[Email Security] Adding prereq

Maddy-Cloudflare · Maddy-Cloudflare · commit c5468c0d5ca8 · 2024-11-20T13:25:01.000Z
diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx
@@ -5,45 +5,56 @@ sidebar:
   order: 5
 ---
 
-Email Security allows you to configure logs to send detection data to an endpoint of your choosing.
+Email Security allows you to configure Logpush to send detection data to an endpoint of your choice.
+
+## Prerequisites
+
+Before you can enable Logpush for Email Security, you will have to:
+
+1. Create an [R2 bucket](/r2/get-started/#2-create-a-bucket).
+2. Once you have created your R2 bucket, [create an API token](/r2/api/s3/tokens/). Under **Permissions**, ensure you select **Admin Read & Write**. 
+3. Once you have created your R2 API Token, the dashboard will display an **Access Key ID**, and **Secret Access Key**. Save these two, as you will need them to set up Logpush later.
+
+## Enable Logpush jobs
 
 To enable Logpush for Email Security:
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
 2. Select **Analytics & Logs** > **Logpush**.
 2. Select **Create a Logpush job**, then select **S3-Compatible**.
 3. Enter the **destination details**:
-    - **Bucket**: Enter the bucket name.
+    - **Bucket (required)**: Enter the bucket name.
     - **Endpoint URL**: Enter your endpoint URL. To find your endpoint URL:
       - On the Cloudflare dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket.
       - Go to Settings, and copy and paste the **S3 API** URL.
-    - **Bucket region**: Enter the Bucket region: Enter the region of your bucket: To find the bucket region:
+    - **Bucket region**: Enter the region of your bucket. To find the bucket region:
       - On the dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket.
-      - Go to Settings, and find your region in **Location**.
-    - Enter the **Access Key ID**.
-    - Enter the **Secret Access Key**.
-4. Select **Continue**. Your destination has now been configured.
+      - Go to **Settings**, and find your region in **Location**.
+    - **Access Key ID**: Enter the Access Key ID you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites).
+    - **Secret Access Key**: Enter the Secret Access Key you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites).
+4. Select **Continue**. 
+
+Your destination has now been configured.
+
+To view the job you created:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
+2. Go to **R2 Object Storage**, select your bucket.
+3. Select **Objects**.
 
 ## Audit logs
 
-Once you have configured your destination, you can audit your logs.
+Once you have configured your destination, you can audit logs:
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
 2. Select **Analytics & Logs** > **Logpush**.
 3. Select **Audit logs**.
-4. **Configure logpush job**: 
+4. Under **Configure logpush job**: 
   - **Job name**: Enter the job name.
   - **If logs match**: Select **Filtered logs**:
-    - Field: Choose ResourceType
-    - Operator: starts with
-    - Value: Enter `email_security`
-  - **Send the following field**: Ensure **General** is selected.
+    - **Field**: Choose `ResourceType`.
+    - **Operator**: Choose `starts with`.
+    - **Value**: Enter `email_security`.  
 5. Select **Submit**.
 
-Your job has now been created successfully.
-
-To view the job you created:
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
-2. Go to **R2 Object Storage**, select your bucket.
-3. Select **Objects**.
+Your job has now been created successfully.
