Data Schema (Logs)

Supported types

  • Legitimate
  • Block
  • Captcha

Fields

The data schema for each log type is returned with the following fields:

Legitimate

Block

Field Name

Description

Value

event_type

block

timestamp

Time of the request

px_app_id

PerimeterX app ID assigned per application

px_vid

Visitor id designated by PerimeterX cookie

px_client_uuid

Page view identifier designated by PerimeterX

full_url

Full URL of the request (including domain, request params etc.)

domain

Parent domain for the request as derived from location href (URL)

path

Path of the request (where was the request to within the domain)

rsk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)

user_agent

User Agent string the request came from

country

Country the request came from

city

City the request came from

os_family

Type of operating system used in the request

os_version

Version of operating system used in the request

browser_version

Version of the browser used

browser_family

Type of browser used

true_ip_asn_name

ISP provider for the request original IP

true_ip_classification

Any known classifications/ characteristics we might have for the original IP

true_ip

Original IP for the request (ignoring CDN/ load balancer)

client_ip

IP the request came from

incident_types

Requests are tagged with the types of detection which flagged it. See this section for possible values.

ivt

Requests are tagged with the types of IVT taxonomy they were flagged with. See this section for possible values.

filter_type

Indicating if the request is classified as "always deny" or "always allow"

simulated_block

Was there actual block activity or just a simulation for block for statistics and monitoring purpose

referrer

The previous page the request came from (the page that led to this request)

custom_parameter1-9

Custom parameters as defined by the customer

breached_account

Value is set to true if the request was flagged as breached by PerimeterX Credential Intelligence product

filter_origin

Indicating what is the origin of the filter, the customer or PX

filter_id

The filter identifier

filter_category

Indicating what category the filter belongs to. For example knownBots

Captcha

Field Name

Description

Value

event_type

captcha_pass
captcha_block*

timestamp

Time of the request

px_app_id

PerimeterX app IP assigned per application

px_vid

Visitor id designated by PerimeterX cookie

px_client_uuid

Page view identifier designated by PerimeterX

full_url

Full URL of the request (including domain, request params etc.)

domain

Parent domain for the request as derived from location href (URL)

path

Path of the request (where was the request to within the domain)

risk_score

Score given to request estimating likelihood of the request originating from bot traffic
Range 0 (most likely human) to 100 (most likely bot)

risk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)

user_agent

User Agent string the request came from

country

Country the request came from

city

City the request came from

os_family

Type of operating system used in requested

os_version

Version of operating system used in requested

browser_family

Type of browser used

browser_version

Version of the browser used

true_ip_asn_name

ISP provider for the request original IP

true_ip_classification

Any known classifications/ characteristics we might have for the original ip

true_ip

Original IP for the request (ignoring CDN/ load balancer)

client_ip

IP the request came from

incident_types

Requests are tagged with the types of detection which flagged it. See this section for possible values.

ivt

Requests are tagged with the types of IVT taxonomy they were flagged with. See this section for possible values.

referrer

The previous page the request came from (the page that led to this request)

captcha_type

Challenge type- is it google recaptcha or PX human challenge

challenge_tries_count

Number of attempts at the challenge
0 - No attempt was made

custom_parameter1-9

Custom parameters as defined by the customer

breached_account

Value is set to true if the request was flagged as breached by PerimeterX Credential Intelligence product

filter_type

Indicating if the request is classified as "always deny" or "always allow"

filter_id

The filter identifier

filter_origin

Indicating what is the origin of the filter, the customer or PX

filter_category

Indicating what category the filter belongs to. For example knownBots

  • captcha_pass - if captcha was solved
  • captcha_block - if the activity was blocked by captcha

Incident Types

Type Id

Name

Description

12

UI Anomaly

User interface interaction is typical of non-human users

13

Denied Service

One or more of the client's properties was denied

14

Custom Denylist

The request was denied because of a customer defined rule

15

Cloud Service

The request was detected as a cloud service

16

Anonymizing Service

Request originates from a Cloud Provider, VPN, Anonymizing Proxy or spoofed IP

17

Bot Behavior

Behavioral patterns deviate from typical human activity

18

Spoof

The detected browser does not match the declared browser

19

Predictive Analytics

Anomalies in behavioral data relevant for the request

20

Automation Tool

Request properties indicate the use of an automation tool

21

Bad Reputation

In the past, users with the same properties performed malicious activities

22

Volumetric Rule

Activity exceeded volumetric policy definition

23

Missing Sensor Data

JS Sensor information was not sent

24

Allowed Volume Exceeded

Request volume anomaly detected

IVT (Invalid Traffic Taxonomy)

Code

Category

AB

Automated Browsing

DC

Data Center

FR

False Representation

KC

Known Crawler

UC

Undisclosed Classification