diff --git a/src/content/docs/security-center/app-security-reports.mdx b/src/content/docs/security-center/app-security-reports.mdx
index 1e896e8a8f1cae..0628caa7145f6d 100644
--- a/src/content/docs/security-center/app-security-reports.mdx
+++ b/src/content/docs/security-center/app-security-reports.mdx
@@ -11,6 +11,8 @@ head:
---
+import { DashButton } from "~/components";
+
:::note
Currently, this feature is only available to Enterprise customers.
@@ -28,9 +30,11 @@ To dive deeper into the mitigations performed by Cloudflare security products, u
To download a monthly application security report:
-1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Go to **Security Center** > **Security Reports**.
-3. For a given month and year, select **Download** to download the report for that particular month.
+1. In the Cloudflare dashboard, go to the **Security Reports** page.
+
+
+
+2. For a given month and year, select **Download** to download the report for that particular month.
:::caution
diff --git a/src/content/docs/security-center/blocked-content.mdx b/src/content/docs/security-center/blocked-content.mdx
index eea74bd5274325..aa6f0866962e52 100644
--- a/src/content/docs/security-center/blocked-content.mdx
+++ b/src/content/docs/security-center/blocked-content.mdx
@@ -5,12 +5,15 @@ sidebar:
order: 8
---
+import { DashButton } from "~/components";
+
If your domain has content that has been blocked, Blocked Content on the dashboard gives you the ability to request the Trust and Safety team to remove a block.
To view Blocked Content on the dashboard:
-1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Security Center** > **Blocked Content**.
+1. In the Cloudflare dashboard, go to the **Blocked Content** page.
+
+
:::note
You must have Admin, Super Admin, or Trust and Safety [role](/fundamentals/manage-members/roles/) to access Blocked Content.
diff --git a/src/content/docs/security-center/brand-protection.mdx b/src/content/docs/security-center/brand-protection.mdx
index 0050260630a636..1388988dee744c 100644
--- a/src/content/docs/security-center/brand-protection.mdx
+++ b/src/content/docs/security-center/brand-protection.mdx
@@ -7,7 +7,7 @@ sidebar:
text: Beta
---
-import { AvailableNotifications, Render } from "~/components";
+import { AvailableNotifications, Render, DashButton } from "~/components";
:::note[User permission]
While the Brand Protection tool is in beta, all Cloudflare Enterprise customers have automatic access to Brand Protection, including five saved queries. Only Admin, Super Admin and users with a Brand Protection role can access Brand Protection
@@ -19,22 +19,22 @@ While the Brand Protection tool is in beta, all Cloudflare Enterprise customers
To start searching for new domains that might be trying to impersonate your brand:
-1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
+1. In the Cloudflare dashboard, go to the **Brand Protection** page.
-2. Go to **Security Center** > **Brand Protection**.
+
-3. In **String query**, provide a name for your query. You can add multiple brand phrases on the same query, and the results will generate matches for all of those. Once you entered the string queries, select **Search matches**.
+2. In **String query**, provide a name for your query. You can add multiple brand phrases on the same query, and the results will generate matches for all of those. Once you entered the string queries, select **Search matches**.
-4. In the **Character distance**, select from `0-3`. The number of characters the results can differ from your domain.
+3. In the **Character distance**, select from `0-3`. The number of characters the results can differ from your domain.
:::note
If a brand phrase or search term has less than five characters, you can only choose a max distance of `0` (zero).
:::
-5. You can select **Save query** to monitor it in the future and perform other actions, such as delete, clone and set up alerts, according to your Paid plan limits.
+4. You can select **Save query** to monitor it in the future and perform other actions, such as delete, clone and set up alerts, according to your Paid plan limits.
-6. To export all matches from a saved query, select your **Query name** > select the three dots > **Export matches**.
+5. To export all matches from a saved query, select your **Query name** > select the three dots > **Export matches**.
In the section **Monitor Strings**, you can check all the string queries that you selected to monitor. You can delete, clone, or create notifications for a string query. Refer to [Brand Protection Alerts](#brand-protection-alerts) to set up notifications.
