View List of IPs Blocked By CloudFlare (Bad IP) with API


#1

Greetings,

Is there a way to view what IPs were automatically blocked by CloudFlare in the API? I do not mean user IP blocks based on firewall configuration. We would like to see the Bad IP threat types that were blocked to detect potential threat actors. Is there any way to do this from the API? All I’ve found is the number of threats and per country count.

Any help is greatly appreciated.

Thanks,
Jeremiah


#2

I’m not seeing any way to do this via the API, which is surprising. I can pull all the Audit Logs, and just about everything else…except Firewall Events. Bummer.


#3

I suppose since my org has logs received by the edge servers, and you can see if the WAF/server blocked a request, so theoretically I imagine you can iterate through every single request and pull the IP/check for a block.

And you can only check an hours worth of logs at a time.