Exporting WAF Logs on Business plan | Cloudflare Developers | Page 1

austere agate Mar 6, 2024, 5:17 PM

Is it possible to use the API to export the WAF logs and then i can parse and import it to an external SIEM? I know its possible on Enterprise with LogPush but i aren't spending 3k per month

visual ingot Mar 6, 2024, 7:16 PM

austere agate Is it possible to use the API to export the WAF logs and then i can parse and im...

You can export up to 500 on Business at a time

You can export a set of up to 500 raw events from the Activity log in JSON format. Export event data to combine and analyze Cloudflare data with your own stored in a separate system or database, such as a SIEM system. The data you export will reflect any filters you have applied.

To export the displayed events (up to 500), select Export in the Activity log.
https://developers.cloudflare.com/waf/analytics/security-events/paid-plans/

As for an API for that, it looks like it just uses the GraphQL Endpoint and ActivityLogQuery to get the raw events

#Exporting WAF Logs on Business plan