The cloud computing paradigm has become really popular, and its adoption is constantly increasing. Hence, also network activities and security alerts related to cloud services are increasing and are likely to become even more relevant in the upcoming years. In this paper, we propose the first characterization of real security alerts related to cloud activities and generated by a network sensor at the edge of a large network environment over several months. Results show that the characteristics of cloud security alerts differ from those that are not related to cloud activities. Moreover, alerts related to different cloud providers exhibit peculiar and different behaviors that can be identified through temporal analyses. The methods and results proposed in this paper are useful as a basis for the design of novel algorithms for the automatic analysis of cloud security alerts, that can be aimed at forecasting, prioritization, anomaly and state-change detection.