Skip to content

[Security Center] DashButton updates #24874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 3, 2025
Merged

[Security Center] DashButton updates #24874

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions src/content/docs/security-center/app-security-reports.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ head:

---

import { DashButton } from "~/components";

:::note

Currently, this feature is only available to Enterprise customers.
Expand All @@ -28,9 +30,11 @@ To dive deeper into the mitigations performed by Cloudflare security products, u

To download a monthly application security report:

1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Go to **Security Center** > **Security Reports**.
3. For a given month and year, select **Download** to download the report for that particular month.
1. In the Cloudflare dashboard, go to the **Security Reports** page.

<DashButton url="/?to=/:account/security-center/reports" />

2. For a given month and year, select **Download** to download the report for that particular month.

:::caution

Expand Down
7 changes: 5 additions & 2 deletions src/content/docs/security-center/blocked-content.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,15 @@ sidebar:
order: 8
---

import { DashButton } from "~/components";

If your domain has content that has been blocked, Blocked Content on the dashboard gives you the ability to request the Trust and Safety team to remove a block.

To view Blocked Content on the dashboard:

1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Go to **Security Center** > **Blocked Content**.
1. In the Cloudflare dashboard, go to the **Blocked Content** page.

<DashButton url="/?to=/:account/blocked-content" />

:::note
You must have Admin, Super Admin, or Trust and Safety [role](/fundamentals/manage-members/roles/) to access Blocked Content.
Expand Down
30 changes: 15 additions & 15 deletions src/content/docs/security-center/brand-protection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ sidebar:
text: Beta
---

import { AvailableNotifications, Render } from "~/components";
import { AvailableNotifications, Render, DashButton } from "~/components";

:::note[User permission]
While the Brand Protection tool is in beta, all Cloudflare Enterprise customers have automatic access to Brand Protection, including five saved queries. Only Admin, Super Admin and users with a Brand Protection role can access Brand Protection
Expand All @@ -19,22 +19,22 @@ While the Brand Protection tool is in beta, all Cloudflare Enterprise customers

To start searching for new domains that might be trying to impersonate your brand:

1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
1. In the Cloudflare dashboard, go to the **Brand Protection** page.

2. Go to **Security Center** > **Brand Protection**.
<DashButton url="/?to=/:account/security-center/brand-protection" />

3. In **String query**, provide a name for your query. You can add multiple brand phrases on the same query, and the results will generate matches for all of those. Once you entered the string queries, select **Search matches**.
2. In **String query**, provide a name for your query. You can add multiple brand phrases on the same query, and the results will generate matches for all of those. Once you entered the string queries, select **Search matches**.

4. In the **Character distance**, select from `0-3`. The number of characters the results can differ from your domain.
3. In the **Character distance**, select from `0-3`. The number of characters the results can differ from your domain.

:::note

If a brand phrase or search term has less than five characters, you can only choose a max distance of `0` (zero).
:::

5. You can select **Save query** to monitor it in the future and perform other actions, such as delete, clone and set up alerts, according to your Paid plan limits.
4. You can select **Save query** to monitor it in the future and perform other actions, such as delete, clone and set up alerts, according to your Paid plan limits.

6. To export all matches from a saved query, select your **Query name** > select the three dots > **Export matches**.
5. To export all matches from a saved query, select your **Query name** > select the three dots > **Export matches**.

In the section **Monitor Strings**, you can check all the string queries that you selected to monitor. You can delete, clone, or create notifications for a string query. Refer to [Brand Protection Alerts](#brand-protection-alerts) to set up notifications.

Expand All @@ -46,20 +46,20 @@ You can only submit an abuse report if your domain is with [Cloudflare Registrar

To submit abuse reports directly from the dashboard:

1. Go to the **Query name** you want to report.
2. Select **Report to Cloudflare**.
3. Fill in the details to submit an abuse report.
4. Select **Submit**.
1. Go to **Monitor Strings**, select the query you want to report.
3. Select **Report to Cloudflare**.
4. Fill in the details to submit an abuse report.
5. Select **Submit**.

## Logo queries

To set up a new logo query:

1. Go to **Security Center** > **Monitor Logos** and select **Add logo**.
2. Add a name for your query and upload your logo. Only the `.png`, `.jpeg`, and `.jpg` file extensions are supported.
3. Select **Save logo**.
1. Select **Monitor Logos** and select **Add logo**.
3. Add a name for your query and upload your logo. Only the `.png`, `.jpeg`, and `.jpg` file extensions are supported.
4. Select **Save logo**.

The browser will return to the **Monitor Images** overview page, where you can access your query and configure notifications.
The browser will return to the **Monitored Logos** page, where you can access your query and configure notifications.

