SIEM/SOC Integration

DataDome provide insight about your traffic by enriching your logs for each requests we analyse in real time.

You can set up an "exporter" to send your logs to any SIEM, Logs tools.

Configuration examples :

[[inputs.logparser]]
  files = ["/path/to/access_log"]
  
  from_beginning = false

  [inputs.logparser.grok]
    patterns = ['%{COMBINED_LOG_FORMAT} %{WORD:x-DataDome-isbot} %{WORD:x-DataDome-botname} %{WORD:x-DataDome-botfamily} %{WORD:x-DataDome-captchapassed}' ]
    measurement = "access_log"
# you need to add datadome headers in Elasticsearch output configuration: https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#_literal_headers_literal 

module: nameOfModule
  access:
    enabled: true
    var.paths: ["/path/to/log/access.log"]
# example accessLog : https://www.datadoghq.com/blog/monitor-apache-web-server-datadog
# example add cutom headers : https://docs.datadoghq.com/agent/faq/dogstream/#writing-parsing-functions

logs:
    - type: file
      path: /var/log/apache2/access.log
      service: apache_gob_test
      source: apache
      sourcecategory: http_web_access

Elasticsearch Kibana Platform

Once fileBeat is configured, you can use Kibana to analyse in real time your logs and the data enriched by DataDome:

Discovery:

1919

Discover bot

As you have DataDome insight thought Enriched headers, you can create any Dashboard depending of your business need.

1920

Bot dashboard

Telegraf platform

Once Telegraf is configured, you can use Grafana to create your dashboard