cloudflare · marciocloudflare · Jul 22, 2025 · Jul 22, 2025 · Jul 22, 2025 · Jul 22, 2025
@@ -23,12 +23,12 @@ A dynamic threshold rule can only be configured via [Cloudflare's Magic Network
 | **Rule type** | zscore |
 | **Target** | Can be defined in either bits per second or packets per second. |
 | **Sensitivity** | Z-Score sensitivity has three values: low, medium, and high. |
-| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications). |
+| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/#rule-auto-advertisement). |
 | **Rule IP prefix** | The IP prefix associated with the rule for monitoring traffic volume. Must be a CIDR range such as `160.168.0.1/24`. The maximum is 5,000 unique CIDR entries. To learn more and review an example, refer to the [Rule IP prefixes](/magic-network-monitoring/rules/#rule-ip-prefixes). |
 
 ## API documentation
 
-to review an example API configuration call using CURL and the expected output for a successful response, go to [Magic Network Monitoring](/api/resources/magic_network_monitoring/) in [developers.cloudflare.com/api/](/api/) and expand the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section.
+To review an example API configuration call using CURL and the expected output for a successful response, go to the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section in the Magic Network Monitoring API documentation.
 
 ## How the dynamic rule threshold is calculated
 

@@ -6,6 +6,7 @@ sidebar:
   order: 4
 
 ---
+import { Render } from "~/components"
 
 Magic Network Monitoring rules allow you to monitor your network traffic for DDoS attacks on specific IP addresses or IP prefixes within your network. If the network traffic that is monitored by a rule exceeds the rule's threshold or contains a DDoS attack fingerprint, then you will receive an alert.
 
@@ -66,11 +67,15 @@ If you are an Enterprise customer using [Magic Transit On Demand](/magic-transit
 
 Follow the previous steps to [create](#create-rules-in-the-dashboard) or [edit](#edit-rules-in-the-dashboard) a rule. Then, enable **Auto-Advertisement**.
 
+#### Rule Auto-Advertisement notifications
+
+<Render file="mnm-auto-advertisement-notifications" product="networking-services" />
+
 ### Rule IP prefixes
 
 Each rule must include a group of IP prefixes in its definition. All IP prefixes inside a rule are evaluated as a whole, and you should set up a rule with multiple IP prefixes when you want the IP prefixes' aggregated traffic to trigger an alert or advertisement. For thresholds on singular IP prefixes or IP addresses, you can create an individual rule with one prefix and the desired rule parameters.
 
-### Rule IP prefixes example
+#### Rule IP prefixes example
 
 For a rule with two prefix CIDRs and a `packet_threshold` of `10000` as shown below, the rule will be flagged if the joint packet traffic of `192.168.0.0/24` and `172.118.0.0/24` is greater than `10000`. This also means that Cloudflare attempts to auto advertise both CIDRs if the rule has the auto advertisement flag enabled. Customers can also [configure Rule IP prefixes at scale via Cloudflare's API](https://developers.cloudflare.com/api/resources/magic_network_monitoring/subresources/rules/).
 

@@ -4,6 +4,7 @@ pcx_content_type: how-to
 sidebar:
   order: 4
 ---
+import { Render } from "~/components"
 
 After configuring one or multiple rule types in Magic Network Monitoring, customers can also choose to receive notifications via email, webhook, or PagerDuty when a rule is triggered.
 
@@ -28,16 +29,7 @@ You can read [Cloudflare's Notifications documentation](/notifications/) for mor
 
 ## Rule Auto-Advertisement notifications
 
-Webhook, PagerDuty, and email notifications are sent following an auto-advertisement attempt for all prefixes inside the flagged rule.
-
-You will receive the status of the advertisement for each prefix with the following available statuses:
-
-- **Advertised**: The prefix was successfully advertised.
-- **Already Advertised**: The prefix was advertised prior to the auto advertisement attempt.
-- **Delayed**: The prefix cannot currently be advertised but will attempt advertisement. After the prefix can be advertised, a new notification is sent with the updated status.
-- **Locked**: The prefix is locked and cannot be advertised.
-- **Could not Advertise**: Cloudflare was unable to advertise the prefix. This status can occur for multiple reasons, but usually occurs when you are not allowed to advertise a prefix.
-- **Error**: A general error occurred during prefix advertisement.
+<Render file="mnm-auto-advertisement-notifications" product="networking-services" />
 
