SIEM - WARP Disconnect

What is the name of the domain?

N/A

What is the issue you’re encountering

When a WARP agent is disconnected by the user, is the event written to the Logs which can then be ingested into our SIEM and monitored?

What steps have you taken to resolve the issue?

We have raised a support case with Cloudflare asking the same question after reviewing our logs and finding no obvious reference to these events.

What are the steps to reproduce the issue?

Disconnect WARP.

What kind of?

From the DEX, you can see when the device is connected or disconnected or some other event. Under the Logs, for specific Device you can also see the traffic.

I believe it is available if the log files are expored or via Logpush, later parsed.
However, it might be only available for Enterprise.

I haven’t explored yet, have to test out.