: Schema representing a BigPanda alert tag with optional enrichments. properties: name: type: string description: Name of the alert tag. created_by: $ref: '#/components/schemas/created_by' created_at: $ref: '#/components/schemas/created_at' updated_by: $ref: '#/components/schemas/updated_by' updated_at: $ref: '#/components/schemas/updated_at' description: $ref: '#/components/schemas/description' active: $ref: '#/components/schemas/active' enrichments: type: array items: $ref: '#/components/schemas/enrichment_item' description: Array of enrichment items tied to the tag. alert_tag_object: type: object description: Schema representing a BigPanda alert tag with optional enrichments. properties: name: type: string description: Tag name in BigPands. description: $ref: '#/components/schemas/description' active: $ref: '#/components/schemas/active' enrichments: type: array items: $ref: '#/components/schemas/enrichment_item' description: IDs of automatic enrichment items configured for this tag. Items are listed in their run order. required: - name - active destination_tag: type: object description: Schema representing a BigPanda alert tag as ingested through alert processing. properties: name: type: string description: Name of the alert tag. _id: type: string description: System id for the tag in BigPanda parent_source_system: type: string description: The integration tool sending the associated event. source_system: type: string description: The name of the specific integration that processed the event. last update: type: integer description: The time the event was last updated, in unix epoch seconds. total_hits: type: string description: The total number of times the alert has been processed in BigPanda. enrichment_order_response: type: object description: Schema for specifying the order of enrichment items. properties: created_by: type: string description: The user who created the enrichment item order. example: "58d77efa5eafe459163f4111" enrichment_order: $ref: '#/components/schemas/enrichment_order' alert_tag_return: type: object description: Schema for specifying the order of alert tags. properties: created_by: type: string description: The user who created the tag order. example: "58d77efa5eafe459163f4111" alert_tags_order: $ref: '#/components/schemas/alert_tags_order' pattern_order: type: object description: Schema for specifying the order of correlation patterns. properties: created_by: type: string description: The user who created the pattern order. example: "58d77efa5eafe459163f4111" correlation_pattern_order: type: array description: Patterns listed in the order they should be applied to incoming alerts. items: type: string example: ["58d77efa5555e459163f4111", "58d77efa5eafe455553f4111", "55557efa5eafe459163f4111"] mapping_config_response: type: object description: Rules for mapping tag values to event data. properties: name: type: string description: A system name for the mapping table. This name will appear in the UI. example: mapping_rule fields: type: array description: Settings for each field included in the mapping table. items: $ref: '#/components/schemas/enrichment_field' id_generation_function: type: string description: (System field) Method for ID creation in system. example: uuid case_insensitive: type: boolean description: Whether the field names for this configuration take character case into consideration. example: false note: $ref: '#/components/schemas/note' mapping_config: type: object description: Rules for mapping tag values to event data. properties: name: type: string description: A system name for the mapping table. This name will appear in the UI. example: mapping_rule fields: type: array description: Settings for each field included in the mapping table. items: $ref: '#/components/schemas/c' map_object_return: type: object description: Enrichment map in json key value pairs. properties: total_results: type: integer description: The total number of map fields returned. example: 100 items: type: array description: Each row of the enrichment map in a set of key value pairs where the key is the column name, and the value is the row value. items: type: object example: | { "assoc_incoming": "emea", "assoc_db": "null", "runbook_link": "https://wikispace.runbook.com/x/c4atewqB", "app_status": "Active", "workgroup": "emea", "app_priority": "P2", "app": "Active Directory - East group", "assoc_outgoing": "emea" }, { "assoc_incoming": "sudost", "assoc_db": "0q253qjF-aja", "runbook_link": "https://wikispace.runbook.com/x/gJqtwgQ", "app_status": "Testing", "workgroup": "sudost", "app_priority": "P1", "app": "Sudost - AWS", "assoc_outgoing": "sudost" } map_row_change: type: object description: The details of the map change. properties: op: type: string description: | The type of action to perform. One of: `update`, `delete`, `create`. example: update value: type: object description: The details of the map row in key-value pairs. example: | { "assoc_incoming": "Eastern", "assoc_db": "null", "runbook_link": "https://wikispace.runbook.com/x/RYaaet4w", "app_status": "Active", "workgroup": "Eastern", "app_priority": "P1", "app": "East - AWS", "assoc_outgoing": "Eastern" } enrichment_field: type: object description: Definition for an individual enrichment field. properties: title: type: string description: Column name on the mapping table. example: application type: type: string description: Whether the column is a `query_tag` or `result_tag`. example: query_tag tag_name: type: string description: (Optional) The name of the tag in BigPanda. example: very_cool override_existing: type: boolean description: (Optional) If a value has been populated for this tag by another map or enrichment rule, whether this value should replace that value example: false optional: type: boolean description: (Optional) Whether the tag can be skipped if no matching value for incoming alerts. Default is false. example: true original_name: type: string description: The name of the column in the original map. example: job_status: type: object description: Status of a background job. properties: status: type: string description: Status of the job. example: done job_id: $ref: '#/components/schemas/job_id' trigger_uri: type: string description: The url to query for job status updates. example: /alert-enrichments-jobs/bc236964-d6e1-4175-86bd-44aaa628e100_1747258250435_update mapping_enrichment_response: type: object description: Definition for a mapping enrichment schema. properties: id: type: string description: System-generated unique identifier. example: b8b8c23a-39dd-4666-bf0c-f8715e19eb96 type: type: string description: Enrichment function type. Must be "mapping". example: mapping active: type: boolean description: Whether the mapping enrichment is active. example: true when: $ref: '#/components/schemas/when' version: type: integer description: Internal system version of the schema. This number is incremented automatically each time the item is updated. example: 1 config: $ref: '#/components/schemas/mapping_config' created_by: type: string description: User ID who created the mapping. example: 565ee8e0dab117512da3c411 updated_by: type: string description: User ID who updated the mapping. example: 58d77efa5eafe459163f4211 note: type: string description: Notes about the mapping rule. example: "Latest as of Oct 3" mapping_enrichment: type: object description: Definition for a mapping enrichment schema. properties: type: type: string description: Enrichment function type. Must be "mapping". example: mapping active: type: boolean description: Whether the mapping enrichment is active. example: true config: $ref: '#/components/schemas/mapping_config' alert_filter_plan: