コンテンツにスキップ

アラート

WAFは、セキュリティイベントのスパイクを通知する2種類のアラートを提供します:

  • セキュリティイベントアラート: セキュリティイベントにログエントリを生成するすべてのサービスにおけるスパイクに関するアラート。
  • 高度なセキュリティイベントアラート: 追加のフィルタリングオプションをサポートするセキュリティイベントアラートに似ています。

アラートの種類とその利用可能性の詳細については、アラートの種類を参照してください。

WAFアラートを受信するには、通知を設定する必要があります。通知は、Cloudflareプランに応じて、メール、PagerDuty、またはWebhookを通じてCloudflareアカウントの最新情報を把握するのに役立ちます。

WAFアラートの通知を設定する

WAFアラートの通知を設定する方法についての手順は、通知の作成を参照してください。

アラートロジック

WAFアラートは、過去6時間および5分間のイベントバケットに対して静的な閾値とzスコア計算を使用します。zスコアの値が3.5を超え、スパイクが200のセキュリティイベントの閾値を超えると、アラートがトリガーされます。同じ2時間の時間枠内で重複するアラートは受信しません。

アラートの種類

Advanced Security Events Alert

 Who is it for?

Enterprise customers who want to receive alerts about spikes in specific services that generate log entries in Security Events. For more information, refer to WAF alerts.

Other options / filters

A mandatory filters selection is needed when you create a notification policy which includes the list of services and zones that you want to be alerted on.

  • You can search for and add domains from your list of Enterprise zones.
  • You can choose which services the alert should monitor (Managed Firewall, Rate Limiting, etc.).
  • You can filter events by a targeted action.

Included with

Enterprise plans.

What should you do if you receive one?

Review the information in Security Events to identify any possible attack or misconfiguration.

Additional information

The mean time to detection is five minutes.

This alert will look for spikes across all services that generate log entries in security/firewall events.

Limitations

Security Events (WAF) alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Z-score is used to determine the threshold.

Security Events Alert

 Who is it for?

Business and Enterprise customers who want to receive alerts about spikes across all services that generate log entries in Security Events. For more information, refer to WAF alerts.

Other options / filters

A mandatory filters selection is needed when you create a notification policy which includes the list of zones that you want to be alerted on.

  • You can also search for and add domains from your list of business or enterprise zones. The notification will be sent for the domains chosen.
  • You can filter events by a targeted action.

Included with

Business and Enterprise plans.

What should you do if you receive one?

Review the information in Security Events to identify any possible attack or misconfiguration.

Additional information

The mean time to detection is two hours.

When setting up this alert, you can select the services that will be monitored. Each selected service is monitored separately.

Limitations

Security Events (WAF) alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Z-score is used to determine the threshold.

Cloudflare DashboardDiscordCommunityLearning CenterSupport Portal
Cookie Settings