Integrations
Learn how to integrate DataDome with your other services.
To be notified as soon as possible when your endpoints are under attack, you can use a DataDome Webhook to receive Attack Notifications in your existing third-party services.
List of defined integrations
Configure a Webhook
- To define a new Webhook, click on the "Add +" button
Define and test your webhook settings
-
Input a name for your Webhook
-
Enter the URL where you want to receive the HTTP POST requests from the Webhook
-
Three different payload formats are available for you to choose from:
- Default payload: lists all the available variables in a flat JSON object
- Slack payload: sends the same variables, but they are predefined as a ready-to-be-displayed Slack message
- Microsoft Teams payload: a customized JSON ready-to-be-displayed in a Teams message
Example of a Slack message
-
Choose which threats you want to be notified about, or select "All threats" to include them all
-
Click on the "Test your webhook" button to send a test message and immediately validate your settings
For the chosen threats, a POST request will be sent using the selected payload template
Request timeout
Please note that a timeout of 5 seconds is applied to the sent requests
- Click on the "Save" button when you're done
Webhook Variables
The notification message contains various details about the attack event that occurred on your endpoint:
| Variable placeholder | Description | Example value |
|---|---|---|
| {ACCOUNT_NAME} | The name of the concerned tenant | |
| {HEADER_TEXT} | Will either be 'A bot attack has been blocked' or 'You are under bot attack' depending on the protection status | A bot attack has been blocked |
| {IS_PROTECTED} | Whether or not the attack has been blocked by DataDome | true |
| {THREAT_NAME} | The name of the detected threat | |
| {ENDPOINT_NAME} | The name of the targeted endpoint | |
| {ATTACK_DURATION} | The duration of the attack | |
| {START_DATETIME} | The date and time the attack started | 19 January, 13:53 UTC +00:00 |
| {END_DATETIME} | The date and time the attack ended | 19 January, 14:00 UTC +00:00 |
| {ATTACK_REQUESTS_COUNT} | The number of requests detected in this attack | |
| {NOTIFICATION_PEAK_SPEED} | The peak speed reached by this attack, in terms of requests per minute | |
| {IP_COUNT} | The count of distinct IPs from where the attack requests originated | |
| {USER_AGENT_COUNT} | The count of distinct user agents used in the attack | |
| {COUNTRY_COUNT} | The count of distinct countries from where the attack requests originated | |
| {URL_COUNT} | The count of distinct targeted URLs |
Updated about 2 years ago