Analytics Release Notes

Zero Trust Logpush Permissions Update

Permissions for managing Logpush jobs related to Zero Trust datasets (Access, Gateway, and DEX) have been updated to improve data security and enforce appropriate access controls.

To view, create, update, or delete Logpush jobs for Zero Trust datasets, users must now have both of the following permissions:

• Logs Edit
• Zero Trust: PII Read

Note

Update your UI, API or Terraform configurations to include the new permissions. Requests to Zero Trust datasets will fail due to insufficient access without the additional permission.

Brand Protection logo query dashboard

The Brand Protection logo query dashboard now allows you to use the Report to Cloudflare button to submit an Abuse report directly from the Brand Protection logo queries dashboard. While you could previously report new domains that were impersonating your brand before, now you can do the same for websites found to be using your logo without your permission. The abuse reports will be prefilled and you will only need to validate a few fields before you can click the submit button, after which our team processes your request.

Ready to start? Check out the Brand Protection docs.

Radar TLD insights and API updates

Radar now introduces Top-Level Domain (TLD) insights, providing visibility into popularity based on the DNS magnitude metric, detailed TLD information including its type, manager, DNSSEC support, RDAP support, and WHOIS data, and trends such as DNS query volume and geographic distribution observed by the 1.1.1.1 DNS resolver.

The following dimensions were added to the Radar DNS API, specifically, to the /dns/summary/{dimension} and /dns/timeseries_groups/{dimension} endpoints:

• tld: Top-level domain extracted from DNS queries; can also be used as a filter.
• tld_dns_magnitude: Top-level domain ranking by DNS magnitude.

And the following endpoints were added

• /tlds - Lists all TLDs.
• /tlds/{tld} - Retrieves information about a specific TLD.

Learn more about the new Radar DNS insights in our blog post, and check out the new Radar page.

The Requests for Information (RFI) dashboard now shows users the number of tokens used by each submitted RFI to better understand usage of tokens and how they relate to each request submitted.

What’s new

• Users can now see the number of tokens used for a submitted request for information.
• Users can see the remaining tokens allocated to their account for the quarter.
• Users can only select the Routine priority for the Strategic Threat Research request type.

Cloudforce One subscribers can try it now in Application Security > Threat Intelligence > Requests for Information.

Logpush now supports integration with Microsoft Sentinel

The new Azure Sentinel Connector built on Microsoft’s Codeless Connector Framework (CCF), is now avaialble. This solution replaces the previous Azure Functions-based connector, offering significant improvements in security, data control, and ease of use for customers. Logpush customers can send logs to Azure Blob Storage and configure this new Sentinel Connector to ingest those logs directly into Microsoft Sentinel.

This upgrade significantly streamlines log ingestion, improves security, and provides greater control:

• Simplified Implementation: Easier for engineering teams to set up and maintain.
• Cost Control: New support for Data Collection Rules (DCRs) allows you to filter and transform logs at ingestion time, offering potential cost savings.
• Enhanced Security: CCF provides a higher level of security compared to the older Azure Functions connector.
• ata Lake Integration: Includes native integration with Data Lake.

Find the new solution here and refer to the Cloudflare's developer documention for more information on the connector, including setup steps, supported logs and Microsfot's resources.

Cloudflare's new Application Security report, currently in Closed Beta, is now available in the dashboard.

Go to Security reports

The reports are generated monthly and provide cyber security insights trends for all of the Enterprise zones in your Cloudflare account.

The reports also include an industry benchmark, comparing your cyber security landscape to peers in your industry.

Learn more about the reports by referring to the Security Reports documentation.

Use the feedback survey link at the top of the page to help us improve the reports.

Radar has expanded its Certificate Transparency (CT) log insights with new stats that provide greater visibility into log activity:

• Log growth rate: The average throughput of the CT log over the past 7 days, measured in certificates per hour.
• Included certificate count: The total number of certificates already included in this CT log.
• Eligible-for-inclusion certificate count: The number of certificates eligible for inclusion in this log but not yet included. This metric is based on certificates signed by trusted root CAs within the log's accepted date range.
• Last update: The timestamp of the most recent update to the CT log.

These new statistics have been added to the response of the Get Certificate Log Details API endpoint, and are displayed on the CT log information page.

What’s new in Workers Analytics Engine SQL

You can now perform more powerful queries directly in Workers Analytics Engine with a major expansion of our SQL function library.
Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.
Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions:

New aggregate functions

• argMin() - Returns the value associated with the minimum in a group
• argMax() - Returns the value associated with the maximum in a group
• topK() - Returns an array of the most frequent values in a group
• topKWeighted() - Returns an array of the most frequent values in a group using weights
• first_value() - Returns the first value in an ordered set of values within a partition
• last_value() - Returns the last value in an ordered set of values within a partition

New bit functions

• bitAnd() - Returns the bitwise AND of two expressions
• bitCount() - Returns the number of bits set to one in the binary representation of a number
• bitHammingDistance() - Returns the number of bits that differ between two numbers
• bitNot() - Returns a number with all bits flipped
• bitOr() - Returns the inclusive bitwise OR of two expressions
• bitRotateLeft() - Rotates all bits in a number left by specified positions
• bitRotateRight() - Rotates all bits in a number right by specified positions
• bitShiftLeft() - Shifts all bits in a number left by specified positions
• bitShiftRight() - Shifts all bits in a number right by specified positions
• bitTest() - Returns the value of a specific bit in a number
• bitXor() - Returns the bitwise exclusive-or of two expressions

New mathematical functions

• abs() - Returns the absolute value of a number
• log() - Computes the natural logarithm of a number
• round() - Rounds a number to a specified number of decimal places
• ceil() - Rounds a number up to the nearest integer
• floor() - Rounds a number down to the nearest integer
• pow() - Returns a number raised to the power of another number

New string functions

• lowerUTF8() - Converts a string to lowercase using UTF-8 encoding
• upperUTF8() - Converts a string to uppercase using UTF-8 encoding

New encoding functions

• hex() - Converts a number to its hexadecimal representation
• bin() - Converts a string to its binary representation

New type conversion functions

• toUInt8() - Converts any numeric expression, or expression resulting in a string representation of a decimal, into an unsigned 8 bit integer

Ready to get started?
Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data.
Get started with Workers Analytics Engine and explore all available functions in our SQL reference documentation.

GraphQL Analytics API confidence intervals

The GraphQL Analytics API now supports confidence intervals for sum and count fields on adaptive (sampled) datasets. Confidence intervals provide a statistical range around sampled results, helping verify accuracy and quantify uncertainty.

Supported datasets

• Adaptive (sampled) datasets only.

Supported fields

• All sum and count fields.

Usage

• The confidence level must be provided as a decimal between 0 and 1 (e.g. 0.90, 0.95, 0.99).

Default

• If no confidence level is specified, no intervals are returned.

For examples and more details

• For examples and more details, see the GraphQL Analytics API documentation.