## Investigate a query

Expand Down
39 changes: 23 additions & 16 deletions src/content/docs/security-center/cloudforce-one/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ sidebar:

---

import { Details } from "~/components"
import { Details, DashButton } from "~/components"

:::note
You must have a Cloudforce One subscription to access Cloudforce One on the dashboard.
Expand All @@ -16,8 +16,9 @@ Cloudforce One is a threat intelligence solution that offers threat research rep

To access Cloudforce One:

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Go to **Security Center** > **Threat Intelligence**.
1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.

<DashButton url="/?to=/:account/security-center/threat-intelligence" />

You can also use Cloudforce One via [REST API](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/requests/subresources/assets/).

Expand All @@ -31,25 +32,28 @@ Cloudforce One Threat Intelligence displays the following information:
## Submit RFIs

To submit RFIs (Request for Information):

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Go to **Security Center** > **Threat Intelligence** > **Requests for Information**.

1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.

<DashButton url="/?to=/:account/security-center/threat-intelligence" />

2. Select **Requests for Information**.
3. Select **New Request**.
4. Fill in the required fields, then select **Save**.

<Details header="List of RFI types">

The Cloudflare dashboard presents the following request types when you want to configure a Cloudforce One Requests for Information:

- **Binary Analysis - IOCs**: Conduct high level malware analysis to produce [indicators](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/) such as a call-back domain or IP address.
- **Binary Analysis - IOCs**: Conduct high level malware analysis to produce [indicators](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/) such as a call-back domain or IP address.

- **Binary Analysis - Report**: A thorough analysis of a malware sample to produce an attribution assessment and extract the configuration of the sample for further analysis. Useful for customers that are investigating a problem or trying to develop detection logic in an [EDR](https://en.wikipedia.org/wiki/Endpoint_detection_and_response) or network sensor.

- **DDoS Attack**: Confirm if an attack is happening against a specific website to share any available indicators and potential attribution.
- **DDoS Attack**: Confirm if an attack is happening against a specific website to share any available indicators and potential attribution.

- **Indicator Analysis - IOCs**: Conduct DNS lookups, origin pivots, and account pivots to provide indicators such as DNS resolutions, origin IPs, and subdomains. Analysis can include account registration patterns and victimology.

- **Indicator Analysis - Report**: A thorough analysis of indicators written in a formal, structured format. In addition to listing [Indicator of compromise (IOCs)](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/), the report explains how IOCs function within the attack chain, and adds context by linking IOCs to specific campaigns and/or threat actors and their TTPs.
- **Indicator Analysis - Report**: A thorough analysis of indicators written in a formal, structured format. In addition to listing [Indicator of compromise (IOCs)](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/), the report explains how IOCs function within the attack chain, and adds context by linking IOCs to specific campaigns and/or threat actors and their TTPs.

- **Passive DNS Resolution**: Research the pair of an IP address to the domain it resolved to during a specified period of time.

Expand Down Expand Up @@ -82,9 +86,9 @@ To delete your RFI, the status must be `Open`. Go to the RFI you want to delete,

### Upload and download attachment

You can also choose to upload and download an attachment.
You can also choose to upload and download an attachment.

Under **Attachments**, select the file you want to upload, then select **Save**.
Under **Attachments**, select the file you want to upload, then select **Save**.

To download an attachment, select **Download** on the attachment.

Expand All @@ -94,8 +98,9 @@ Threat events allow you to protect your assets and respond to emerging threats.

To access and analyze threat intelligence data on the dashboard:

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Select **Security Center** > **Threat Intelligence**.
1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.

<DashButton url="/?to=/:account/security-center/threat-intelligence" />

You can also access threat events via the [API](/api/resources/cloudforce_one/subresources/threat_events/).

Expand Down Expand Up @@ -129,8 +134,10 @@ You can use Cloudy, Cloudflare's AI Agent, to receive an analysis and summary of

To analyze threat events using Cloudy:

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Go to **Security Center** > **Threat Intelligence**.
3. Go to **Threat Events** > **Analyze with Cloudy**.
1. In the Cloudflare dashboard, go to the **Threat Intelligence** page.

<DashButton url="/?to=/:account/security-center/threat-intelligence" />

2. Go to **Threat Events** > **Analyze with Cloudy**.

Cloudy will show you the top threat events, analyze them, and give you a summary of threat events. You can also decide to receive an analysis based on **Attacker**, **Indicator**, and more. For example, you can enter "Give me a summary of threat events for ABC Attacker". Cloudy will then summarize threat events for ABC attacker.
10 changes: 6 additions & 4 deletions src/content/docs/security-center/get-started.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ sidebar:
order: 2
---

import { Render } from "~/components";
import { Render, DashButton } from "~/components";

This guide covers the steps you need to take to set up Security Center in your Cloudflare account for the first time.

Expand All @@ -22,9 +22,11 @@ This guide covers the steps you need to take to set up Security Center in your C

To manually start a scan:

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Go to Account Home > **Security Center** > **Infrastructure**.
3. Select **Scan now**.
1. In the Cloudflare dashboard, go to the **Infrastructure** page.

