Webhook/Notification Integration
You can be notified in your SIEM or alerting system when your website, API, mobile app, or other endpoints are under attack. The configuration is done through the dashboard inside the Integrations tab.
We support 7 out-of-the-box notification/webhook integrations:
- Custom (We propose our own API schema.)
- Datadog Event
- Atlassian OpsGenie
- Slack
- Splunk OnCall (Formerly VictorOps.)
- Microsoft Teams
- PagerDuty
Request timeout
A timeout of 5 seconds is applied to the sent requests.
The following table lists the information you need to connect:
Provider | URL | Secret |
---|---|---|
Slack | https://hooks.slack.com/services/[[ID]]/[[ID]]/[[ID]] | Not Applicable - The secret is part of the URL. |
Microsoft Teams | https://yourwebhook.webhook.office.com/webhookb2/ [[GUID]]@[[GUID]]/IncomingWebhook/[[GUID]]/[[GUID]] | Not Applicable - The secret is part of the URL. |
Logz.io | https://listener.logz.io:8071/?token=[TOKENVALUE] There are a lot of regions for Logz.io , the up to date list is available here | Not Applicable - The secret is part of the URL. |
Datadog Event | For Customer using US Datacenter :https://api.datadoghq.com/api/v1/events For Customer using EU Datacenter : https://api.datadoghq.eu/api/v1/events | The secret is required. It is available in your [Datadog Console].(https://app.datadoghq.com/account/settings#api) |
Atlassian OpsGenie | For Customer using US Datacenter :https://api.opsgenie.com/v2/alerts For Customer using EU Datacenter : https://api.eu.opsgenie.com/v2/alerts | The secret is required. It is available in your [OpsGenie Account].(https://docs.opsgenie.com/docs/api-key-management) |
Splunk OnCall (Formerly VictorOps) | https://alert.victorops.com/integrations/generic/[[ID] /alert/[[GUID]]/datadome | Not Applicable - The secret is part of the URL. |
Custom | The API URL you would like to get the notification. | Not Applicable - The secret is part of the URL. |
PagerDuty | https://events.pagerduty.com/v2/enqueue | The secret is required. It is available in your Pager Duty Integration. |
The following table lists the purpose of each field in the different Webhooks:
Field name | Purpose of the field |
---|---|
ACCOUNT_NAME | The name of the customer’s workspace |
IS_PROTECTED | Global protection is enabled/disabled |
THREAT_NAME | The attack name (“Spamming”, “Scalping”, “API Abuse”, etc) |
ENDPOINT_NAME | Names of the endpoint (configured in the Datadome dashboard) which is under attack |
ATTACK_DURATION | Duration of the attack |
START_DATETIME | Starting time of the attack (Timezone is UTC) |
END_DATETIME | Ending time of the attack |
ATTACK_REQUESTS_COUNT | Total requests that were under attack |
NOTIFICATION_PEAK_SPEED | Number of requests received per min |
IP_COUNT | Total no. of IPs involved |
USER_AGENT_COUNT | Total no. of UAs involved |
COUNTRY_COUNT | Total no. of countries from which the requests originated |
URL_COUNT | Total no. of URLs that were targeted |
HEADER_TEXT | Text telling whether an attack is blocked or if there is an ongoing attack that was not blocked because Global protection is disabled |
ATTACK_PROTECTION_TEXT | The text is based on the protection Protection is enabled -> Blocked Protection is disabled -> Attack |
IMAGE_URL | Image for the attack type Example: fingerprint image for Credential stuffing |
PROTECTION_COLOR | The colour is based on the protection Protection is enabled -> # 03DAC6 Protection is disabled -> # F75656 |
PAYLOAD_SECRET | Only for Pager Duty, the secret is sent in the payload |
Updated 9 months ago