sFlow DDoS alerts
Magic Network Monitoring customers that send sFlow data to Cloudflare can receive alerts when a specific type of distributed denial-of-service (DDoS) attack is detected within their network traffic. Cloudflare uses the same DDoS attack detection rules that protect our own global network to generate these alerts for customers.
Customers can export sFlow data of their network traffic to Cloudflare via Magic Network Monitoring. There are specific brands and models of routers that are capable of generating sFlow data. Make sure to check the router specifications to ensure that it is able to export sFlow data. Customers can follow this sFlow configuration guide to configure sFlow exports to Magic Network Monitoring.
Customers can configure sFlow DDoS alerts and receive notifications if a DDoS attack is detected within their sFlow traffic. These alerts are not compatible with NetFlow traffic. The sFlow DDoS alerts can be used along with traffic volume threshold alerts to give customers multiple layers of DDoS protection.
To configure sFlow DDoS alerts:
- Log in to the Cloudflare dashboard ↗, and select your account.
- Go to Notifications, and select Add.
- Select Magic Transit from the product dropdown menu.
- Find the Magic Network Monitoring: DDoS Attack alert, and select Select.
- Fill in the notification configuration details.
- Select Save.
Customers can tune the thresholds of their sFlow DDoS alerts in the dashboard and via the Cloudflare API by following the Network-layer DDoS Attack Protection managed ruleset guide.