Logs Enrichment Integration
DataDome Bot Protect analyzes your traffic in real time. We can provide insights about your traffic by enriching your logs for all the requests that we analyze.
Our modules include a powerful feature that adds headers on each request before they reach your backend or CDN.
Our customers use it for a deeper integration of DataDome in their infrastructure and applications for the following use cases:
- Enriching server logs with bot information from DataDome for log analytics, SIEM or SOC (e.g. Elasticsearch, Sumo Logic, Splunk)
- Providing insights about bot traffic on your client-side analytics (e.g. Google Analytics, Adobe Analytics)
Feature availability
This feature is available for Corporate and Enterprise plans. You can enable it directly from the Integrations section of your Dashboard.
Available enriched headers
Default enriched headers
| Header name | Description | Possible values |
|---|---|---|
X-DataDome-botname | The bot name | Examples: curl, googlebot, etc. |
X-DataDome-isbot | Is it a bot? | - 0: Human user- 1: Bot- NA: Detection disabled on this segment |
X-DataDome-captchapassed | Was a CAPTCHA passed on this request? | - 0: This request was blocked but no CAPTCHA was passed, or this request would have been blocked if you had DataDome protection enabled- 1: This request was blocked but a CAPTCHA has been passed- NA: This request has not been blocked |
X-DataDome-devicecheckpassed | Was a Device Check passed on this request? | - 0: This request was blocked but no Device Check was passed, or this request would have been blocked if you had DataDome protection enabled- 1: This request was blocked but a Device Check has been passed- NA: This request has not been blocked |
X-DataDome-requestid | A unique identifier for the current request | A standard UUID with alphanumeric characters, e.g. 123e4567-e89b-12d3-a456-426614174000.This header can be empty if the request was part of a DDoS attack. |
X-DataDome-ruletype | The traffic category | - Humans- AI Threats Detection- Verified Bots- Custom Rules |
Advanced enriched headers (to enable)
How to enable advanced enriched headers
Please contact our support team to enable enriched headers that are not enabled by default.
They will review your requirements and provide you the best recommendations.
| Header name | Description | Possible values |
|---|---|---|
X-DataDome-matchedmodels | Names of bot models that were triggered (max: 10) | Examples: Credential Stuffing, Unusual traffic volume, Recent CVE-xxxx-xxxxx activity, etc. |
X-DataDome-score | The level of confidence when identifying a request as coming from a bot | A float number between 0 and 1:0: Lowest level of confidence1: Highest level of confidenceThis header will be empty if: - the traffic rule response is either authorize or interstitial,- or the request matched a Custom Rule |
X-DataDome-sessionid | The DataDome session ID to track the user's journey | The session ID. Example: AHrlqAAAAAMA9DfoAKMDOgIAlEibGw==This header can be empty if the request was part of a DDoS attack. |
X-DataDome-Traffic-Rule-Response | The response type applied by DataDome | - authorize- block (CAPTCHA response)- hard_block (Block response)- interstitial (Device Check) |
Logs integration
Please refer to the documentation pages below to configure your server-side integrations in order to benefit from these enriched headers in your own logs:
- Apache
- Cloudflare Worker (Cloudflare Apps is not supported)
- CloudFront
- Fastly
- HAProxy18/HAPEE
- IIS
- Nginx
- OpenResty
- Varnish
Export to SIEM/SOC tools
You can find more information about how to export these logs and headers to an SIEM/SOC Tools.
Updated 2 months ago