What is the name of the domain?
indndj.siidn.example
What is the issue you’re encountering
Looking for a API design workflow to integrate a detection rule in Sentinel to push to Cloudflare with automatic blocks for allowed DDoS attacks
What steps have you taken to resolve the issue?
Looking into design workflows at the moment
What is the current SSL/TLS setting?
Off
What are the steps to reproduce the issue?
Cloudflare DDoS protection prevents majority of the DDoS attack attempts. However, it does allow a certain amount of attempts, which have been maximizing server CPUs.
I have created an alert rule in Sentinel to identify allowed DDoS traffic from Cloudflare. Now, I am trying to find a way to automate a block from Sentinel to Cloudflare using API. Anyone might have an API design workflow from Sentinel to Cloudflare to automate JA4 blocks? My idea is creating a logic app → Cloudflare with an HTTP connector. Any recommendations would be appreciated. Thank you.