reCAPTCHA Enterprise¶
About¶
Fraudulent web activities cost enterprises billions of dollars each year. Security teams need to keep attackers out of their websites and ensure that their customers can always get in. reCAPTCHA has over a decade of experience defending the internet and data for its network of more than 5 million sites. reCAPTCHA Enterprise builds on this technology with capabilities, such as two-factor authentication and mobile application support, designed specifically for enterprise security concerns. With reCAPTCHA Enterprise, you can defend your website against common web-based attacks like credential stuffing, account takeovers, and scraping and help prevent costly exploits from malicious human and automated actors. And, just like reCAPTCHA v3, reCAPTCHA Enterprise will never interrupt your users with a challenge, so you can run it on all webpages where your customers interact with your services.
Product Details¶
Vendor URL: reCAPTCHA Enterprise
Product Type: Authentication
Product Tier: Tier I
Integration Method: Custom
Integration URL: n/a
Log Guide: reCAPTCHA Enterprise Logging
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 95%
Data Label: GCP_RECAPTCHA_ENTERPRISE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| jsonPayload.annotation | security_result.category_details |
| jsonPayload.event.expectedAction | security_result.description |
| jsonPayload.event.hashedAccountId | principal.user.userid |
| jsonPayload.event.siteKey | metadata.product_deployment_id |
| jsonPayload.event.userAgent | network.http.user_agent |
| jsonPayload.event.userIpAddress | principal.ip |
| jsonPayload.name | metadata.description |
| jsonPayload.riskAnalysis.reasons | security_result.category_details |
| jsonPayload.riskAnalysis.score | security_result.severity_details |
| jsonPayload.riskAnalysis.score | security_result.about.investigation.severity_score |
| jsonPayload.tokenProperties.action | security_result.summary |
| jsonPayload.tokenProperties.hostname | target.hostname |
| jsonPayload.tokenProperties.valid | security_result.about.investigation.verdict |
| jsonPayload.type | metadata.product_event_type |
| logName | metadata.product_log_id |
| resource.labels.id | observer.resource.product_object_id |
| resource.labels.resource_container | observer.resource.name |
| resource.type | observer.resource.type |
Product Event Types¶
| Log Type | UDM Event Type |
|---|---|
| all others | USER_UNCATEGORIZED |
| if no principal user and target device | STATUS_UNCATEGORIZED |
| if no principal device | GENERIC_EVENT |
Log Sample¶
{"jsonPayload":{"event":{"siteKey":"yytoqp","token":"token","userAgent":"Mozilla/5.0 (Windows; U; Windows NT 10.0; en-US; agent/default/agentdetails; ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36","userIpAddress":"10.10.1.1"},"name":"projects/proj1/assessments/a-1fkf","riskAnalysis":{"score":0.60000002},"tokenProperties":{"createTime":"2022-09-06T01:45:23.038Z","hostname":"website.domain1.com","valid":true},"@type":"recaptchaenterprise.v1.Assessment","accountDefenderAssessment":{}},"logName":"projects/agent-recaptcha/logs/recaptchaenterprise.v1.Assessment","receiveTimestamp":"2022-09-06T01:48:37.678645138Z","resource":{"labels":{"key_id":"","location":"","resource_container":"projects/proj1"},"type":"recaptchaenterprise/Key"},"timestamp":"2022-09-06T01:48:35.650690193Z","insertId":"16676219839880737175@a1"}
Sample Parsing¶
metadata.product_log_id = "projects/agent-recaptcha/logs/recaptchaenterprise.v1.Assessment"
metadata.event_timestamp = "2022-09-06T01:48:35.650690193Z"
metadata.event_type = "USER_UNCATEGORIZED"
metadata.vendor_name = "Google"
metadata.product_name = "reCAPTCHA Enterprise"
metadata.product_event_type = "recaptchaenterprise.v1.Assessment"
metadata.description = "projects/proj1/assessments/a-1fkf"=
metadata.product_deployment_id = "yytoqp"
metadata.id = "sda21-rrr1"
principal.ip = "10.10.1.1"
principal.asset.ip = "10.10.1.1"
target.hostname = "website.domain1.com"
target.asset.hostname = "website.domain1.com"
observer.resource.type = "recaptchaenterprise/Key"
observer.resource.name = "projects/proj1"
observer.resource.resource_type = "CLOUD_PROJECT"
observer.resource.attribute.cloud.environment = "GOOGLE_CLOUD_PLATFORM"
security_result.about.investigation.verdict = "TRUE_POSITIVE"
security_result.severity_details = "0.60000002"
network.http.user_agent = "Mozilla/5.0 (Windows; U; Windows NT 10.0; en-US; agent/default/agentdetails; ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
extensions.auth.type = "MACHINE"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming soon