cloudflare · patriciasantaana · Oct 17, 2025 · Oct 15, 2025 · Oct 15, 2025 · Oct 16, 2025
@@ -7,52 +7,80 @@ sidebar:
     text: Beta
 head:
   - tag: title
-    content: Application security reports
+    content: Application Security reports
 
 ---
 
-import { DashButton } from "~/components";
+import { DashButton, Details } from "~/components";
 
-:::note
+Application Security reports provide cyber attack insights and trends for all of the Enterprise zones in your Cloudflare account.
 
-Currently, this feature is only available to Enterprise customers.
-:::
+The reports are automatically generated on a monthly basis.
 
-Application security reports provide visibility into requests blocked or challenged by the Cloudflare Application Security suite of products.
+You can access reports by going to the **Security reports** page. You can access reports from previous months by selecting the month from the dropdown. 
 
-These reports allow you to get insights and analyze trends for all the zones in your account on a monthly basis, covering the mitigation actions performed by all Cloudflare layer 7 (application layer) security products. Each report includes an overview section and a per-product breakdown.
+<DashButton url="/?to=/:account/security-center/reports" />
 
-Cloudflare automatically generates a report every month, usually within the first five days of the month.
+To download the report, select **Print report**. 
 
-To dive deeper into the mitigations performed by Cloudflare security products, use the [Security Analytics](/waf/analytics/security-analytics/) dashboard.
+Reports from before April 2025 can be accessed through **Security reports** > **Legacy reports**. Due to limitations in the legacy reports, some customers may not have reports for every month prior to April 2025. 
 
-## Download a report
+The current reports are curated by Cloudflare and will be expanded to include more insights. The option to create custom reports, filter by various fields, and schedule reports will be added in upcoming improvements.
 
-To download a monthly application security report:
+---
+
+## Report types
+
+Currently, only Application Security reports are available. They cover the entire suite of products such as [HTTP DDoS Protection](/ddos-protection/managed-rulesets/http/), [WAF](/waf/), and [Bot Management](/bots/).
+
+Reports for Application Performance, [Cloudflare One](/cloudflare-one/), and Network Services, such as [Magic Transit](/magic-transit/), will be made available in future improvements. 
+
+---
+
+## Report layout
+
+Each report includes the following sections: 
+
+- Executive summary
+- Distribution of allowed and mitigated requests
+- [Industry benchmarks](#industry-benchmarks) that show how you compare to your peers by selecting your industry
+- Top five source countries of allowed traffic and mitigated traffic including a map visualization
+- Top five most targeted hostnames
+- Top five most effective mitigation rules
 
-1. In the Cloudflare dashboard, go to the **Security Reports** page.
+To view more details, apply filters, analyze the data, and generate ad-hoc reports, use the [Security Analytics dashboard](/waf/analytics/security-analytics/) or [Log Explorer](/log-explorer/).
 
-   <DashButton url="/?to=/:account/security-center/reports" />
+### Industry benchmarks
 
-2. For a given month and year, select **Download** to download the report for that particular month.
+If your account is not assigned an industry or if the shown industry is incorrect, use the link within the report to select the correct industry. 
 
-:::caution
+It may take a while for your new selection to take effect, and it may only be applied to future reports.
 
-Due to limitations in the current reporting solution, some customers do not have access to reports from the past few months. We are working on a new version of app security reports without the current limitations.
-:::
+If you have multiple Cloudflare accounts, select the industry that is most relevant for the specific account.
 
-***
+---
+
+## Prerequisites
+
+You must have at least one Enterprise zone. Application Security reports are automatically enabled on your Enterprise zone. No action is required.
 
-## Required roles
+If you do not have any Enterprise zones, a report will not be generated. If you have an account that is not older than one month, a report will not be generated yet. 
 
-A Cloudflare user must have one of the following [roles](/fundamentals/manage-members/roles/) to download application security reports:
+### Required roles
 
-* Super Administrator
-* Administrator
+A Cloudflare user must have one of the following [roles](/fundamentals/manage-members/roles/) to download Application Security reports:
 
-## Number of mitigated requests
+- Super Administrator
+- Administrator
+
+---
+
+## Limitations
+
+Application Security reports currently only support US Customer Metadata Boundary (CMB). They do not support the EU CMB yet.
+
+---
 
-As of the April 2023 report, the number of mitigated requests in each report is a sum of the following requests:
+## Availability
 
-* Blocked requests
-* Challenged requests that were not solved or bypassed (that is, not issued again because the visitor had previously passed a similar challenge)
+This feature is available in closed beta to Enterprise customers.