type: object description: Schema for an Alert Filter Plan object. properties: id: type: string description: Unique identifier for the alert filter. example: abc123 name: type: string description: Name of the alert filter. example: Folsom Patch description: type: string description: Summary of the alert filter. example: Patching Folsom server farm bpql: type: object description: BPQL object for filtering alerts. example: '=': - host - prod-api-1 exclude_status: type: array items: type: string description: List of status values to exclude. example: - ok active: type: boolean description: Whether the filter is active. example: true created_on: type: integer format: int64 description: Creation time in ISO 8601. example: 1683100000 created_by: type: string description: User ID who created the filter. example: user_001 updated_on: type: integer format: int64 description: Last update time in ISO 8601. example: 1683200000 updated_by: type: string description: User ID who last updated the filter. example: user_002 schedule: type: string description: ID of the related schedule. example: schedule_001 custom_tags: type: array description: Metadata about the plan. items: type: object properties: name: type: string example: server_farm value: type: string example: folsom alert_filter_schedule_response: type: object description: Schema for an Alert Filter Schedule object. properties: id: type: string description: Unique ID for the schedule. example: schedule_001 name: type: string description: Name of the schedule. example: Weekend Maintenance description: type: string description: Summary of the schedule. example: Weekend maintenance window starts_on: type: integer format: int64 description: Schedule start time in epoch seconds. example: 1491265491 ends_on: type: integer format: int64 description: Schedule end time in epoch seconds. example: 1491294307 time_zone: type: string description: Time zone of the schedule. example: UTC duration: type: integer format: int64 description: Duration in seconds. example: 28800 created_on: type: integer format: int64 description: Time when schedule was created. example: 1491200000 created_by: type: string description: User ID who created the schedule. example: user_001 updated_on: type: integer format: int64 description: Last update time of the schedule. example: 1491300000 updated_by: type: string description: User ID who updated the schedule. example: user_002 active: type: boolean description: Whether the schedule is active. example: true oim_alert_preprocessors: type: object properties: config: type: object description: The schema for the integration configuration. properties: preprocessing: type: array description: items: $ref: '#/components/schemas/shorten_url' additional_attributes: type: array description: Array of payload mapping rules for additional tags. items: $ref: '#/components/schemas/additional_attributes' array_source: type: string description: Defines which payload property contains the tag values if is_array=true. example: alerts is_array: type: boolean description: Whether the payloads sent to the integration should be treated as single alerts, or multiple. example: true map_remaining: type: boolean description: Whether to create tags from fields not included in the mapping rules. example: false map_remaining_flatten_array: type: boolean description: Whether to flatten arrays to map remaining. example: false primary_property: type: array description: Mapping rule for the primary property. items: $ref: '#/components/schemas/tag_properties' example: - name: host - name: application - name: service secondary_property: type: array description: Mapping rule for the secondary property. items: $ref: '#/components/schemas/tag_properties' example: - name: check - name: description status: $ref: '#/components/schemas/status_mapping' bp_timestamp: type: object description: Defines an optional tag to add a human-readable timestamp. properties: is_selected: type: boolean example: true timestamp: type: object description: Object that defines mapping rules for the timestamp property. properties: source: type: array description: The field(s) that contain the timestamp value. items: type: string example: - "@alert.annotations.timestamp" - "@alert.startsat" - "@alert.endsat" event_filter: type: string description: A BPQL statement that dictates which events should be dropped upon initial ingestion (using Source Tags). example: '@alert.search_name = "OSS -- MINT Core -- *"' incident_identifier: type: array description: Optional override for the incident identifier. items: type: string example: - application - cluster version: type: string description: The version of the OIM API. example: "2.0" is_default: type: boolean example: true sample_payload: $ref: '#/components/schemas/sample_payload' oim_alert: type: object description: OIM single alert payload schema. properties: app_key: type: string description: The app key of the integration. example: "" status: type: string description: | Status of the event. One of: `ok`, `critical`, `warning`, `unknown`, `acknowledged`. example: critical timestamp: type: integer description: Time the event occurred (Unix epoch, seconds). example: 1402303570 host: type: string description: Custom event property to tag the alert. example: production-database-1 check: type: string description: Custom event property to tag the alert. example: CPU overloaded application: type: string description: Custom event property to tag the alert. example: Billing regions: type: array description: Custom event property as a list. items: type: string example: ["US1", "US2", "EMEA"] count: type: integer description: Custom event property as a number. example: 47 description: type: string description: Brief summary of the alert. example: CPU is above warning limit (40%) standard_alert: type: object description: Standard alert payload schema. properties: app_key: type: string description: Unique identifier of the integration. example: "" status: type: string description: | Status of the event. One of: `ok`, `critical`, `warning`, `unknown`, `acknowledged`. example: critical timestamp: type: integer description: Time the event occurred (Unix epoch, seconds). example: 1402303570 host: type: string description: Event property to tag the alert. example: production-database-1 check: type: string description: Event property to tag the alert. example: CPU overloaded application: type: string description: Event property to tag the alert. example: Billing regions: type: array description: Custom event property as a list. items: type: string example: ["US1", "US2", "EMEA"] count: type: integer description: Event property to tag the alert. example: 47 description: type: string description: Brief summary of the alert. example: CPU is above warning limit (40%) primary_property: type: string description: Primary tag field. example: application secondary_property: type: string description: Secondary tag field. example: host multi_alert_payload: type: object description: Payload structure for multiple alerts. properties: app_key: type: string description: Integration app key. example: "" alerts: type: array description: Array of alert objects. items: $ref: '#/components/schemas/oim_alert' audit_log: type: object description: Schema for a BigPanda audit log entry. properties: actor: $ref: '#/components/schemas/audit_actor' action_type: type: string description: | The action that was made. `init_state`, `create`, `update`, `delete`. example: update context: $ref: '#/components/schemas/audit_context' timestamp: type: integer description: Unix epoch time when the event occurred. example: 