Skip to content

[Radar] Update glossary #19378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 4, 2025
Merged

[Radar] Update glossary #19378

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5fc2fb2
[Radar] Add internet services ranking, robots.txt and workers AI entr…
andre-j3sus Jan 22, 2025
80077ca
[Radar] Update normalization methods and other minor fixes
andre-j3sus Jan 23, 2025
a3865ad
Apply suggestions from PCX review
pedrosousa Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,6 @@ pnpm-debug.log*

.wrangler
/assets/secrets
/worker/functions/
/worker/functions/

.idea
1 change: 1 addition & 0 deletions src/content/docs/radar/concepts/aggregation-intervals.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,4 @@ For example, when requesting one day of data, the default aggregation interval i
| `15m` | 15 minutes frequency. |
| `1h` | One hour frequency. |
| `1d` | One day frequency. |
| `1w` | One week frequency. |
2 changes: 1 addition & 1 deletion src/content/docs/radar/concepts/bot-classes.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sidebar:

A bot class in Radar is a grouping of [bot scores](/bots/concepts/bot-score).

Scores between 1 to 29 are classified as bot traffic. Scores equal or above 30 are classified as non-bot/human traffic.
Scores between 1 and 29 are classified as bot traffic. Scores equal or above 30 are classified as non-bot/human traffic.

| Class | Description |
| -------------------- | ---------------------------- |
Expand Down
15 changes: 8 additions & 7 deletions src/content/docs/radar/concepts/normalization.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,13 @@ Refer to the `result.meta.normalization` property in the response to check which

## Method

| Method | Description |
| ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `PERCENTAGE` | Values represent percentages. |
| `PERCENTAGE_CHANGE` | Values represent a [percentage change](https://en.wikipedia.org/wiki/Relative_change_and_difference#Percentage_change) from a baseline period. |
| `MIN_MAX` | Values have been normalized using [min-max](https://en.wikipedia.org/wiki/Feature_scaling#Rescaling_\(min-max_normalization\)). |
| `MIN0_MAX` | Values have been normalized using min-max, but setting the minimum value to `0`. Equivalent to a proportion of the maximum value in the entire response, scaled between 0 and 1. |
| `RAW_VALUES` | Values are raw and have not been changed. |
| Method | Description |
| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `PERCENTAGE` | Values represent percentages. |
| `PERCENTAGE_CHANGE` | Values represent a [percentage change](https://en.wikipedia.org/wiki/Relative_change_and_difference#Percentage_change) from a baseline period. |
| `OVERLAPPED_PERCENTAGE` | Values represent percentages that exceed 100% due to overlap. |
| `MIN_MAX` | Values have been normalized using [min-max](https://en.wikipedia.org/wiki/Feature_scaling#Rescaling_\(min-max_normalization\)). |
| `MIN0_MAX` | Values have been normalized using min-max, but setting the minimum value to `0`. Equivalent to a proportion of the maximum value in the entire response, scaled between 0 and 1. |
| `RAW_VALUES` | Values are raw and have not been changed. |

If you want to compare values across locations/time ranges/etc., in endpoints that normalize values using min-max, you must do so in the same request. This is done by asking for multiple series. All values will then be normalized using the same minimum and maximum value and can safely be compared against each other. Refer to [Make comparisons](/radar/get-started/making-comparisons/) for more information.
4 changes: 2 additions & 2 deletions src/content/docs/radar/get-started/error-codes.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
pcx_content_type: reference
title: Radar API Error Codes
title: Radar API error codes
sidebar:
order: 3
head:
- tag: title
content: Radar API Error Codes
content: Radar API error codes

---

Expand Down
21 changes: 12 additions & 9 deletions src/content/docs/radar/get-started/making-comparisons.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sidebar:

When comparing time series, across locations/time ranges/etc., in endpoints that normalize values using [min-max](/radar/concepts/normalization), you must do so in the same request. This is done by asking for multiple series. All values will then be normalized using the same minimum and maximum value and can safely be compared against each other.

