Revise WAF rule creation details and update date#30960
Open
alexmoraru7 wants to merge 1 commit into
Open
Conversation
Updated the date and improved the clarity of the description and features of the WAF rule generation from Threat Events.
nikitacano
reviewed
May 26, 2026
| --- | ||
|
|
||
| Cloudforce One users can now turn Threat Events indicators into active defense. With this update, users can instantly generate a WAF rule that matches the dynamic list of IP addresses returned by any of their **Saved Views**. | ||
|
|
Contributor
There was a problem hiding this comment.
This needs a gif with a demo or at least a screenshot.
nikitacano
reviewed
May 26, 2026
| date: 2026-05-27 | ||
| --- | ||
|
|
||
| Cloudforce One users can now turn Threat Events indicators into active defense. With this update, users can instantly generate a WAF rule that matches the dynamic list of IP addresses returned by any of their **Saved Views**. |
Contributor
There was a problem hiding this comment.
Link to Threat Events dev docs would be nice.
nikitacano
reviewed
May 26, 2026
| This new integration bridges the gap between threat discovery and threat mitigation: | ||
| * When you identify an active threat pattern—such as an ongoing campaign targeting a specific industry or using a known indicator type—you can pivot from investigation to mitigation in a single click | ||
| * Instead of writing complex, static IP rules, this functionality allows you to leverage the specific filtering logic you have already defined and saved within your Threat Events ecosystem | ||
| * Automating the generation of the WAF rule expression from your threat views eliminates manual copying errors, ensuring that the right malicious infrastructure is blocked instantly |
Contributor
There was a problem hiding this comment.
Linking to WAF rule expression dev doc here would be helpful.
nikitacano
reviewed
May 26, 2026
| You can implement these rules through both the dashboard UI and via the API / Terraform: | ||
|
|
||
| * **Dashboard:** Navigate to **Cloudflare Dashboard > Application Security > Threat Intelligence > Manage Views**, select your desired view, and click **Create WAF Rule**. This will automatically pre-populate the WAF rule builder with the matching threat event IP indicators. | ||
| * **API:** You can also automate this workflow by utilizing the **WAF Rule Builder API** alongside your Threat Events saved views endpoints. |
Contributor
There was a problem hiding this comment.
Link to API docs here would be appreciated.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated the date and improved the clarity of the description and features of the WAF rule generation from Threat Events.
Summary
Screenshots (optional)
Documentation checklist