IT OPS

Cloudflare WAF Change Event → Slack Approval Gate

Receives a Cloudflare audit-log webhook when a WAF rule is edited, checks whether the change matches an open approved change request in GitHub.

CategoryIT Ops

Enginesim

Difficultyadvanced

Triggerwebhook

Steps5

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerCloudflare audit-log webhook on WAF editCloudflare
ActionFetch full changed rule definitionCloudflare
ActionSearch GitHub for matching approved change requestGitHub
LogicBranch: approved vs unapproved change
OutputPost unapproved-change alert to SlackSlack

What it does

Reacts in near-real-time to WAF edits in Cloudflare. For each rule change event it determines whether a matching approved change request exists in your Git workflow. Changes without an approval get flagged to Slack so an on-call engineer can confirm or revert.

When to use it

Use this when speed matters more than a daily sweep — you want to know within minutes if someone modifies a WAF rule outside the change process, especially during freezes or incident windows.

How it works

1A Cloudflare audit-log webhook triggers on WAF ruleset modification events.
2An action enriches the event by fetching the full current rule definition from Cloudflare.
3A GitHub action searches open/merged PRs and issues for a matching approved change reference.
4A logic branch splits approved versus unapproved changes.
5Approved changes are logged silently; unapproved ones continue.
6A Slack message posts the actor, zone, rule, and diff with approve/revert context to the security channel.

Set it up

What you configure once, before turning it on.

1
Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
2
Connect GitHubRepos, issues, pull requests, actions.
3
Connect SlackChannels, DMs, threads, mentions.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More IT Ops workflows

Outlook Room Conflict Resolver with Approval Gate in Teams

When an Outlook room clashes, proposes a rebooking and asks the bumped meeting's organizer to approve the move in Microsoft Teams before any change is made.

Outlook Room Double-Booking Resolver with Auto-Rebook

Detects when two meetings claim the same Outlook room resource and automatically relocates the lower-priority meeting to a comparable free room.

Self-Service Reclaim Email for Idle Users

Detects users idle in a SaaS app past the threshold and emails each one a keep-or-release link; unanswered seats after the deadline are auto-flagged for removal.

Reconcile SSO logins against expense spend to find unmanaged tools

Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.

Indoor Air Quality Breach to Tenant Notice and Work Order

Listens for CO2, VOC, or humidity sensor alerts via webhook, and when a zone exceeds occupant-safety limits it emails affected tenants, opens a Monday remediation task.

Daily Building Anomaly Digest to MS Teams

Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.

Browse all IT Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →