Cloudflare Docs
DDoS Protection
Visit DDoS Protection on GitHub
Set theme to dark (⇧+D)

DDoS analytics

You can view DDoS analytics in different dashboards, depending on your service and plan:

  • The Security Events dashboard provides you with visibility into L7 security events that target your zone, including HTTP DDoS attacks and TCP attacks. The dashboard displays mitigations of HTTP DDoS attacks as HTTP DDoS events. These events are also available via Cloudflare Logs.

  • The Network Analytics dashboard provides you with visibility into L3/4 traffic and DDoS attacks that target your IP ranges or Spectrum applications.

​​ Availability

ServiceFreeProBusinessEnterprise
WAF/CDNActivity log onlySecurity EventsSecurity EventsSecurity Events
SpectrumNetwork Analytics
Magic TransitNetwork Analytics

​​ Remarks

In some situations, the analytics dashboards will not show you the ID of the DDoS managed rule that handled a packet/request. This means that an internal DDoS rule, which Cloudflare does not currently expose publicly, applied an action to the packet/request. These internal DDoS rules have a very low false positive rate and should always be enabled to protect your properties against DDoS attacks. For the same reason, DDoS rule IDs may also be unavailable in Cloudflare logs and API responses.