1662284339 resource_id: type: string description: The system id of the resource that was changed. example: 631471d494528700126ca555 resource_type: type: string description: The resource type that was changed. example: users object: type: object description: The resource object after the change. When deleted, object is null. example: id: 631471d494528700126a5559 name: Nataly state: valid audit_actor: type: object properties: type: type: string description: Whether the change was made by a user or the system. example: user user: type: object description: User details if applicable. properties: id: type: string example: 62f0ec2d95918d0012bba5553 email: type: string example: user@test.io name: type: string example: Test User audit_context: type: object properties: actor_access: type: object properties: user_agent: type: string example: axios/0.24.0 ip_address: type: string example: "::ffff:10.12.55.55" audit_log_correlation_pattern: type: object description: Schema for an alert correlation pattern. properties: filter: type: string description: BPQL query to filter incoming alerts. example: "cluster=_prod_" cross_source: type: boolean description: Whether alerts from different source systems can be correlated. example: true time_window: type: integer description: Time frame to determine correlation in minutes. example: 60 updated_at: type: integer description: Unix timestamp when the pattern was last updated. example: 1372854204 updated_by: type: string description: ID of the user who last updated the pattern. example: "3123kjlhfasdlkjfh" active: type: boolean description: Whether the pattern is currently active. example: true created_at: type: integer description: Unix timestamp when the pattern was created. example: 1493922189 id: type: string description: System-generated unique identifier. example: "631471d494528700126a5559" created_by: type: string description: ID of the user who created the pattern. example: "3123kjlhfasdlkjfh" tags: type: array items: type: string description: Tags to correlate within the pattern. example: ["service", "check"] audit_log_tag: type: object description: Schema for a tag object. properties: name: type: string description: Tag name in BigPanda. example: "region" created_by: type: string description: User ID of the creator. example: "60c5238222fa55553d93d555" created_at: type: integer description: Timestamp of creation. example: 1635260171 updated_by: type: string description: User ID of the last updater. example: "60c5238222fa55553d93d555" updated_at: type: integer description: Timestamp of last update. example: 1662284281 description: type: string description: Summary of the tag. example: "line of business" active: type: boolean description: If the tag is applied to incoming alerts. example: true enrichments: type: array items: type: object properties: type: type: string active: type: boolean when: type: object config: type: object note: type: string required: [type, active, config] audit_log_tag_enrichment: type: object properties: id: type: string example: 191217f6-481d-464e-9f12-3ed846a72555 type: type: string example: composition active: type: boolean example: true when: type: object example: IN: - source_system - - type: regex value: '*' version: description: Internal system version of the schema. This number is incremented automatically each time the item is updated. type: integer example: 1 config: description: Rules for building or extracting tag values from event data. Configuration attributes are unique to the enrichment type. type: object properties: source: type: string example: nagios destination: type: string example: tag_name value: type: string example: val-${host6666} created_by: type: string example: 60c5238222fa55553d93d555 updated_by: type: string example: 60c5238222fa55553d93d555 note: type: string example: special extraction for nagios audit_log_autoshare_rule: type: object properties: id: type: string example: f38469c6-356c-4ad9-85e9-88b69c627984_ai-analysis.automated_incident_analysis_0 env_id: type: string example: f38469c6-356c-4ad9-85e9-88b69c627984 target_system_id: type: string example: ai-analysis.automated_incident_analysis name: type: string example: P0 All (ai-analysis.automated_incident_analysis) params: type: object properties: autoshare_options: type: object properties: share_delay_seconds: type: integer example: 120 audit_log_environment: type: object properties: id: type: string example: 637b6635c0ec7912005d58f8 name: type: string example: inoc-team filter: type: string example: (source_system = /.*\..*/ AND zero_impact != "true") OR (source_system = "scout.default" AND zero_impact != "true") created_at: type: integer example: 1669031477 updated_at: type: integer example: 1669032359 audit_log_integration: type: object properties: target_system_id: type: string example: emailparser.1234 stream_id: type: string example: 2226ba0c9d377143dba39656d725fc9b updated_at: type: integer example: 1706896027 org: type: string example: bigpanda changes: type: array items: type: object properties: key: type: string old_value: type: object new_value: type: object audit_log_jit_domain: type: object properties: id: type: string example: 065a29561e1fe01f03f17644 domain: type: string example: domain.com role: type: object properties: id: type: string example: 6542b144f4cc16a1a455dd7c organization: type: string example: 6542b1aa43cf5112000c8b55 audit_log_mapping_table_upload: type: object properties: total_count: type: integer description: Total number of results. Returned with a GET call only. example: 473 items: type: array items: type: object example: - application: sale24s yes_sir: first_tag_dynamic_value_2 no_sir: second_tag_dynamic_value_2 - application: billing23 yes_sir: first_tag_dynamic_value no_sir: second_tag_dynamic_value audit_log_api_keys: type: object properties: id: type: string example: 669f9f5ac897605fc70eea98 active: type: boolean example: true created_at: type: integer example: 1721737050 created_by: type: string example: 651ee43333b38e4a5a19c514 description: type: string example: '' last_used: type: integer example: 1721737134 name: type: string example: Test organization: type: string example: 63d10d1baf10bd1300ffae1b user: type: string example: 651ee43333b38e4a5a19c514 audit_log_alert_filtering: type: object properties: plan_name: type: string example: Monthly Cleanup plan_id: type: string example: 641de370310000dc501081b2 plan_status: type: string example: planned plan_type: type: string example: maintenance_plan time_window: type: object properties: start: type: integer example: 1679680834 end: type: integer example: 32788738800 frequency: type: string example: Monthly frequency_data: type: object properties: duration: type: integer example: 12600 current_run: type: integer example: '' next_run: type: integer example: 1690574400 relativity: type: string example: '' updated_fields: type: array items: type: object properties: field_name: type: string example: end old_value: type: string example: '32605567199' new_value: type: string example: '32788738800' audit_log_roles: type: object properties: id: type: string example: 6695327f443fadc7558ce383 name: type: string example: Copy of admin users: type: array items: type: string example: - 63d13a8068db95501470aba3 created_by: type: string example: 63d13a8068db98001550aba3 created_at: type: integer example: 1721053823 updated_at: type: integer example: 1721053823 permissions: type: array description: Each permission grants access to a specific resource_type, which is an area in BigPanda. items: type: object properties: resource_type: type: string description: The name of the permission type. without the