Firewall Analytics for Enterprise Domains

Enterprise domains have access to additional Cloudflare Firewall analytics and filtering. Learn how firewall analytics can help you identify security enhancements for your site.


About firewall analytics

Enterprise customers benefit from additional firewall analytics within the Overview tab of the Firewall app of their Enterprise domains. Firewall analytics allow management and visualization of threats and help customers to tailor their security configurations.

Only Enterprise domains have access to firewall analytics.

Several differences exist between the Firewall app of Enterprise and non-Enterprise domains within the Cloudflare dashboard UI:

  • Firewall events are named Activity Log for Enterprise domains and Firewall Event Log for non-Enterprise domains.
  • Firewall events are listed in the Firewall app under the Overview tab for Enterprise domains and under the Events tab for non-Enterprise domains.
  • Enterprise domains allow filtering and excluding; whereas non-Enterprise domains can only search for a specific IP Address, Ray ID, or Rule ID.

Firewall analytics provide the following data for a predefined duration of 30 minutes to up to 72 hours:

Events by action
provides the count of firewall activity per action (Block, Log/Simulate, JS Challenge, Challenge, etc) taken on traffic during the analytics report duration.
Events by service
lists the firewall activity per Cloudflare security feature (WAF, Firewall Rules, Access Rules, Hotlink Protection, Rate Limits, etc).
Top events by source
provides details of the traffic flagged or actioned by a Cloudflare security feature (IP addresses, User Agents, Paths, Countries, Hosts, ASNs, HTTP Methods, etc).
Activity Log
summarizes firewall events by date to show the action taken and the Cloudflare security feature applied.
Denial-of-service attacks mitigated
counts automatically mitigated attacks blocked by Cloudflare over the last 72 hours.

Using firewall analytics

Any modification to the duration, filters, or exclusions changes the analytics displayed on the entire page including the Activity Log and all graphs except for the Denial-of-service attacks mitigated graph.  To narrow the scope of firewall analytics, you can apply multiple filters and exclusions. Adjust the scope of analytics by either clicking on Add filter under Firewall Events or clicking the Filter or Exclude buttons that appear when hovering over analytics data.

You cannot use wildcards and do not need quotation marks when creating filters. When Entering ASN numbers, enter the number without the “AS” prefix. For example, enter 1423 instead of AS1423.
Firewall analytics captures all traffic actioned or flagged by a Cloudflare security setting including features, such as Browser Integrity Check.

For further details on firewall analytics, read our blog post introducing the new firewall tab and analytics.


Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk