From 262e5be055c46aeb7832be22ee46a40e12add249 Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:34:21 +0100 Subject: [PATCH 1/9] corrected h3 to h4 --- src/content/docs/magic-network-monitoring/rules/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/magic-network-monitoring/rules/index.mdx b/src/content/docs/magic-network-monitoring/rules/index.mdx index b77717d74186d1..59ad4d9dc14ade 100644 --- a/src/content/docs/magic-network-monitoring/rules/index.mdx +++ b/src/content/docs/magic-network-monitoring/rules/index.mdx @@ -70,7 +70,7 @@ Follow the previous steps to [create](#create-rules-in-the-dashboard) or [edit]( Each rule must include a group of IP prefixes in its definition. All IP prefixes inside a rule are evaluated as a whole, and you should set up a rule with multiple IP prefixes when you want the IP prefixes' aggregated traffic to trigger an alert or advertisement. For thresholds on singular IP prefixes or IP addresses, you can create an individual rule with one prefix and the desired rule parameters. -### Rule IP prefixes example +#### Rule IP prefixes example For a rule with two prefix CIDRs and a `packet_threshold` of `10000` as shown below, the rule will be flagged if the joint packet traffic of `192.168.0.0/24` and `172.118.0.0/24` is greater than `10000`. This also means that Cloudflare attempts to auto advertise both CIDRs if the rule has the auto advertisement flag enabled. Customers can also [configure Rule IP prefixes at scale via Cloudflare's API](https://developers.cloudflare.com/api/resources/magic_network_monitoring/subresources/rules/). From e7940a14cfdb996a13dae09490cf783b84594a86 Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:35:29 +0100 Subject: [PATCH 2/9] corrected spaces --- .../docs/magic-network-monitoring/rules/static-threshold.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx b/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx index 13de33b81ed997..9e04e60d190624 100644 --- a/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx +++ b/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx @@ -7,7 +7,7 @@ sidebar: A static threshold rule allows you to define a constant numeric threshold, in terms of bits or packets, for DDoS traffic monitoring. The total traffic across all IP prefixes and IP addresses in the rule is compared to the static rule threshold. If the total traffic exceeds the static rule threshold for the duration of the rule, then an alert is sent. -Customers that send NetFlow and / or sFlow data to Cloudflare can configure static threshold rules. +Customers that send NetFlow and/or sFlow data to Cloudflare can configure static threshold rules. ## Rule configuration fields From cfb5423c3f06612ba7455bf866fdc5a360075698 Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:38:31 +0100 Subject: [PATCH 3/9] refined text --- src/content/docs/magic-network-monitoring/rules/index.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/content/docs/magic-network-monitoring/rules/index.mdx b/src/content/docs/magic-network-monitoring/rules/index.mdx index 59ad4d9dc14ade..df5cd4d471d44a 100644 --- a/src/content/docs/magic-network-monitoring/rules/index.mdx +++ b/src/content/docs/magic-network-monitoring/rules/index.mdx @@ -66,6 +66,8 @@ If you are an Enterprise customer using [Magic Transit On Demand](/magic-transit Follow the previous steps to [create](#create-rules-in-the-dashboard) or [edit](#edit-rules-in-the-dashboard) a rule. Then, enable **Auto-Advertisement**. +After enabling the Auto-Advertisement option, refer to [Rule Auto-Advertisement notifications](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications) to learn about what each status means. + ### Rule IP prefixes Each rule must include a group of IP prefixes in its definition. All IP prefixes inside a rule are evaluated as a whole, and you should set up a rule with multiple IP prefixes when you want the IP prefixes' aggregated traffic to trigger an alert or advertisement. For thresholds on singular IP prefixes or IP addresses, you can create an individual rule with one prefix and the desired rule parameters. From d2fe0ea6b1b823aad6e5ce54e69066c2876ded66 Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:39:10 +0100 Subject: [PATCH 4/9] corrected link --- .../docs/magic-network-monitoring/rules/static-threshold.