Merge branch 'production' into max/zt/migrate-lists

Author: maxvp

public/__redirects

@@ -2402,6 +2402,11 @@
 /cloudflare-one/applications/non-http/* /cloudflare-one/access-controls/applications/non-http/:splat 301
 /cloudflare-one/identity/devices/* /cloudflare-one/reusable-components/posture-checks/:splat 301
 /cloudflare-one/traffic-policies/lists/ /cloudflare-one/reusable-components/lists/ 301
+/cloudflare-one/applications/casb/casb-integrations/* /cloudflare-one/integrations/cloud-and-saas/:splat 301
+/cloudflare-one/applications/casb/troubleshooting/* /cloudflare-one/integrations/cloud-and-saas/troubleshooting/:splat 301
+/cloudflare-one/applications/casb/ /cloudflare-one/cloud-and-saas-findings/ 301
+/cloudflare-one/applications/casb/manage-findings/ /cloudflare-one/cloud-and-saas-findings/manage-findings/ 301
+/cloudflare-one/applications/casb/casb-dlp/ /cloudflare-one/cloud-and-saas-findings/casb-dlp/ 301
 
 # Learning paths
 

src/assets/images/analytics/azure-portal.png

@@ -8,6 +8,6 @@ import { Render } from "~/components";
 
 You can now use CASB to find security misconfigurations in your AWS cloud environment using [Data Loss Prevention](/cloudflare-one/data-loss-prevention/).
 
-You can also [connect your AWS compute account](/cloudflare-one/applications/casb/casb-integrations/aws-s3/#compute-account) to extract and scan your S3 buckets for sensitive data while avoiding egress fees. CASB will scan any objects that exist in the bucket at the time of configuration.
+You can also [connect your AWS compute account](/cloudflare-one/integrations/cloud-and-saas/aws-s3/#compute-account) to extract and scan your S3 buckets for sensitive data while avoiding egress fees. CASB will scan any objects that exist in the bucket at the time of configuration.
 
 <Render file="casb/aws-compute-account" product="cloudflare-one" />

src/assets/images/analytics/configuration.png

@@ -11,15 +11,16 @@ date: 2025-08-26 16:00:00 UTC
 ![Cloudflare CASB showing selection of new findings for ChatGPT, Claude, and Gemini integrations.](~/assets/images/casb/changelog/casb-ai-integrations-preview.png)
 
 ### Key capabilities
-- **Agentless connections** — connect ChatGPT, Claude, and Gemini tenants via API; no endpoint software required  
-- **Posture management** — detect insecure settings and misconfigurations that could lead to data exposure  
-- **DLP detection** — identify sensitive data in uploaded chat attachments or files  
-- **GenAI-specific insights** — surface risks unique to each provider’s capabilities  
+
+- **Agentless connections** — connect ChatGPT, Claude, and Gemini tenants via API; no endpoint software required
+- **Posture management** — detect insecure settings and misconfigurations that could lead to data exposure
+- **DLP detection** — identify sensitive data in uploaded chat attachments or files
+- **GenAI-specific insights** — surface risks unique to each provider’s capabilities
 
 ### Learn more
-- [ChatGPT integration docs](https://developers.cloudflare.com/cloudflare-one/applications/casb/casb-integrations/openai/)  
-- [Claude integration docs](https://developers.cloudflare.com/cloudflare-one/applications/casb/casb-integrations/anthropic/)  
-- [Gemini integration docs](https://developers.cloudflare.com/cloudflare-one/applications/casb/casb-integrations/google-workspace/gemini/)  
 
-These integrations are available to all Cloudflare One customers today.
+- [ChatGPT integration docs](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/openai/)
+- [Claude integration docs](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/anthropic/)
+- [Gemini integration docs](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/google-workspace/gemini/)
 
+These integrations are available to all Cloudflare One customers today.

src/assets/images/analytics/data-connectors.png

@@ -4,17 +4,17 @@ description: Get two free CASB integrations with your Email Security subscriptio
 date: 2025-04-01T23:22:49Z
 ---
 
-With Email Security, you get two free CASB integrations. 
+With Email Security, you get two free CASB integrations.
 
