Data Schema (Logs)
  • 31 Jan 2024
  • Dark
    Light

Data Schema (Logs)

  • Dark
    Light

Article summary

Supported types

  • Legitimate
  • Block
  • Captcha

Fields

The data schema for each log type is returned with the following fields:

Legitimate

Field Name

DescriptionValue
event_type
legitimate
timestampTime of the request
px_app_idHUMAN app ID assigned per application
px_vidVisitor id designated by HUMAN cookie
px_client_uuidPage view identifier designated by HUMAN
full_urlFull URL of the request (including domain, request params etc.)
domainParent domain for the request as derived from location href (URL)
pathPath the request originates from (within the customer’s domain)
risk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)


risk_scoreScoring of the request Between 0 and 100
user_agent

User Agent string the request came from


country

The country the request came from


city

The city the request came from


os_family

Type of operating system used in the request


os_version

The version of operating system used in the request


browser_version

The version of the browser used


browser_family

Type of browser used


true_ip_asn_name

ISP provider for the request original IP


true_ip_classification

Any known classifications/ characteristics we might have for the original IP


true_ip

Original IP for the request (ignoring CDN/ load balancer)


client_ip

IP the request came from


incident_types

Requests are tagged with the types of detection which flagged them. See this section for possible values.


ivt

Requests are tagged with the types of IVT taxonomy they were flagged with. See this section for possible values.


filter_type

Indicating if the request is classified as "always deny" or "always allow"


referrer

The previous page the request came from (the page that led to this request)


request_idThe ID of the request

custom_parameter1-10

Custom parameters as defined by the customer



breached_account

Value is set to true if the request was flagged as breached by HUMAN Credential Intelligence product



http_methodThe HTTP method used in communication (for example between the end user's browser and the client’s server)

filter_origin

Indicating what is the origin of the filter, the customer or HUMAN


filter_id

The filter identifier


filter_category


Indicating what category the filter belongs to. For example, known bots



Block

Field Name

Description

Value

event_type


block

timestamp

Time of the request


px_app_id

HUMAN app ID assigned per application


px_vid

Visitor id designated by HUMAN cookie


px_client_uuid

Page view identifier designated by HUMAN


full_url

Full URL of the request (including domain, request params etc.)


domain

Parent domain for the request as derived from location href (URL)


path

Path the request originates from (within the customer’s domain)


rsk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)


user_agent

User Agent string the request came from


country

Country the request came from


city

City the request came from


os_family

Type of operating system used in the request


os_version

Version of operating system used in the request


browser_version

Version of the browser used


browser_family

Type of browser used


true_ip_asn_name

ISP provider for the request original IP


true_ip_classification

Any known classifications/ characteristics we might have for the original IP


true_ip

Original IP for the request (ignoring CDN/ load balancer)


client_ip

IP the request came from


incident_types

Requests are tagged with the types of detection which flagged it. See this section for possible values.


ivt

Requests are tagged with the types of IVT taxonomy they were flagged with. See this section for possible values.


filter_type

Indicating if the request is classified as "always deny" or "always allow"


simulated_block

Was there actual block activity or just a simulation for block for statistics and monitoring purpose


referrer

The previous page the request came from (the page that led to this request)


custom_parameter1-9

Custom parameters as defined by the customer


breached_account

Value is set to true if the request was flagged as breached by HUMAN Credential Intelligence


filter_origin

Indicating what is the origin of the filter, the customer or HUMAN


filter_id

The filter identifier


filter_category

Indicating what category the filter belongs to. For example, known bots.


Captcha

Field Name

Description

Value

event_type


captcha_pass
captcha_block*

timestamp

Time of the request


px_app_id

HUMAN app IP assigned per application


px_vid

Visitor id designated by HUMAN cookie


px_client_uuid

Page view identifier designated by HUMAN


full_url

Full URL of the request (including domain, request params etc.)


domain

Parent domain for the request as derived from location href (URL)


path

Path the request originates from (within the customer’s domain)


risk_score

Score given to request estimating likelihood of the request originating from bot traffic
Range 0 (most likely human) to 100 (most likely bot)


risk_rtt

Roundtrip time for risk_api (from the enforcer to the collector and back)


user_agent

User Agent string the request came from


country

Country the request came from


city

City the request came from


os_family

Type of operating system used in requested


os_version

Version of operating system used in requested


browser_family

Type of browser used


browser_version

Version of the browser used


true_ip_asn_name

ISP provider for the request original IP


true_ip_classification

Any known classifications/ characteristics we might have for the original ip


true_ip

Original IP for the request (ignoring CDN/ load balancer)


client_ip

IP the request came from


incident_types

Requests are tagged with the types of detection which flagged it. See this section for possible values.


ivt

Requests are tagged with the types of IVT taxonomy they were flagged with. See this section for possible values.


referrer

The previous page the request came from (the page that led to this request)


captcha_type

Challenge type- is it google recaptcha or HUMAN challenge


challenge_tries_count

Number of incomplete hold attempts of the Human Challenge


custom_parameter1-9

Custom parameters as defined by the customer


breached_account

Value is set to true if the request was flagged as breached by HUMAN Credential Intelligence


filter_type

Indicating if the request is classified as "always deny" or "always allow"


filter_id

The filter identifier


filter_origin

Indicating what is the origin of the filter, the customer or HUMAN


filter_category

Indicating what category the filter belongs to. For example knownBots


beta

human_challenge_release_version


Indicating when a user used the accessible challenge icon option
2b
  • captcha_pass - if captcha was solved
  • captcha_block - if the activity was blocked by captcha

Account Defender Logs

Single incidents logs

Field NameDescription
timestampTime of the request
user_idAccount ID as known on the customer side
vidVisitor ID designated by the HUMAN cookie
activity_typeActivity type (e.g, fingerprint - Sensor, page_requester - Enforcer, app_info - mobile)
deviceHash of the device browser fingerprint
ipIP the request originates from
user_agentUser agent the request originates from
path

Path the request originates from (within the customer’s domain)

scoreScore assigned by Account Defender - an integer in the range of 1-100
asn

ISP provider for the request's original IP

countryCountry the request originates from
stateState the request originates from
cityCity the request originates from
continentContinent the request originates from
carrier

Carrier for the request's original IP

organizationNetwork organization of the request's original IP
anonymizer_statusAnonymizer status for the request's original IP
proxy_typeProxy for the request's original IP
hosting_facilityHosting for the request's original IP
attack_patternAttack pattern classified by Account Defender
matched_rules_namesAccount Defender rules matched against the request
custom_param1Custom parameter 1 defined by the customer
custom_param2Custom parameter 2 defined by the customer
custom_param3Custom parameter 3 defined by the customer
custom_param4Custom parameter 4 defined by the customer
custom_param5Custom parameter 5 defined by the customer
custom_param6Custom parameter 6 defined by the customer
custom_param7Custom parameter 7 defined by the customer
custom_param8Custom parameter 8 defined by the customer
custom_param9Custom parameter 9 defined by the customer
custom_param10Custom parameter 10 defined by the customer
sensitive_transactionClassification of the path, if the path was defined as a sensitive one
account_ageThe age of the account on the customer side (i.e, time since registration) in hours

Cluster incidents logs

Field Name

Description

timestampTime of incident creation
user_idsList of the account IDs as known on the customer side
attack_typeAn attack classification of the cluster incident
scoreScore assigned by Account Defender - an integer in the range of 1-100
cluster_keyThe Visitor ID or hash value that is common for all of the accounts in a cluster
cluster_typeVisitor ID designated by the HUMAN cookie or fingerprint hash
matched_rule_nameName of the Account Defender rule that matched against the cluster

Incident Types

Type ID

Name

Description

12

UI Anomaly

User interface interaction is typical of non-human users

13

Denied Service

One or more of the client's properties was denied

14

Custom Denylist

The request was denied because of a customer defined rule

15

Cloud Service

The request was detected as a cloud service

16

Anonymizing Service

Request originates from a Cloud Provider, VPN, Anonymizing Proxy or spoofed IP

17

Bot Behavior

Behavioral patterns deviate from typical human activity

18

Spoof

The detected browser does not match the declared browser

19

Predictive Analytics

Anomalies in behavioral data relevant for the request

20

Automation Tool

Request properties indicate the use of an automation tool

21

Bad Reputation

In the past, users with the same properties performed malicious activities

22

Volumetric Rule

Activity exceeded volumetric policy definition

23

Missing Sensor Data

JS Sensor information was not sent

24

Allowed Volume Exceeded

Request volume anomaly detected

25Captcha Solving Attack
Indications of a CAPTCHA solving attack such as solving farms and solving automation

IVT (Invalid Traffic Taxonomy)

Code

Category

AB

Automated Browsing

DC

Data Center

FR

False Representation

KC

Known Crawler

UC

Undisclosed Classification


Was this article helpful?