[buro9]

Yes.

For HTTP customers there are full SIEM logs under Firewall > Overview on our dashboard, and for paid tiers there are drill-down analytics in addition to the full SIEM logs. There is also log push to receive near real-time full HTTP logs into Google or AWS for your own analysis and these show if a firewall feature touched the request or if it was served from cache.

In addition for HTTP customers we show graphs of SYN floods, etc for the IPs your web properties are advertised on.

For L4 customers via Magic Transit we also have Network Analytics showing what we received at our edge network and a log of attacks detected and mitigated.

There is still lots of room for improvement... that's really what I'm asking, what does the ideal system look like for someone where they see and understand the data and trust it.

For example, is it valuable to see the attack landscape and what is happening across our systems even when you are not the target? Would that help give perspective to attacks that do target you, and also increase faith that this system exists and is stopping attacks when attacks do not target you?

[bberenberg]

These are great examples of technical details, but they're difficult to translate into impact and business value.

Would 100k SYN floods have slowed me site down? Would it have taken it offline? Would it have caused the site to remain up but corrupt data on the backend for some reason?

Off the top of my head, I would think about offering a "replay attack against your staging infra" feature on higher tier plans. The price point should help prevent someone leveraging you as an attack platform, and customers will be able to understand the value that you're bringing to the table in a much more practical way.

[staticautomatic]

I'd build a (metaphorical) visualization of the customer under siege, so they can watch it while they're being attacked and see what they'd be up against without your protection.

[hashhar]

I think it'd be helpful to highlight the impact on YOUR infrastructure for an attack i am facing.

Will help add perspective to how disruptive the attacks are.

[tudorw]

Yes, also perhaps some guidance figures on what the impact would have been had these measures not been in place.

[buro9]

Hard to answer the impact on your systems had we not stopped it... we don't know the full capability of your systems. Whether you can take a 10k packets per second ACK flood or a 1M pps ACK flood, or the 100M pps ACK flood depends on a lot of things we aren't privy to.

What we can tell you is the frequency, size and nature of attacks that Cloudflare sees, and when we can clearly identify that an attack was unambiguously targetting you specifically then we can tell only you about that too.

If there were a global dashboard which was vague about the target and source, merely the frequency, size and nature... would that be valuable?

[hashhar]

> If there were a global dashboard which was vague about the target and source, merely the frequency, size and nature... would that be valuable?

Yes.

> What we can tell you is the frequency, size and nature of attacks that Cloudflare sees, and when we can clearly identify that an attack was unambiguously targetting you specifically then we can tell only you about that too.

Yes.

Also, even if you could tell us WHAT kind of attack it was that would be helpful too.

[tudorw]

I should have made it clear I'm not a user,feeling your frustration at being 'invisble', that given, yes, I think a dashboard as you described, perhaps you could have some interactive option to enter your system config to allow you to see how that would have affected your infrastructure?