Cloudflare Docs

Area 1 Email Security

Cloudflare Docs

Area 1 Email Security

Overview
Setup
Inline
Setup
Office 365 - Area 1 as MX Record
Use cases
1 - Junk email and Area 1 Admin Quarantine
2 - Junk email and user managed quarantine
3 - Junk email and administrative quarantine
4 - User managed quarantine and administrative quarantine
5 - Junk email folder and administrative quarantine
Google Workspace - Area 1 as MX Record
Cisco - Area 1 as MX Record
Cisco - Cisco as MX record
Reference
Egress IPs
API
Setup
Gmail BCC setup
Exchange BCC setup
Office 365 journaling setup
Office 365 Graph API setup
Account setup
Manage account members
Escalation contacts
Manage parent permissions
SSO integration
Generic SSO guide
Okta guide
Azure guide
Permissions
Email configuration
Domains and routing
Domains
Alert Webhooks
Partner Domains TLS
Email policies
Text add-ons
Link actions
Allow and block lists
Allowed patterns
Trusted domains
Block lists
Enhanced detections
Business email compromise (BEC)
Office 365 directory integration
Google Workspaces directory integration
Added Detections
Retract settings
Gmail retraction
Office 365 retraction
Phish submissions
PhishNet for Office 365
PhishNet for Google Workspace
Admin Quarantine
Reporting
Search
Unified Search
Detection search
Available parameters
Mail Trace
Phish reports
SIEM integration
Splunk
Sumo Logic
Audit Logs
API
Service accounts
Channel and Alliance Partners
Reference
How we detect phish
Dispositions and attributes
Language support
Cloudflare SSO

SIEM integration

With a bit of configuration, you can also bring Area 1 data into your Security Information and Event Management (SIEM) tools to view message-level information outside of the dashboard and create your own custom reports.

Connect a SIEM tool

The following steps are required to connect your SIEM tool.

1. Set up your SIEM tool

For help setting up the proper configuration in your SIEM tool, refer to the following guides:

Splunk: Splunk Cloud integration guide
Sumo Logic: Sumo Logic integration guide

2. Create a webhook

To create a webhook in Area 1 and send data into a SIEM tool:

Log in to the Area 1 dashboard.
Go to Settings (the gear icon).
Go to Email Configuration > Domains & Routing > Alert Webhooks.
Select New Webhook.
For App Type, select SIEM.
Choose Splunk or Sumologic.
Enter the Auth Code and Target.
Select Publish Webhook.