Learn how Cloudflare DDoS reports summarize attack intelligence. Reports are available to Magic Transit and Spectrum BYOIP customers.
Overview
Cloudflare DDoS reports provide convenient weekly summaries of L3/4 (network/transport layer) DDoS alerts to Magic Transit and Spectrum BYOIP customers. Each report is a snapshot of the DDoS attacks that Cloudflare detected and mitigated in the previous week. Reports highlight insights, trends, and recommended actions.
DDoS report content
Cloudflare sends out reports via email from the address [email protected].
Reports contain the following intelligence:
- Total number of DDoS attacks
- Largest DDoS attack in packets per second and bits per second
- Changes in DDoS attacks compared to the previous report
- Top attack vectors
- Top targeted IP addresses
- Top targeted destination ports
- Total potential downtime prevented (a sum of the duration of all attacks in that week)
- Total bytes mitigated (a sum of all of the attack traffic that was mitigated)
This screenshot illustrates an example DDoS report:
When Cloudflare does not detect any L3/4 DDoS attacks in the prior week, Cloudflare sends a confirmation report:
Reporting Schedule
Cloudflare issues DDoS reports via email each Tuesday. Reports summarize the attacks that occurred from Monday of the previous week to Sunday of the current week. For example, a report issued Tuesday, November 10, 2020 summarizes activity from Monday the 2nd to Sunday the 8th.
Report recipients
Cloudflare sends DDoS reports to users who have the Super Administrator role on accounts with prefixes advertised by Cloudflare.
Manage reporting subscriptions
Magic Transit and Spectrum BYOIP customers receive the weekly DDoS report automatically.
To stop receiving reports, click the unsubscribe link at the bottom of the report email:
To re-subscribe after opting out, contact Cloudflare support.