Data Schema (Logs)
Supported types
- Legitimate
- Block
- Captcha
Fields
The data schema for each log type is returned with the following fields:
Legitimate
Field Name | Description | Value |
|---|---|---|
event_type | legitimate | |
timestamp | Time of the request | |
px_app_id | PerimeterX app ID assigned per application | |
px_vid | Visitor ID designated by the PerimeterX cookie | |
px_client_uuid | Page view identifier designated by PerimeterX | |
full_url | Full URL of the request (including domain, request params etc.) | |
domain | Parent domain for the request as derived from location href (URL) | |
path | Request path (where was the request to within the domain) | |
risk_score | Score assigned to the request estimating likelihood of the request originating from bot traffic | |
rsk_rtt | Roundtrip time for risk_api (from the enforcer to the collector and back) | |
user_agent | User Agent string the request came from | |
country | Country the request came from | |
city | City the request came from | |
os_family | Type of operating system used in the request | |
os_version | Version of operating system used in the request | |
browser_family | Type of browser used | |
browser_version | Version of the browser used | |
true_ip_asn_name | ISP provider for the request original IP | |
true_ip_classification | Any known classifications/ characteristics we might have for the original IP | (e.g: [{”name”:”Google Cloud”,”class”:”Cloud”}]) |
true_ip | Original IP of the request (ignoring CDN/ load balancer) | |
client_ip | IP the request came from | |
incident_types | Requests are tagged with the types of detection which flagged it. See this section for possible values. | |
custom_parameter1-9 | Custom parameters as defined by the customer | |
http_status_code | ||
referrer | The previous page the request came from (the page that led to this request) | |
breached_account | Value is set to | This field is sent only if breached_account is true |
filter_type | Indicating if the request is classified as "always deny" or "always allow" | |
filter_origin | Indicating what is the origin of the filter, the customer or PX | |
filter_id | The filter identifier | |
filter_category | Indicating what category the filter belongs to. For example knownBots |
Block
event_type | block | |
|---|---|---|
timestamp | Time of the request | |
px_app_id | PerimeterX app ID assigned per application | |
px_vid | Visitor id designated by PerimeterX cookie | |
px_client_uuid | Page view identifier designated by PerimeterX | |
full_url | Full URL of the request (including domain, request params etc.) | |
domain | Parent domain for the request as derived from location href (URL) | |
path | Path of the request (where was the request to within the domain) | |
rsk_rtt | Roundtrip time for risk_api (from the enforcer to the collector and back) | |
user_agent | User Agent string the request came from | |
country | Country the request came from | |
city | City the request came from | |
os_family | Type of operating system used in the request | |
os_version | Version of operating system used in the request | |
browser_version | Version of the browser used | |
browser_family | Type of browser used | |
true_ip_asn_name | ISP provider for the request original IP | |
true_ip_classification | Any known classifications/ characteristics we might have for the original IP | |
true_ip | Original IP for the request (ignoring CDN/ load balancer) | |
client_ip | IP the request came from | |
incident_types | Requests are tagged with the types of detection which flagged it. See this section for possible values. | |
filter_type | Indicating if the request is classified as "always deny" or "always allow" | |
simulated_block | Was there actual block activity or just a simulation for block for statistics and monitoring purpose | |
referrer | The previous page the request came from (the page that led to this request) | |
custom_parameter1-9 | Custom parameters as defined by the customer | |
breached_account | Value is set to | |
filter_origin | Indicating what is the origin of the filter, the customer or PX | |
filter_id | The filter identifier | |
filter_category | Indicating what category the filter belongs to. For example knownBots |
Captcha
event_type | captcha_pass | |
|---|---|---|
timestamp | Time of the request | |
px_app_id | PerimeterX app IP assigned per application | |
px_vid | Visitor id designated by PerimeterX cookie | |
px_client_uuid | Page view identifier designated by PerimeterX | |
full_url | Full URL of the request (including domain, request params etc.) | |
domain | Parent domain for the request as derived from location href (URL) | |
path | Path of the request (where was the request to within the domain) | |
risk_score | Score given to request estimating likelihood of the request originating from bot traffic | |
risk_rtt | Roundtrip time for risk_api (from the enforcer to the collector and back) | |
user_agent | User Agent string the request came from | |
country | Country the request came from | |
city | City the request came from | |
os_family | Type of operating system used in requested | |
os_version | Version of operating system used in requested | |
browser_family | Type of browser used | |
browser_version | Version of the browser used | |
true_ip_asn_name | ISP provider for the request original IP | |
true_ip_classification | Any known classifications/ characteristics we might have for the original ip | |
true_ip | Original IP for the request (ignoring CDN/ load balancer) | |
client_ip | IP the request came from | |
incident_types | Requests are tagged with the types of detection which flagged it. See this section for possible values. | |
referrer | The previous page the request came from (the page that led to this request) | |
captcha_type | Challenge type- is it google recaptcha or PX human challenge | |
challenge_tries_count | Number of attempts at the challenge | |
custom_parameter1-9 | Custom parameters as defined by the customer | |
breached_account | Value is set to | |
filter_type | Indicating if the request is classified as "always deny" or "always allow" | |
filter_id | The filter identifier | |
filter_origin | Indicating what is the origin of the filter, the customer or PX | |
filter_category | Indicating what category the filter belongs to. For example knownBots |
- captcha_pass - if captcha was solved
- captcha_block - if the activity was blocked by captcha
Incident Types
| Type Id | Name | Description |
|---|---|---|
| 12 | UI Anomaly | User interface interaction is typical of non-human users |
| 13 | Denied Service | One or more of the client's properties was denied |
| 14 | Custom Denylist | The request was denied because of a customer defined rule |
| 15 | Cloud Service | The request was detected as a cloud service |
| 16 | Anonymizing Service | Request originates from a Cloud Provider, VPN, Anonymizing Proxy or spoofed IP |
| 17 | Bot Behavior | Behavioral patterns deviate from typical human activity |
| 18 | Spoof | The detected browser does not match the declared browser |
| 19 | Predictive Analytics | Anomalies in behavioral data relevant for the request |
| 20 | Automation Tool | Request properties indicate the use of an automation tool |
| 21 | Bad Reputation | In the past, users with the same properties performed malicious activities |
| 22 | Volumetric Rule | Activity exceeded volumetric policy definition |
| 23 | Missing Sensor Data | JS Sensor information was not sent |
| 24 | Allowed Volume Exceeded | Request volume anomaly detected |
Updated 3 days ago