Here is the traffick pattern for my domain that has been under DDoS attack.
I have set up the following rule: (not cf.client.bot and cf.threat_score gt 5) to prevent bots from entering, but when I look at the graph above I am not sure if I have eliminated the threat. There are some deep dips where I not only blocked bots, but also everyone. SO I am trying to be real careful with the rules I set up.
I need to understand this traffick pattern better so I can know whether this has been resolved or not. The peaks have me thinking no, but the lower traffick waves make me think that perhaps I have managed to mitigate.