[Bots] Scraping detections (#25744)

* scraping detections

* fixes

* fixes and formatting

* wording

* wording

* pcx feedback

* update rule example

* update scraping content

Author: patriciasantaana

src/content/docs/bots/additional-configurations/detection-ids/account-takeover-detections.mdx

@@ -0,0 +1,82 @@
+---
+pcx_content_type: concept
+title: Account takeover detections
+sidebar:
+  order: 3
+---
+
+import { Render, Tabs, TabItem, Steps, DashButton } from "~/components"
+
+Using the detection IDs below, you can detect and mitigate account takeover attacks. You can monitor the number of login requests for a given software and network combination, as well as the percentage of login errors. When it reaches a suspicious level, you can prevent these attacks by using [custom rules](/waf/custom-rules/), [rate limiting rules](/waf/rate-limiting-rules/), and [Workers](/workers/).
+
+| <div style="width:100px">Detection ID</div> | Description                              |
+| ------------------------------------------- | ---------------------------------------- |
+| `201326592`                                 | Observes all login failures to the zone. |
+| `201326593`                                 | Observes all login traffic to the zone.  |
+| `201326598`                                 | Sets a dynamic threshold based on the normal traffic that is unique to the zone.<br /><br /> When the ID matches a login failure, Bot Management sets the [bot score](/bots/concepts/bot-score/) to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |
+
+## Challenges for account takeover detections
+
+Cloudflare's [Managed Challenge](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended) can limit brute-force attacks on your login endpoints.
+
+To access account takeover detections:
+
+<Tabs syncKey="dashNewNav"> 
+	<TabItem label="Old dashboard">
+		<Steps>
+            1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+            2. Go to **Security** > **WAF**.
+            3. Under **Custom rules**, select **Create rule**.
+            4. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            5. Select **Save as draft** to return to the rule later, or **Deploy** to deploy the rule.
+        </Steps>
+    </TabItem> 
+    <TabItem label="New dashboard" icon="rocket">
+		<Steps>
+            1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+                <DashButton url="/?to=/:account/:zone/security/security-rules" />
+            2. Select **Create rule** and choose **Custom rule**.
+            3. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            4. Select **Save as draft** to return to the rule later, or **Deploy** to deploy the rule.
+        </Steps>
+	</TabItem> 
+</Tabs>
+
+```js title="Rule example"
+
+(any(cf.bot_management.detection_ids[*] eq 201326593))
+```
+
+## Limit logins with account takeover detections
+
+Rate limiting rules can limit the number of logins from a particular IP, JA4 fingerprint, or country.
+
+To use rate limiting rules with account takeover detections:
+
+<Tabs syncKey="dashNewNav"> 
+	<TabItem label="Old dashboard">
+		<Steps>
+            1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+            2. Go to **Security** > **WAF**.
+            3. Under **Rate limiting rules**, select **Create rule**.
+            4. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
+            5. Select **Save as draft** to return to the rule later, or **Deploy** to deploy the rule.
+        </Steps>
+  </TabItem> 
+  <TabItem label="New dashboard" icon="rocket">
+		<Steps>
+            1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+                <DashButton url="/?to=/:account/:zone/security/security-rules" />
+            2. Select **Create rule** and choose **Rate limiting rule**.
+            3. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
+            4. Select **Save as draft** to return to the rule later, or **Deploy** to deploy the rule.
+        </Steps>
+    </TabItem> 
+</Tabs>
+
+:::tip[Enhanced with leaked credential detections]
+The rule can be enhanced with Leaked Credential Checks. Refer to the [WAF documentation](/waf/detections/leaked-credentials/) for more information on how to include leaked credentials and account takeover detections in a rate limiting rule. 
+
+:::

src/content/docs/bots/additional-configurations/detection-ids/additional-detections.mdx

@@ -0,0 +1,15 @@
+---
+pcx_content_type: concept
+title: Additional detections
+sidebar:
+  order: 4
+---
+
+Cloudflare bot detection includes additional signals to catch different kinds of automated traffic.
+
+Bot management customers automatically benefit from the residential proxy detection improvement below, which lowers the [bot score](/bots/concepts/bot-score/) for matched requests. Using the detection ID in [custom rules](/waf/custom-rules/) provides even more visibility and control over mitigating residential proxy traffic.
+
+
+| <div style="width:100px">Detection ID</div> | Description                              |
+| ------------------------------------------ | ---------------------------------------- |
+| `50331651`                                 | Observes traffic from residential proxy networks and similar commercial proxies. <br /><br />When the ID matches a request, Bot Management sets the bot score to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |

src/content/docs/bots/additional-configurations/detection-ids.mdx renamed to src/content/docs/bots/additional-configurations/detection-ids/index.mdx

@@ -90,90 +90,6 @@ and not any(cf.bot_management.detection_ids[*] in {3355446 12577893})
 