access level. For example, ​roles​ rather than ​roles_read​​. For a list of available permission types, see the ​Roles Management​​ documentation. For information about finding the ​resource_type​ at the environment level, see the ​[Granular Environment Permissions​​](https://docs.bigpanda.io/en/roles-management#environment-permissions) documentation. example: audit_logs resource_id: type: string description: (Optional) The id of the permission. This field is only necessary when the role grants access to a specific environment. For all other roles, this field should be omitted. See the ​[Environments Roles​​](https://docs.bigpanda.io/en/roles-management#environment-permissions) documentation for more information. example: q3410hg0235q3 actions: type: array description: An array of available actions this permission grants Options include [`read`, `full_access`, `incident_actions` (incident_actions is only available for environment type permissions.)] items: type: string example: - read audit_log_jit_roles: type: object properties: id: type: string example: "668bccda0b955da31608fb14" name: type: string example: "Domain" users: type: array items: type: string example: ["64e50cb55c960604a71a4e0d5", "668bcda36e79920fcde7d7db"] created_by: type: string example: "63d13a8068d558001470aba3" created_at: type: integer format: int64 example: 1720437978 updated_at: type: integer format: int64 example: 1720437978 permissions: type: array items: type: object properties: resource_type: type: string example: "apikeys" resource_id: type: string nullable: true example: '' actions: type: array items: type: string example: ["full_access"] audit_log_sso_config: type: object properties: disableRequestedAuthnContext: type: boolean example: false idPissuer: type: string example: "http://www.okta.com/exkh1g4sxiX25555555" idPssoUrl: type: string example: "https://trial-555555.okta.com/app/bigpanda/exkh1g4s555555555Mk697/sso/saml" provider: type: string example: "okta" audit_log_sso_test: type: object properties: idP: type: string example: "okta" status: type: string example: "testing" tester: type: string example: "j+mce@htest.com" audit_log_users: type: object properties: createdAt: type: integer format: int64 example: 1662284244 lastLoginAt: type: integer format: int64 example: 1662284281 name: type: string example: "Nataly" state: type: string example: "valid" firstLoginAt: type: integer format: int64 example: 1662284281 username: type: string example: "user1@test.io" id: type: string example: "631471d494528700126a5559" data_connector_response: type: object properties: id: type: string description: The unique identifier for the data connector. example: abc123 status: type: string description: | System field listing the current state of the connector. One of [required_auth, auth_error, pending_initialization, initial_sync, active, running, or sync_error] example: active name: type: string description: The automatically generated name for the connector. example: ServiceNow Connector #1 type: type: string description: | The type of ITSM tool that is connected to BigPanda through the sync. One of [servicenow] example: servicenow rescheduled_for: type: string format: date-time description: The next scheduled data sync. example: '2025-05-07T21:59:05.918554Z' resolve_alerts: required: - ids type: object properties: comments: description: >- An optional comment to add to the resolve action. **May not be longer than 1000 characters.** $ref: '#/components/schemas/comments' ids: type: array description: A list of the unique identifiers for each alert to resolve items: type: string example: ["5d09d221aebaec1c43ccd448", "5cff623a21169351a82cb5e2"] change_object: required: - identifier - start - status - summary type: object properties: identifier: type: string description: The change's unique identifier from its original change system example: CNG-166146 status: type: string description: | 'Status of the change. One of: [Planned,In Progress,Done,Canceled]' example: Planned summary: type: string description: Short summary/title of the change example: Update to Contrail configuration for CAP to reduce network processing overhead start: type: integer description: >- Unix epoch time when the start time of the change (or any start time specified by the user in the integration) occurred (in seconds). format: timestamp example: 1879723984 end: type: integer description: >- Unix epoch time when the end time of the change (or any end time specified by the user in the integration) occurred (in seconds). format: timestamp example: 1979723984 ticket_url: type: string description: The URL of the record in the change system example: https://jira.link.com/ticket?change=chng123 tags: type: object description: | JSON list of all change object tags. Visible in the UI in the Related Changes tab. properties: : type: string example: | "" metadata: type: object description: JSON object with change data. properties: opened_by: type: string example: "userID123" Change-relation-object: required: - change_id - incident_id - match_certainty type: object properties: change_id: $ref: '#/components/parameters/change_id' incident_id: $ref: '#/components/parameters/incident_id' match_certainty: type: string description: | What the relationship is between the suspected change and the incident. One of: [MATCH, SUSPECT, NONE] example: MATCH comment: $ref: '#/components/schemas/comment' diagnostic_log: type: object properties: log_id: type: string description: System-generated unique identifier for the log record. example: log_idABC log_type: type: string description: Type of logged event. example: invalid_payload level: type: string description: Level of logged event. One of [`error`, `warning`, or `info`]. example: error message: type: string description: Brief message describing the event. example: | alert 1: 'status' must exist component_name: type: string description: | Name of the component reporting the event. Must be "inbound". example: inbound resource_id: type: string description: System-generated unique identifier for the resource. example: api.default payload: type: object description: The received event object. properties: : type: string example: production-database-1 : type: string example: CPU overloaded : type: string example: criticald timestamp: type: integer description: Unix epoch time when the event occurred (in seconds). example: 1610622725329 Correlation-Pattern-Object: required: - tags - time_window type: object properties: active: $ref: '#/components/schemas/active' tags: type: array description: >- Array of tag name(s) to correlate within the pattern. At least 1 item must appear in the array. No more than 5 items in the array. No duplicate names in the array. items: type: string time_window: type: integer description: Time frame to determine correlation in minutes format: int32 filter: type: string description: BPQL Filter to set conditions for the correlation pattern cross_source: type: boolean description: >- Determines if alerts can be correlated from different source systems into the same incident default: true note: $ref: '#/components/schemas/note' correlation_pattern_order: required: - execution_order type: object properties: execution_order: type: array description: An array of correlation pattern ids in order by desired run order. items: type: string correlation-patternsinline_response_200_2_item: type: object properties: metadata: $ref: >- #/components/schemas/correlation-patternsinline_response_200_2_metadata query: type: object properties: {} description: a BPQL query window: type: integer example: 7200 cross_source: type: boolean example: true default: true