@@ -46,20 +46,20 @@ You can only submit an abuse report if your domain is with [Cloudflare Registrar
To submit abuse reports directly from the dashboard:
-1. Go to the **Query name** you want to report.
-2. Select **Report to Cloudflare**.
-3. Fill in the details to submit an abuse report.
-4. Select **Submit**.
+1. Go to **Monitor Strings**, select the query you want to report.
+3. Select **Report to Cloudflare**.
+4. Fill in the details to submit an abuse report.
+5. Select **Submit**.
## Logo queries
To set up a new logo query:
-1. Go to **Security Center** > **Monitor Logos** and select **Add logo**.
-2. Add a name for your query and upload your logo. Only the `.png`, `.jpeg`, and `.jpg` file extensions are supported.
-3. Select **Save logo**.
+1. Select **Monitor Logos** and select **Add logo**.
+3. Add a name for your query and upload your logo. Only the `.png`, `.jpeg`, and `.jpg` file extensions are supported.
+4. Select **Save logo**.
-The browser will return to the **Monitor Images** overview page, where you can access your query and configure notifications.
+The browser will return to the **Monitored Logos** page, where you can access your query and configure notifications.
## Investigate a query
diff --git a/src/content/docs/security-center/cloudforce-one/index.mdx b/src/content/docs/security-center/cloudforce-one/index.mdx
index 522328db2d5319..4fdbcafc2370f9 100644
--- a/src/content/docs/security-center/cloudforce-one/index.mdx
+++ b/src/content/docs/security-center/cloudforce-one/index.mdx
@@ -6,7 +6,7 @@ sidebar:
---
-import { Details } from "~/components"
+import { Details, DashButton } from "~/components"
:::note
You must have a Cloudforce One subscription to access Cloudforce One on the dashboard.
@@ -16,8 +16,9 @@ Cloudforce One is a threat intelligence solution that offers threat research rep
To access Cloudforce One:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Security Center** > **Threat Intelligence**.
+1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.
+
+
You can also use Cloudforce One via [REST API](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/requests/subresources/assets/).
@@ -31,9 +32,12 @@ Cloudforce One Threat Intelligence displays the following information:
## Submit RFIs
To submit RFIs (Request for Information):
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Security Center** > **Threat Intelligence** > **Requests for Information**.
+
+1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.
+
+
+
+2. Select **Requests for Information**.
3. Select **New Request**.
4. Fill in the required fields, then select **Save**.
@@ -41,15 +45,15 @@ To submit RFIs (Request for Information):
The Cloudflare dashboard presents the following request types when you want to configure a Cloudforce One Requests for Information:
-- **Binary Analysis - IOCs**: Conduct high level malware analysis to produce [indicators](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/) such as a call-back domain or IP address.
+- **Binary Analysis - IOCs**: Conduct high level malware analysis to produce [indicators](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/) such as a call-back domain or IP address.
- **Binary Analysis - Report**: A thorough analysis of a malware sample to produce an attribution assessment and extract the configuration of the sample for further analysis. Useful for customers that are investigating a problem or trying to develop detection logic in an [EDR](https://en.wikipedia.org/wiki/Endpoint_detection_and_response) or network sensor.
-- **DDoS Attack**: Confirm if an attack is happening against a specific website to share any available indicators and potential attribution.
+- **DDoS Attack**: Confirm if an attack is happening against a specific website to share any available indicators and potential attribution.
- **Indicator Analysis - IOCs**: Conduct DNS lookups, origin pivots, and account pivots to provide indicators such as DNS resolutions, origin IPs, and subdomains. Analysis can include account registration patterns and victimology.
-- **Indicator Analysis - Report**: A thorough analysis of indicators written in a formal, structured format. In addition to listing [Indicator of compromise (IOCs)](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/), the report explains how IOCs function within the attack chain, and adds context by linking IOCs to specific campaigns and/or threat actors and their TTPs.
+- **Indicator Analysis - Report**: A thorough analysis of indicators written in a formal, structured format. In addition to listing [Indicator of compromise (IOCs)](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/), the report explains how IOCs function within the attack chain, and adds context by linking IOCs to specific campaigns and/or threat actors and their TTPs.
- **Passive DNS Resolution**: Research the pair of an IP address to the domain it resolved to during a specified period of time.
