Datadome Protection
Overview
Datadome offers is a bot protection solution, providing real-time detection and mitigation of malicious bots, safeguarding websites and APIs from fraud, scraping, and other automated threats with advanced security measures.
Event Categories
The following table lists the data source offered by this integration.
| Data Source | Description |
|---|---|
Web application firewall logs |
Datadome provides real-time detection and mitigation of malicious bots |
In details, the following table denotes the type of events produced by this integration.
| Name | Values |
|---|---|
| Kind | alert |
| Category | intrusion_detection |
| Type | info |
Event Samples
Find below few samples of events and how they are normalized by Sekoia.io.
{
"message": "{\"accountName\": \"Example account\", \"isProtected\": false, \"threatName\": \"Credential Stuffing\", \"endpointName\": \"WEB (default)\", \"duration\": \"\", \"startDateTime\": \"20 January, 18:53 UTC +00:00\", \"endDateTime\": \"\", \"requestsCount\": \"123,456,789\", \"peakSpeed\": \"0\", \"ipCount\": \"123,456,789\", \"uaCount\": \"123,456,789\", \"countryCount\": \"123,456,789\", \"urlCount\": \"123,456,789\"}",
"event": {
"category": [
"intrusion_detection"
],
"kind": "alert",
"start": "2024-01-20T18:53:00Z",
"type": [
"info"
]
},
"@timestamp": "2024-01-20T18:53:00Z",
"cloud": {
"account": {
"name": "Example account"
}
},
"host": {
"name": "WEB (default)"
},
"observer": {
"product": "Datadome protection",
"vendor": "Datadome"
},
"threat": {
"indicator": {
"name": "Credential Stuffing"
}
}
}
Extracted Fields
The following table lists the fields that are extracted, normalized under the ECS format, analyzed and indexed by the parser. It should be noted that infered fields are not listed.
| Name | Type | Description |
|---|---|---|
@timestamp |
date |
Date/time when the event originated. |
cloud.account.name |
keyword |
The cloud account name. |
event.category |
keyword |
Event category. The second categorization field in the hierarchy. |
event.duration |
long |
Duration of the event in nanoseconds. |
event.end |
date |
event.end contains the date when the event ended or when the activity was last observed. |
event.kind |
keyword |
The kind of the event. The highest categorization field in the hierarchy. |
event.start |
date |
event.start contains the date when the event started or when the activity was first observed. |
event.type |
keyword |
Event type. The third categorization field in the hierarchy. |
host.name |
keyword |
Name of the host. |
observer.product |
keyword |
The product name of the observer. |
observer.vendor |
keyword |
Vendor name of the observer. |
Configure
This setup guide will show you how to forward your Datadome Protection logs to Sekoia.io
Create the intake
Go to the intake page and create a new intake from the format Datadome Protection.
Enable forwarding
- Connect on the Datadome Dashboard
- On the left panel, click
Management - On the ribbon, go to
Integrationtab - In the
Webhooksection, clickAdd Webhook - Type the name of the integration
- As URL, type
https://intake.sekoia.io/plain?intake_key=<YOUR INTAKE KEY> - Select
Defaultas the payload format - Select
All threatsas threats - Click
Save