-Use one SaaS integration for Email Security to sync with your directory of users, take actions on delivered emails, automatically provide EMLs for reclassification requests for clean emails, discover CASB findings and more. 
+Use one SaaS integration for Email Security to sync with your directory of users, take actions on delivered emails, automatically provide EMLs for reclassification requests for clean emails, discover CASB findings and more.
 
-With the other integration, you can have a separate SaaS integration for CASB findings for another SaaS provider. 
+With the other integration, you can have a separate SaaS integration for CASB findings for another SaaS provider.
 
-Refer to [Add an integration](/cloudflare-one/applications/casb/#add-an-integration) to learn more about this feature. 
+Refer to [Add an integration](/cloudflare-one/integrations/cloud-and-saas/#add-an-integration) to learn more about this feature.
 
 ![CASB-EmailSecurity](~/assets/images/changelog/email-security/CASB-EmailSecurity.png)
 
-This feature is available across these Email Security packages: 
+This feature is available across these Email Security packages:
 
--  **Enterprise** 
--  **Enterprise + PhishGuard**
+- **Enterprise**
+- **Enterprise + PhishGuard**

src/assets/images/analytics/traffic-overview.png

@@ -6,13 +6,294 @@ sidebar:
 
 ---
 
-Microsoft has developed a Cloudflare connector that allows their customers to integrate [Cloudflare Logs](/logs/) with Microsoft Sentinel.
+import { Details } from "~/components";
 
-## How it works
+Cloudflare has integrations with Microsoft Sentinel to make analyzing your Cloudflare data easier and in a centralized space. Cloudflare has two versions of this connector available. We recommend utilizing the latest Codeless Connector integration as it provides easier setup, cost management, and integrates with [Sentinel Data Lake](https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-overview).
 
-[Logpush](/logs/logpush/logpush-job/enable-destinations/azure/) sends logs from Cloudflare to Azure Blob Storage. From there, the Cloudflare connector, a Microsoft function, ingests these logs into Azure Log Analytics Workspace, making them available for monitoring and analysis in Microsoft Sentinel.
+**[Sentinel CCF Solution](https://marketplace.microsoft.com/en-us/product/azure-application/cloudflare.azure-sentinel-solution-cloudflare-ccf?tab=Overview)** (recommended): The Codeless Connector Framework (CCF) provides partners, advanced users, and developers the ability to create custom connectors for ingesting data to Microsoft Sentinel.
 
