What Changed
Fixed critical DCR transformKql errors and corrected invalid field data types in the Cloudflare CCF connector. The DCR definition, table schema, and validation tests have been updated to properly handle the Type field and resolve data type mismatches.
Security Impact (Visibility & Fidelity)
Deployments running Cloudflare CCF v3.0.1 and earlier experienced complete data ingestion failure for this connector. The transformKql error in the DCR prevented the connector from processing logs at the ingestion layer — zero Cloudflare data reached the CloudflareV2_CL table in affected environments.
This represents a critical detection blind spot for organizations relying on Cloudflare visibility including:
- Web application attacks and bot detection
- DNS query monitoring and threat hunting
- Network-layer security events
- Access control and authentication events
Technical Details
The DCR transformation logic has been corrected to properly map the Type field from Cloudflare source data. Multiple field data type definitions were updated across the table schema to align with the actual data structure from Cloudflare APIs. End-to-end testing confirms successful log ingestion to Log Analytics workspace.
Affected Files
.script/tests/KqlvalidationsTests/CustomTables/CloudflareV2_CL.json
Solutions/Cloudflare CCF/Data Connectors/CloudflareLog_CCF/CloudflareLog_DCR.json
Solutions/Cloudflare CCF/Data Connectors/CloudflareLog_CCF/CloudflareLog_Table.json
(packaging artefacts: 3.0.2.zip, ReleaseNotes.md, Solution_Cloudflare.json, createUiDefinition.json, mainTemplate.json)