tags: type: array items: type: string example: testtype active: $ref: '#/components/schemas/active' id: type: string example: ca806b78-1640-4ff7-b88a-45e8a59d04cf correlation-patternsinline_response_200_1_item: type: object properties: id: type: string example: 33630204-9217-4922-b642-da6aae088f95 execution_order: type: integer example: 1 correlation-patternsinline_response_200_1: type: object properties: response: $ref: >- #/components/schemas/correlation-patternsinline_response_200_1_response item: type: array items: $ref: >- #/components/schemas/correlation-patternsinline_response_200_1_item correlation-patternsinline_response_200: type: object properties: id: type: string example: 8b80bbf9-1432-44b6-9bda-8dd0eebd02e3 active: $ref: '#/components/schemas/active' tags: type: array items: type: string example: host cross_source: type: boolean example: false default: true time_window: type: integer example: 60 filter: type: string example: cluster = "prod" execution_order: type: integer example: 7 created_by: $ref: '#/components/schemas/created_by' created_at: $ref: '#/components/schemas/created_at' updated_by: $ref: '#/components/schemas/updated_by' updated_at: $ref: '#/components/schemas/updated_at' Correlation-Pattern-Object_1: type: object properties: active: $ref: '#/components/schemas/active' tags: type: array description: >- Array of tag name(s) to correlate within the pattern. At least 1 item must appear in the array. No more than 5 items in the array. No duplicate names in the array. items: type: string example: tags: ["dc", "eu"] time_window: type: integer description: Time frame to determine correlation in minutes format: int32 example: 120 filter: type: string description: BPQL Filter to set conditions for the correlation pattern example: "source_system IN [ \"*\" ]" cross_source: type: boolean description: >- Determines if alerts can be correlated from different source systems into the same incident default: true example: false note: $ref: '#/components/schemas/note' correlation-patternsinline_response_200_2_metadata: type: object properties: created_time: type: integer example: 1701774734 created_user: type: string example: 651d16e46db9ffbf9d5883d9 updated_time: type: integer example: 1701881384 updated_user: type: string example: 651d16e46db9ffbf9d5883d9 correlation-patternsinline_response_200_2: type: object properties: response: $ref: >- #/components/schemas/correlation-patternsinline_response_200_1_response item: type: array items: $ref: >- #/components/schemas/correlation-patternsinline_response_200_2_item correlation-patterns400_response: type: object properties: status: type: string example: failed errors: type: array items: type: string example: >- Failed to update correlation pattern execution order: Correlation pattern Id not found: 6646dd33-bce3-4af0-861b-5271897e5ac4 correlation-patternsinline_response_200_1_response: type: object properties: status: type: string example: success environment_object: required: - name type: object properties: name: type: string description: User-defined name for the environment. description: type: string description: User-defined description of the environment. environment_group_id: type: string description: System-generated id of the environment group. roles: type: array description: The full access roles associated with the environment. items: type: object properties: {} read_only_roles: type: array description: The read-only roles associated with the environment. items: type: object properties: {} filter: type: string description: BPQL Filter to set conditions for the environment. environment_response: type: object properties: name: type: string example: Security Team Triage id: type: string example: 65e0ab774bb5f2ed8b206ff3 created_at: $ref: '#/components/schemas/created_at' updated_at: $ref: '#/components/schemas/updated_at' updated_by: $ref: '#/components/schemas/updated_by' created_by: $ref: '#/components/schemas/created_by' filter: type: string example: >- source_system = /.*\..*/ AND bp_team = 'security' AND zero_impact != 'true' environment_group_response: type: object properties: id: type: string example: 669fbed4da224b0f5bad8f13 name: type: string example: EnvGroupName environmentIds: type: array items: type: string environment_group_object: type: object properties: name: type: string description: The name of the environment group. environment_ids: type: array description: System-generated unique identifier for an environment items: type: string incidents-v1inline_response_200_No-Query_links: type: object properties: rel: type: string example: self href: type: string incidents-v1inline_response_200_No-Query: type: object properties: id: type: string example: 1234a53b6789c12d3efg45h status: type: string example: critical active: $ref: '#/components/schemas/active' flapping: type: boolean example: false default: true resolved: type: boolean example: false default: true snooze: $ref: '#/components/schemas/incidents-v1inline_response_200_No-Query_snooze' startedOn: type: string example: '1466416853' changedOn: type: string example: '1466417169' updatedOn: type: string example: '1466417169' endedOn: type: object alerts: type: array items: $ref: >- #/components/schemas/incidents-v1inline_response_200_No-Query_alerts links: $ref: '#/components/schemas/incidents-v1inline_response_200_No-Query_links' expandable: type: array items: type: string example: alerts incidents-v1inline_response_200_With-Query_tags: type: object properties: object: type: string example: host value: type: string example: production-database-1 incidents-v1inline_response_200_With-Query_alerts: type: object properties: id: type: string description: System-generated unique identifier for the alert example: 57da76d24cdb1f3a54ce25a0 status: type: string description: The most severe status the alert triggered. Possible returns are [`critical`, `warning`, `unknown`, `ok`]. example: critical active: $ref: '#/components/schemas/active' startedOn: type: string description: example: '1466416853' changedOn: type: string example: '1466417169' updatedOn: type: string example: '1466417169' endedOn: type: object tags: type: array items: $ref: '#/components/schemas/incidents-v1inline_response_200_With-Query_tags' incidents-v1inline_response_200: type: object properties: No Query: $ref: '#/components/schemas/incidents-v1inline_response_200_No-Query' With Query: $ref: '#/components/schemas/incidents-v1inline_response_200_With-Query' incidents-v1inline_response_200_No-Query_snooze: type: object properties: snoozed: type: boolean example: false default: true wake: type: object autoCancel: type: boolean example: false default: true incidents-v1body: type: object properties: resolved: type: boolean description: To resolve the incident, set the value to `true`. default: true comments: $ref: '#/components/schemas/comments' incidents-v1inline_response_200_No-Query_alerts: type: object properties: alertId: type: string example: 79fc79f46egh3h5c78rg78d2 incidents-v1inline_response_200_With-Query: type: object properties: id: type: string example: 1234a53b6789c12d3efg45h status: type: string example: critical active: $ref: '#/components/schemas/active' flapping: type: boolean example: false default: true resolved: type: boolean example: false default: true snooze: $ref: '#/components/schemas/incidents-v1inline_response_200_No-Query_snooze' startedOn: type: string example: '1466416853' changedOn: type: string example: '1466417169' updatedOn: type: string example: '1466417169' endedOn: type: object alerts: type: array items: $ref: >- #/components/schemas/incidents-v1inline_response_200_With-Query_alerts expandable: type: array