AI AGENTS
PagerDuty WAF Incident Triage to Cloudflare Mitigation
On a PagerDuty WAF incident, an agent classifies the attack, applies a scoped Cloudflare rate-limit or block rule, and acknowledges the incident with the action it took.
How it runs
The automated pipeline, trigger to output.
- TriggerPagerDuty WAF incident triggeredPagerDuty
- ActionPull runbook decision tree and classify attackCustom MCP server
- LogicRoute by severity: auto-mitigate vs stay manual
- ActionApply scoped Cloudflare rate-limit or block ruleCloudflare
- OutputAnnotate and acknowledge the PagerDuty incidentPagerDuty
What it does
Bridges your pager to your edge. When PagerDuty pages on a WAF-related incident, an agent classifies the traffic pattern, picks the right mitigation from your runbooks, applies a scoped Cloudflare rate-limit or block, and writes the result back onto the PagerDuty incident timeline.
When to use it
Use it when WAF incidents route through PagerDuty and you want the first triage step automated so the human who picks up the page sees what already happened. Ideal for high-volume edge alerts where most incidents map to a handful of known mitigations.
How it works
- 1A PagerDuty incident triggers the workflow on a WAF-tagged alert.
- 2The agent pulls the runbook decision tree from the MCP server and classifies the attack type.
- 3A logic branch routes by severity: low gets an automatic mitigation, high stays manual.
- 4For auto cases, the agent applies a scoped Cloudflare rate-limit or block rule.
- 5It posts a note and acknowledgment back to the PagerDuty incident describing the action.
Set it up
What you configure once, before turning it on.
- 1Connect PagerDutyIncidents, on-call, escalations.
- 2Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
- 3Connect Custom MCP serverConnect any MCP-compatible tool you own.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More AI Agents workflows
Custom Metrics Cardinality Spike Pager
A webhook from a Datadog monitor fires when custom-metric cardinality jumps; an agent pinpoints the offending metric and tag, estimates the added cost.
Sentry-to-Confluence Runbook Updater
When a Sentry issue is resolved, the agent finds the matching Confluence runbook page and proposes an inline update with the verified fix.
Stale Doc-PR Chaser for Runbook Gaps
On a daily schedule the agent finds runbook doc PRs that were opened from resolved incidents but never reviewed, summarizes what each one fixes.
Resolved Incident to Public Troubleshooting Doc
For customer-facing errors resolved in Sentry, the agent drafts a sanitized troubleshooting entry and opens a PR to your ReadMe documentation.
On-Call Runbook Gap Closer: Resolved Sentry Issues to Doc PRs
An agent reads each newly resolved Sentry issue, compares the actual fix against your existing runbook, and opens a GitHub PR adding the missing remediation steps.
Weekly On-Call Doc-Gap Digest
Each week the agent reviews every Sentry issue resolved in the last 7 days, ranks the ones whose runbook coverage is missing or thin.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.