<DashButton url="/?to=/:account/security-center/inventory" />

2. Select **Scan now**.

### Scan Frequency

Expand Down
20 changes: 11 additions & 9 deletions src/content/docs/security-center/investigate/change-categorization.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ sidebar:

---

import { DashButton } from "~/components";

Cloudflare sorts domains into categories based on their content and security type. You can request categorization changes via the [dashboard](#via-the-cloudflare-dashboard), [Cloudflare Radar](#via-cloudflare-radar), or the [API](#via-the-api).

For a detailed list of categories, refer to [Domain categories](/cloudflare-one/policies/gateway/domain-categories/).
Expand All @@ -14,32 +16,32 @@ For a detailed list of categories, refer to [Domain categories](/cloudflare-one/

To request a categorization change via the Cloudflare dashboard:

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
1. In the Cloudflare dashboard, go to the **Investigate** page.

2. Go to **Security Center** > **Investigate**.
<DashButton url="/?to=/:account/security-center/investigate" />

3. Search for the domain you want to change.
2. Search for the domain you want to change.

4. In **Domain overview**, select **Request to change categorization**.
3. In **Domain overview**, select **Request to change categorization**.

5. Choose whether to change a [security category](/cloudflare-one/policies/gateway/domain-categories/#security-categories) or a [content category](/cloudflare-one/policies/gateway/domain-categories/#content-categories).
4. Choose whether to change a [security category](/cloudflare-one/policies/gateway/domain-categories/#security-categories) or a [content category](/cloudflare-one/policies/gateway/domain-categories/#content-categories).

6. Choose which categories you want to add or remove from the domain.
5. Choose which categories you want to add or remove from the domain.

:::note[Content category limit]

A domain cannot have more than two associated content categories. To propose changes to categories of a domain with more than two existing categories, remove one or more of the existing categories.
A domain cannot have more than two associated content categories. To propose changes to categories of a domain with more than two existing categories, remove one or more of the existing categories.
:::

7. Select **Submit** to submit your request for review.
6. Select **Submit** to submit your request for review.

Requesting a security category change will trigger a deeper investigation by Cloudflare to confirm that the submission is valid. Requesting a content category change also requires Cloudflare validation, but the turnaround time for these submissions is usually shorter as it requires less investigation.

Your category change requests will be revised by the Cloudflare team depending on the type of change. If your requests have been reviewed and applied by the Cloudflare team, the new categories will be visible in the Cloudflare dashboard in **Security Center** > **Investigate**, as well as in [Cloudflare Radar](https://radar.cloudflare.com/).

:::caution

Cloudflare does not guarantee the category change will be approved.
Cloudflare does not guarantee the category change will be approved.
:::

## Via Cloudflare Radar
Expand Down
25 changes: 17 additions & 8 deletions src/content/docs/security-center/investigate/investigate-threats.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ sidebar:

---

import { Render } from "~/components"
import { Render, DashButton } from "~/components"

Users can investigate the details of an IP address, domain name, URL, or Autonomous System Number (ASN). You can find the Investigate feature in your Cloudflare account's Security Center and in [Cloudflare Radar](https://radar.cloudflare.com/scan).

Expand Down Expand Up @@ -55,8 +55,11 @@ When you search for a hash, the Cloudflare dashboard will provide a URL report f

To search using a hash:

1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Go to **Security Center** > **Investigate**. Enter the hash, then select **Search**.
1. In the Cloudflare dashboard, go to the **Investigate** page.

<DashButton url="/?to=/:account/security-center/investigate" />

2. Enter the hash, then select **Search**.
3. Select **View report** to view the report for your URL.

## URL
Expand All @@ -67,8 +70,11 @@ Different Cloudflare plans will have different [scan limitations](/security-cent

If you want to scan a URL:

1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Go to **Security Center** > **Investigate**. Enter the URL, then select **Search**.
1. In the Cloudflare dashboard, go to the **Investigate** page.

<DashButton url="/?to=/:account/security-center/investigate" />

2. Enter the URL, then select **Search**.

Alternatively, to scan a URL, go to [Cloudflare Radar](https://radar.cloudflare.com/) > **URL scanner**. Enter the URL, then select **Publish**.

Expand All @@ -92,6 +98,9 @@ You can download a report of your scan in HAR or JSON format.

To download a report:

1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Select **Investigate** > Enter your domain > Select **Search**.
3. Once the report has been generated, select **Download** > Choose between **Download HAR** or **Download JSON**.
1. In the Cloudflare dashboard, go to the **Investigate** page.

<DashButton url="/?to=/:account/security-center/investigate" />

2. Enter your domain and select **Search**.
3. Once the report has been generated, select **Download** and choose between **Download HAR** or **Download JSON**.
Loading
Loading