-![Sentinel integrations steps](~/assets/images/analytics/sentinel-diagram.png)
+**[Sentinel Function Based Connector](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/cloudflare.cloudflare_sentinel?tab=Overview)**: The Cloudflare connector for Microsoft Sentinel uses [Azure Functions](https://azure.microsoft.com/en-us/products/functions) to process security logs from Cloudflare's Logpush service and ingest them directly into the SIEM platform.
+
+This guide provides clear, step-by-step instructions for integrating Cloudflare logs with the new CCF connector for Microsoft Sentinel using Azure Blob Storage. By following these steps, you will be able to securely collect, store, and analyse your Cloudflare logs within Microsoft Sentinel, enhancing your organisation's security monitoring and incident response capabilities.
+
+## Step 1: Prerequisites
+
+- Azure Subscription with permission to create and manage resources (Contributor/Owner role recommended).
+- Microsoft Sentinel Workspace already set up in your Azure environment.
+- Azure Storage Account with a Blob container for storing Cloudflare logs.
+- Cloudflare Account with access to the domain whose logs you wish to export, and permission to configure Logpush jobs.
+
+## Step 2: Set up a logpush job
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+2. Go to **Analytics** > **Logs** and select **Logpush**.
+3. Select **Create Logpush Job**. Choose the log type you want to export (for example, **HTTP requests**).
+4. For the destination, select **Azure Blob Storage**.
+5. Enter your Azure Blob Storage details:
+    - SAS Token (Shared Access Signature)
+
+    To generate a SAS token from the Azure portal, first navigate to your storage account. Under the **Data Storage** section, select **Containers** and choose the relevant container. Within the settings, locate and select **Shared access signature**. Configure the required permissions, such as `write` and `create`, and specify the start and expiration dates for the token. Once configured, generate the SAS token accordingly.
+6. Save and activate the Logpush job.
+
+For complete details, refer to the [Cloudflare Logpush to Azure documentation](/logs/logpush/logpush-job/enable-destinations/azure/).
+
+## Step 3: Configure Azure and deploy the Data Connector in Microsoft Sentinel
+
+1. Log in to the Azure Portal and go to your **Microsoft Sentinel** workspace.
+2. Select **Content Hub** in the navigation bar and search for **Cloudflare**.
+3. Select the **Cloudflare** solution from the results.
+4. Select **Install** in the right pane.
+5. In your **Sentinel workspace**, go to **Data connectors**.
+6. Search for the **Cloudflare connector** (may appear as **Cloudflare (using Azure Blob Storage)**).
+7. Selecte the connector to configure it.
+
+![Azure portal](~/assets/images/analytics/azure-portal.png)
+
+## Step 4: Fill out required fields
+
+When configuring the Cloudflare data connector, you will need to provide the following information:
+
+- Blob container URL
+
+To obtain the container URL within your Azure storage account, access the Azure Portal and navigate to your storage account. Under **Data Storage**, select **Containers**, then choose the relevant container receiving logs from Cloudflare. The container properties section will display the URL link.
+
+- Resource group name for the storage account
+- Storage account location
+- Subscription ID
+- Event grid topic name (only if reconfiguring; not needed for initial setup)
+
+After entering all information, select **Connect**.
+
+Ensure all fields are correctly filled to enable seamless log ingestion.
+
+![Configuration fields](~/assets/images/analytics/configuration.png)
+
+## Step 5: Complete deployment
+
+1. Select **Apply changes** or **Connect** to finalise the connector setup.
+2. Monitor the Data connectors page in Sentinel to confirm that the Cloudflare connector status is **Connected**.
+3. Verify that Cloudflare logs are appearing in your Sentinel workspace under **Log Analytics** > **Logs**.
+4. If logs are not appearing, review your Blob Storage permissions, Cloudflare Logpush configuration, and Sentinel connector settings.
+
+![Data connectors](~/assets/images/analytics/data-connectors.png)
+
+By following these steps, you have successfully integrated Cloudflare logs with Microsoft Sentinel using Azure Blob Storage. This integration enables advanced security analytics and incident response capabilities for your Cloudflare-protected environments. If you encounter issues, review each configuration step, check permissions, and review Microsoft's official documentation.
+
+![Cloudflare traffic overview](~/assets/images/analytics/traffic-overview.png)
+
+## Supported Logs
+
+We support the following fields to be utilized within the Sentinel Connectors (CCF & Function based). You can push all log fields to Azure using our logpush function as described in [Enable Microsoft Azure](/logs/logpush/logpush-job/enable-destinations/azure/) documentation.
