New Cloudflare CCF Solution: Enterprise Log Visibility via Azure Blob Integration

Data Source

New Cloudflare data connector ingesting logs from Cloudflare services via Azure Blob Storage integration. Supports multiple Cloudflare log types including network session logs, gateway activity, Zero Trust tunnel sessions, Worker execution logs, and Magic Transit packet capture.

Ingestion Mechanism

CCF-based solution using blob container polling with Event Grid notifications. Uses Data Collection Rule with extensive schema supporting 1000+ fields across Cloudflare’s various security and performance data streams.

Detection Surface Unlocked

Enables visibility into web application traffic patterns, DDoS mitigation events, Zero Trust access patterns, and serverless execution anomalies. Critical for organizations using Cloudflare as their primary web security platform to correlate external threats with internal SOC data.

Affected Files

Solutions/Cloudflare CCF/Data Connectors/CloudflareLog_CCF/CloudflareLog_ConnectorDefinition.json
Solutions/Cloudflare CCF/Data Connectors/CloudflareLog_CCF/CloudflareLog_DCR.json
Solutions/Cloudflare CCF/Data Connectors/CloudflareLog_CCF/CloudflareLog_PollerConfig.json
Solutions/Cloudflare CCF/Data Connectors/CloudflareLog_CCF/CloudflareLog_Table.json
(packaging artefacts: mainTemplate.json, createUiDefinition.json, SolutionMetadata.json)