Cloudflare Zero Trust
#
This Integration is part of the Cloudflare Zero Trust Pack.Supported versions
Supported Cortex XSOAR versions: 8.4.0 and later.
Cloudflare provides network and security products for consumers and businesses, utilizing reverse proxies for web traffic, edge computing, and a content distribution network to provide content across its network of servers. This integration was integrated and tested with version 1 of Cloudflare Zero Trust.
#
AuthorizationTwo authorization types are supported:
- API Token - Requires generating an account or a user API token.
- Global API Key (Legacy) - Requires retrieving the global API key and finding the associated Email address.
Refer to the integration help section for detailed instructions on how to attain the required credentials.
#
Token PermissionsThe API Token authorization method requires an access token with the following permissions:
- Account - Account Settings - Read
- Account - Access: Audit Logs - Read
Note: It is recommended to use an account token (instead of a user token) to set up this integration.
#
Configure Cloudflare Zero Trust in CortexParameter | Required | Additional Info |
---|---|---|
Server URL | True | The base URL for the Cloudflare API (e.g., https://api.cloudflare.com). |
Account ID | True | Obtain from the Account Overview page. |
Trust any certificate (not secure) | False | |
Use system proxy settings | False | |
Authorization Type | True | Possible values are: API Token, Global API Key (Legacy). Default value is Global API Key (Legacy). |
API Token | False | Obtain from the Cloudflare API Tokens page. |
API Email | False | Obtain from the Cloudflare Profile page. |
Global API Key | False | Obtain from the Cloudflare API Tokens page. |
Event types to fetch | True | Specify the types of events to fetch. Possible values are: Account Audit Logs, User Audit Logs, and Access Authentication Logs. |
Maximum number of account audit logs per fetch | False | |
Maximum number of user audit logs per fetch | False | |
Maximum number of access authentication logs per fetch | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
cloudflare-zero-trust-get-eventsGets events from Cloudflare Zero Trust.
#
Base Commandcloudflare-zero-trust-get-events
#
InputArgument Name | Description | Required |
---|---|---|
limit | The number of events to return per type. Default is 10. | Optional |
should_push_events | If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false. | Optional |
start_date | The start date from which to filter events. | Optional |
event_types_to_fetch | Comma-separated list of event types to fetch. Possible values are: Account Audit Logs, User Audit Logs, Access Authentication Logs. Default is Account Audit Logs,User Audit Logs. | Optional |
#
Context OutputThere is no context output for this command.