+
+<Details header="Parser fields">
+
+ClientDeviceType<br />
+Source<br />
+ClientSSLCipher<br />
+ClientTlsCipher<br />
+ClientSSLProtocol<br />
+ClientTlsProtocol<br />
+FirewallMatchesActions<br />
+Event<br />
+FirewallMatchesRuleIDs<br />
+RuleID<br />
+ClientRequestBytes<br />
+ClientBytes<br />
+ClientSrcPort<br />
+ClientPort<br />
+EdgeResponseBytes<br />
+OriginBytes<br />
+BotScore<br />
+BotScoreSrc<br />
+CacheCacheStatus<br />
+CacheResponseBytes<br />
+CacheResponseStatus<br />
+CacheTieredFill<br />
+ClientASN<br />
+ClientCountry<br />
+ClientIP<br />
+ClientIPClass<br />
+ClientRequestHost<br />
+ClientRequestMethod<br />
+ClientRequestPath<br />
+ClientRequestProtocol<br />
+ClientRequestReferer<br />
+ClientRequestURI<br />
+ClientRequestUserAgent<br />
+ClientXRequestedWith<br />
+EdgeColoCode<br />
+EdgeColoID<br />
+EdgeEndTimestamp<br />
+EdgePathingOp<br />
+EdgePathingSrc<br />
+EdgePathingStatus<br />
+EdgeRateLimitAction<br />
+EdgeRateLimitID<br />
+EdgeRequestHost<br />
+EdgeResponseCompressionRatio<br />
+EdgeResponseContentType<br />
+EdgeResponseStatus<br />
+EdgeServerIP<br />
+EdgeStartTimestamp<br />
+FirewallMatchesSources<br />
+OriginIP<br />
+OriginResponseBytes<br />
+OriginResponseHTTPExpires<br />
+OriginResponseHTTPLastModified<br />
+OriginResponseStatus<br />
+OriginResponseTime<br />
+OriginSSLProtocol<br />
+ParentRayID<br />
+RayID<br />
+SecurityLevel<br />
+WAFAction<br />
+WAFFlags<br />
+WAFMatchedVar<br />
+WAFProfile<br />
+WAFRuleID<br />
+WAFRuleMessage<br />
+WorkerCPUTime<br />
+WorkerStatus<br />
+WorkerSubrequest<br />
+WorkerSubrequestCount<br />
+ZoneID<br />
+Application<br />
+ClientMatchedIpFirewall<br />
+ClientProto<br />
+ClientTcpRtt<br />
+ClientTlsClientHelloServerName<br />
+ClientTlsStatus<br />
+ColoCode<br />
+ConnectTimestamp<br />
+DisconnectTimestamp<br />
+IpFirewall<br />
+OriginPort<br />
+OriginProto<br />
+OriginTcpRtt<br />
+OriginTlsCipher<br />
+OriginTlsFingerprint<br />
+OriginTlsMode<br />
+OriginTlsProtocol<br />
+OriginTlsStatus<br />
+ProxyProtocol<br />
+Status<br />
+Timestamp<br />
+ClientASNDescription<br />
+ClientRefererHost<br />
+ClientRefererPath<br />
+ClientRefererQuery<br />
+ClientRefererScheme<br />
+ClientRequestQuery<br />
+ClientRequestScheme<br />
+Datetime<br />
+Kind<br />
+MatchIndex<br />
+OriginatorRayID<br />
+TimeGenerated<br />
+
+</Details>
+
+<Details header="WorkBook fields">
+
+ClientCountry_s<br />
+ClientDeviceType_s<br />
+ClientIP_s<br />
+ClientIPClass_s<br />
+ClientRequestMethod_s<br />
+ClientRequestProtocol_s<br />
+ClientRequestReferer_s<br />
+ClientRequestURI_s<br />
+ClientRequestUserAgent_s<br />
+EdgePathingOp_s<br />
+EdgePathingSrc_s<br />
+EdgePathingStatus_s<br />
+EdgeResponseContentType_s<br />
+threat<br />
+TimeGenerated<br />
+EdgePathingSrc_s<br />
+EdgePathingOp_s<br />
+EdgePathingStatus_s<br />
+EdgeResponseStatus_d<br />
+OriginResponseStatus_d<br />
+TimeGenerated<br />
+
+</Details>
+
+<Details header="Analytic rules">
+
+ClientIPClass<br />
+SrcIpAddr<br />
+ClientRequestURI<br />
+HttpUserAgentOriginal<br />
+HttpRequestMethod<br />
+TimeGenerated<br />
+SrcGeoCountry<br />
+ClientRequestURI<br />
+HttpRequestMethod<br />
+HttpStatusCode<br />
+DstBytes<br />
+SrcBytes<br />
+WAFRuleID<br />
+WAFRuleMessage<br />
+WAFAction<br />
+
+</Details>
+
+<Details header="Hunting queries">
+
+TimeGenerated<br />
+HttpStatusCode<br />
+SrcIpAddr<br />
+ClientRequestURI<br />
+ClientTlsStatus<br />
+HttpUserAgentOriginal<br />
+OriginTlsStatus<br />
+NetworkRuleName<br />
+EdgeRequestHost<br />
+SrcGeoCountry<br />
+EdgeResponseStatus<br />
+ClientCountry<br />
+ClientDeviceType<br />
+status<br />
+OriginResponseStatus<br />
+WorkerSubrequest<br />
+http_method<br />
+dest_ip<br />
+dest_host<br />
+uri_path<br />
+http_user_agent<br />
+status<br />
+src_ip<br />
+OriginResponseStatus<br />
+RayID<br />
+WorkerSubrequest<br />
+http_method<br />
+bytes_out<br />
+bytes_cached_requests<br />
+threat<br />
+ClientRequestProtocol<br />
+http_referrer<br />
+ClientIPClass<br />
+cf_http_status_codes<br />
+http_content_type<br />
+cf_http_status_codes<br />
+cached_requests<br />
+CacheCacheStatus<br />
+ClientASN<br />
+EdgePathingSrc<br />
+EdgePathingOp<br />
+EdgePathingStatus<br />
+ClientRequestUserAgent<br />
+SecurityAction<br />
+SecurityRuleID<br />
+SecurityRuleDescription<br />
+
+</Details>
+
+## Resources 
+
+[Download Cloudflare's CCF Sentinel Solution](https://marketplace.microsoft.com/en-us/product/azure-application/cloudflare.azure-sentinel-solution-cloudflare-ccf?tab=Overview)<br />
+[Microsoft Data Lake Overview](https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-overview)<br /> 
+[About the CCF Platform](https://learn.microsoft.com/en-us/azure/sentinel/create-codeless-connector)
 
