AI AGENTS

Customer WAF-block ticket resolver

When a support ticket reports being blocked, an agent matches the customer's request against Cloudflare WAF events, confirms the false positive.

CategoryAI Agents

Enginepaperclip

Difficultyintermediate

Triggerevent

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerZendesk ticket tagged waf-blockZendesk
LogicExtract reporter IP, time, and endpoint
ActionSearch Cloudflare events for the blockCloudflare
LogicConfirm genuine block or flag for human
OutputPost allow rule to Slack and reply on ticketZendesk

What it does

Bridges support and security. A new Zendesk ticket tagged as a possible WAF block triggers the agent to search Cloudflare firewall events for the customer's IP or request signature around the reported time. If it finds the matching block, it confirms which managed rule fired, drafts a clear customer-facing reply, and prepares a narrowly scoped allow rule for an operator to approve.

When to use it

When legitimate customers or API partners hit your WAF and open tickets, and support lacks the access or context to diagnose it. This turns a back-and-forth escalation into a one-touch confirmed fix.

How it works

1A Zendesk ticket tagged waf-block triggers the run.
2The agent extracts the reporter's IP, timestamp, and endpoint from the ticket.
3It queries Cloudflare firewall events to locate the matching block and identify the offending rule.
4A branch checks whether a genuine block was found.
5If confirmed, it drafts a scoped allow rule, posts it to Slack for approval, and writes a ready-to-send customer reply back on the Zendesk ticket; if not found, it flags the ticket for human investigation.

Set it up

What you configure once, before turning it on.

1
Connect ZendeskTickets, queues, knowledge base.
2
Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
3
Connect SlackChannels, DMs, threads, mentions.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More AI Agents workflows

Custom Metrics Cardinality Spike Pager

A webhook from a Datadog monitor fires when custom-metric cardinality jumps; an agent pinpoints the offending metric and tag, estimates the added cost.

Sentry-to-Confluence Runbook Updater

When a Sentry issue is resolved, the agent finds the matching Confluence runbook page and proposes an inline update with the verified fix.

Stale Doc-PR Chaser for Runbook Gaps

On a daily schedule the agent finds runbook doc PRs that were opened from resolved incidents but never reviewed, summarizes what each one fixes.

Resolved Incident to Public Troubleshooting Doc

For customer-facing errors resolved in Sentry, the agent drafts a sanitized troubleshooting entry and opens a PR to your ReadMe documentation.

On-Call Runbook Gap Closer: Resolved Sentry Issues to Doc PRs

An agent reads each newly resolved Sentry issue, compares the actual fix against your existing runbook, and opens a GitHub PR adding the missing remediation steps.

Weekly On-Call Doc-Gap Digest

Each week the agent reviews every Sentry issue resolved in the last 7 days, ranks the ones whose runbook coverage is missing or thin.

Browse all AI Agents →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Support

Customer Support Hub

Tier-1, tier-2, refunds, and escalations — same-hour.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →