Cloudflare
Version: Cloudflare – Cloud Platform
Cloudflare is a next-generation Content Delivery Network (CDN) that provides content-delivery-network, DDoS mitigation, Internet security and distributed domain-name-server services. Cloudflare’s services connects website’s visitor and Cloudflare user’s hosting provider, acting as a reverse proxy for the websites.
Cloudflare integrates with Netsurion Open XDR to provide security analytics with deep data context, organizations can be confident in their data security strategy. Benefits include scheduled reports, Integrated Cloudflare dashboards and alerts for streamlined investigation.
Reports are the best way to view the historical data (depending on the timeline defined). Some of the Netsurion Open XDR reports provided for Cloudflare are summary of audit activities such as API key view, login and logout, summary of firewall/ WAF related activities occurring in different Cloudflare zones, such as dropping or discarding an incoming traffic.
Dashboards are graphical representations of activities occurring in Cloudflare zones/UI. These dashboards can be a pie chart, a bar diagram, or a map. This allows user to view the key highlights of Cloudflare events. Some of the dashboards include audit events timeline, UI login activities, dropped traffic by country code, etc.
Alerts such as traffic dropped by firewall or WAF are present in the knowledge packs. These alerts can be configured to forward emails to users/admin of Cloudflare if any suspicious events are detected.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Cloudflare – A web traffic has been dropped by WAF | When Cloudflare firewall/WAF drops or discards an incoming traffic, customers are alerted about such event occurrence. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cloudflare – Firewall activities | This report contains a detailed overview of firewall activities occurring in Cloudflare zones such as drop incoming traffic, challenge incoming traffic to discard any bot activities. The information includes log datetime, action type, client ASN (autonomous system number), client IP address, user agent, etc. |
| Operations | Cloudflare – Audit activities | This report contains a detailed overview of audit activities occurring in Cloudflare UI such as API key, join organization, etc. The information includes, log datetime, source email address, source IP address (IPv4 or IPv6), log type, etc. |
| Operations | Cloudflare – Login and Logout activities | This report contains a detailed overview of login and logout activities occurring in Cloudflare UI. The information includes log datetime, source email address, source IP address (IPv4 or IPv6), log type, etc. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.2 and later and Cloudflare (Cloud platform).
Download Integration Guide and How-to Guide for configuration instructions and more information.