In this page find an explanation on integrating your CloudFlare HTTP data source to Hunters. This table holds information about HTTP requests and responses by CloudFlare. For more information on the data schema see here.
This data source is used in the Hunters Pipeline for detection & investigation related to HTTP requests to relevant appliances in the organisation's network.
Getting the data
Data should be pushed in an NDJSON format. When choosing field names to be exported, it is recommended to export all fields to the bucket. If there is a storage restriction, make sure the following groups of fields are exported (all columns within the following groups): 1. Client 1. ClientRequest 1. Edge 1. Firewall 1. Origin 1. OriginResponse 1. WAF
Do note that supplying a partial subset of the columns might result in content not being fully deployed in your environment.
Once data is being shipped to the bucket in the correct format, the bucket details should be shared with Hunters for completing the integration.