Security reports
Application Security reports provide cyber attack insights and trends for all of the Enterprise zones in your Cloudflare account.
The reports are automatically generated on a monthly basis.
You can access reports by going to the Security reports page. You can access reports from previous months by selecting the month from the dropdown.
Go to Security reportsTo download the report, select Print report.
Reports from before April 2025 can be accessed through Security reports > Legacy reports. Due to limitations in the legacy reports, some customers may not have reports for every month prior to April 2025.
The current reports are curated by Cloudflare and will be expanded to include more insights. The option to create custom reports, filter by various fields, and schedule reports will be added in upcoming improvements.
Currently, only Application Security reports are available. They cover the entire suite of products such as HTTP DDoS Protection, WAF, and Bot Management.
Reports for Application Performance, Cloudflare One, and Network Services, such as Magic Transit, will be made available in future improvements.
Each report includes the following sections:
- Executive summary
- Distribution of allowed and mitigated requests
- Industry benchmarks that show how you compare to your peers by selecting your industry
- Top five source countries of allowed traffic and mitigated traffic including a map visualization
- Top five most targeted hostnames
- Top five most effective mitigation rules
To view more details, apply filters, analyze the data, and generate ad-hoc reports, use the Security Analytics dashboard or Log Explorer.
If your account is not assigned an industry or if the shown industry is incorrect, use the link within the report to select the correct industry.
It may take a while for your new selection to take effect, and it may only be applied to future reports.
If you have multiple Cloudflare accounts, select the industry that is most relevant for the specific account.
You must have at least one Enterprise zone. Application Security reports are automatically enabled on your Enterprise zone. No action is required.
If you do not have any Enterprise zones, a report will not be generated. If you have an account that is not older than one month, a report will not be generated yet.
A Cloudflare user must have one of the following roles to download Application Security reports:
- Super Administrator
- Administrator
Application Security reports currently only support US Customer Metadata Boundary (CMB). They do not support the EU CMB yet.
This feature is available in closed beta to Enterprise customers.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