-For more details, refer to the Microsoft documentation [Cloudflare connector for Microsoft Sentinel](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/cloudflare.cloudflare_sentinel).
 

src/content/changelog/casb/2024-11-22-cloud-data-extraction-aws.mdx

@@ -52,14 +52,14 @@ The JD Cloud network is proxying content inside of China for customers who have
 
 ## Products and features
 
-### How does IPv6 work on the Cloudflare China Network?
+### How does IPv6 work on China Network?
 
-All sites hosted in Mainland China must have IPv6 enabled. The Cloudflare China Network feature automatically enables IPv6 for domains to fulfill this requirement and it is not possible to disable it. According to internal testing, IPv6 connections in Mainland China are more reliable and offer better latency.
+All sites hosted in Mainland China must have IPv6 enabled. China Network automatically enables IPv6 for domains to fulfill this requirement and it is not possible to disable it. According to internal testing, IPv6 connections in Mainland China are more reliable and offer better latency.
 
 ### Is Turnstile available in Mainland China?
 
 [Turnstile](/turnstile/) is not supported in Mainland China. Therefore, both China Network zones and [global zones](/fundamentals/concepts/accounts-and-zones/#zones) with users visiting your content from Mainland China may experience issues with Turnstile.
 
-## Is Cloudflare Pages available in Mainland China?
+### Is Pages available in Mainland China?
 
-[Cloudflare Pages](/pages/) is not available in Mainland China due to pages.dev certificate not residing within Mainland China. However, Pages from a global zone may potentially be extended into Mainland China.
+[Pages](/pages/) is not available in Mainland China due to pages.dev certificate not residing within Mainland China. However, Pages from a global zone may potentially be extended into Mainland China.