# DataDome MCP for AI Agents MCP

> DataDome connects your AI client directly to enterprise-grade bot protection and fraud prevention data. It lets you audit protected applications, list recent bot attacks, and get real-time statistics on suspicious traffic without manually logging into a dashboard.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** bot-protection, fraud-prevention, threat-intelligence, web-security, endpoint-protection, anti-scraping

## Description

Your web and mobile apps are under constant automated attack from scrapers and bots. Instead of navigating complex security dashboards to figure out what happened last night, this MCP lets your AI client talk directly to DataDome's API. It pulls together everything you need: it monitors which endpoints are struggling, tracks the types of malicious traffic hitting your site, or retrieves a quick count of allowed vs. blocked requests today. This allows you to understand protection status and threat trends right inside your workflow. Through Vinkius, you get that centralized control without having to switch context. You can use natural language commands to check detailed logs on specific attacks or manage custom security rules.

## Tools

### get_bot_traffic_summary
Returns a summary of traffic from 'Good Bots' versus 'Bad Bots', showing their combined impact on total site traffic.

### get_endpoint_health
Checks the health status of a specific protected endpoint, providing latency metrics and error rates.

### get_protection_stats
Retrieves real-time protection statistics, including counts for allowed requests, blocked attempts, and captcha pass rates.

### get_threat_details
Gets full technical details for a specific threat ID, revealing the behavioral patterns and detection logic that triggered it.

### list_protected_applications
Lists all applications (mobile or web) integrated with DataDome along with their protection types.

### list_protected_endpoints
Returns metadata for every endpoint protected by DataDome, including the URL and its current status.

### list_access_logs
Lists recent access logs processed by DataDome, filtered to show bot scores, decision outcomes, and geo-location data.

### list_custom_bot_rules
Returns a list of custom detection rules configured in your account, including match criteria and action type.

### list_recent_threats
Lists recent security incidents detected by DataDome, detailing the threat types, origin IPs, and timestamps.

### search_threats_by_type
Searches through recent incidents to isolate specific attack vectors based on a keyword like 'scraper' or 'crawler'.

## Prompt Examples

**Prompt:** 
```
What were the top 3 types of bot threats detected in the last week?
```

**Response:** 
```
**Threat Summary: Last 7 Days**

*   ❌ **Scraping Activity:** 4,102 incidents (Primary concern)
*   🤖 **Credential Stuffing:** 985 attempts (Focus on high-value targets)
*   🐌 **Slow Crawling:** 610 events (Origin: Search Engine Bots)

**Action:** Would you like to see the top originating IPs for the scraping activity?
```

**Prompt:** 
```
Check the health and status of our main checkout API endpoint.
```

**Response:** 
```
**Endpoint Status Report: CheckoutAPI**

| Metric | Value |
| :--- | :--- |
| **Status** | ✅ Healthy |
| Latency (Avg) | 42ms |
| Error Rate | 0.1% |

*Note:* Protection is active, and the last recorded spike was minor. The current bot traffic summary shows a slight increase in 'Scraper' activity today.
```

**Prompt:** 
```
Give me a summary of all suspicious requests from yesterday afternoon.
```

**Response:** 
```
**Incident Log Summary: Yesterday (12 PM - 5 PM)**

*   **Total Requests Processed:** 1.8 Million
*   **Blocked by DataDome:** 34,500
*   **Top Threat Type:** Scraper (70% of blocked activity)
*   **Highest Risk IP Blocked:** `203.0.113.4` (Type: Credential Stuffing). 

You can ask me to get the full technical details for that specific block if you want more info.
```

## Capabilities

### Summarize bot traffic patterns
Get a categorized breakdown of all incoming traffic, separating legitimate search engine bots from malicious scrapers.

### Check endpoint health and performance
Verify the current operational state of any protected web or mobile endpoint, including latency rates and error counts.

### Retrieve real-time protection statistics
Access live data on allowed requests versus blocked attempts, captcha pass rates, and identified bot categories.

### Get detailed threat forensics
Resolve full technical details for a specific security incident, including request headers and behavioral patterns.

### List all protected applications and endpoints
View every application (web or mobile) integrated with DataDome, as well as metadata for every secured endpoint URL.

### Review recent access logs and incidents
Generate a stream of historical requests processed by the system, showing bot scores, decisions, and geo-location data.

### Manage custom security rules
View all currently active custom detection rules, including which IPs or User-Agents are allowed or blocked.

## Use Cases

### Investigating a sudden spike in errors
An SRE notices the error rate jumped yesterday. They ask their agent to run get_endpoint_health on the main API gateway. The agent immediately reports that while latency is stable, the error count spiked because of an unlisted mobile endpoint.

### Forensically analyzing a suspicious login attempt
A fraud analyst spots unusual activity and asks to see recent access logs filtered for that IP. The agent uses list_access_logs, showing the bot score was high and detailing the failed credential stuffing attempts.

### Auditing anti-scraping rules
A security engineer needs to verify if a competitor successfully bypassed their defenses. They run list_custom_bot_rules, confirming that the 'crawler' rule is still active and listing the criteria used.

### Getting traffic context for a meeting
A product manager needs to present data on bot activity. Instead of compiling reports, they ask for get_bot_traffic_summary, which provides an immediate, categorized breakdown showing 85% search engine bots and 15% scrapers.

## Benefits

- Stop manually cross-referencing dashboards. Use list_recent_threats to pull a clear, immediate summary of the latest suspicious activities directly into your chat.
- Track performance without guesswork. Call get_endpoint_health on any protected URL to check latency and error rates in real time, ensuring uninterrupted service.
- Understand attack volume instantly. Retrieve protection statistics using get_protection_stats to see live counts of blocked requests versus allowed traffic for immediate capacity planning.
- Deep dive into attacks with pinpoint accuracy. Use get_threat_details when an incident occurs; you'll get the full technical breakdown, including request headers and detection logic.
- Manage your defense strategy from chat. List custom bot rules lets you quickly audit who has allowed or blocked specific IPs or User-Agents without logging into the management console.

## How It Works

The bottom line is that you talk to DataDome's protection layer using plain English commands instead of navigating dashboards and writing CURL requests.

1. Connect this MCP to your AI client and authorize it using your DataDome Management API Key.
2. Your agent then uses natural language prompts to request specific data, such as the status of a key endpoint or logs from yesterday.
3. The system executes the necessary API calls, pulling structured security metrics directly into your conversation.

## Frequently Asked Questions

**How does DataDome MCP help audit my protected web endpoints?**
It lets your agent query all your secured URLs to check their current health, latency, and protection status. You'll get real-time metrics on performance without having to manually log into the dashboard.

**Can I use DataDome MCP to analyze bot traffic patterns?**
Yes, you can ask it for a summary of all incoming traffic. It breaks down bots by type—like search engines versus malicious scrapers—giving you an instant picture of your threat landscape.

**What kind of security incidents can DataDome MCP report on?**
You can list recent threats, getting details like the originating IP, what type of attack occurred (e.g., scraping), and exactly when it was detected. This is vital for incident reporting.

**Is DataDome MCP useful for tracking API protection metrics?**
Absolutely. You can retrieve real-time statistics on your APIs, getting counts of blocked requests versus allowed ones, helping you understand the volume and type of activity hitting your back end.

**How do I check if my custom bot rules are working correctly with DataDome MCP?**
You can use list_custom_bot_rules to see all active rules. You can then cross-reference those rules with recent access logs to verify that the correct actions (allow/block) were taken for specific traffic types.