From cb758e5527df2146b9936e2c4f595f373c1f1829 Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:18:37 +0000 Subject: [PATCH 1/3] [Email Security] Logs --- .../email-monitoring/email-security-logs.mdx | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx new file mode 100644 index 000000000000000..b56e907338d074c --- /dev/null +++ b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx @@ -0,0 +1,49 @@ +--- +title: Email Security logs +pcx_content_type: how-to +sidebar: + order: 5 +--- + +Email Security allows you to configure logs to send detection data to an endpoint of your choosing. + +To enable Logpush for Email Security: + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). +2. Select **Analytics & Logs** > **Logpush**. +2. Select **Create a Logpush job**, then select **S3-Compatible**. +3. Enter the **destination details**: + - **Bucket**: Enter the bucket name. + - **Endpoint URL**: Enter your endpoint URL. To find your endpoint URL: + - On the Cloudflare dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket. + - Go to Settings, and copy and paste the **S3 API** URL. + - **Bucket region**: Enter the Bucket region: Enter the region of your bucket: To find the bucket region: + - On the dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket. + - Go to Settings, and find your region in **Location**. + - Enter the **Access Key ID**. + - Enter the **Secret Access Key**. +4. Select **Continue**. Your destination has now been configured. + +## Audit logs + +Once you have configured your destination, you can audit your logs. + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). +2. Select **Analytics & Logs** > **Logpush**. +3. Select **Audit logs**. +4. **Configure logpush job**: + - **Job name**: Enter the job name. + - **If logs match**: Select **Filtered logs**: + - Field: Choose ResourceType + - Operator: starts with + - Value: Enter `email_security` + - **Send the following field**: Ensure **General** is selected. +5. Select **Submit**. + +Your job has now been created successfully. + +To view the job you created: + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). +2. Go to **R2 Object Storage**, select your bucket. +3. Select **Objects**. \ No newline at end of file From c5468c0d5ca83963b9c49fa1f4af6896497fcdd9 Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:25:01 +0000 Subject: [PATCH 2/3] [Email Security] Adding prereq --- .../email-monitoring/email-security-logs.mdx | 51 +++++++++++-------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx index b56e907338d074c..a4514858c12422a 100644 --- a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx +++ b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx @@ -5,7 +5,17 @@ sidebar: order: 5 --- -Email Security allows you to configure logs to send detection data to an endpoint of your choosing. +Email Security allows you to configure Logpush to send detection data to an endpoint of your choice. + +## Prerequisites + +Before you can enable Logpush for Email Security, you will have to: + +1. Create an [R2 bucket](/r2/get-started/#2-create-a-bucket). +2. Once you have created your R2 bucket, [create an API token](/r2/api/s3/tokens/). Under **Permissions**, ensure you select **Admin Read & Write**. +3. Once you have created your R2 API Token, the dashboard will display an **Access Key ID**, and **Secret Access Key**. Save these two, as you will need them to set up Logpush later. + +## Enable Logpush jobs To enable Logpush for Email Security: @@ -13,37 +23,38 @@ To enable Logpush for Email Security: 2. Select **Analytics & Logs** > **Logpush**. 2. Select **Create a Logpush job**, then select **S3-Compatible**. 3. Enter the **destination details**: - - **Bucket**: Enter the bucket name. + - **Bucket (required)**: Enter the bucket name. - **Endpoint URL**: Enter your endpoint URL. To find your endpoint URL: - On the Cloudflare dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket. - Go to Settings, and copy and paste the **S3 API** URL. - - **Bucket region**: Enter the Bucket region: Enter the region of your bucket: To find the bucket region: + - **Bucket region**: Enter the region of your bucket. To find the bucket region: - On the dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket. - - Go to Settings, and find your region in **Location**. - - Enter the **Access Key ID**. - - Enter the **Secret Access Key**. -4. Select **Continue**. Your destination has now been configured. + - Go to **Settings**, and find your region in **Location**. + - **Access Key ID**: Enter the Access Key ID you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites). + - **Secret Access Key**: Enter the Secret Access Key you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites). +4. Select **Continue**. + +Your destination has now been configured. + +To view the job you created: + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). +2. Go to **R2 Object Storage**, select your bucket. +3. Select **Objects**. ## Audit logs -Once you have configured your destination, you can audit your logs. +Once you have configured your destination, you can audit logs: 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). 2. Select **Analytics & Logs** > **Logpush**. 3. Select **Audit logs**. -4. **Configure logpush job**: +4. Under **Configure logpush job**: - **Job name**: Enter the job name. - **If logs match**: Select **Filtered logs**: - - Field: Choose ResourceType - - Operator: starts with - - Value: Enter `email_security` - - **Send the following field**: Ensure **General** is selected. + - **Field**: Choose `ResourceType`. + - **Operator**: Choose `starts with`. + - **Value**: Enter `email_security`. 5. Select **Submit**. -Your job has now been created successfully. - -To view the job you created: - -1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). -2. Go to **R2 Object Storage**, select your bucket. -3. Select **Objects**. \ No newline at end of file +Your job has now been created successfully. \ No newline at end of file From c4ebb90bba695679093e61b1eedc8be991495d9d Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:39:21 +0000 Subject: [PATCH 3/3] Update src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx Co-authored-by: Jun Lee --- .../insights/email-monitoring/email-security-logs.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx index a4514858c12422a..72fa4bb10e3bc53 100644 --- a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx +++ b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx @@ -13,7 +13,7 @@ Before you can enable Logpush for Email Security, you will have to: 1. Create an [R2 bucket](/r2/get-started/#2-create-a-bucket). 2. Once you have created your R2 bucket, [create an API token](/r2/api/s3/tokens/). Under **Permissions**, ensure you select **Admin Read & Write**. -3. Once you have created your R2 API Token, the dashboard will display an **Access Key ID**, and **Secret Access Key**. Save these two, as you will need them to set up Logpush later. +3. Once you have created your R2 API Token, the dashboard will display an **Access Key ID** and a **Secret Access Key**. Save these two, as you will need them to set up Logpush later. ## Enable Logpush jobs