items: type: string example: alerts links: $ref: '#/components/schemas/incidents-v1inline_response_200_No-Query_links' incidents-v2inline_response_200_alerts: type: object properties: alert_id: type: string example: 60a4ee83bb7d9d046b8d7a93 incident_snooze: type: object required: - end_time - cancel_on_incident_updates properties: comment: $ref: '#/components/schemas/comment' end_time: type: integer description: >- Unix epoch time when the incident leaves the snooze state (in seconds). The maximum amount of time an incident can be snoozed is 90 days. format: int32 example: 1638212314 cancel_on_incident_updates: type: boolean description: Should the incident become unsnoozed if it is updated? default: true example: true assign_incident: required: - assignee type: object properties: assignee: type: string description: The ID of the user to assign to the incident example: 651d16e46db9ffbf9d5883d9 merge_incidents: required: - source_incidents type: object properties: source_incidents: type: array description: >- A list of the IDs of incidents to merge into the destination incident defined in the URL path items: $ref: '#/components/parameters/incident_id' comment: $ref: '#/components/schemas/comment' split_incident: required: - alerts type: object properties: comment: $ref: '#/components/schemas/comment' alerts: type: array description: A list of the alert IDs to move into a new incident. items: $ref: '#/components/parameters/alert_id' incident_comment: required: - comments type: object properties: comments: type: string description: The comment to add to the incident. incident_comments: required: - comment type: object properties: comment: type: string example: Marking for regional similarity description: A comment or short description. incidents_v2_response: type: object properties: id: type: string example: 60a4ee83bb7d9d046b8d7a93 status: type: string example: Ok active: $ref: '#/components/schemas/active' severity: type: string example: Critical flapping: type: boolean example: false default: true shared: type: boolean example: false default: true maintenance: type: object start: type: integer example: 1621421699 changed_at: type: integer example: 1629410549 updated_at: $ref: '#/components/schemas/updated_at' end: type: integer example: 1629410549 alerts: type: array items: $ref: '#/components/schemas/incidents-v2inline_response_200_alerts' environments: type: array items: type: string folders: type: array items: type: string incident_tags: type: array items: type: object properties: {} correlation_matchers_log: type: array items: type: array items: type: object properties: time_window: type: integer example: 7200 tags: type: array items: type: object properties: name: type: string example: case value: type: string example: sensitive1 correlation_id: type: string example: a02fde2f-0ec3-4cc2-9cbd-74895cb13050 source_system: type: string example: api.backend_monitoring tag_value_post: type: object properties: tag_value: $ref: '#/components/schemas/tag_value' tag_value: type: string description: The value of the tag. example: P1 tag_array: type: array items: $ref: '#/components/schemas/incident_tag' incident_tag: type: object properties: tag_value: type: string description: | The content of the incident tag. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' example: P1 tag_id: type: string description: System-generated unique identifier for the incident tag. example: itd-9ff554bc0c incident_tag_full: type: object properties: tag_value: type: string description: | The content of the incident tag. When this value is for an incident tag with a fixed list type, the value must be encased in brackets '[]' example: P1 incident_id: $ref: '#/components/parameters/incident_id' tag_id: type: string description: System-generated unique identifier for the incident tag. example: itd-9ff554bc0c incident_tag_return: type: object properties: tag_id: type: string description: System-generated unique identifier for the incident tag. example: tagid incident_id: type: string description: System-generated unique identifier for the incident that contains the incident tag. example: 624d42c54f93a00113aa1234 tag_value: type: string description: | The content of the incident tag. When this value is for an incident tag with a fixed-list, the value must be enclosed in brackets '[]' example: SDIT-Application Operations name: type: string example: '' email: type: string example: '' timestamp: type: integer example: 0 incident-tag-definitionsinline_response_200_1_config_ordered_list: type: object properties: display_name: type: string description: Defines the name of the level, 1-20 chars, unique. example: P1 description: type: string description: Context for the level, 0-200 chars. (Optional) example: Critical order_id: type: integer description: Defines the order of the levels, used for sorting. We recommend higher numbers for more urgent priority levels to allow for additive automatic calculations. example: 1000 color: type: string description: Defines the color of the priority level in the UI. active: $ref: '#/components/schemas/active' Incident-Tag-Definition_1: required: - name - type type: object properties: name: type: string description: The name of the incident tag definition description: type: string description: The description of the incident tag definition type: type: string description: >- The type of the incident tag. One of - One of - Text, MultiValue, ClosedListValuesMulti, or ClosedListValuesSingle. active: $ref: '#/components/schemas/active' canManualInput: type: boolean description: >- Determines if end users are able to manually enter or edit the value for the incident tag. incident-tag-definitionsinline_response_200_1_config: type: object properties: ordered_list: type: array items: $ref: '#/components/schemas/incident-tag-definitionsinline_response_200_1_config_ordered_list' incident-tag-definitionsinline_response_200_1: type: object properties: id: type: string example: itd_priority_1 name: type: string example: Priority description: type: string example: Priority for prioritizing incidents type: type: string example: Priority active: $ref: '#/components/schemas/active' config: $ref: '#/components/schemas/incident-tag-definitionsinline_response_200_1_config' created_at: $ref: '#/components/schemas/created_at' created_by: $ref: '#/components/schemas/created_by' updated_at: $ref: '#/components/schemas/updated_at' updated_by: $ref: '#/components/schemas/updated_by' incident-tag-definition_response: type: object properties: id: type: string example: affected_services name: type: string example: Affected_Services description: type: string example: List of Affected Services type: type: string example: Multivalue active: $ref: '#/components/schemas/active' created_at: $ref: '#/components/schemas/created_at' created_by: $ref: '#/components/schemas/created_by' updated_at: $ref: '#/components/schemas/updated_at' updated_by: $ref: '#/components/schemas/updated_by' Incident-Tag-Definition: required: - name - type type: object properties: name: type: string description: The name of the incident tag definition description: type: string description: The description of the incident tag definition type: type: string description: >- The type of the incident tag. One of - Text, MultiValue, Priority, ClosedListValuesMulti, or ClosedListValuesSingle. active: $ref: '#/components/schemas/active' canManualInput: type: boolean description: >- Determines if end users are able to manually enter or edit the value for the incident tag. default: true maintenance_custom_tags: type: object description: Metadata about the plan in an array of key:value