Data Schema (Logs)

Supported types

  • Legitimate
  • Block
  • Captcha

Fields

The data schema for each log type is returned with the following fields:

Legitimate

Field Name

Description

Value

event_type

legitimate

timestamp

Time of the request

px_app_id

PerimeterX app ID assigned per application

px_vid

Visitor ID designated by the PerimeterX cookie

px_client_uuid

Page view identifier designated by PerimeterX

full_url

Full URL of the request (including domain, request params etc.)

domain

Parent domain for the request as derived from location href (URL)

path

Request path (where was the request to within the domain)

risk_score

Score assigned to the request estimating likelihood of the request originating from bot traffic
Range 0 (most likely human) to 100 (most likely bot)

rsk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)

user_agent

User Agent string the request came from

country

Country the request came from

city

City the request came from

os_family

Type of operating system used in the request

os_version

Version of operating system used in the request

browser_family

Type of browser used

browser_version

Version of the browser used

true_ip_asn_name

ISP provider for the request original IP

true_ip_classification

Any known classifications/ characteristics we might have for the original IP

(e.g: [{”name”:”Google Cloud”,”class”:”Cloud”}])

true_ip

Original IP of the request (ignoring CDN/ load balancer)

client_ip

IP the request came from

incident_types

Requests are tagged with the types of detection which flagged it. See this section for possible values.

custom_parameter1-9

Custom parameters as defined by the customer

http_status_code

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

referrer

The previous page the request came from (the page that led to this request)

breached_account

Value is set to true if the request was flagged as breached by PerimeterX Credential Intelligence product

This field is sent only if breached_account is true

filter_type

Indicating if the request is classified as "always deny" or "always allow"

filter_origin

Indicating what is the origin of the filter, the customer or PX

filter_id

The filter identifier

filter_category

Indicating what category the filter belongs to. For example knownBots

Block

event_type

block

timestamp

Time of the request

px_app_id

PerimeterX app ID assigned per application

px_vid

Visitor id designated by PerimeterX cookie

px_client_uuid

Page view identifier designated by PerimeterX

full_url

Full URL of the request (including domain, request params etc.)

domain

Parent domain for the request as derived from location href (URL)

path

Path of the request (where was the request to within the domain)

rsk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)

user_agent

User Agent string the request came from

country

Country the request came from

city

City the request came from

os_family

Type of operating system used in the request

os_version

Version of operating system used in the request

browser_version

Version of the browser used

browser_family

Type of browser used

true_ip_asn_name

ISP provider for the request original IP

true_ip_classification

Any known classifications/ characteristics we might have for the original IP

true_ip

Original IP for the request (ignoring CDN/ load balancer)

client_ip

IP the request came from

incident_types

Requests are tagged with the types of detection which flagged it. See this section for possible values.

filter_type

Indicating if the request is classified as "always deny" or "always allow"

simulated_block

Was there actual block activity or just a simulation for block for statistics and monitoring purpose

referrer

The previous page the request came from (the page that led to this request)

custom_parameter1-9

Custom parameters as defined by the customer

breached_account

Value is set to true if the request was flagged as breached by PerimeterX Credential Intelligence product

filter_origin

Indicating what is the origin of the filter, the customer or PX

filter_id

The filter identifier

filter_category

Indicating what category the filter belongs to. For example knownBots

Captcha

event_type

captcha_pass
captcha_block*

timestamp

Time of the request

px_app_id

PerimeterX app IP assigned per application

px_vid

Visitor id designated by PerimeterX cookie

px_client_uuid

Page view identifier designated by PerimeterX

full_url

Full URL of the request (including domain, request params etc.)

domain

Parent domain for the request as derived from location href (URL)

path

Path of the request (where was the request to within the domain)

risk_score

Score given to request estimating likelihood of the request originating from bot traffic
Range 0 (most likely human) to 100 (most likely bot)

risk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)

user_agent

User Agent string the request came from

country

Country the request came from

city

City the request came from

os_family

Type of operating system used in requested

os_version

Version of operating system used in requested

browser_family

Type of browser used

browser_version

Version of the browser used

true_ip_asn_name

ISP provider for the request original IP

true_ip_classification

Any known classifications/ characteristics we might have for the original ip

true_ip

Original IP for the request (ignoring CDN/ load balancer)

client_ip

IP the request came from

incident_types

Requests are tagged with the types of detection which flagged it. See this section for possible values.

referrer

The previous page the request came from (the page that led to this request)

captcha_type

Challenge type- is it google recaptcha or PX human challenge

challenge_tries_count

Number of attempts at the challenge
0 - No attempt was made

custom_parameter1-9

Custom parameters as defined by the customer

breached_account

Value is set to true if the request was flagged as breached by PerimeterX Credential Intelligence product

filter_type

Indicating if the request is classified as "always deny" or "always allow"

filter_id

The filter identifier

filter_origin

Indicating what is the origin of the filter, the customer or PX

filter_category

Indicating what category the filter belongs to. For example knownBots

  • captcha_pass - if captcha was solved
  • captcha_block - if the activity was blocked by captcha

Incident Types

Type IdNameDescription
12UI AnomalyUser interface interaction is typical of non-human users
13Denied ServiceOne or more of the client's properties was denied
14Custom DenylistThe request was denied because of a customer defined rule
15Cloud ServiceThe request was detected as a cloud service
16Anonymizing ServiceRequest originates from a Cloud Provider, VPN, Anonymizing Proxy or spoofed IP
17Bot BehaviorBehavioral patterns deviate from typical human activity
18SpoofThe detected browser does not match the declared browser
19Predictive AnalyticsAnomalies in behavioral data relevant for the request
20Automation ToolRequest properties indicate the use of an automation tool
21Bad ReputationIn the past, users with the same properties performed malicious activities
22Volumetric RuleActivity exceeded volumetric policy definition
23Missing Sensor DataJS Sensor information was not sent
24Allowed Volume ExceededRequest volume anomaly detected

Did this page help you?