DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation
Start typing to search…

Webhook/Notification Integration

You can be notified in your SIEM or alerting system when your website, API, mobile app, or other endpoints are under attack. The configuration is done through the dashboard inside the Integrations tab.

We support 7 out-of-the-box notification/webhook integrations:

🚧

Request timeout

A timeout of 5 seconds is applied to the sent requests.

The following table lists the information you need to connect:

Provider

URL

Secret

Slack

https://hooks.slack.com/services/[[ID]]/[[ID]]/[[ID]]

Not Applicable - The secret is part of the URL.

Microsoft Teams

https://yourwebhook.webhook.office.com/webhookb2/
[[GUID]]@[[GUID]]/IncomingWebhook/[[GUID]]/[[GUID]]

Not Applicable - The secret is part of the URL.

Logz.io

https://listener.logz.io:8071/?token=[TOKENVALUE]
There are a lot of regions for Logz.io , the up to date list is available here

Not Applicable - The secret is part of the URL.

Datadog Event

For Customer using US Datacenter :
https://api.datadoghq.com/api/v1/events
For Customer using EU Datacenter :
https://api.datadoghq.eu/api/v1/events

The secret is required. It is available in your [Datadog Console].(https://app.datadoghq.com/account/settings#api)

Atlassian OpsGenie

For Customer using US Datacenter :
https://api.opsgenie.com/v2/alerts
For Customer using EU Datacenter :
https://api.eu.opsgenie.com/v2/alerts

The secret is required. It is available in your [OpsGenie Account].(https://docs.opsgenie.com/docs/api-key-management)

Splunk OnCall (Formerly VictorOps)

https://alert.victorops.com/integrations/generic/[[ID]
/alert/[[GUID]]/datadome

Not Applicable - The secret is part of the URL.

Custom

The API URL you would like to get the notification.

Not Applicable - The secret is part of the URL.

PagerDuty

https://events.pagerduty.com/v2/enqueue

The secret is required. It is available in your Pager Duty Integration.

The following table lists the purpose of each field in the different Webhooks:

Field name

Purpose of the field

ACCOUNT_NAME

The name of the customer’s workspace

IS_PROTECTED

Global protection is enabled/disabled

THREAT_NAME

The attack name (“Spamming”, “Scalping”, “API Abuse”, etc)

ENDPOINT_NAME

Names of the endpoint (configured in the Datadome dashboard) which is under attack

ATTACK_DURATION

Duration of the attack

START_DATETIME

Starting time of the attack (Timezone is UTC)

END_DATETIME

Ending time of the attack

ATTACK_REQUESTS_COUNT

Total requests that were under attack

NOTIFICATION_PEAK_SPEED

Number of requests received per min

IP_COUNT

Total no. of IPs involved

USER_AGENT_COUNT

Total no. of UAs involved

COUNTRY_COUNT

Total no. of countries from which the requests originated

URL_COUNT

Total no. of URLs that were targeted

HEADER_TEXT

Text telling whether an attack is blocked or if there is an ongoing attack that was not blocked because Global protection is disabled

ATTACK_PROTECTION_TEXT

The text is based on the protection
Protection is enabled -> Blocked
Protection is disabled -> Attack

IMAGE_URL

Image for the attack type
Example: fingerprint image for Credential stuffing

PROTECTION_COLOR

The colour is based on the protection
Protection is enabled -> # 03DAC6
Protection is disabled -> # F75656

PAYLOAD_SECRET

Only for Pager Duty, the secret is sent in the payload

Updated 7 days ago