| title | pcx_content_type | weight |
|---|---|---|
Alerts |
reference |
1 |
The WAF provides two types of alerts that inform you of any spikes in security events:
- Security Events Alert: Alerts about spikes across all services that generate log entries in Security Events.
- Advanced Security Events Alert: Similar to Security Events Alert with support for additional filtering options.
For details on alert types and their availability, refer to Alert types.
To receive WAF alerts, you must configure a notification. Notifications help you stay up to date with your Cloudflare account through email, PagerDuty, or webhooks, depending on your Cloudflare plan.
For instructions on how to set up a notification for a WAF alert, refer to Create a Notification.
WAF alerts use a static threshold together with a z-score calculation over the last six hours and five-minute buckets of events. An alert is triggered whenever the z-score value is above 3.5 and the spike crosses a threshold of 200 security events. You will not receive duplicate alerts within the same two-hour time frame.
{{}}