If you are able to identify the attack data, create a WAF rule to block or challenge the traffic, go to the Security → WAF app in your Cloudflare dashboard and create rules to challenge or block traffic based on characteristics such as country, user agent, or IP address.