Accenture MDR Quick Start Guide for Cloudflare® WAF
- KS
This quick start guide will help Accenture MDR customers configure CloudFlare to allow log collection from the Log Collection Platform (LCP).
This document includes the following topics:
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.
Port Requirements
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
LCP | CloudFlare | 443 (https) | Default port |
Configuring CloudFlare
Note: Cloudflare Log pull is not enabled by default. To activate for your Enterprise domain, contact Cloudflare Support
Once it is activated, the following items are required to enable the integration
Auth Email - The Cloudflare account email address used to manage the domain
Auth Key - The Cloudflare API Token
Zone ID
To obtain the Zone ID and Auth Key, follow the steps:
Log in to dash.cloudflare.com with your Credentials.
Click on the website that needs to be monitored
3. Zone ID can be found under API section in the bottom right of the page
4. Click on Get your API Token to get your Auth Key
5. Select API Token in the next screen
6. Select Create Token
7. Provide the following values in the Create Token page:
Enter the Token name as SymcMDR
Under Permission section, select Zone in the 1st drop-down menu
Select Logs in the 2nd drop-down menu
Select Read in the 3rd drop-down menu
Click Add More and do the same for Analytics and Firewall Services as per below screenshot
Under Zone Resources section, select Include from the 1st drop-down menu and select All zones from the 2nd drop-down menu.
8. Click Continue to Summary.
9. Verify the details on the next screen as shown below and click Create Token
10. Token will be displayed and copy the value since this cannot be viewed again.
Note: New token will have to be created in case you have lost the token.
LCP Configuration Parameters
Table 1-2: The CloudFlare WAF event collector (API - 3895) properties to be configured by MDR are shown in the table.
Property | Default Value | Description |
CloudFlare URL | URL to connect to CloudFlare | |
Auth Email | Custom Value | Email ID used to manage account |
Auth Key | Custom Value | Auth Token mentioned in the PIQ Note: Auth Token with read permission for Logs, Analytics and Firewall Services for the Zone. Value captured in Step 10 |
Zone ID | Custom Value | Zone ID mentioned in the PIQ Note: Zone ID that identifies the protected Website. Value captured in Step 3 |
Legal Notice
Copyright © 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.