Logs Enrichment Integration
DataDome Bot Protection analyzes your traffic in real time. We can provide insights about your traffic by enriching your logs for all the requests that we analyze.
Our modules include a powerful feature that adds headers on each request before they are handled by your backend or CDN.
Our customers use it for a deeper integration of DataDome in their infrastructure and applications, for the following use cases:
- Enriching server logs with bot information from DataDome for log analytics, SIEM or SOC (e.g. Elastic Search, Sumologic, Splunk)
- Providing insights about bot traffic on your client-side analytics (e.g. Google Analytics, Adobe Analytics)
This feature is available for Corporate and Enterprise plans. You can enable it directly from the Integration section of your Dashboard.
Available enriched headers
| Header name | Header description | Header possible values | Enabled by default |
|---|---|---|---|
X-DataDome-isbot | Is it a bot? | 0: Human user1: BotNA: Detection disabled on this segment | Yes |
X-DataDome-botname | The bot name | Examples: curl, googlebot, etc. | Yes |
X-DataDome-captchapassed | Was a CAPTCHA passed on this request? | 0: This request was blocked but no CAPTCHA was passed OR this request would have been blocked if you had DataDome protection enabled1: This request was blocked but a CAPTCHA has been passedNA: This request has not been blocked | Yes |
X-DataDome-devicecheckpassed | Was a Device Check passed on this request? | 0: This request was blocked but no Device Check was passed OR this request would have been blocked if you had DataDome protection enabled1: This request was blocked but a Device Check has been passedNA: This request has not been blocked | Yes |
X-DataDome-ruletype | The traffic category | HumansAI Threats DetectionVerified BotsCustom Rules | Yes |
X-DataDome-requestid | A DataDome identifier for the current request. In edge case this header might be empty. | A standard UUID with alphanumerical characters, e.g. 123e4567-e89b-12d3-a456-426614174000 | Yes |
X-DataDome-Traffic-Rule-Response | The response type applied by DataDome | authorizeblock (captcha response)hard_block (block response)interstitial (device check) | No |
X-DataDome-score | The level of confidence when identifying a request as coming from a bot | Float number between 0 and 1. 0: Lowest level of confidence 1: Highest level of confidence | No |
X-DataDome-matchedmodels | Names of bot models that were triggered (max: 10) | Examples: Credential Stuffing, Unusual traffic volume, Recent CVE-xxxx-xxxxx activity, etc. | No |
X-DataDome-sessionid | The DataDome session ID to track the user's journey. In edge case this header might be empty. | Examples: AHrlqAAAAAMA9DfoAKMDOgIAlEibGw== | No |
Please contact our support team to enable the headers listed above that are not enabled by default.
They will review your requirements and provide you with the best recommendations.
Logs integration
Please refer to the documentation pages below to configure your server-side integrations in order to benefit from these enriched headers in your own logs:
- Apache
- Cloudflare Worker (Cloudflare Apps is not supported)
- Cloudfront
- Fastly
- HAProxy18/HAPEE
- IIS
- Nginx
- OpenResty
- Varnish
Export to a SIEM/SOC Tools
You can find more information about how to export these logs and headers to an SIEM/SOC Tools.
Updated about 1 month ago