Integrating Network Analytics Logs with your SIEM dashboard

Cloudflare has introduced Network Analytics Logs, allowing customers on the Enterprise plan to gain near real-time visibility into their network traffic and DDoS attacks. The logs include packet samples of traffic dropped and passed by various systems such as Network-layer DDoS Protection Ruleset, Advanced TCP Protection, and Magic Firewall. These logs can be fed directly into storage services or network monitoring tools like Kentik and Splunk. Setting up the logs requires creating a Cloudflare API token, a Splunk Cloud HTTP Event Collector (HEC) token, and enabling a Cloudflare Logpush job.