Cloudflare Security Events

Extend your security view from the edge.

Automatic Installation

Quickstart

IAM Permissions

Google Cloud Security Command Center makes use of organization and project-level IAM permissions. As such, the person who deploys this integration will need to have the Organization Admin role.

.env.yml

If you run into errors, the cause is most like your permissions scope. Fix these by modifying .env.yml:

cd cloudflare-security-events/deployment
vim .env.yml

Unless otherwise specified during onboarding, .env.yml looks inside the project (PROJECT_ID) for the BigQuery table and Cloud Storage bucket:

// default settings – cloudflare_logs.camiliame_logs must be under active-incline-183216 for this to work
PROJECT_ID: active-incline-183216
GCLOUD_ORG: '1065635207347'
CREDENTIALS: ./scc_key.json
BUCKET_NAME: cloudflare-logs-bucket
BQ_DATASET: cloudflare_dataset.events_table
SERVICE_ACCOUNT: gcp-gcp-admin
BASE_DIR: /usr/local/scc-serverless
DEPLOYMENT_DIR: /usr/local/scc-serverless/deployment

You can reassign environment variables to be project-specific like this:

BQ_DATASET: some-project-200019.cloudflare_logs.some_table

Manual Installation & API

Note: if you don't have Logpush setup to stream logs in Google Cloud Storage, reach out to your customer success manager or go here if you know what you're doing: https://dash.cloudflare.com?analytics

Open Google Cloud Shell and clone this repository, then set Cloudshell to the project you use to store Cloudflare logs

gcloud config set project MY_PROJECT

Enter project directory and install dependencies:

cd cloudflare-security-events
npm install

Enable the necessary Cloud APIs to run the Cloudflare integration

cfse enableAPIs

Set Environment Variables and rewrite deployment files

cfse setEnv

Get service account key. Service Account will be created for you if necessary

cfse getServiceAcctKey

Deploy integration

cfse deploy

Test Configuration

cfse scc post