Analytics Updates & Release Notes
119 updates curated from 1 source by the Releasebot Team. Last updated: Jul 3, 2026
- Jun 30, 2026
- Date parsed from source:Jun 30, 2026
- First seen by Releasebot:Jul 3, 2026
Account-scoped firewall events dataset in Logpush
Analytics adds account-scoped firewall events to Logpush, letting teams collect firewall logs for every zone with one job and identify each event’s zone with a new ZoneName field.
Cloudflare Logpush now supports firewall events as an account-scoped dataset. Configure a single Logpush job at the account level to receive firewall events for every zone in the account, instead of creating and maintaining a separate job per zone.
The dataset includes a new ZoneName field so you can identify which zone each event came from when consuming logs in your downstream pipeline.
What's available
- A new account-scoped firewall_events dataset, configurable via the Logpush API or the Cloudflare dashboard.
- The same fields and filter expressions supported by the existing zone-scoped firewall events dataset, plus the new ZoneName field.
- Support for all existing Logpush destinations.
- Jun 24, 2026
- Date parsed from source:Jun 24, 2026
- First seen by Releasebot:Jun 29, 2026
New WebSocket Analytics Logpush dataset and updated fields
Analytics adds new Cloudflare Logpush datasets and expands existing ones, including WebSocket Analytics, richer Firewall events fields, account-scope Firewall logging, and new Email Security Alerts fields for deeper visibility and reporting.
Cloudflare has updated Logpush datasets:
New datasets
WebSocket Analytics: A new dataset with fields including BytesReceivedClient, BytesReceivedOrigin, BytesSentClient, BytesSentOrigin, ClientASN, ClientIP, ClientRequestHost, ClientRequestPath, ClientRequestUserAgent, ColoCode, ConnectionCloseReason, ConnectionCloseSource, ConnectionID, ConnectionTransportCloseCode, EdgeEndTimestamp, EdgeStartTimestamp, and RayID.
Updated fields in existing datasets
Firewall events (added): ZoneName. The Firewall events dataset is now also available for account-scope Logpush, in addition to the existing zone scope.
Email Security Alerts (added): BCC, DKIMResult, DMARCPolicy, DMARCResult, and SPFResult.
For the complete field definitions for each dataset, refer to Logpush datasets.
Original source All of your release notes in one feed
Join Releasebot and get updates from Cloudflare and hundreds of other software products.
- Jun 24, 2026
- Date parsed from source:Jun 24, 2026
- First seen by Releasebot:Jun 24, 2026
Precise IP location and richer AS details on the Cloudflare Radar IP page
Analytics adds richer IP page insights with IPv4 and IPv6 location markers, Cloudflare data center overlays, and clearer autonomous system details for your primary IP. The update makes Radar’s connection view more visual and informative.
Your IP location on the map
Radar now plots your IPv4 and IPv6 locations on the IP page, shows the Cloudflare data centers serving your connection, and includes more detail about the autonomous system (AS) your primary IP belongs to.
The map of your connection now shows:
- IP location markers — The primary IP will show as a red marker. When both IP addresses do not geolocate to the same place, a second marker will appear in blue with a note explaining why IPv4 and IPv6 can resolve to different locations.
- Cloudflare data center markers — Cloudflare data centers now show as orange dots on the map and the one you are connected to is highlighted.
- Data center connectors — Each line connects your IP markers to their respective data centers.
Due to the data policies of our geolocation provider, this detailed location is only available for your own IP. Other IP addresses keep the current country-level view.
Extended AS information
The AS card on the IP page now shows additional detail about the network an IP belongs to — including alternate names, the operator website, and an estimate of the AS user population — alongside the AS number and country.
Visit the Cloudflare Radar IP page to explore more details about your IP.