 ---
 
-## Account takeover detections
-
-Using the detection IDs below, you can detect and mitigate account takeover attacks. You can monitor the number of login requests for a given software and network combination, as well as the percentage of login errors. When it reaches a suspicious level, you can prevent these attacks by using [custom rules](/waf/custom-rules/), [rate limiting rules](/waf/rate-limiting-rules/), and [Workers](/workers/).
-
-| Detection ID | Description                              |
-| ------------ | ---------------------------------------- |
-| `201326592`  | Observes all login failures to the zone. |
-| `201326593`  | Observes all login traffic to the zone.  |
-| `201326598`  | Sets a dynamic threshold based on the normal traffic that is unique to the zone.<br /><br /> When the ID matches a login failure, Bot Management sets the [bot score](/bots/concepts/bot-score/) to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |
-
-### Challenges for account takeover detections
-
-Cloudflare's [Managed Challenge](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended) can limit brute-force attacks on your login endpoints.
-
-To access account takeover detections:
-
-<Tabs syncKey="dashNewNav"> 
-	<TabItem label="Old dashboard">
-		<Steps>
-      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-      2. Go to **Security** > **WAF**.
-      3. Under **Custom Rules**, select **Create rule**.
-      4. Fill out the form using **Bot Detection IDs** along with other necessary information.
-      5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-    </Steps>
-  </TabItem> 
-  <TabItem label="New dashboard" icon="rocket">
-		<Steps>
-      1. In the Cloudflare dashboard, go to the **Security rules** page.
-
-          <DashButton url="/?to=/:account/:zone/security/security-rules" />
-      2. Select **Create rule** and choose **Custom rule**.
-      3. Fill out the form using **Bot Detection IDs** along with other necessary information.
-      4. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-      </Steps>
-	</TabItem> 
-</Tabs>
-
-```js title="Rule example"
-
-(any(cf.bot_management.detection_ids[*] eq 201326593))
-```
-
-### Limit logins with account takeover detections
-
-Rate limiting rules can limit the number of logins from a particular IP, JA4 Fingerprint, or country.
-
-To use rate limiting rules with account takeover detections:
-
-<Tabs syncKey="dashNewNav"> 
-	<TabItem label="Old dashboard">
-		<Steps>
-      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-      2. Go to **Security** > **WAF**.
-      3. Under **Rate limiting rules**, select **Create rule**.
-      4. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
-      5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-    </Steps>
-  </TabItem> 
-  <TabItem label="New dashboard" icon="rocket">
-		<Steps>
-      1. In the Cloudflare dashboard, go to the **Security rules** page.
-
-          <DashButton url="/?to=/:account/:zone/security/security-rules" />
-      2. Select **Create rule** and choose **Rate limiting rule**.
-      3. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
-      4. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-    </Steps>
-  </TabItem> 
-</Tabs>
-
-:::note
-The rule can be enhanced with Leaked Credential Checks. Refer to the [WAF documentation](/waf/detections/leaked-credentials/) for more information on how to include leaked credentials and account takeover detections in a rate limiting rule. 
-
-:::
-
-## Additional detections
-
-| Detection ID | Description                              |
-| ------------ | ---------------------------------------- |
-| `50331651`   | Observes traffic from residential proxy networks and similar commercial proxies. <br /><br />When the ID matches a request, Bot Management sets the bot score to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |
-
----
-
 ## Bot Detection IDs via Logpush
 
 You can create or edit existing Logpush jobs to include the new Bot Detection IDs field which will provide an array of IDs for each request that has heuristics match on it. The `BotDetectionIDs` field is available as part of the HTTP Requests dataset and you can add it to new or existing jobs via the Logpush API or on the Cloudflare dashboard. This is the primary method to discover Detection IDs.

src/content/docs/bots/additional-configurations/detection-ids/scraping-detections.mdx

@@ -0,0 +1,56 @@
+---
+pcx_content_type: concept
+title: Scraping detections
+sidebar:
+  order: 3
+---
+
+import { Render, Tabs, TabItem, Steps, DashButton } from "~/components"
+
+Scraping behavioral detection IDs allow you to better protect your website from volumetric scraping attacks by identifying anomalous behavior. The detection IDs below are specifically designed to catch suspicious scraping activity at the zone level.
+
+| <div style="width:100px">Detection ID</div> | Description                                                                                         |
+| ------------------------------------------- | --------------------------------------------------------------------------------------------------- |
+| `50331648`                                  | Observes patterns of requests sent to your zone, dynamically analyzing behavior by ASN.             |
+| `50331649`                                  | Observes patterns of requests sent to your zone, dynamically analyzing behavior by JA4 fingerprint. |
+
+## Challenges for scraping detections
+
+Cloudflare's [Managed Challenge](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended) can limit scraping attacks on your website.
+
+To access scraping detections:
+
+<Tabs syncKey="dashNewNav"> 
+	<TabItem label="Old dashboard">
+		<Steps>
+            1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+            2. Go to **Security** > **WAF**.
+            3. Under **Custom rules**, select **Create rule**.
+            4. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            5. Select **Save as draft** to return to the rule later, or **Deploy** to deploy the rule.
+        </Steps>
+    </TabItem>
+    <TabItem label="New dashboard" icon="rocket">
+        <Steps>
+            1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+                <DashButton url="/?to=/:account/:zone/security/security-rules" />
+            2. Select **Create rule** and choose **Custom rule**.
+            3. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            4. Select **Save as draft** to return to the rule later, or **Deploy** to deploy the rule.
+        </Steps>
+	</TabItem> 
+</Tabs>
+
+```js title="Rule example"
+
+(any(cf.bot_management.detection_ids[*] in {50331648 50331649}) and not cf.bot_management.verified_bot)
+```
+
+:::tip[Best practice]
+If you are choosing to challenge as your rule action, ensure that you exclude any API calls on which you do not want to issue a challenge. To exclude requests to such paths, edit the [WAF custom rule](/waf/custom-rules/) to exclude the relevant paths. 
+:::
+
+:::note
+The matched traffic for detection IDs `50331648` and `50331649` is dynamically re-calculated, meaning a single fingerprint would not be permanently flagged unless it continues to behave suspiciously at all times.
+:::