Introducing thresholds in Security Event Alerting: a z-score love story

Cloudflare has introduced thresholds for Security Event Alerts, a new method of detecting anomalous spikes in security events on internet properties. Previously, calculations were based solely on z-score methodology, which determined most significant spikes but could be inaccurate for domains with few security events. By introducing a threshold, alerts are now more accurate and only sent when truly necessary. The new strategy combines the strengths of both z-score and threshold methods to accurately detect anomalous spikes while minimizing false positives.