Original source - Jun 18, 2026
- Date parsed from source:Jun 18, 2026
- First seen by Releasebot:Jun 19, 2026
Updated Workers AI popularity metric in Cloudflare Radar
Analytics changes Workers AI popularity metrics in Radar to measure inferences instead of unique accounts, giving a more accurate view of usage volume. The update affects new and historical data, with model and task charts and API endpoints reflecting the new distribution.
Radar has changed how it measures Workers AI model and task popularity.
Previously, popularity was based on the number of unique accounts running inferences against each model or task. It is now based on the number of inferences, giving a more representative view of actual usage volume. This change will affect all new measurements as well as historical data. As a result, the model and task distributions shown on Radar may differ from what you saw previously, and historical trends may shift accordingly.
The Workers AI model popularity chart shows the distribution of inferences across models.
The Workers AI task popularity chart shows the distribution of inferences across tasks.
The same data is available via the following API endpoints:
- /ai/inference/summary/{dimension}
- /ai/inference/timeseries_groups/{dimension}
Explore the data on the AI Insights page.
Original source - Jun 10, 2026
- Date parsed from source:Jun 10, 2026
- First seen by Releasebot:Jun 12, 2026
Automated Cease and Desist templates for Brand Protection
Analytics adds an Automated Cease & Desist workflow for Brand Protection, letting teams generate, review, and download custom-branded legal notices for infringing domains outside Cloudflare. It streamlines recipient lookup, template autofill, and enforcement options.
TL;DR
Brand Protection now features an Automated Cease & Desist (C&D) workflow. When you discover an infringing domain hosted outside of Cloudflare, you can instantly generate, review, and download a custom-branded, pre-filled legal notice in seconds.
Why this matters
This update introduces a major shift from pure detection to actionable enforcement, eliminating the manual burden for your Trust & Safety and Legal teams:
- Instant WHOIS and Recipient Lookup: We automatically scrape registrar data and WHOIS contact information (such as the registrant or registrar abuse email) behind the scenes, highlighting exactly where your notice needs to be sent
- Smart Template Automation: We pre-fill your custom-branded templates with essential metadata, including the infringing domain, registrar name, and discovery date.
- Tailored Enforcement Tones: Choose from three default layout strategies depending on the severity of the infrastructure match:
- Exact Match: A formal demand for identical trademark infringements
- Similar Match: A standard notice optimized for typosquatting (one-character distance matches)
- Friendly Tone: An amicable initial outreach for potential unintentional or accidental infringements
- Full Editing Control: Before creating the final PDF, a real-time review screen allows you to fine-tune the messaging, modify placeholders, and ensure your text aligns perfectly with internal legal standards
How it works
When reviewing a malicious domain match inside your dashboard, your enforcement path splits depending on where the attacker is located:
- On the Cloudflare Network: If the domain uses Cloudflare’s network or registrar, trigger our existing integrated abuse reporting flow with one click.
- Hosted Elsewhere: If the domain is hosted on an external provider, click the Generate C&D Letter option to launch the new document builder, pick your template, verify the auto-populated recipient data, and download your finalized PDF.
You can manage your templates and enforce matches by going to the Cloudflare Dashboard > Application Security > Brand Protection and selecting your detected Brand Protection matches. For more information, read the Brand Protection documentation.
Note: Cloudflare does not represent you and cannot provide you with legal advice. Only you can decide whether your rights have been infringed, whether a cease and desist letter is appropriate, and what that letter should say.
Original source Similar to Analytics with recent updates:
- Notion updates110 release notes · Latest Jul 1, 2026
- Dynamics 365 Finance updates34 release notes · Latest Apr 25, 2026
- OpenAI updates124 release notes · Latest Jun 30, 2026
- Shopify updates264 release notes · Latest Jul 1, 2026
- Agent Framework updates39 release notes · Latest Jul 3, 2026
- Claude Code updates383 release notes · Latest Jul 4, 2026
- Jun 8, 2026
- Date parsed from source:Jun 8, 2026
- First seen by Releasebot:Jun 11, 2026
Create WAF rules directly from Threat Events saved views
Analytics adds one-click WAF rule creation for Cloudforce One Threat Events Saved Views, turning matching IP indicators into active defense. The update bridges threat detection and mitigation with dashboard, API, and Terraform support.
Cloudforce One users can now turn Threat Events indicators into active defense. With this update, users can instantly generate a WAF rule that matches the dynamic list of IP addresses returned by any of their Saved Views.
Why this matters
Threat intelligence is most effective when it is immediately actionable. Previously, blocking threat actors required manually extracting indicators from threat events and copying them into your firewall rules. This new integration bridges the gap between threat discovery and threat mitigation:
- When you identify an active threat pattern - such as an ongoing campaign targeting a specific industry, or using a known indicator type - you can pivot from investigation to mitigation in a single click.
- Instead of writing complex, static IP rules, this functionality allows you to leverage the specific filtering logic you have already defined and saved within your Threat Events ecosystem.
- Automating the generation of the WAF rule expression from your threat views eliminates manual copying errors, ensuring that the right malicious infrastructure is blocked instantly.
How to use it
You can implement these rules through both the dashboard UI and via the API / Terraform.
Go to Cloudflare Dashboard > Application Security > Threat Intelligence > Manage Views, select your desired view, and select Create WAF Rule.
This will automatically pre-populate the WAF rule builder with the matching threat event IP indicators.
You can also automate this workflow by utilizing the WAF Rule Builder API alongside your Threat Events saved views endpoints.
Original source - Jun 8, 2026
- Date parsed from source:Jun 8, 2026
- First seen by Releasebot:Jun 11, 2026
Introducing Threat Actor Profiles in Threat Events
Analytics adds Threat Actor Profiles in the Threat Events dashboard, letting teams pivot from alerts to adversary profiles with aliases, origin tracking, historical threat volume, MITRE ATT&CK mapping, and related events for faster threat investigation.
TL;DR:
Weve launched Threat Actor Profiles directly inside the Threat Events dashboard. You can now immediately pivot from a generic alert or blocked event to a profile that unmasks the "Who, Why, and How" behind a threat event.
Why this matters
Security teams often suffer from a visibility gap. When an attack is blocked, it's difficult to know if it was a random automated bot or a sophisticated advanced persistent threat (APT) campaign specifically targeting your industry. Finding out usually means leaving your security dashboard to hunt through external OSINT feeds or static, out-of-date threat reports. Threat Actor Profiles solve this by sharing Cloudforce Ones deep adversary research directly inside your workflow:
- Cloudflare sees the traffic in real-time across approximately 20% of the web. This means actor profiles display active malicious infrastructure the moment it touches our global edge.
- Every profile provides clear strategic and tactical modules including alternative aliases, origin tracking, historical threat event volume, and MITRE ATT&CK mapping detailing the adversary's technical methods.
- You can search the dedicated threat actor directory or click an actor's name inside any threat event to view all details and related events to the specific threat actor.
How to use it
Adversary tracking is now available in the Cloudflare Dashbboard and ready to be included in your daily investigation workflow:
- Click on the Threat Actor name in the Threat Events table to open their full identity profile and review their aliases and attack stats.
- Navigate to Cloudflare Dashboard > Application Security > Threat Intelligence to explore the new Threat Actors tab. Here, you can browse a card-based directory of all established entities tracked by Cloudforce One.
Learn more in the Cloudforce One documentation 9.
Original source - Jun 8, 2026
- Date parsed from source:Jun 8, 2026
- First seen by Releasebot:Jun 10, 2026
Create WAF rules directly from Threat Events saved views
Analytics adds one-click WAF rule generation from Cloudforce One Threat Events Saved Views, turning threat indicators into active defense through the dashboard UI or API and Terraform.
Cloudforce One users can now turn Threat Events indicators into active defense. With this update, users can instantly generate a WAF rule that matches the dynamic list of IP addresses returned by any of their Saved Views .
Why this matters
Threat intelligence is most effective when it is immediately actionable. Previously, blocking threat actors required manually extracting indicators from threat events and copying them into your firewall rules. This new integration bridges the gap between threat discovery and threat mitigation:
- When you identify an active threat pattern - such as an ongoing campaign targeting a specific industry, or using a known indicator type - you can pivot from investigation to mitigation in a single click.
- Instead of writing complex, static IP rules, this functionality allows you to leverage the specific filtering logic you have already defined and saved within your Threat Events ecosystem.
- Automating the generation of the WAF rule expression from your threat views eliminates manual copying errors, ensuring that the right malicious infrastructure is blocked instantly.
How to use it
You can implement these rules through both the dashboard UI and via the API / Terraform.
Go to Cloudflare Dashboard > Application Security > Threat Intelligence > Manage Views , select your desired view, and select Create WAF Rule .
This will automatically pre-populate the WAF rule builder with the matching threat event IP indicators.
You can also automate this workflow by utilizing the WAF Rule Builder API alongside your Threat Events saved views endpoints.
Original source - Jun 5, 2026
- Date parsed from source:Jun 5, 2026
- First seen by Releasebot:Jun 11, 2026
Finer-grained chart granularity on Cloudflare Radar for longer time ranges
Analytics adds finer-grained Radar traffic charts for longer time ranges, giving HTTP and NetFlows views more useful daily and weekly trend detail instead of coarse monthly or weekly defaults.
Radar now provides finer-grained traffic charts for longer time ranges. Previously, selecting a 1-3 month view on HTTP and NetFlows charts defaulted to weekly aggregation, which was too coarse to surface meaningful trends. Views longer than 3 months defaulted to monthly aggregation, returning as few as 7 data points for a 6-month range.
The new defaults are:
- 1-3 months: daily granularity (7x more data points)
- Longer than 3 months (HTTP and NetFlows): weekly granularity (4x more data points)
For example, a 12-week traffic view previously showed weekly data:
Traffic trends chart with weekly granularity for a 12-week view
The same view now shows daily data:
Traffic trends chart with daily granularity for a 12-week view
Similarly, a 1-year HTTP traffic view that previously showed just 12 monthly data points now provides 52 weekly data points.
Visit Cloudflare Radar to explore the new granular views.
Original source - Jun 5, 2026
- Date parsed from source:Jun 5, 2026
- First seen by Releasebot:Jun 6, 2026
Finer-grained chart granularity on Cloudflare Radar for longer time ranges
Analytics adds finer-grained traffic charts in Radar for longer time ranges, with daily views for 1 to 3 months and weekly views beyond 3 months to reveal clearer HTTP and NetFlows trends.
Radar now provides finer-grained traffic charts for longer time ranges. Previously, selecting a 1-3 month view on HTTP and NetFlows charts defaulted to weekly aggregation, which was too coarse to surface meaningful trends. Views longer than 3 months defaulted to monthly aggregation, returning as few as 7 data points for a 6-month range.
The new defaults are:
- 1-3 months: daily granularity (7x more data points)
- Longer than 3 months (HTTP and NetFlows): weekly granularity (4x more data points)
For example, a 12-week traffic view previously showed weekly data:
The same view now shows daily data:
Similarly, a 1-year HTTP traffic view that previously showed just 12 monthly data points now provides 52 weekly data points.
Visit Cloudflare Radar to explore the new granular views.
Original source - Jun 1, 2026
- Date parsed from source:Jun 1, 2026
- First seen by Releasebot:Jun 11, 2026
New Turnstile Events Logpush dataset in Cloudflare Logs
Analytics adds new Logpush Turnstile Events dataset with expanded event fields.
Cloudflare has updated Logpush datasets:
New datasets
- Turnstile Events: A new dataset with fields including ASN, Action, BrowserMajor, BrowserName, ClientIP, CountryCode, EventType, Hostname, OSMajor, OSName, Sitekey, Timestamp, and UserAgent.
