All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

WAF - Use Cloudforce One threat intelligence in WAF rules

20d ago

Source

CloudflareWAF - Use Cloudforce One threat intelligence in WAF rulescloudflare.com
Snippet from the RSS feed
You can now match incoming requests against Cloudforce One threat intelligence in your WAF rules. A new detection looks up the client IP address of each request against the threat intelligence database. If the IP was involved in threat activity in the past seven days, Cloudflare populates cf.intel.ip.* fields that you can use in custom rules and rate limiting rules . The detection populates the following fields. Use the any() function with the [*] wildcard to match array values: cf.intel.ip.datasets — the dataset that flagged the IP address ( ddos or waf ). cf.intel.ip.target_industries — industries the IP address has targeted. cf.intel.ip.attacker_names — known threat actors associated with the IP address. cf.intel.ip.attacker_countries — source countries of the threat activity. cf.intel.ip.target_countries — countries the IP address has targeted. For example, the following custom rule expression blocks requests from IP addresses associated with DDoS activity that have targeted France: any(cf.intel.ip.target_countries[*] == "FR") and any(cf.intel.ip.datasets[*] == "ddos") These fields work with the Cloudflare API and Terraform. Matches are logged in Security Analytics . The threat intelligence detection is available to customers with an active Cloudforce One subscription. For more information, refer to Threat intelligence .

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.