Skip to content

PerimeterX

Overview

This article explains how to ingest your PerimeterX logs to Hunters.

Follow the guide below to make Hunters able to ingest your PerimeterX logs to the Snowflake database in a predefined schema, and then use these logs in our dedicated hunting mechanism.

Supported data types

  • PerimeterX Bot Defender: These logs contain entries of website access to protected APIs, including blocked information. For more details on the data source and its collection, see here.

Sending data to Hunters

For Hunters to consume the PerimeterX data, it needs to be collected using PerimeterX's REST API. For more details on the API, see here.

The logs should be collected and shared as is, in an ndjson format, to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.

Example for a log file:

{"block_score":100,"city":"New York","client_ip":"1.2.3.4","country":"US","event_type":"block","full_url":"https://www.example.com","incident_types":["Bad Reputation","Bot Behavior","Spoof"],"px_app_id":"PX123123123","px_client_uuid":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeee","px_vid":"11111111-2222-3333-4444-55555555","timestamp":"2021-09-22T03:42:37Z","true_ip":"4.3.2.1","true_ip_asn_name":"Made Up at Made Up","true_ip_classification":[],"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0"}
{"block_score":10,"city":"Paris","client_ip":"8.7.6.5","country":"FR","event_type":"block","full_url":"https://www.example2.com","incident_types":["Bad Reputation","Bot Behavior","Spoof"],"px_app_id":"PX123123123","px_client_uuid":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeee","px_vid":"11111111-2222-3333-4444-55555555","timestamp":"2021-09-22T03:42:37Z","true_ip":"5.6.7.8","true_ip_asn_name":"Up Made at Up Made","true_ip_classification":[],"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0"}