pairs. properties: name: type: string description: name of the tag example: app value: type: string description: value of the tag example: esp maintenance_plan_response: type: object properties: id: type: string description: System-generated unique identifier for a maintenance plan. example: 64f0b24f340000bbd269595c status: type: string description: The maintenance plan's status. example: planned maintenance_key: type: string description: Third party (Jira, ServiceNow, etc.) system key for integrated maintenance management. If no integration key is included in the call, a system ID will be added automatically. example: MNT-de9d22d700e9 name: type: string description: User-defined name for the plan. example: host1 maintenance start: type: integer description: Unix epoch time when the scheduled plan starts (in seconds). For recurring plans, this time should be the start of the first maintenance window. example: 1733904622 end: type: integer description: Unix epoch time when the scheduled plan ends (in seconds). For recurring plans, this time should be the date when the plan should stop repeating. example: 1734768622 description: type: string description: Brief user-defined summary of the maintenance plan. example: this is a description custom_tags: type: array description: Metadata about the plan in an array of key:value pairs. items: $ref: '#/components/schemas/maintenance_custom_tags' created_by: $ref: '#/components/schemas/created_by' created_at: $ref: '#/components/schemas/created_at' updated_by: $ref: '#/components/schemas/updated_by' updated_at: $ref: '#/components/schemas/updated_at' frequency: type: string description: How often the scheduled plan should silence alerts. One of [`Once`, `Daily`, `Weekly`, `Monthly`]. Default is `Once`. This field is case-insensitive. example: Daily frequency_data: $ref: '#/components/schemas/updated_at' frequency_data: type: object description: For recurring plans only. Defines the plan window when alerts should be silenced each period. properties: relativity: type: string description: ​Required for plans using relative monthly dates.​ What week in the month the window should take place. One of [`First`, `Second`, `Third`, `Fourth`, `Last`]. `Last` will trigger in the 5th week for months with a 5th week, and otherwise default to the 4th. example: First duration: type: integer description: Required for all recurring plans. The length of time the plan should run in milliseconds. example: 10800000 current_run: type: string description: System-generated field. Unix epoch time when the current running maintenance window began (in seconds). example: 1720017199 next_run: type: string description: System-generated field. Unix epoch time when the next scheduled maintenance window starts (in seconds). example: 1720103599 maintenance_plan_object: required: - condition - end - name - start type: object properties: name: type: string description: User-defined name for the plan. example: host1 maintenance condition: type: string description: | Maintenance condition in the form of a [BPQL object format](https://api-docs.bigpanda.io/en#description/bpql-object-syntax). Cannot be longer than 80,000 characters long. start: type: integer description: | Unix epoch time when the scheduled plan starts (in seconds). For recurring plans, this time should be the start of the first maintenance window. format: int32 end: type: integer description: | Unix epoch time when the scheduled plan ends (in seconds). For recurring plans, this time should be the date when the plan should stop repeating. format: int32 description: type: string description: Brief user-defined summary of the maintenance plan. maintenance_key: type: string description: | Third party (Jira, ServiceNow, etc.) system key for integrated maintenance management. If no integration key is included in the call, a system ID will be added automatically. frequency: type: string description: | How often the scheduled plan should silence alerts. One of: `Once`, `Daily`, `Weekly`, `Monthly`. This field is case-sensitive. default: Once frequency_data: $ref: '#/components/schemas/updated_at' post_maintenance_action: type: string description: | What should happen to alerts suppressed by this plan after the maintenance window ends. One of: [Resolve, Reactivate, None] default: None time_zone: type: string description: | The maintenance plan's time zone setting. Default is UTC. See the [full list of supported time zones here](https://docs.bigpanda.io/reference/supported-time-zones). role_object: required: - name - permissions type: object properties: name: type: string description: The name of the role as seen in the UI. users: type: array description: An array of user IDs associated with the role. items: type: string permissions: type: array description: A list of permissions associated with the role. items: type: object roles_response: type: object properties: name: type: string example: Test Role 1 id: type: string example: 62d55a73be4fcd0011685555 users: type: array items: type: string example: 60a2931648bd70995fd75555 created_by: $ref: '#/components/schemas/created_by' created_at: $ref: '#/components/schemas/created_at' updated_at: $ref: '#/components/schemas/updated_at' permissions: type: array items: $ref: '#/components/schemas/role_permissions' role_permissions: type: object properties: resource_type: type: string example: plans actions: type: array items: type: string example: read topologyresponse: type: object properties: id: $ref: '#/components/schemas/id' created_by: $ref: '#/components/schemas/created_by' updated_by: $ref: '#/components/schemas/updated_by' links: type: array description: Links present in the topology model. Every item in the array is comprised of a link source and a link target. items: type: object example: | { "source": "host", "target": "check" } created_at: $ref: '#/components/schemas/created_at' updated_at: $ref: '#/components/schemas/updated_at' topologyobject: type: object properties: links: type: array description: Links present in the topology model. Every item in the array is comprised of a link source and a link target. items: type: object properties: source: type: string description: The source tag of the link in the topology model. example: host target: type: string description: The target tag of the link in the topology model. example: check alert_filter_object: required: - active - bpql - name type: object properties: name: type: string description: User defined name for the alert filter. active: $ref: '#/components/schemas/active' bpql: type: string description: >- The [BPQL object](https://docs.bigpanda.io/reference/bpql-object-syntax) to identify which alerts will be filtered. format: json custom_tags: type: array description: Metadata about the alert filter in an array of key-value pairs items: type: object schedule: type: string description: >- The [Schedule ID](https://docs.bigpanda.io/reference/alert-filter-schedules-api) to be applied to the alert filter exclude_status: type: array description: >- Alert statuses to exclude from suppression. One of: ["Ok", "Critical", "Warning", "Unknown"] items: type: string description: type: string description: Brief summary of the alert filter alert_filter_schedule: type: object properties: name: type: string description: User defined name for the schedule. active: $ref: '#/components/schemas/active' starts_on: type: string description: Unix epoch time when the schedule starts (in seconds). format: date-time ends_on: type: string description: Unix epoch time when the schedule ends (in seconds). format: date-time description: type: string description: Brief summary of the