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx b/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx index 9e04e60d190624..61bb788ecaa1b5 100644 --- a/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx +++ b/src/content/docs/magic-network-monitoring/rules/static-threshold.mdx @@ -18,7 +18,7 @@ Customers that send NetFlow and/or sFlow data to Cloudflare can configure static | **Rule threshold type** | Can be defined in either bits per second or packets per second. | | **Rule threshold** | The number of bits per second or packets per second for the rule alert. When this value is exceeded for the rule duration, an alert notification is sent. Minimum of `1` and no maximum. | | **Rule duration** | The amount of time in minutes the rule threshold must exceed to send an alert notification. Choose from the following values: `1`, `5`, `10`, `15`, `20`, `30`, `45`, or `60` minutes. | -| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule alert is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications). | +| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule alert is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/#rule-auto-advertisement). | | **Rule IP prefix** | The IP prefix associated with the rule for monitoring traffic volume. Must be a CIDR range such as `160.168.0.1/24`. Max is 5,000 unique CIDR entries. To learn more and see an example, view the [Rule IP prefixes](/magic-network-monitoring/rules/#rule-ip-prefixes) section. | ## API documentation From c758d2b244c0da607d57dc8e0c0c8fc1085160b6 Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:41:20 +0100 Subject: [PATCH 5/9] corrected link --- .../docs/magic-network-monitoring/rules/dynamic-threshold.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx b/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx index 8fae6d97ededd4..57ec2eff6317e1 100644 --- a/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx +++ b/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx @@ -23,7 +23,7 @@ A dynamic threshold rule can only be configured via [Cloudflare's Magic Network | **Rule type** | zscore | | **Target** | Can be defined in either bits per second or packets per second. | | **Sensitivity** | Z-Score sensitivity has three values: low, medium, and high. | -| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications). | +| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/#rule-auto-advertisement). | | **Rule IP prefix** | The IP prefix associated with the rule for monitoring traffic volume. Must be a CIDR range such as `160.168.0.1/24`. The maximum is 5,000 unique CIDR entries. To learn more and review an example, refer to the [Rule IP prefixes](/magic-network-monitoring/rules/#rule-ip-prefixes). | ## API documentation From 7b87d2bb167775d0c10e3a89958780d7054501aa Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:43:35 +0100 Subject: [PATCH 6/9] refined text --- .../docs/magic-network-monitoring/rules/dynamic-threshold.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx b/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx index 57ec2eff6317e1..9743ce51612cba 100644 --- a/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx +++ b/src/content/docs/magic-network-monitoring/rules/dynamic-threshold.mdx @@ -28,7 +28,7 @@ A dynamic threshold rule can only be configured via [Cloudflare's Magic Network ## API documentation -to review an example API configuration call using CURL and the expected output for a successful response, go to [Magic Network Monitoring](/api/resources/magic_network_monitoring/) in [developers.cloudflare.com/api/](/api/) and expand the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section. +To review an example API configuration call using CURL and the expected output for a successful response, go to the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section in the Magic Network Monitoring API documentation. ## How the dynamic rule threshold is calculated From 6c0a06251c8141d394305f2024bfe52c508abc91 Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:46:52 +0100 Subject: [PATCH 7/9] refined text --- .../magic-network-monitoring/rules/s-flow-ddos-attack.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/magic-network-monitoring/rules/s-flow-ddos-attack.mdx b/src/content/docs/magic-network-monitoring/rules/s-flow-ddos-attack.mdx index b8e2bc9b8862cf..676049a481793d 100644 --- a/src/content/docs/magic-network-monitoring/rules/s-flow-ddos-attack.mdx +++ b/src/content/docs/magic-network-monitoring/rules/s-flow-ddos-attack.mdx @@ -24,12 +24,12 @@ Customers can export sFlow data of their network traffic to Cloudflare via Magic | **Rule name** | Must be unique and cannot contain spaces. Supports characters `A-Z`, `a-z`, `0-9`, underscore (`_`), dash (`-`), period (`.`), and tilde (`~`). Maximum of 256 characters. | | **Rule type** | advanced_ddos | | **Prefix Match** | The field `prefix_match` determines how IP matches are handled.
  • **Recommended**
    • **Subnet**: Automatically advertise if the attacked IPs are within a subnet of a public IP prefix that can be advertised by Magic Transit.
  • **Other prefix match options**
    • **Exact**: Automatically advertise if the attacked IPs are an exact match with a public IP prefix that can be advertised by Magic Transit.
    • **Supernet**: Automatically advertise if the attacked IPs are a supernet of a public IP prefix that can be advertised by Magic Transit.
| -| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications). | +| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/#rule-auto-advertisement). | | **Rule IP prefix** | The IP prefix associated with the rule for monitoring traffic volume. Must be a CIDR range such as `160.168.0.1/24`. The maximum is 5,000 unique CIDR entries. To learn more and see an example, view the [Rule IP prefixes](/magic-network-monitoring/rules/#rule-ip-prefixes). | ## API documentation -You can visit [developers.cloudflare.com/api/](/api/), navigate to [Magic Network Monitoring](/api/resources/magic_network_monitoring/), and expand the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section to see an example API configuration call using CURL and the expected output for a successful response. +Go to the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section in the Magic Network Monitoring's API documentation to review an example API configuration call using CURL and the expected output for a successful response. ## Tune the sFlow DDoS alert thresholds From cd1e4b42f7db7bf254a8aa2fa082757dd61f0eba Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:53:18 +0100 Subject: [PATCH 8/9] created auto adv notif --- .../mnm-auto-advertisement-notifications.mdx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 src/content/partials/networking-services/mnm-auto-advertisement-notifications.mdx diff --git a/src/content/partials/networking-services/mnm-auto-advertisement-notifications.mdx b/src/content/partials/networking-services/mnm-auto-advertisement-notifications.mdx new file mode 100644 index 00000000000000..3bf575d2cf83e7 --- /dev/null +++ b/src/content/partials/networking-services/mnm-auto-advertisement-notifications.mdx @@ -0,0 +1,14 @@ +--- +{} +--- + +Webhook, PagerDuty, and email notifications are sent following an auto-advertisement attempt for all prefixes inside the flagged rule. + +You will receive the status of the advertisement for each prefix with the following available statuses: + +- **Advertised**: The prefix was successfully advertised. +- **Already Advertised**: The prefix was advertised prior to the auto advertisement attempt. +- **Delayed**: The prefix cannot currently be advertised but will attempt advertisement. After the prefix can be advertised, a new notification is sent with the updated status. +- **Locked**: The prefix is locked and cannot be advertised. +- **Could not Advertise**: Cloudflare was unable to advertise the prefix. This status can occur for multiple reasons, but usually occurs when you are not allowed to advertise a prefix. +- **Error**: A general error occurred during prefix advertisement. \ No newline at end of file From 92adf7f54a14e41d54e71c35386dd67394bcad6c Mon Sep 17 00:00:00 2001 From: Marcio Date: Tue, 22 Jul 2025 09:53:23 +0100 Subject: [PATCH 9/9] added rule auto adv partial --- .../docs/magic-network-monitoring/rules/index.mdx | 5 ++++- .../rules/rule-notifications.mdx | 12 ++---------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/src/content/docs/magic-network-monitoring/rules/index.mdx b/src/content/docs/magic-network-monitoring/rules/index.mdx index df5cd4d471d44a..b806809ebdfde3 100644 --- a/src/content/docs/magic-network-monitoring/rules/index.mdx +++ b/src/content/docs/magic-network-monitoring/rules/index.mdx @@ -6,6 +6,7 @@ sidebar: order: 4 --- +import { Render } from "~/components" Magic Network Monitoring rules allow you to monitor your network traffic for DDoS attacks on specific IP addresses or IP prefixes within your network. If the network traffic that is monitored by a rule exceeds the rule's threshold or contains a DDoS attack fingerprint, then you will receive an alert. @@ -66,7 +67,9 @@ If you are an Enterprise customer using [Magic Transit On Demand](/magic-transit Follow the previous steps to [create](#create-rules-in-the-dashboard) or [edit](#edit-rules-in-the-dashboard) a rule. Then, enable **Auto-Advertisement**. -After enabling the Auto-Advertisement option, refer to [Rule Auto-Advertisement notifications](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications) to learn about what each status means. +#### Rule Auto-Advertisement notifications + + ### Rule IP prefixes diff --git a/src/content/docs/magic-network-monitoring/rules/rule-notifications.mdx b/src/content/docs/magic-network-monitoring/rules/rule-notifications.mdx index 9eb9b6a6ba9d48..bc3867ec5617f0 100644 --- a/src/content/docs/magic-network-monitoring/rules/rule-notifications.mdx +++ b/src/content/docs/magic-network-monitoring/rules/rule-notifications.mdx @@ -4,6 +4,7 @@ pcx_content_type: how-to sidebar: order: 4 --- +import { Render } from "~/components" After configuring one or multiple rule types in Magic Network Monitoring, customers can also choose to receive notifications via email, webhook, or PagerDuty when a rule is triggered. @@ -28,16 +29,7 @@ You can read [Cloudflare's Notifications documentation](/notifications/) for mor ## Rule Auto-Advertisement notifications -Webhook, PagerDuty, and email notifications are sent following an auto-advertisement attempt for all prefixes inside the flagged rule. - -You will receive the status of the advertisement for each prefix with the following available statuses: - -- **Advertised**: The prefix was successfully advertised. -- **Already Advertised**: The prefix was advertised prior to the auto advertisement attempt. -- **Delayed**: The prefix cannot currently be advertised but will attempt advertisement. After the prefix can be advertised, a new notification is sent with the updated status. -- **Locked**: The prefix is locked and cannot be advertised. -- **Could not Advertise**: Cloudflare was unable to advertise the prefix. This status can occur for multiple reasons, but usually occurs when you are not allowed to advertise a prefix. -- **Error**: A general error occurred during prefix advertisement. + ## Configure static threshold notifications