AlienVault® USM Anywhere™

Viewing Your Cloudflare Events

Role Availability Read-Only Analyst Manager

USM Anywhere includes a Cloudflare Enterprise pluginPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities., which translates the Cloudflare log data collected through the AlienApp for Cloudflare into normalizedNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. events for analysis. This plugin is automatically matched to the data and the generated events are accessible from the Events page and Overview dashboard.

To view Cloudflare events

  1. Select Activity > Events to open the Events page.
  2. If the Search & Filters panel is not displayed, click the icon to expand it.

    USM Anywhere includes several filters displayed by default.

  3. Scroll down to the Data Source Plugin filter and select Cloudflare Enterprise Log Share Received to display only those events on the page.

    Select the Cloudflare Enterprise Log Share Received data source plugin to filter the events

    Note: This example reflects 52,262 HTTP OK events, which are not typically useful events to monitor. It is highly recommended that you use the suggested filtering rule to eliminate these events to reduce noise and data storage consumption.

    If this filter is not displayed, click the Configure filters link, which is in the upper left corner of the page, to configure filters for the page. (See Managing Filters for more information about configuring filters for pages.)

  4. Select an event in the list to view detailed information.

    Review the details for the Cloudflare event