search
WebsiteBlogLogin

Collect data from Cloudflare

circle-info

See the changelog of the HTTP Listener here.

hashtag
Overview

The following article outlines a basic data flow from Cloudflare to the Onum HTTP Listener.

hashtag
Prerequisites

Contact Onum to get the required JWT token, which will be needed on the Listener setup.

You can also contact us if you cannot generate the required TLS certificates. Note that these certificates must be signed by a recognized Certificate Authority (CA). Self-signed certificates are not accepted.

hashtag
Cloudflare Setup

Cloudflare Logpush supports the ability to send logs to configurable HTTP endpoints. Follow these instructionsarrow-up-right to enable log sending before starting the configuration in Onum.

hashtag
Onum Setup

1

Log in to your Onum tenant and click Listeners > New listener.

2

Double-click the HTTP Listener.

3

Enter a Name for the new Listener. Optionally, add a Description and some Tags to identify the Listener.

4

In the Socket section, enter the required Port.

5

In the TLS configuration section, enter the required certificates (Certificate, Private key and CA chain).

circle-exclamation

Certificates must be signed by a recognized Certificate Authority (CA). Self-signed certificates are not accepted.

6

Choose No client certificate in the Client authentication method field.

7

In the Authentication section, choose Bearer as the Authentication Type. Open the Token Secret field and click New secret to create a new one:

  • Give the token a Name.

  • Turn off the Expiration date option.

  • Click Add new value and paste the secret corresponding to the JWT token you received. Remember that the token will be added in the Zscaler configuration.

  • Click Save.

circle-info

Learn more about secrets in Onum in this article.

8

You can now select the secret you just created in the Token Secret field.

9

In the Endpoint section, choose POST as the HTTP Method. In the Request path field, enter /

10

In the Message extraction section, choose Single event as body (full) in the Strategy field. You can leave the Extraction info field empty.

11

In the General behavior section, set Propagate headers strategy to Allow.

12

Add the following Header keys:

  • Content-Enconding

  • Content-Type

13

Configure the rest of settings as required.

14

Finally, click Create labels. Optionally, you can set labels to be used for internal Onum routing of data. By default, data will be set as Unlabeled. Click Create listener when you're done.

circle-info

Learn more about labels in this article.

Click Create listener when you're done.

PreviousCollect data using HTTPNextCollect data from Microsoft Defender for Cloud Apps

Last updated

Was this helpful?