TD Website

CloudFlare DNS Security

ThreatDefence integrates with Cloudflare DNS Security to ingest DNS query and policy enforcement logs. This integration provides visibility into malicious domains, blocked queries, phishing attempts, and user DNS activity.

Integration Method

Cloudflare DNS logs are delivered via AWS SQS (Simple Queue Service). Cloudflare Logpush exports DNS security logs into an AWS SQS queue, which ThreatDefence securely ingests into the SIEM platform.

For setup, follow the AWS SQS Integration Guide.

Prerequisites

  • A Cloudflare Enterprise account with DNS Security Logpush enabled.

  • Access to an AWS account to configure SQS queues.

  • Cloudflare account permissions to create and manage Logpush jobs.

  • ThreatDefence-provided SQS subscription details for integration.

Next Steps

  1. Configure Cloudflare DNS Security Logpush to deliver logs to your AWS SQS queue.

  2. Follow the AWS SQS integration steps to prepare the queue.

  3. Send the SQS queue details (ARN, region, access keys if applicable) to 📧 [email protected].

  4. ThreatDefence engineers will validate ingestion and confirm DNS logs are flowing into the platform.

PreviousCisco UmbrellaNextContent Security

Last updated