[Netflows](/radar/investigate/netflows) values are normalized using [min0-max](/radar/concepts/normalization), so we will use it as an example. Refer to [Get NetFlow time series](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information.
[NetFlows](/radar/investigate/netflows) values are normalized using [min0-max](/radar/concepts/normalization), so we will use it as an example. Refer to [Get NetFlow time series](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information.

## Compare locations

Expand All @@ -27,7 +27,7 @@ The second series has the following parameters:

`name=pt_data&dateRange=7d&location=PT`

All of these parameters are arrays and it is the position in the array that defines the series the filter belongs to. Refer to [NetFlow's endpoint](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information on the available parameters.
All of these parameters are arrays, and it is the position in the array that defines the series the filter belongs to. Refer to [NetFlow's endpoint](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information on the available parameters.

The response (shortened below for brevity) uses the provided `name` property to wrap the timestamps and corresponding values. If we chart this data, it becomes obvious that Cloudflare received much less traffic from Portugal than from the United States.

Expand All @@ -50,6 +50,7 @@ The response (shortened below for brevity) uses the provided `name` property to
"endTime": "2022-11-02T17:00:00Z"
},
"aggInterval": "ONE_HOUR",
// ...
}
}
}
Expand Down Expand Up @@ -113,13 +114,15 @@ In the above example, we requested for an [aggregation interval](/radar/concepts
The `result` property should return a response like this:

```json
"tonga": {
"timestamps": ["2022-10-15T02:00:00Z", "2022-10-15T03:00:00Z", "2022-10-15T04:00:00Z", "2022-10-15T05:00:00Z"],
"values": ["1.0", "0.832473", "0.820083", "0.79408"]
},
"tonga_outage": {
"timestamps": ["2022-01-15T02:00:00Z", "2022-01-15T03:00:00Z", "2022-01-15T04:00:00Z", "2022-01-15T05:00:00Z"],
"values": ["0.354105", "0.357287", "0.181811", "0.044198"]
{
"tonga": {
"timestamps": ["2022-10-15T02:00:00Z", "2022-10-15T03:00:00Z", "2022-10-15T04:00:00Z", "2022-10-15T05:00:00Z"],
"values": ["1.0", "0.832473", "0.820083", "0.79408"]
},
"tonga_outage": {
"timestamps": ["2022-01-15T02:00:00Z", "2022-01-15T03:00:00Z", "2022-01-15T04:00:00Z", "2022-01-15T05:00:00Z"],
"values": ["0.354105", "0.357287", "0.181811", "0.044198"]
}
}
```

Expand Down
16 changes: 16 additions & 0 deletions src/content/docs/radar/glossary.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ Internet connectivity can experience outages or disruptions due to a number of f

An early warning signal that an Internet outage may be underway on a given network or in a given country is an anomalous drop in traffic as compared to historical traffic patterns and trends. Internet anomalies listed in the Cloudflare Radar Outage Center represent an algorithmically-observed anomalous drop in traffic for the listed entity. If a given entry is marked as verified, it means that we have manually corroborated the observed drop in traffic across multiple Cloudflare data sources and/or third-party sources such as [IODA](https://ioda.inetintel.cc.gatech.edu/), or third-party sources of information, such as those listed above. In the case of the latter, an associated Internet outage event will be opened, with the event listed in the Internet Outages table (and API).

## Internet services ranking

Internet services ranking is based on our anonymized and aggregated 1.1.1.1 resolver data, complies with our [privacy policy](https://www.cloudflare.com/en-gb/privacypolicy/), and aims to identify the top most popular Internet services that reflect how people use the Internet globally. A service represents one or more domains aggregated together. Ranking popularity metric is best described as the estimated number of unique users that access domains associated with a service, over some period of time.

## Internet traffic trends

Trends observed in Internet traffic originating globally or within a given location or autonomous system within the selected time range, based on aggregated data from our network.
Expand Down Expand Up @@ -154,6 +158,14 @@ Network-level DDoS attacks graphs are based on traffic measured in bytes.

