Logs Enrichment Integration
DataDome Bot Protection analyzes your traffic in real time. We can provide insights about your traffic by enriching your logs for all the requests that we analyze.
Our modules include a powerful feature that adds headers on each request before they are handled by your backend or CDN.
Our customers use it for a deeper integration of DataDome in their infrastructure and applications, for the following use cases:
- Enriching server logs with bot information from DataDome for log analytics, SIEM or SOC (e.g. Elastic Search, Sumologic, Splunk)
- Providing insights about bot traffic on your client-side analytics (e.g. Google Analytics, Adobe Analytics)
This feature is available for Corporate and Enterprise plans. You can enable it directly from the Integration section of your Dashboard.
Available enriched headers
X-DataDome-ruletypereplacedX-DataDome-botfamilyas of 2022-03-01.
| Header name | Header description | Header possible values | Enabled by default |
|---|---|---|---|
X-DataDome-isbot | Is it a bot? | 0: Human user1: BotNA: Detection disabled on this segment | Yes |
X-DataDome-botname | The bot name | Examples: curl, googlebot, etc. | Yes |
X-DataDome-captchapassed | Was a CAPTCHA passed on this session? | 0: This session has been blocked, but has not passed a CAPTCHA1: This session has passed a CAPTCHANA: This request has not been blocked | Yes |
X-DataDome-ruletype | The traffic category | HumansAI Threats DetectionVerified BotsCustom Rules | Yes |
X-DataDome-requestid | An identifier for the current request | A standard UUID with alphanumerical characters, e.g. 123e4567-e89b-12d3-a456-426614174000 | Yes |
X-DataDome-Traffic-Rule-Response | The response type applied by DataDome | authorizeblock (captcha response)hard_block (block response)interstitial (device check) | No |
X-DataDome-score | The level of confidence when identifying a request as coming from a bot | Float number between 0 and 1. 0: Lowest level of confidence 1: Highest level of confidence | No |
X-DataDome-matchedmodels | Names of bot models that were triggered (max: 10) | Examples: Credential Stuffing, Unusual traffic volume, Recent CVE-xxxx-xxxxx activity, etc. | No |
Please contact our support team to enable the headers listed above that are not enabled by default.
They will review your requirements and provide you with the best recommendations.
Logs integration
Please refer to the documentation pages below to configure your server-side integrations in order to benefit from these enriched headers in your own logs:
- Apache
- Cloudflare Worker (Cloudflare Apps is not supported)
- Cloudfront
- Fastly
- HAProxy18/HAPEE
- IIS
- Nginx
- Varnish
Export to a SIEM/SOC Tools
You can find more information about how to export these logs and headers to an SIEM/SOC Tools.
Updated 6 months ago