@@ -82,9 +86,9 @@ To delete your RFI, the status must be `Open`. Go to the RFI you want to delete,
### Upload and download attachment
-You can also choose to upload and download an attachment.
+You can also choose to upload and download an attachment.
-Under **Attachments**, select the file you want to upload, then select **Save**.
+Under **Attachments**, select the file you want to upload, then select **Save**.
To download an attachment, select **Download** on the attachment.
@@ -94,8 +98,9 @@ Threat events allow you to protect your assets and respond to emerging threats.
To access and analyze threat intelligence data on the dashboard:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Select **Security Center** > **Threat Intelligence**.
+1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.
+
+
You can also access threat events via the [API](/api/resources/cloudforce_one/subresources/threat_events/).
@@ -129,8 +134,10 @@ You can use Cloudy, Cloudflare's AI Agent, to receive an analysis and summary of
To analyze threat events using Cloudy:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Security Center** > **Threat Intelligence**.
-3. Go to **Threat Events** > **Analyze with Cloudy**.
+1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.
+
+
+
+2. Go to **Threat Events** > **Analyze with Cloudy**.
Cloudy will show you the top threat events, analyze them, and give you a summary of threat events. You can also decide to receive an analysis based on **Attacker**, **Indicator**, and more. For example, you can enter "Give me a summary of threat events for ABC Attacker". Cloudy will then summarize threat events for ABC attacker.
\ No newline at end of file
diff --git a/src/content/docs/security-center/get-started.mdx b/src/content/docs/security-center/get-started.mdx
index 6cf910ace083a3..77f750d2c19f44 100644
--- a/src/content/docs/security-center/get-started.mdx
+++ b/src/content/docs/security-center/get-started.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 2
---
-import { Render } from "~/components";
+import { Render, DashButton } from "~/components";
This guide covers the steps you need to take to set up Security Center in your Cloudflare account for the first time.
@@ -22,9 +22,11 @@ This guide covers the steps you need to take to set up Security Center in your C
To manually start a scan:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Go to Account Home > **Security Center** > **Infrastructure**.
-3. Select **Scan now**.
+1. In the Cloudflare dashboard, go to the **Infrastructure** page.
+
+
+
+2. Select **Scan now**.
### Scan Frequency
diff --git a/src/content/docs/security-center/investigate/change-categorization.mdx b/src/content/docs/security-center/investigate/change-categorization.mdx
index ddf80c8c91b0f2..500dd303c53cc0 100644
--- a/src/content/docs/security-center/investigate/change-categorization.mdx
+++ b/src/content/docs/security-center/investigate/change-categorization.mdx
@@ -6,6 +6,8 @@ sidebar:
---
+import { DashButton } from "~/components";
+
Cloudflare sorts domains into categories based on their content and security type. You can request categorization changes via the [dashboard](#via-the-cloudflare-dashboard), [Cloudflare Radar](#via-cloudflare-radar), or the [API](#via-the-api).
For a detailed list of categories, refer to [Domain categories](/cloudflare-one/policies/gateway/domain-categories/).
@@ -14,24 +16,24 @@ For a detailed list of categories, refer to [Domain categories](/cloudflare-one/
To request a categorization change via the Cloudflare dashboard:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
+1. In the Cloudflare dashboard, go to the **Investigate** page.
-2. Go to **Security Center** > **Investigate**.
+
-3. Search for the domain you want to change.
+2. Search for the domain you want to change.
-4. In **Domain overview**, select **Request to change categorization**.
+3. In **Domain overview**, select **Request to change categorization**.
-5. Choose whether to change a [security category](/cloudflare-one/policies/gateway/domain-categories/#security-categories) or a [content category](/cloudflare-one/policies/gateway/domain-categories/#content-categories).
+4. Choose whether to change a [security category](/cloudflare-one/policies/gateway/domain-categories/#security-categories) or a [content category](/cloudflare-one/policies/gateway/domain-categories/#content-categories).
-6. Choose which categories you want to add or remove from the domain.
+5. Choose which categories you want to add or remove from the domain.
:::note[Content category limit]
- A domain cannot have more than two associated content categories. To propose changes to categories of a domain with more than two existing categories, remove one or more of the existing categories.
