Integrating Network Analytics Logs with your SIEM dashboard
Cloudflare has introduced Network Analytics Logs, allowing customers on the Enterprise plan to gain near real-time visibility into their network traffic and DDoS attacks. The logs include packet samples of traffic dropped and passed by various systems such as Network-layer DDoS Protection Ruleset, Advanced TCP Protection, and Magic Firewall. These logs can be fed directly into storage services or network monitoring tools like Kentik and Splunk. Setting up the logs requires creating a Cloudflare API token, a Splunk Cloud HTTP Event Collector (HEC) token, and enabling a Cloudflare Logpush job.
Company
Cloudflare
Date published
May 17, 2022
Author(s)
Omer Yoachimik, Kyle Bowman
Word count
1190
Language
English
Hacker News points
None found.