Skip to content

CloudFlare HTTP

Overview

In this page find an explanation on integrating your CloudFlare HTTP data source to Hunters. This table holds information about HTTP requests and responses by CloudFlare. For more information on the data schema see here.

This data source is used in the Hunters Pipeline for detection & investigation related to HTTP requests to relevant appliances in the organisation's network.

Getting the data

The CloudFlare HTTP data should be shipped to an S3 bucket shared with Hunters, following this guide.

Data should be pushed in an NDJSON format. When choosing field names to be exported, it is recommended to export all fields to the bucket. If there is a storage restriction, make sure the following groups of fields are exported (all columns within the following groups): 1. Client 1. ClientRequest 1. Edge 1. Firewall 1. Origin 1. OriginResponse 1. WAF

Do note that supplying a partial subset of the columns might result in content not being fully deployed in your environment.

Once data is being shipped to the bucket in the correct format, the bucket details should be shared with Hunters for completing the integration.