CUSTOMER SUPPORT
WAF Block Complaint Investigator
When a support ticket reports a blocked request, the agent looks up the matching Cloudflare firewall event, decides whether it was a genuine false positive.
How it runs
The automated pipeline, trigger to output.
- TriggerNew blocked-request ticket in ZendeskZendesk
- ActionLook up matching Cloudflare firewall eventCloudflare
- LogicDecide: false positive or genuine block
- ActionAlert Slack if urgent rule fix neededSlack
- OutputReply on Zendesk ticket with findingZendesk
What it does
This agent connects customer-reported access problems to the actual WAF event that caused them. When someone files a ticket saying a page or API call was blocked, it finds the firewall event, judges whether the block was wrong, and closes the loop in the support tool.
When to use it
Use it when support agents keep escalating "I got blocked" tickets they can't diagnose. It gives them an authoritative answer fast and flags security when a customer-facing false positive needs an immediate exception.
How it works
- 1A new Zendesk ticket tagged as an access or blocked-request issue triggers the flow.
- 2The agent extracts the client IP, timestamp, and URL from the ticket.
- 3It queries Cloudflare for firewall events matching that client and window.
- 4A logic branch determines whether the block was a legitimate defense or a false positive.
- 5If a false positive, it posts an urgent alert to Slack naming the rule and customer impact.
- 6Either way, it replies on the Zendesk ticket with the finding and next steps.
Set it up
What you configure once, before turning it on.
- 1Connect ZendeskTickets, queues, knowledge base.
- 2Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
- 3Connect SlackChannels, DMs, threads, mentions.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Customer Support workflows
Send a tailored Loom onboarding sequence on Front first-reply
When a new customer's first email lands in Front, this picks the Loom onboarding walkthroughs matching their plan and use case, builds a friendly sequenced reply.
Suggest the right Loom video by classifying Intercom message intent
Reads each new inbound Intercom conversation, classifies what the customer is trying to do, and surfaces the best-matching Loom walkthrough to the agent as an internal note.
Draft personalized fix-live replies for support to review
When a Sentry issue resolves, an agent reads each linked ticket's full thread and drafts a tailored 'your fix is live' reply per requester.
Close the loop with requesters when a Linear bug moves to Done
When a Linear issue created from a support escalation moves to Done after deploy, look up the originating Zendesk tickets and notify each requester that their reported bug is…
Reopen and notify Front conversations when their bug fix deploys
When a deploy resolves a Sentry issue, find the snoozed or closed Front conversations linked to it, reopen them, and send the customer a reply that the fix is now live.
Tell Intercom users their reported bug shipped after a Vercel deploy
On a successful Vercel production deployment, match the release's resolved Sentry issues to Intercom conversations and message each affected user that their reported issue is…
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.