schedule. alert_filter_custom_tags: type: object properties: name: type: string example: server_farm value: type: string example: folsom alert_filter_return: type: object properties: id: type: string example: 590b3a991f00002000637538 name: type: string example: Folsom Patch active: $ref: '#/components/schemas/active' plan_type: type: string example: normal created_by: $ref: '#/components/schemas/created_by' created_on: type: integer example: 1493908121 updated_by: $ref: '#/components/schemas/updated_by' updated_on: type: integer example: 1493908121 custom_tags: type: array items: $ref: '#/components/schemas/alert_filter_custom_tags' description: type: string example: Patching Folsom server farm exclude_status: type: array items: type: string example: Ok schedule: type: object API-Key-Object: required: - active - name type: object properties: user_id: type: string description: The system-generated id of the BigPanda user. service_account_id: type: string description: The system-generated id of the BigPanda service account. description: type: string description: Description of the API key. active: type: boolean description: Whether the API key is active or inactive. name: type: string description: The name of the API key. expires_at: type: string description: Unix epoch time when the API key is set to expire (in seconds). example: Read-Only generic_multi_alert_payload: type: object properties: schema: $ref: '#/components/schemas/generic_alert_schema' alerts: type: array description: >- Array of event objects. This field is used to send multiple events in one payload. If using this format, do not send alerts with the schema format. items: $ref: '#/components/schemas/generic_alert' generic_alert: required: - status - primary_property - secondary_property type: object properties: status: type: string description: >- Status of the event. One of: [ok, critical, warning, acknowledged] timestamp: type: string description: >- Unix Epoch time that the event occurred. If no time is specified, the value defaults to the time received in BigPanda. format: timestamp : type: array description: >- Event properties to become tags in BigPanda. The alert object can include any number of custom JSON attributes in string, integer, or array format. When sending an array, the array values are combined into a single tag, pipe delimited in the UI. items: type: string incident_identifier: type: string description: >- A [unique identifier used to recognize if two events are related to each other.] (https://answers.bigpanda.io/en/articles/4558804-alert-identification) Adding an incident_identifier into the payload will override the default value, and allows you to configure specific deduplication rules." description: type: string description: >- Brief summary of the alert for certain monitoring tools - max. 2048 characters. primary_property: type: string description: >- Define a specific event property to act as primary property for this payload. The defined event property must be included in the payload. If not, the primary property will be defined by any included default fields. If no primary property is included, the payload will be dropped. secondary_property: type: string description: >- Define a specific event property to act as secondary property for this payload. The defined event property must be included in the payload. If not, the secondary property will be defined by any included default fields. generic_alert_schema: required: - status - primary_property - secondary_property type: object properties: status: type: string description: >- Status of the event. One of: [ok, critical, warning, acknowledged] timestamp: type: string description: >- Unix Epoch time that the event occurred. If no time is specified, the value defaults to the time received in BigPanda. format: timestamp primary_property: type: string description: >- Define a specific event property to act as primary property for this payload. The defined event property must be included in the payload. If not, the primary property will be defined by any included default fields. If no primary property is included, the payload will be dropped. secondary_property: type: string description: >- Define a specific event property to act as secondary property for this payload. The defined event property must be included in the payload. If not, the secondary property will be defined by any included default fields. description: >- Event object. This format is used to send a single event per payload. If using this format, do not use the alerts format. data_connector: type: object properties: schema: required: - connector_type type: object properties: connector_type: type: string description: >- The type of ITSM tool that is connected to BigPanda through the sync. One of: servicenow default: servicenow example: servicenow aia_config_object: required: - name - enabled - environments - alertTags - isAutoTriggerEnabled - promptAddendum type: object description: Schema for the AIA config object. properties: name: type: string description: The name of the AI Analysis configuration. example: Test configuration enabled: type: boolean description: Whether the configuration is enabled or disabled. example: true environments: type: array description: The environment(s) that the AI analysis configuration applies to. items: type: string example: 63bd568809cb331300f55555 alertTags: type: array description: The alert tag(s) used to generate the AI analysis. items: type: string example: node, host isAutoTriggerEnabled: type: boolean description: Whether or not the analysis is enabled to auto-generate in the environments. example: true promptAddendum: type: string description: Instructions that the LLM will use when generating the analysis. example: Write the summary as if you were a pirate. aia_retrieve_200: type: object properties: id: type: string example: 67f3dd71886657bfa1394444 name: type: string example: Sample config enabled: type: boolean example: true environments: type: array items: type: string example: 60a2931648bd70995fd77777 promptAddendum: type: string example: Write the summary as if you were a pirate. alertTags: type: array items: type: string example: host selectedRecommendationTags: type: array items: type: string example: Assignment_group recommendationScoreThreshold: type: integer example: 4 updatedAt: type: integer example: 1741966296222 updatedBy: type: string example: 65eb795b7b46b76b1b01f777 isDefault: type: boolean example: true isAutoTriggerEnabled: type: boolean example: true update_mapping_config: type: object description: Rules for mapping tag values to event data. properties: note: $ref: '#/components/schemas/note' update_mapping_enrichment: type: object description: Definition for a updating a mapping enrichment schema. After a schema has been created, only the schema status, condition, and description can be edited. To change mapping fields, you must create a new schema. properties: active: type: boolean description: Whether the mapping enrichment is active. example: true when: $ref: '#/components/schemas/when' config: $ref: '#/components/schemas/update_mapping_config' securitySchemes: BearerUser: type: http scheme: bearer description: | Format: "Bearer {User API Key}" BigPanda recommends adding [Authentication](https://docs.bigpanda.io/reference/introduction#authentication-and-headers) headers only in the secure tool you use to make API calls BearerOrg: type: http scheme: bearer description: | Format: "Bearer {Org Token}" BigPanda recommends adding [Authentication](https://docs.bigpanda.io/reference/introduction#authentication-and-headers) headers only in the secure tool you use to make API calls