For the complete field definitions for each dataset, refer to Logpush datasets.
Original source - Jun 1, 2026
- Date parsed from source:Jun 1, 2026
- First seen by Releasebot:Jun 1, 2026
New Turnstile Events Logpush dataset in Cloudflare Logs
Analytics adds Cloudflare Logpush Turnstile Events dataset with fields for IP, browser, OS, and timestamp.
Cloudflare has updated Logpush datasets:
New datasets
- Turnstile Events: A new dataset with fields including ASN, Action, BrowserMajor, BrowserName, ClientIP, CountryCode, EventType, Hostname, OSMajor, OSName, Sitekey, Timestamp, and UserAgent.
For the complete field definitions for each dataset, refer to Logpush datasets.
Original source - May 29, 2026
- Date parsed from source:May 29, 2026
- First seen by Releasebot:Jun 11, 2026
Updated fields across multiple Logpush datasets in Cloudflare Logs
Analytics updates Cloudflare Logpush datasets with new fields for DEX Device State Events, Gateway HTTP, and HTTP requests.
Cloudflare has updated Logpush datasets:
Updated fields in existing datasets
- DEX Device State Events (added): DeviceRegistrationProfileID.
- Gateway HTTP (added): AddedHeaders, DeletedHeaders, and SetHeaders.
- HTTP requests (added): MatchedRules.
For the complete field definitions for each dataset, refer to Logpush datasets.
Original source - May 29, 2026
- Date parsed from source:May 29, 2026
- First seen by Releasebot:Jun 11, 2026
TLS bug detection in the Cloudflare Radar post-quantum checker
Analytics adds TLS bug reporting to Radar handshake tests, giving scanned hosts clearer compatibility results, guided remediation, and bug-specific detection for split ClientHello, HRR failure, and unknown keyshare issues.
The Radar now also reports TLS bugs detected during the handshake test. When a scanned host exhibits compatibility issues, the results include details on the specific bugs detected, along with guidance on how to investigate and remediate each issue. The bugs section only appears for hosts where issues are found.
The following TLS bugs are detected:
- Split ClientHello — The connection fails with a fragmented post-quantum ClientHello but succeeds with classical handshakes. Typically caused by middleboxes or firewalls that cannot reassemble split TLS messages.
- HRR Failure — The server sends a HelloRetryRequest but fails to complete the handshake afterward.
- Unknown Keyshare — The server cannot handle unknown key exchange algorithms and fails instead of responding with a HelloRetryRequest as required by the TLS 1.3 specification.
Bug detection data is available through the existing /post_quantum/tls/support endpoint.
Visit the Post-Quantum Encryption page to test a host.
Original source - May 29, 2026
- Date parsed from source:May 29, 2026
- First seen by Releasebot:Jun 11, 2026
Security scans more frequent
Analytics adds faster Security Insights scans with default coverage for all accounts and zones, plus on-demand scans on any plan. Free accounts scan every 7 days, Pro and Business every 3 days, and Enterprise accounts daily to help spot misconfigurations and vulnerabilities sooner.
Security Insights scans now run more often. Cloudflare scans Free accounts every 7 days, Pro and Business accounts every 3 days, and Enterprise accounts daily.
In addition, all accounts and zones now receive scans by default. You no longer need to enable scans before Cloudflare checks your account for misconfigurations, vulnerabilities, and other security risks.
Granular on-demand scans are now available on any plan. You can trigger an on-demand scan for any zone, insight, insight type from the Cloudflare dashboard in order to quickly re-check your security posture after remediating an issue.
To learn more, refer to the Security Insights documentation.
Original source
Curated by the Releasebot team
Releasebot is an aggregator of official product update announcements from hundreds of software vendors and thousands of sources.
Our editorial process involves the manual review and audit of release notes procured with the help of automated systems.