# edgeLakeAttackAnalysis Analyze WAF (Web Application Firewall) attack scores for a domain using Cloudflare analytics. Returns request counts by attack classification and a time-series chart. ### Parameters | Parameter | Type | Required | Description | | --------------- | ------------- | -------- | ------------------------------------------------------------------------------------------------------------ | | `channelId` | string (UUID) | Yes | The Edge Lake channel ID. Must be a channel with `providerId: "edgeLake"`. Get this from the `domains` tool. | | `teamId` | string (UUID) | Yes | The team ID the domain belongs to. | | `startDateTime` | string | Yes | Start date/time in ISO 8601 format, e.g., `2024-01-01T00:00:00.000Z`. | | `endDateTime` | string | Yes | End date/time in ISO 8601 format, e.g., `2024-01-31T23:59:59.999Z`. | | `granularity` | enum | No | Time granularity: `DAY`, `HOUR`, or `MINUTE`. Defaults to `DAY`. | | `timezone` | string | No | IANA timezone, e.g., `America/New_York`. | ### Attack classifications Cloudflare classifies each request into one of these categories: | Classification | Description | | --------------- | ---------------------------- | | `attack` | Confirmed attack traffic | | `likely_attack` | Probably attack traffic | | `likely_clean` | Probably legitimate traffic | | `clean` | Confirmed legitimate traffic | | `not_scored` | Not evaluated by WAF | ### Output Returns: * **overview** - Request counts grouped by attack classification * **chart** - Time-series of attack classification distribution ### Example > "Are we seeing any attack traffic this week?" The AI assistant will call `edgeLakeAttackAnalysis` and display the breakdown of attack vs. clean traffic.