AI AGENTS
Datadog Edge Anomaly to Cloudflare WAF Auto-Tighten
When Datadog detects an edge-traffic anomaly, an agent correlates it against runbooks, tightens the relevant Cloudflare WAF managed ruleset, and logs the change for review.
How it runs
The automated pipeline, trigger to output.
- TriggerDatadog edge-anomaly monitor firesDatadog
- ActionRetrieve runbook and confirm anomaly is actionableCustom MCP server
- LogicCheck anomaly against runbook action threshold
- ActionTighten Cloudflare WAF managed ruleset sensitivityCloudflare
- OutputLog change as Datadog event and notify SlackDatadog
What it does
Watches Datadog for anomalous edge traffic and responds by hardening your WAF. When a monitor fires on a request-rate or error-rate anomaly, an agent confirms it against your runbooks, raises the sensitivity of the relevant Cloudflare managed ruleset, and records the change so it can be rolled back.
When to use it
Use it when Datadog is your observability source of truth for edge traffic and you want a graduated, reversible response to anomalies rather than a hard block. Good for teams that prefer tightening sensitivity over outright blocking during ramp-ups.
How it works
- 1A Datadog monitor alert triggers on an edge-traffic anomaly.
- 2The agent retrieves the relevant runbook from the MCP server and confirms the anomaly is actionable.
- 3A logic branch checks whether the anomaly exceeds the runbook threshold for action.
- 4If so, the agent tightens the matching Cloudflare WAF managed ruleset sensitivity.
- 5It writes the change and its rationale to a Datadog event for an audit trail and alerts Slack.
Set it up
What you configure once, before turning it on.
- 1Connect DatadogMetrics, traces, log search.
- 2Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
- 3Connect Custom MCP serverConnect any MCP-compatible tool you own.
- 4Connect SlackChannels, DMs, threads, mentions.
- 5Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 6Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 7Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More AI Agents workflows
Custom Metrics Cardinality Spike Pager
A webhook from a Datadog monitor fires when custom-metric cardinality jumps; an agent pinpoints the offending metric and tag, estimates the added cost.
Sentry-to-Confluence Runbook Updater
When a Sentry issue is resolved, the agent finds the matching Confluence runbook page and proposes an inline update with the verified fix.
Stale Doc-PR Chaser for Runbook Gaps
On a daily schedule the agent finds runbook doc PRs that were opened from resolved incidents but never reviewed, summarizes what each one fixes.
Resolved Incident to Public Troubleshooting Doc
For customer-facing errors resolved in Sentry, the agent drafts a sanitized troubleshooting entry and opens a PR to your ReadMe documentation.
On-Call Runbook Gap Closer: Resolved Sentry Issues to Doc PRs
An agent reads each newly resolved Sentry issue, compares the actual fix against your existing runbook, and opens a GitHub PR adding the missing remediation steps.
Weekly On-Call Doc-Gap Digest
Each week the agent reviews every Sentry issue resolved in the last 7 days, ranks the ones whose runbook coverage is missing or thin.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.