Logs Integration

DataDome bot detection is a real time synchronous process.

All our modules include a powerful feature that injects informational headers for each request. Our customers use it for deep integration between DataDome and their infrastructure and applications, such as in the following cases:

  • Enriching server logs to use DataDome bot information inside Log Analytics, SIEM or SOC
  • Reading and using these headers in applications, to support specific decisions
  • Reading these headers inside statistics tags

📘

This feature is available for the Corporate and Enterprise plans. Please reach DataDome team for more information.

Headers values

Header name

Header description

Header possible values

X-DataDome-isbot

Is it a bot ?

0: Human (normal user)
1: Bot
NA: Detection not activated on this segment

X-DataDome-botname

The bot name

String

X-DataDome-botfamily

The bot family

good_bot / bad_bot / commercial_bot

X-DataDome-captchapassed

Has this client passed a Captcha?

0: This client has not passed the Captcha
1: This client has passed the Captcha
NA: This request has not been blocked

The information above can be used inside any application/SIEM/SOC by reading the HTTP request headers.

Logs integration

Each module can inject these headers inside web server logs.

This feature enables our users to integrate DataDome detection information inside their usual monitoring tools like Kibana, Splunk or AppDynamics.

The documentation for each module is available through the links below:

LogFormat "%h %l %u %t \"%r\" %{X-DataDome-isbot}i %{X-DataDome-botname}i %{X-DataDome-botfamily}i %{X-DataDome-captchapassed}i %{DATA_DOME_SPENT_TIME}e" datadome
CustomLog logs/datadome.log datadome
http {
    ....
    log_format datadome '$request $http_x-datadome-isbot $http_x-datadome-botname $http_x-datadome-botfamily $http_x-datadome-captchapassed $datadome_response_time';
    access_log /var/log/nginx/datadome.log datadome;
    ....
    server {
        ....
        data_dome_auth @datadome;
        data_dome_auth_set $datadome_response_time $upstream_response_time;
        ....
    }
}
sudo varnishncsa -a -w /var/log/varnish/datadome.log -D -P /var/run/varnishncsa_datadome.pid -F '%h %l %u %t "%r" "%{X-DataDome-isbot}i %{X-DataDome-botname}i %{X-DataDome-botfamily}i %{X-DataDome-captchapassed}i %{VCL_Log:DataDome_status}x %{VCL_Log:DataDome_spent_time}x"'
# frontend settings with DataDome integration
http-request lua.Datadome_request_hook
http-response lua.Datadome_response_hook
# A block that capture headers
capture response header X-DataDome-isbot len 4
capture response header X-DataDome-botname len 64
capture response header X-DataDome-botfamily len 16
capture response header X-DataDome-captchapassed len 4
# continue frontend setting with DataDome integration
use_backend failure_backend if { var(txn.dd.status) eq "blocked" }