API: Sentinel to Cloudflare allowed DDoS Blocks

What is the name of the domain?

indndj.siidn.example

What is the issue you’re encountering

Looking for a API design workflow to integrate a detection rule in Sentinel to push to Cloudflare with automatic blocks for allowed DDoS attacks

What steps have you taken to resolve the issue?

Looking into design workflows at the moment

What is the current SSL/TLS setting?

Off

What are the steps to reproduce the issue?

Cloudflare DDoS protection prevents majority of the DDoS attack attempts. However, it does allow a certain amount of attempts, which have been maximizing server CPUs.

I have created an alert rule in Sentinel to identify allowed DDoS traffic from Cloudflare. Now, I am trying to find a way to automate a block from Sentinel to Cloudflare using API. Anyone might have an API design workflow from Sentinel to Cloudflare to automate JA4 blocks? My idea is creating a logic app → Cloudflare with an HTTP connector. Any recommendations would be appreciated. Thank you.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.