The Post-Quantum Encryption Adoption graph shows the share of HTTPS requests to Cloudflare that are encrypted with post-quantum (PQ) cryptography. Additional details about Cloudflare's support for PQ cryptography can be found at [Cloudflare Research](https://pq.cloudflareresearch.com/).

## Robots.txt

A [robots.txt](https://www.cloudflare.com/learning/bots/what-is-robots-txt/) file contains instructions for bots that tell them which webpages they can and cannot access.

The data displayed for robots.txt is based on successfully parsed robots.txt files from the top 10,000 domains. From these files, we count the occurrences of each user agent under the "Allow" and "Disallow" directives. A user agent is classified as "fully allowed" or "fully disallowed" if the directive value is "*". Otherwise, if the user agent is only allowed or disallowed to crawl specific paths, it is classified as "partially allowed" or "partially disallowed."

Currently, we only include AI-focused user agents listed in the [ai.robots.txt](https://github.com/ai-robots-txt/ai.robots.txt) repository.

## TCP resets and timeouts

In the Transmission Control Protocol (TCP), client-initiated connection resets (via the RST flag, TCP's "panic button") are atypical, and indicate to the server that *something went wrong* requiring the connection to be closed immediately. Similarly, connection timeouts (where the server closes a connection due to an unresponsive client) should not happen in conventional data exchanges. For comparison, a typical TCP connection consists of a 3-way handshake initiated by a client with a SYN packet to the server, then a data exchange moderated with ACK and PSH flags in the data packets, and finally a graceful close initiated from either side with a FIN packet. A FIN close is considered graceful because it ensures both sides complete their data transfer before closing the connection. In contrast, a timeout or RST flag triggers a hard stop, even if data is waiting to be sent or acknowledged. See [RFC 9293](https://datatracker.ietf.org/doc/html/rfc9293) for more details on the TCP protocol.
Expand Down Expand Up @@ -205,3 +217,7 @@ The data displayed on domain-specific geographic traffic patterns is based solel
## WHOIS

WHOIS is a standard for publishing the contact and nameserver information for all registered domains. Each registrar maintains their own WHOIS service. Anyone can query the registrar's WHOIS service to reveal the data behind a given domain.

## Workers AI

[Workers AI](/workers-ai/) allows you to run machine learning models, on the Cloudflare network, from your own code -- whether that be from Workers, Pages, or anywhere via the Cloudflare API. The data displayed for Workers AI is based on the number of Cloudflare accounts using a model during a specific time interval.
176 changes: 104 additions & 72 deletions src/content/docs/radar/investigate/application-layer-attacks.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Like in [HTTP requests](/radar/investigate/http-requests), these endpoints can b
Let us examine the global distribution of mitigated requests by product.

```bash
curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/timeseries_groups?aggInterval=1h&dateRange=1d&name=attacks&format=json" \
curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/timeseries_groups/mitigation_product?aggInterval=1h&dateRange=1d&name=attacks&format=json" \
--header "Authorization: Bearer <API_TOKEN>"
```

Expand All @@ -56,6 +56,7 @@ From the abbreviated response below, we can conclude that distributed denial-of-
"startTime": "2022-11-05T11:00:00Z",
"endTime": "2022-11-06T11:00:00Z"
},
// ...
}
}
}
Expand All @@ -75,14 +76,23 @@ curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/summary?location
```

```json
"attacks_gb": {
"waf": "75.012138",
"ddos": "18.539149",
"ip_reputation": "5.721021",
"access_rules": "0.592515",
"bot_management": "0.131998",
"api_shield": "0.003178",
"data_loss_prevention": "0.0"
{
"success": true,
"errors": [],
"result": {
"attacks_gb": {
"waf": "75.012138",
"ddos": "18.539149",
"ip_reputation": "5.721021",
"access_rules": "0.592515",
"bot_management": "0.131998",
"api_shield": "0.003178",
"data_loss_prevention": "0.0"
},
"meta": {
// ...
}
}
}
```

Expand All @@ -106,37 +116,44 @@ curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/top/locations/ta
"success": true,
"errors": [],
"result": {
"attacks_target": [{
"targetCountryName": "Belgium",
"targetCountryAlpha2": "BE",
"value": "18.536740",
"rank": 1
}, {
"targetCountryName": "United States",
"targetCountryAlpha2": "US",
"value": "16.116210",
"rank": 2
}, {
"targetCountryName": "China",
"targetCountryAlpha2": "CN",
"value": "13.864696",
"rank": 3
}, {
"targetCountryName": "India",
"targetCountryAlpha2": "IN",
"value": "4.344139",
"rank": 4
}, {
"targetCountryName": "Germany",
"targetCountryAlpha2": "DE",
"value": "4.182777",
"rank": 5
}],
"attacks_target": [
{
"targetCountryName": "Belgium",
"targetCountryAlpha2": "BE",
"value": "18.536740",
"rank": 1
},
{
"targetCountryName": "United States",
"targetCountryAlpha2": "US",
"value": "16.116210",
"rank": 2
},
{
"targetCountryName": "China",
"targetCountryAlpha2": "CN",
"value": "13.864696",
"rank": 3
},
{
"targetCountryName": "India",
"targetCountryAlpha2": "IN",
"value": "4.344139",
"rank": 4
},
{
"targetCountryName": "Germany",
"targetCountryAlpha2": "DE",
"value": "4.182777",
"rank": 5
}
],
"meta": {
"dateRange": {
"startTime": "2022-11-05T12:00:00Z",
"endTime": "2022-11-06T12:00:00Z"
},
// ...
}
}
}
Expand All @@ -159,43 +176,58 @@ curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/top/attacks?limi

A typical response will be similar to the following:

```
[{
"originCountryName": "United States",
"originCountryAlpha2": "US",
"targetCountryName": "United States",
"targetCountryAlpha2": "US",
"value": "3.790724",
"rank": 1
}, {
"originCountryName": "United States",
"originCountryAlpha2": "US",
"targetCountryName": "Belgium",
"targetCountryAlpha2": "BE",
"value": "3.602177",
"rank": 2
}, {
"originCountryName": "China",
"originCountryAlpha2": "CN",
"targetCountryName": "Netherlands",
"targetCountryAlpha2": "NL",
"value": "3.017341",
"rank": 3
}, {
"originCountryName": "China",
"originCountryAlpha2": "CN",
"targetCountryName": "China",
"targetCountryAlpha2": "CN",
"value": "2.472068",
"rank": 4
}, {
"originCountryName": "Indonesia",
"originCountryAlpha2": "ID",
"targetCountryName": "China",
"targetCountryAlpha2": "CN",
"value": "2.056729",
"rank": 5
}]
```json
{
"success": true,
"errors": [],
"result": {
"top_0": [
{
"originCountryName": "United States",
"originCountryAlpha2": "US",
"targetCountryName": "United States",
"targetCountryAlpha2": "US",
"value": "3.790724",
"rank": 1
},
{
"originCountryName": "United States",
"originCountryAlpha2": "US",
"targetCountryName": "Belgium",
"targetCountryAlpha2": "BE",
"value": "3.602177",
"rank": 2
},
{
"originCountryName": "China",
"originCountryAlpha2": "CN",
"targetCountryName": "Netherlands",
"targetCountryAlpha2": "NL",
"value": "3.017341",
"rank": 3
},
{
"originCountryName": "China",
"originCountryAlpha2": "CN",
"targetCountryName": "China",
"targetCountryAlpha2": "CN",
"value": "2.472068",
"rank": 4
},
{
"originCountryName": "Indonesia",
"originCountryAlpha2": "ID",
"targetCountryName": "China",
"targetCountryAlpha2": "CN",
"value": "2.056729",
"rank": 5
}
],
"meta": {
// ...
}
}
}
```

This means that 3.79% of all mitigated requests are from and to the US, 3.6% of all mitigated requests are from the US to Belgium, etc..
Expand Down
Loading