Bot Detection That Powers Your Entire Security Stack
WebDecoy is not just a standalone tool. It is the intelligence layer that connects your CDN, WAF, SIEM, and observability platforms into a unified bot defense system.
Bot Scanner SDK & REST API
Embed behavioral analysis directly in your application. Our JavaScript SDK detects headless browsers and automation frameworks, then triggers your response actions automatically.
- JavaScript SDK
npm install @webdecoy/scanner - <10KB gzipped, async loading
- REST API
Full programmatic control: create decoys, query detections, manage responses
- Webhooks
HMAC-signed payloads with retry logic and event filtering
// Install: npm install @webdecoy/scanner
import { BotScanner } from '@webdecoy/scanner';
// Initialize with your account
const scanner = new BotScanner({
accountId: 'acc_xxx',
scannerId: 'scn_xxx',
onDetection: async (detection) => {
// Custom response logic
if (detection.threat_score > 80) {
await blockAtEdge(detection.ip);
}
}
});
// Start behavioral analysis
scanner.init();10+
Native Integrations
<5min
Setup Time
<50ms
Detection Latency
<1s
Response Time
Integration Categories
Connect WebDecoy to every layer of your infrastructure. From edge CDNs to observability platforms, our integrations ensure bot intelligence flows exactly where you need it.
CDN & Edge
Cloudflare, Akamai, Fastly
Cloud WAF
AWS WAF, Cloudflare WAF
SIEM & SOC
Splunk, Elastic, CrowdStrike
Observability
Datadog, Metrics, Logs
Platforms
Vercel, Webhooks
Cloudflare WAF Integration
Transform WebDecoy intelligence into instant edge blocking. When our AI detects a malicious bot, Cloudflare blocks it at the edge before it ever reaches your origin server. Zero latency. Zero configuration drift.
Key Capabilities
- Automatic IP Blocking
Detected bots are instantly added to Cloudflare IP Access Rules via API
- Custom Firewall Rules
Create sophisticated rules based on bot scores, user agents, and behavior patterns
- Real-Time Threat Sync
Bot scores shared bidirectionally for enhanced threat intelligence
- Zero-Latency Edge Blocking
Bots blocked at the nearest edge location, 200+ data centers worldwide
Use Case: An e-commerce site was losing $50K/month to price scraping bots. With WebDecoy + Cloudflare, they blocked 99.7% of scrapers at the edge, reducing origin load by 40%.
{
"integration": "cloudflare",
"api_token": "cf_xxx_your_token",
"zone_id": "your_zone_id",
"actions": {
"on_bot_detected": "block",
"on_suspicious": "challenge",
"on_ai_scraper": "managed_challenge"
},
"rules": {
"auto_create_firewall_rules": true,
"sync_bot_scores": true,
"block_duration": "24h"
}
}Configuration takes less than 2 minutes with our setup wizard
import { webdecoy } from '@webdecoy/vercel';
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export async function middleware(req: NextRequest) {
// Check bot score at the edge
const botScore = await webdecoy.analyze(req);
if (botScore.isBot) {
// Block or challenge based on threat level
if (botScore.threat === 'high') {
return new NextResponse('Blocked', {
status: 403
});
}
return webdecoy.challenge(req);
}
return NextResponse.next();
}
export const config = {
matcher: ['/api/:path*', '/checkout/:path*']
};Vercel Integration
Protect your Next.js and React applications at the edge. Our Vercel integration runs in Edge Middleware, analyzing every request before it hits your serverless functions.
Key Capabilities
- Edge Middleware Protection
Bot detection runs at Vercel's edge, adding less than 5ms latency
- Serverless Function Security
Protect API routes from credential stuffing and enumeration attacks
- Preview Deployment Protection
Prevent bots from scraping preview URLs and staging environments
- Environment-Based Configuration
Different protection levels for production, preview, and development
Use Case: A SaaS startup blocked 15,000+ bot requests per day on their API routes, reducing compute costs by 35% and eliminating credential stuffing attempts entirely.
