Alienvault Integration with Cloudflare

We are trying to set up integration of Cloudflare to Alienvault USM anywhere (SIEM) so that we can ship the logs there. We are getting this error, “Unexpected response: HTTP/1.1 403 Forbidden, Could not fetch estimated EPS” when we setup the integration with the API key.
Can someone please help in how to get rid of this error?

image

If you’re trying to pull logs, chances are you need Enterprise since regular accounts don’t have access to that feature.

Logpull is available to customers on the Enterprise plan.

If you are an Enterprise customer, ensure the API token is correct, or if it doesn’t support the new API method, the API key and account email. Otherwise, check with your account manager to make sure this is enabled.

2 Likes

Thanks @Judge, we aren’t enterprise customer. If there a way to confirm that this feature is not available to business plan at all?

1 Like

Thanks @erictung for sharing the link.

1 Like

@Judge ,

For clarification, if I wanted to hook into Urlhaus API to pull various configurations of malicious hosts / rulesets such as Suricata2 & Unbound, I would not be able to do it without an Enterprise acccount? Unless workers allow Bash at some point, it seems so.

I can’t answer that - I’m saying that pulling access logs of your services from Cloudflare is only possible with a Cloudflare enterprise account. You can pull a lot of other Cloudflare data without an enterprise plan with varing levels of availability and historic data access, see the limits by plan: https://developers.cloudflare.com/analytics/graphql-api/limits

2 Likes

Thanks for the clarification, Judge. :slightly_smiling_face:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.