Cloudflare Email Security monitors email traffic for various threats including phishing, malware and spam. It provides protection by intercepting and quarantining potentially malicious emails before they are delivered to users' inboxes.
The Elastic integration ingests security events from Cloudflare Email Security, enabling users to correlate email threats with other security events across their organization's environment.
Dashboard Ideas
Overview
Pie chart showing distribution of email threats
Line graph showing trend of email threats over time
Email security
Bar chart or table view of top email threat types (phishing/malware/spam)
Geomap showing origin of email threats
Phishing analysis
Table of top phishing campaigns detected
Chart showing distribution of phishing attack types (credential harvest, malware delivery etc.)
Malware detection
Summary of malware types detected in emails
Timeline of malware detection events
Email traffic overview
Chart showing volume of clean vs. malicious emails over time
Table of top email senders and recipients involved in security incidents
This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.
Description
Cloudflare Email Security monitors email traffic for various threats including phishing, malware and spam. It provides protection by intercepting and quarantining potentially malicious emails before they are delivered to users' inboxes.
The Elastic integration ingests security events from Cloudflare Email Security, enabling users to correlate email threats with other security events across their organization's environment.
Dashboard Ideas
Architecture
Email Security events are delivered via Cloudflare's Alert Webhooks feature: https://developers.cloudflare.com/email-security/email-configuration/domains-and-routing/alert-webhooks/
Refer to the Cloudflare documentation for more details: https://developers.cloudflare.com/email-security/
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.
All changes