AI AGENTS

Weekly WAF ruleset hygiene audit

Once a week an agent audits the entire Cloudflare WAF ruleset against the week's traffic, flagging rules that never fire, overlap, or generate mostly false positives.

CategoryAI Agents

Enginepaperclip

Difficultyadvanced

Triggerschedule

Steps5

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerWeekly schedule kicks off the audit
ActionFetch active ruleset and week of eventsCloudflare
LogicCompute per-rule hit, benign ratio, overlap
ActionOpen Linear issue per findingLinear
OutputPost audit scorecard to SlackSlack

What it does

A standing hygiene pass over your whole WAF config. It compares each custom and managed-override rule against a week of firewall events to find dead weight: rules that never matched, rules whose matches are overwhelmingly benign, and rules that duplicate or shadow each other. It produces a prioritized cleanup list so the ruleset stays lean and trustworthy.

When to use it

When your WAF ruleset has accreted over months of incidents and nobody's sure which rules still earn their place. Run it weekly to keep false-positive risk and rule sprawl in check.

How it works

1A weekly schedule kicks off the audit.
2The agent fetches the active WAF ruleset and the week's firewall events from Cloudflare.
3It maps every match back to a rule and computes per-rule stats: hit count, benign-versus-hostile ratio, and overlap with other rules.
4It ranks rules as keep, retune, or retire with reasoning for each.
5It opens a Linear issue per actionable finding and posts a summary scorecard to Slack for the security team.

Set it up

What you configure once, before turning it on.

1
Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
2
Connect LinearIssues, projects, cycles, triage.
3
Connect SlackChannels, DMs, threads, mentions.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More AI Agents workflows

Custom Metrics Cardinality Spike Pager

A webhook from a Datadog monitor fires when custom-metric cardinality jumps; an agent pinpoints the offending metric and tag, estimates the added cost.

Sentry-to-Confluence Runbook Updater

When a Sentry issue is resolved, the agent finds the matching Confluence runbook page and proposes an inline update with the verified fix.

Stale Doc-PR Chaser for Runbook Gaps

On a daily schedule the agent finds runbook doc PRs that were opened from resolved incidents but never reviewed, summarizes what each one fixes.

Resolved Incident to Public Troubleshooting Doc

For customer-facing errors resolved in Sentry, the agent drafts a sanitized troubleshooting entry and opens a PR to your ReadMe documentation.

On-Call Runbook Gap Closer: Resolved Sentry Issues to Doc PRs

An agent reads each newly resolved Sentry issue, compares the actual fix against your existing runbook, and opens a GitHub PR adding the missing remediation steps.

Weekly On-Call Doc-Gap Digest

Each week the agent reviews every Sentry issue resolved in the last 7 days, ranks the ones whose runbook coverage is missing or thin.

Browse all AI Agents →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Support

Customer Support Hub

Tier-1, tier-2, refunds, and escalations — same-hour.

Software

SaaS Operator (Pre-PMF)

Talk to users, ship features, kill what doesn't land.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →