Enterprise domains have access to additional Cloudflare Firewall analytics and filtering. Learn how firewall analytics can help you identify security enhancements for your site.
About firewall analytics
Enterprise customers benefit from additional firewall analytics within the Overview tab of the Firewall app of their Enterprise domains. Firewall analytics allow management and visualization of threats and help customers to tailor their security configurations.
Several differences exist between the Firewall app of Enterprise and non-Enterprise domains within the Cloudflare dashboard UI:
- Firewall events are named Activity Log for Enterprise domains and Firewall Event Log for non-Enterprise domains.
- Firewall events are listed in the Firewall app under the Overview tab for Enterprise domains and under the Events tab for non-Enterprise domains.
- Enterprise domains allow filtering and excluding; whereas non-Enterprise domains can only search for a specific IP Address, Ray ID, or Rule ID.
Firewall analytics provide the following data for a predefined duration of 30 minutes to up to 72 hours:
- Events by action
- provides the count of firewall activity per action (Block, Log/Simulate, JS Challenge, Challenge, etc) taken on traffic during the analytics report duration.
- Events by service
- lists the firewall activity per Cloudflare security feature (WAF, Firewall Rules, Access Rules, Hotlink Protection, Rate Limits, etc).
- Top events by source
- provides details of the traffic flagged or actioned by a Cloudflare security feature (IP addresses, User Agents, Paths, Countries, Hosts, ASNs, HTTP Methods, etc).
- Activity Log
- summarizes firewall events by date to show the action taken and the Cloudflare security feature applied.
- Denial-of-service attacks mitigated
- counts automatically mitigated attacks blocked by Cloudflare over the last 72 hours.
Using firewall analytics
Any modification to the duration, filters, or exclusions changes the analytics displayed on the entire page including the Activity Log and all graphs except for the Denial-of-service attacks mitigated graph. To narrow the scope of firewall analytics, you can apply multiple filters and exclusions. Adjust the scope of analytics by either clicking on Add filter under Firewall Events or clicking the Filter or Exclude buttons that appear when hovering over analytics data.
For further details on firewall analytics, read our blog post introducing the new firewall tab and analytics.