Ready to Unify Your Bot Defense?
Connect WebDecoy to your existing infrastructure in minutes. No code changes required for most integrations.
Start Free Integration Opens in a new tabDatadog Integration
Stream bot detection metrics directly to Datadog. Correlate bot activity with application performance, create custom dashboards, and trigger alerts when attack patterns emerge.
Key Capabilities
- Real-Time Metrics Streaming
Bot counts, threat levels, and detection events pushed via Datadog API
- Pre-Built Dashboards
Import our dashboard templates for instant bot activity visibility
- Alert Integration
PagerDuty, Slack, and email alerts based on bot activity thresholds
- APM Correlation
Link bot traffic to performance degradation in your application traces
Use Case: A fintech platform used WebDecoy + Datadog to identify a correlation between bot traffic spikes and database latency, leading to a 60% improvement in API response times.
// Available Datadog Metrics
webdecoy.bot.detected.count
webdecoy.bot.blocked.count
webdecoy.threat.score.avg
webdecoy.ai_scraper.detected.count
webdecoy.honeypot.triggered.count
webdecoy.attack.sqli.count
webdecoy.attack.xss.count
webdecoy.response_time.p99
// Custom Dashboard Query
{
"title": "Bot Activity Overview",
"widgets": [{
"definition": {
"type": "timeseries",
"requests": [{
"q": "sum:webdecoy.bot.detected.count{*}"
}]
}
}]
}# CloudFormation Template Excerpt
Resources:
WebDecoyIPSet:
Type: AWS::WAFv2::IPSet
Properties:
Name: webdecoy-blocked-ips
Scope: REGIONAL
IPAddressVersion: IPV4
Addresses: [] # Auto-populated by WebDecoy
WebDecoyRule:
Type: AWS::WAFv2::RuleGroup
Properties:
Name: webdecoy-bot-rules
Capacity: 100
Rules:
- Name: BlockDetectedBots
Priority: 1
Action:
Block: {}
Statement:
IPSetReferenceStatement:
Arn: !GetAtt WebDecoyIPSet.Arn
# API Gateway Integration
ApiGatewayWebACL:
Type: AWS::WAFv2::WebACLAssociation
Properties:
ResourceArn: !Sub arn:aws:apigateway:${Region}
WebACLArn: !GetAtt WebDecoyWebACL.ArnAWS WAF Integration
Protect your entire AWS infrastructure with WebDecoy intelligence. Automatically update IP sets, create custom rules, and integrate with CloudFront, API Gateway, and ALB.
Key Capabilities
- Automatic IP Set Updates
Detected bot IPs automatically added to WAFv2 IP sets via AWS API
- Custom Rule Creation
Generate WAF rules based on bot behavior patterns and attack signatures
- CloudFront Integration
Protect your CDN distributions with bot intelligence at the edge
- Lambda@Edge Support
Run WebDecoy analysis at AWS edge locations for lowest latency
Use Case: A healthcare API provider used WebDecoy + AWS WAF to block 2M+ bot requests monthly, ensuring HIPAA compliance and protecting patient data from enumeration attacks.
Akamai Integration
Leverage Akamai's massive global network with WebDecoy intelligence. Integrate with Bot Manager, Property Manager, and Edge DNS for comprehensive enterprise-grade bot defense.
Key Capabilities
- Edge DNS Protection
Block bots at the DNS level before they reach your origin
- Bot Manager Integration
Enhance Akamai Bot Manager with WebDecoy's AI detection signals
- Property Manager Rules
Auto-generate PM rules based on detected threats
- Real-Time Threat Sharing
Bidirectional intelligence sharing with Akamai's threat network
Use Case: A Fortune 500 retailer combined WebDecoy with Akamai to protect their holiday traffic surge, blocking 50M+ bot requests during Black Friday alone.
{
"name": "WebDecoy Bot Protection",
"children": [],
"behaviors": [{
"name": "webApplicationFirewall",
"options": {
"firewallConfiguration": {
"ruleActions": [{
"action": "deny",
"conditions": [{
"type": "clientIpMatch",
"matchOperator": "IS_ONE_OF",
"ipAddresses": "${WEBDECOY_BLOCKED_IPS}"
}]
}]
}
}
}],
"criteria": [{
"name": "requestHeader",
"options": {
"headerName": "X-WebDecoy-Score",
"matchOperator": "IS_GREATER_THAN",
"values": ["80"]
}
}]
}sub vcl_recv {
# Check WebDecoy edge dictionary for blocked IPs
if (table.lookup(webdecoy_blocked_ips, client.ip)) {
error 403 "Forbidden";
}
# Check bot score header from WebDecoy
if (req.http.X-WebDecoy-Score) {
if (std.atoi(req.http.X-WebDecoy-Score) > 80) {
error 403 "Bot Detected";
}
}
}
sub vcl_log {
# Stream detection events to WebDecoy
if (req.http.X-Bot-Detected == "true") {
log "syslog " req.service_id
" webdecoy :: "
client.ip " "
req.url " "
req.http.User-Agent;
}
}Fastly Integration
Deploy WebDecoy intelligence at Fastly's edge with VCL snippets and Compute@Edge. Real-time log streaming, edge dictionaries, and Signal Sciences integration included.
Key Capabilities
- VCL Snippet Injection
Auto-generate VCL rules for bot blocking and logging
- Edge Dictionary Updates
Real-time blocklist syncing to Fastly edge dictionaries
- Real-Time Log Streaming
Stream edge logs to WebDecoy for enhanced analysis
- Compute@Edge Support
Run WebDecoy analysis in Fastly's serverless edge compute
Use Case: A media streaming company used WebDecoy + Fastly to protect their video API from credential sharing bots, reducing unauthorized access by 94%.
Custom Webhooks
Build your own integrations with WebDecoy's webhook system. HMAC-signed payloads, configurable retry logic, and real-time event filtering give you complete control over your security automation.
Key Capabilities
- HMAC-Signed Payloads
SHA-256 signatures verify webhook authenticity and prevent tampering
- Configurable Retry Logic
Exponential backoff with up to 5 retries ensures delivery
- Multiple Endpoint Support
Send events to multiple destinations simultaneously
- Event Filtering
Subscribe only to events you care about: bots, attacks, or honeypot triggers
Use Case: A security team built a custom integration to automatically create Jira tickets for high-severity bot attacks, reducing response time from hours to minutes.
// Webhook Header
X-WebDecoy-Signature: sha256=abc123...
X-WebDecoy-Event: bot.detected
X-WebDecoy-Timestamp: 1700000000
// Payload
{
"event": "bot.detected",
"timestamp": "2024-11-15T10:30:00Z",
"data": {
"ip": "185.x.x.x",
"user_agent": "GPTBot/1.0",
"bot_type": "ai_scraper",
"threat_score": 95,
"detection_method": "honeypot_trigger",
"honeypot_path": "/hidden/trap-link",
"geo": {
"country": "US",
"city": "San Francisco"
},
"action_taken": "blocked"
}
}SIEM & SOC Integrations
Stream enriched bot detection events directly to your SIEM. Every detection includes MITRE ATT&CK tactic and technique mappings for seamless correlation with your existing security data.
Every WebDecoy detection automatically maps to standardized ATT&CK tactics and techniques. Your SOC team speaks the same threat language across all tools.
TA0043
Reconnaissance
TA0006
Credential Access
TA0002
Execution
TA0007
Discovery
// SIEM Event with ATT&CK Enrichment
{
"event_type": "bot_detection",
"mitre_attack": {
"tactics": ["TA0006"],
"techniques": ["T1110.004"],
"technique_name": "Credential Stuffing"
},
"threat_score": 94,
"action": "blocked"
}Splunk
Native HTTP Event Collector (HEC) integration. Pre-built dashboards, saved searches, and SOAR playbooks for automated response.
- Real-time HEC streaming
- Pre-built dashboards
- Splunk SOAR integration
- Custom alert actions
Elastic Security (ELK)
Native Elasticsearch ingestion with Kibana dashboards. SIEM detection rules and ML job templates included.
- Elasticsearch native
- Kibana dashboards
- Detection rules included
- ML anomaly detection
CrowdStrike LogScale
Real-time streaming to Falcon LogScale (Humio). Correlate bot attacks with endpoint telemetry.
- Sub-second search
- Endpoint correlation
- Falcon Fusion workflows
- Threat graph integration
Syslog (RFC 5424)
Universal compatibility with any SIEM. TCP/TLS encrypted or UDP for high-volume scenarios.
<134>1 2024-11-27T10:30:00Z webdecoy bot_detection - - [webdecoy@12345 threat_score="95" bot_type="credential_stuffer" attack="T1110.001"] Bot detected from 185.x.x.xCEF (Common Event Format)
ArcSight-compatible format. Works with any CEF-compatible SIEM for standardized event ingestion.
CEF:0|WebDecoy|BotScanner|1.0|bot_detected|Bot Detected|9|src=185.x.x.x cs1=credential_stuffer cs2=T1110.001 cn1=95Enriched Event Data in Every Log
Threat Score
0-100 confidence rating
Attack Classification
SQLi, XSS, Credential Stuffing
Geo-IP Data
Country, City, ASN, ISP
TLS Fingerprint
JA3/JA4 signatures
Bot Classification
AI scraper, Scanner, Stuffer
Session Correlation
Track across requests
MITRE ATT&CK
T1190, T1110, T1595
<100ms Delivery
Real-time streaming
Integration Comparison
Choose the integrations that match your infrastructure. All integrations are available on Business and Enterprise plans.
| Integration | Type | Auto Block | Edge Deploy | Real-Time | Setup Time |
|---|---|---|---|---|---|
| Cloudflare WAF | CDN/WAF | 2 minutes | |||
| Vercel | Platform | 5 minutes | |||
| Datadog | Observability | 3 minutes | |||
| AWS WAF | Cloud WAF | 10 minutes | |||
| Akamai | Enterprise CDN | 15 minutes | |||
| Fastly | Edge CDN | 10 minutes | |||
| Custom Webhooks | Custom | 1 minute | |||
| Splunk | SIEM | 5 minutes | |||
| Elastic Security (ELK) | SIEM | 5 minutes | |||
| CrowdStrike LogScale | SIEM | 5 minutes | |||
| Syslog (RFC 5424) | Universal | 2 minutes | |||
| CEF (Common Event Format) | Universal | 2 minutes |
Why WebDecoy as Your Security Hub?
Stop managing bot protection in silos. WebDecoy becomes the intelligence layer that unifies your entire security stack.
Single Source of Truth
All bot intelligence flows through WebDecoy. One dashboard, one API, one place to manage your entire bot defense strategy.
Zero-Code Automation
Integrations activate with API keys, not code changes. Your DevOps team will thank you.
Defense in Depth
Layer multiple integrations for redundant protection. Edge blocking + observability + WAF = complete coverage.
5-Minute Setup
Most integrations take less than 5 minutes to configure. Enterprise-grade protection without enterprise-grade complexity.
Proven at Scale
Our integrations process millions of requests daily for companies ranging from startups to Fortune 500.
Integration Support
Dedicated support for integration setup. We help you get connected and stay connected.
Connect Your Security Stack Today
Start with our free plan and add integrations as you grow. No credit card required. Full API access from day one.
Enterprise plans include dedicated integration support and custom connector development.