search

newrelic / newrelic-quickstarts

New Relic One quickstarts help accelerate your New Relic journey by providing immediate value for your specific use cases.
https://newrelic.com/instant-observability/
Apache License 2.0
109 stars 299 forks source link

FR > Update Cloudflare Dashboard to reflect current security fields #2562

Open alaiavee opened 18 hours ago

alaiavee commented 18 hours ago

Summary

Cloudflare updated the security fields for Logs back on 2023-02-01: https://developers.cloudflare.com/logs/reference/change-notices/2023-02-01-security-fields-updates/

The following fields that are used in the Cloudflare quickstart dashboard (LINK) have been renamed or deprecated:

Replaced/Updated fields: WAFRuleMessage updated to SecurityRuleDescription WAFRuleID updated to SecurityRuleID WAFAction updated to SecurityAction

Deprecated fields: WAFProfile

Desired Behavior

The Security section of the dashboard needs to be updated to use the new field names and remove references to the deprecated WAFProfile field.

Right now there are no results due to the dashboard using the old field names. Expected behavior is for all the threats charts to show data.

Possible Solution

Perhaps replace the conditions for WAFProfile: WHERE WAFProfile IN ('low','med','high')

With the following (or something with similar effect): WHERE string(tuple(SecurityRuleID, SecurityAction)) != '["",""]' (enforcing the presence of SecurityRuleID and SecurityAction).

Will also need to update queries to use the new field names for the following: WAFRuleMessage updated to SecurityRuleDescription WAFRuleID updated to SecurityRuleID WAFAction updated to SecurityAction