Cloudflare Security Insights
Ingests security insights and issues from Cloudflare's Security Center. This input collects information about compliance violations, exposed infrastructure, insecure configurations, weak authentication methods, and email security issues discovered within your Cloudflare account.
Sync Type: Full
Requirements
- A Cloudflare account with access to Security Center (available on all plans)
- An API Token with the
Account:ReadorSecurity Center:Readpermission - Your Cloudflare Account ID
- For API access to Security Insights: Free, Pro, and Business plans have limited API access (100 requests/month); Enterprise plans have higher quotas (2,500 requests/month)
Creating an API Token
- Log in to your Cloudflare dashboard
- Navigate to My Profile > API Tokens
- Click Create Token
- Use the Create Custom Token option
- Configure the token:
- Token name: Give it a descriptive name (e.g., "Monad Security Insights")
- Permissions: Add
Account>Account Settings>Read(or more granularSecurity Centerpermission if available) - Account Resources: Select the specific account(s) or "All accounts"
- Click Continue to summary and then Create Token
- Copy the token value (you won't be able to see it again)
Finding Your Account ID
- Log in to your Cloudflare dashboard
- Select the account you want to monitor
- The Account ID is displayed in the right sidebar on the overview page
- Alternatively, find it in the URL:
https://dash.cloudflare.com/{account_id}/...
Details
- State Management: Uses deduping cron-based state management to fetch the complete inventory of security insights on each run. Monad tracks which insights have been seen to avoid duplicate processing.
- API Endpoint:
GET /accounts/{account_id}/security-center/insights - Pagination: Cursor-based pagination with up to 1000 records per page
- Filtering: Supports optional filtering by severity level (Low, Moderate, High, Critical) and issue type (compliance_violation, email_security, exposed_infrastructure, insecure_configuration, weak_authentication)
- Rate Limits: Plan-dependent quotas apply. The input respects these limits and will not exceed your plan's API allowance.
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
account_id | string | Yes | Cloudflare Account ID |
cron | string | Yes | Cron expression for sync schedule (e.g., 0 0 * * * for daily) |
severity | array | No | Filter to include only specific severity levels. Valid values: Low, Moderate, High, Critical. If empty, all severities are included. |
exclude_severity | array | No | Filter to exclude specific severity levels. Applied after the include filter. |
issue_type | array | No | Filter to include only specific issue types. Valid values: compliance_violation, email_security, exposed_infrastructure, insecure_configuration, weak_authentication. If empty, all types are included. |
exclude_issue_type | array | No | Filter to exclude specific issue types. Applied after the include filter. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
api_token | string | Yes | API Token with Account:Read or Security Center:Read permission |
Rate Limits
| Plan | Limit | Window | Notes |
|---|---|---|---|
| Free / Pro / Business | 100 | requests per month | Limited API access to Security Insights |
| Enterprise | 2,500 | requests per month | Higher quota for enterprise customers |
Headers: X-Auth-Email, Authorization
Source: Cloudflare Security Center API Documentation
Troubleshooting
Common Issues
Issue: API returned success=false with authentication error
Cause: The API token is invalid, expired, or lacks the required permissions.
Solution: Verify your API token is correct and has the necessary permissions. Create a new token with Account:Read or Security Center:Read permissions if needed.
Issue: Account ID is required validation error
Cause: The Account ID field was left empty.
Solution: Enter your Cloudflare Account ID in the settings. You can find this in your Cloudflare dashboard.
Issue: Rate limit exceeded (429 error) Cause: Your plan's monthly API request quota has been reached or you're making too many requests too quickly. Solution: Check your plan's rate limit quota. For plans with limited access, consider reducing sync frequency or filtering to specific issue types. Upgrade to Enterprise for higher quotas.
Issue: No data returned despite having security issues Cause: All discovered issues may have been dismissed, or your filters are too restrictive. Solution: Verify your severity and issue_type filters are not excluding the data you expect. Check the Security Center dashboard to confirm issues exist.
Issue: API access not available for plan Cause: Your plan does not have API access to Security Insights endpoint, or the feature is not yet enabled on your account. Solution: Verify the Security Center API is available for your plan. Contact Cloudflare support if you believe this is an error.
Related Articles
- Cloudflare Security Center API Documentation
- Cloudflare Security Center Guide
- Cloudflare Security Insights Overview
- Cloudflare API Tokens
Sample Record
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"dismissed": false,
"issue_class": "exposed_database",
"issue_type": "exposed_infrastructure",
"payload": {
"zone_id": "d41d8cd98f00b204e9800998ecf8427e",
"host": "example.com"
},
"resolve_link": "https://dash.cloudflare.com/account-id/security/insights/550e8400",
"resolve_text": "Check your firewall rules and ensure sensitive services are not exposed to the public internet.",
"severity": "Critical",
"since": "2024-01-10T14:30:00Z",
"subject": "example.com",
"timestamp": "2024-01-15T10:30:00Z"
}