diff --git a/src/content/changelogs/waf.yaml b/src/content/changelogs/waf.yaml
index 6208c2b0be30c7d..5c05413b42a1959 100644
--- a/src/content/changelogs/waf.yaml
+++ b/src/content/changelogs/waf.yaml
@@ -5,11 +5,14 @@ productLink: "/waf/"
 productArea: Application security
 productAreaLink: /fundamentals/reference/changelog/security/
 entries:
-  - publish_date: "2025-01-06"
-    scheduled_date: "2025-01-13"
+  - publish_date: "2025-01-13"
+    scheduled_date: "2025-01-20"
     individual_page: true
     scheduled: true
     link: "/waf/change-log/scheduled-changes/"
+  - publish_date: "2025-01-13"
+    individual_page: true
+    link: "/waf/change-log/2025-01-13/"
   - publish_date: "2025-01-06"
     individual_page: true
     link: "/waf/change-log/2025-01-06/"
diff --git a/src/content/docs/waf/change-log/2025-01-13.mdx b/src/content/docs/waf/change-log/2025-01-13.mdx
new file mode 100644
index 000000000000000..de8e7c9e9aa73ba
--- /dev/null
+++ b/src/content/docs/waf/change-log/2025-01-13.mdx
@@ -0,0 +1,81 @@
+---
+title: "2025-01-13"
+type: table
+pcx_content_type: changelog
+sidebar:
+  order: 805
+tableOfContents: false
+---
+
+import { RuleID } from "~/components";
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Rulesets</td>
+			<td>
+				<RuleID id="6e0bfbe4b9c6454c8bd7bd24f49e5840" />
+			</td>
+			<td>100704</td>
+			<td>Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Rulesets</td>
+			<td>
+				<RuleID id="c993997b7d904a9e89448fe6a6d43bc2" />
+			</td>
+			<td>100705</td>
+			<td>Sentry - SSRF</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Rulesets</td>
+			<td>
+				<RuleID id="f40ce742be534ba19d610961ce6311bb" />
+			</td>
+			<td>100706</td>
+			<td>Apache Struts - Remote Code Execution - CVE:CVE-2024-53677</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Rulesets</td>
+			<td>
+				<RuleID id="67ac639a845c482d948b465b2233da1f" />
+			</td>
+			<td>100707</td>
+			<td>FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Rulesets</td>
+			<td>
+				<RuleID id="870cca2b874d41738019d4c3e31d972a" />
+			</td>
+			<td>100007C_BETA</td>
+			<td>Command Injection - Common Attack Commands</td>
+			<td></td>
+			<td>Disabled</td>
+			<td></td>
+		</tr>
+	</tbody>
+</table>
\ No newline at end of file
diff --git a/src/content/docs/waf/change-log/scheduled-changes.mdx b/src/content/docs/waf/change-log/scheduled-changes.mdx
index 89773d6ff87870a..c950d245bb85eb3 100644
--- a/src/content/docs/waf/change-log/scheduled-changes.mdx
+++ b/src/content/docs/waf/change-log/scheduled-changes.mdx
@@ -23,48 +23,26 @@ import { RuleID } from "~/components";
 	</thead>
 	<tbody>
 		<tr>
-			<td>2025-01-06</td>
 			<td>2025-01-13</td>
+			<td>2025-01-20</td>
 			<td>Block</td>
-			<td>100704</td>
+			<td>100303_BETA</td>
 			<td>
-					<RuleID id="6e0bfbe4b9c6454c8bd7bd24f49e5840" />
+					<RuleID id="aad6f9f85e034022b6a8dee4b8d152f4" />
 			</td>
-			<td>Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953</td>
-			<td>This is a New Detection</td>
+			<td>Command Injection - Nslookup - Beta</td>
+			<td>This will replace the old detection <RuleID id="f4a310393c564d50bd585601b090ba9a" /> </td>
 		</tr>
 		<tr>
-			<td>2025-01-06</td>
 			<td>2025-01-13</td>
+			<td>2025-01-20</td>
 			<td>Block</td>
-			<td>100705</td>
+			<td>100534_BETA</td>
 			<td>
-					<RuleID id="c993997b7d904a9e89448fe6a6d43bc2" />
+					<RuleID id="39c8f6066c19466ea084e51e82fe4e7f" />
 			</td>
-			<td>Sentry - SSRF</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-01-06</td>
-			<td>2025-01-13</td>
-			<td>Block</td>
-			<td>100706</td>
-			<td>
-					<RuleID id="f40ce742be534ba19d610961ce6311bb" />
-			</td>
-			<td>Apache Struts - Remote Code Execution - CVE:CVE-2024-53677</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-01-06</td>
-			<td>2025-01-13</td>
-			<td>Block</td>
-			<td>100707</td>
-			<td>
-					<RuleID id="67ac639a845c482d948b465b2233da1f" />
-			</td>
-			<td>FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990</td>
-			<td>This is a New Detection</td>
+			<td>Web Shell Activity Beta</td>
+			<td>This will replace the old detection <RuleID id="fd5d5678ce594ea898aa9bf149e6b538" /> </td>
 		</tr>
 	</tbody>
 </table>

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Managed Rulesets	+ +	100704	Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953	Log	Block	New Detection
Cloudflare Managed Rulesets	+ +	100705	Sentry - SSRF	Log	Block	New Detection
Cloudflare Managed Rulesets	+ +	100706	Apache Struts - Remote Code Execution - CVE:CVE-2024-53677	Log	Block	New Detection
Cloudflare Managed Rulesets	+ +	100707	FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990	Log	Block	New Detection
Cloudflare Managed Rulesets	+ +	100007C_BETA	Command Injection - Common Attack Commands		Disabled