+ A domain cannot have more than two associated content categories. To propose changes to categories of a domain with more than two existing categories, remove one or more of the existing categories.
:::
-7. Select **Submit** to submit your request for review.
+6. Select **Submit** to submit your request for review.
Requesting a security category change will trigger a deeper investigation by Cloudflare to confirm that the submission is valid. Requesting a content category change also requires Cloudflare validation, but the turnaround time for these submissions is usually shorter as it requires less investigation.
@@ -39,7 +41,7 @@ Your category change requests will be revised by the Cloudflare team depending o
:::caution
-Cloudflare does not guarantee the category change will be approved.
+Cloudflare does not guarantee the category change will be approved.
:::
## Via Cloudflare Radar
diff --git a/src/content/docs/security-center/investigate/investigate-threats.mdx b/src/content/docs/security-center/investigate/investigate-threats.mdx
index 16d843f9a93b76..4302b0d91d5694 100644
--- a/src/content/docs/security-center/investigate/investigate-threats.mdx
+++ b/src/content/docs/security-center/investigate/investigate-threats.mdx
@@ -6,7 +6,7 @@ sidebar:
---
-import { Render } from "~/components"
+import { Render, DashButton } from "~/components"
Users can investigate the details of an IP address, domain name, URL, or Autonomous System Number (ASN). You can find the Investigate feature in your Cloudflare account's Security Center and in [Cloudflare Radar](https://radar.cloudflare.com/scan).
@@ -55,8 +55,11 @@ When you search for a hash, the Cloudflare dashboard will provide a URL report f
To search using a hash:
-1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Security Center** > **Investigate**. Enter the hash, then select **Search**.
+1. In the Cloudflare dashboard, go to the **Investigate** page.
+
+
+
+2. Enter the hash, then select **Search**.
3. Select **View report** to view the report for your URL.
## URL
@@ -67,8 +70,11 @@ Different Cloudflare plans will have different [scan limitations](/security-cent
If you want to scan a URL:
-1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Security Center** > **Investigate**. Enter the URL, then select **Search**.
+1. In the Cloudflare dashboard, go to the **Investigate** page.
+
+
+
+2. Enter the URL, then select **Search**.
Alternatively, to scan a URL, go to [Cloudflare Radar](https://radar.cloudflare.com/) > **URL scanner**. Enter the URL, then select **Publish**.
@@ -92,6 +98,9 @@ You can download a report of your scan in HAR or JSON format.
To download a report:
-1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Select **Investigate** > Enter your domain > Select **Search**.
-3. Once the report has been generated, select **Download** > Choose between **Download HAR** or **Download JSON**.
\ No newline at end of file
+1. In the Cloudflare dashboard, go to the **Investigate** page.
+
+
+
+2. Enter your domain and select **Search**.
+3. Once the report has been generated, select **Download** and choose between **Download HAR** or **Download JSON**.
\ No newline at end of file
diff --git a/src/content/docs/security-center/security-insights/review-insights.mdx b/src/content/docs/security-center/security-insights/review-insights.mdx
index f714f1cda505c2..af2f9693d02685 100644
--- a/src/content/docs/security-center/security-insights/review-insights.mdx
+++ b/src/content/docs/security-center/security-insights/review-insights.mdx
@@ -6,13 +6,17 @@ sidebar:
---
+import { DashButton } from "~/components";
+
After [enabling Security Insights](/security-center/get-started/) and letting the first scan run, check the **Security Insights** tab for a list of detected insights that you should address.
For each detected insight, you can resolve it or archive it, after understanding its risks.
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Go to Account Home > **Security Center** > **Security Insights**.
-3. Next to the insight you wish to address, select **Resolve**.
+1. In the Cloudflare dashboard, go to the **Security Insights** page.
+
+
+
+2. Next to the insight you wish to address, select **Details** to review it.
## Resolve an insight
@@ -20,7 +24,7 @@ For each detected insight, you can resolve it or archive it, after understanding
Insights will not be automatically removed from your dashboard when you address them. You must either manually [archive insights](#archive-insights), manually trigger another scan or wait for the automatic scan to run as per [scan frequency](/security-center/security-insights/how-it-works/#scan-frequency).
:::
-In the insight details page, if you choose to update a configuration based on the recommendation actions, follow the instructions on the insight details page.
+In the Resolve insights page, if you choose to update a configuration based on the recommendation actions, follow the instructions on the insight details page.
The following insights follow a different yet straightforward workflow to be resolved:
@@ -40,10 +44,13 @@ You can export security insights to a CSV format directly from the dashboard.
To export security insights:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Go to Account Home > **Security Center** > **Security Insights** > **Export insights**.
+1. In the Cloudflare dashboard, go to the **Security Insights** page.
+
+
+
+2. Select **Export insights**.
-Exporting security insights allow you to perform a deeper analysis of your insights.
+Exporting security insights allow you to perform a deeper analysis of your insights.
The exported CSV file includes information such as the severity of your data, insight type scan date, issue class and additional optional fields, such as insight details, risk assessment, detection method, and recommended actions.
@@ -53,13 +60,15 @@ You can archive one or more insights from the dashboard.
To archive insights:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Go to Account Home > **Security Center** > **Security Insights**.
-3. Select the insight(s) you want to archive, then select **Archive selected**.
+1. In the Cloudflare dashboard, go to the **Security Insights** page.
+
+
+
+2. Select the insight(s) you want to archive, then select **Archive selected**.
Alternatively, to archive an insight:
-1. Select the insight you want to archive. The dashboard will open a page where you will be able to review [insight properties](/security-center/security-insights/how-it-works/#scan-properties).
+1. Select the insight you want to archive and select **Details**. The dashboard will open a page where you will be able to review [insight properties](/security-center/security-insights/how-it-works/#scan-properties).
2. Select **Archive insight**.
## Enable alerts
@@ -68,8 +77,11 @@ You can enable alerts for critical insights.
To enable alerts:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Go to Account Home > **Security Center** > **Security Insights**.
-3. Select the security insight(s) you want to create an alert for, then select **Create alert for selected classes**.
-4. Enter the notification name, and choose one or more insights classes to filter a notification.
-5. Select **Save**.
+1. In the Cloudflare dashboard, go to the **Security Insights** page.
+
+
+
+2. Select the security insight(s) you want to create an alert for, then select **Create alert for selected classes**.
+3. Enter the notification name, and choose one or more insights classes to filter a notification.
+4. Select **Add email recipient** and enter an email address to receive the alert.
+5. Select **Save**.
\ No newline at end of file
diff --git a/src/content/partials/security-center/setup.mdx b/src/content/partials/security-center/setup.mdx
index 6bf87f9180b206..4d1a8a25f3d086 100644
--- a/src/content/partials/security-center/setup.mdx
+++ b/src/content/partials/security-center/setup.mdx
@@ -3,7 +3,9 @@
---
-Security Insights start scans by default. Security Insights will scan your Cloudflare environment and provide you with a list of detected [insights](/security-center/security-insights/). Refer to [How it works](/security-center/security-insights/how-it-works/) to learn more about how Security Insights perform a scan.
+import { DashButton } from "~/components";
+
+Security Insights start scans by default. Security Insights will scan your Cloudflare environment and provide you with a list of detected [insights](/security-center/security-insights/). Refer to [How it works](/security-center/security-insights/how-it-works/) to learn more about how Security Insights perform a scan.
The initial scan time depends on the number of IT assets in all the domains of your Cloudflare account. When the scan is complete, the status of the page will change from **Scan in Progress** to **Last scan performed on: ``**.
@@ -11,11 +13,15 @@ You can decide to stop a scan, and restart a scan later.
To disable scans:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. On the sidebar, go to **Security Center** > **Security insights**.
-3. Go to **Disable Security Center scans**, select **Disable scans**.
+1. In the Cloudflare dashboard, go to the **Security Insights** page.
+
+
+
+2. Go to **Disable Security Center scans**, select **Disable scans**.
To restart a scan:
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. On the sidebar, go to **Security Center** > **Security insights**.
-3. Select **Scan now**.
\ No newline at end of file
+1. In the Cloudflare dashboard, go to the **Security Insights** page.
+
+
+
+2. Select **Scan now**.
\ No newline at end of file