What's New

Cloudflare has added an "Also known as" field to Threat Events in Security Center, making it easier to identify threat actors across different security vendor naming conventions.

Key Features

• Dashboard Integration: View threat actor aliases directly in the Threat Events dashboard by expanding event details under the Attacker field
• Customizable Table View: Add the new field as a column in your configurable table view for quick reference
• API Access: The alias data is available via the Threat Events API for programmatic access

Benefits for Security Teams

This addition addresses a common challenge in threat intelligence research: different security vendors often use different names for the same threat groups, making correlation difficult. With Cloudflare's standardized alias field, you can:

• Quickly map Cloudflare-tracked actors to naming conventions used by other vendors without manual research
• Streamline cross-referencing by immediately identifying if a detected threat actor matches groups already being monitored in other intelligence feeds
• Reduce operational overhead by consolidating threat actor research across multiple sources

Getting Started

For implementation details and API integration, refer to the Threat Events API documentation.