 ## Configure static threshold notifications
 

@@ -24,12 +24,12 @@ Customers can export sFlow data of their network traffic to Cloudflare via Magic
 | **Rule name** | Must be unique and cannot contain spaces. Supports characters `A-Z`, `a-z`, `0-9`, underscore (`_`), dash (`-`), period (`.`), and tilde (`~`). Maximum of 256 characters. |
 | **Rule type** | advanced_ddos |
 | **Prefix Match** | The field `prefix_match` determines how IP matches are handled. <ul><li>**Recommended**</li><ul><li>**Subnet**: Automatically advertise if the attacked IPs are within a subnet of a public IP prefix that can be advertised by Magic Transit.</li></ul><li>**Other prefix match options**</li><ul><li>**Exact**: Automatically advertise if the attacked IPs are an exact match with a public IP prefix that can be advertised by Magic Transit.</li><li>**Supernet**: Automatically advertise if the attacked IPs are a supernet of a public IP prefix that can be advertised by Magic Transit.</li></ul></ul> |
-| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications). |
+| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule's dynamic threshold is triggered. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/#rule-auto-advertisement). |
 | **Rule IP prefix** | The IP prefix associated with the rule for monitoring traffic volume. Must be a CIDR range such as `160.168.0.1/24`. The maximum is 5,000 unique CIDR entries. To learn more and see an example, view the [Rule IP prefixes](/magic-network-monitoring/rules/#rule-ip-prefixes). |
 
 ## API documentation
 
-You can visit [developers.cloudflare.com/api/](/api/), navigate to [Magic Network Monitoring](/api/resources/magic_network_monitoring/), and expand the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section to see an example API configuration call using CURL and the expected output for a successful response.
+Go to the [Rules](/api/resources/magic_network_monitoring/subresources/rules/) section in the Magic Network Monitoring's API documentation to review an example API configuration call using CURL and the expected output for a successful response.
 
 ## Tune the sFlow DDoS alert thresholds
 

@@ -7,7 +7,7 @@ sidebar:
 
 A static threshold rule allows you to define a constant numeric threshold, in terms of bits or packets, for DDoS traffic monitoring. The total traffic across all IP prefixes and IP addresses in the rule is compared to the static rule threshold. If the total traffic exceeds the static rule threshold for the duration of the rule, then an alert is sent.
 
-Customers that send NetFlow and / or sFlow data to Cloudflare can configure static threshold rules.
+Customers that send NetFlow and/or sFlow data to Cloudflare can configure static threshold rules.
 
 ## Rule configuration fields
 
@@ -18,7 +18,7 @@ Customers that send NetFlow and / or sFlow data to Cloudflare can configure stat
 | **Rule threshold type** | Can be defined in either bits per second or packets per second. |
 | **Rule threshold** | The number of bits per second or packets per second for the rule alert. When this value is exceeded for the rule duration, an alert notification is sent. Minimum of `1` and no maximum. |
 | **Rule duration** | The amount of time in minutes the rule threshold must exceed to send an alert notification. Choose from the following values: `1`, `5`, `10`, `15`, `20`, `30`, `45`, or `60` minutes. |
-| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule alert is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/rule-notifications/#rule-auto-advertisement-notifications). |
+| **Auto-advertisement** | If you are a [Magic Transit On Demand](/magic-transit/on-demand) customer, you can enable this feature to automatically enable Magic Transit if the rule alert is triggered. Magic Network Monitoring supports Magic Transit's supernet capability. To learn more refer to [Auto-Advertisement section](/magic-network-monitoring/rules/#rule-auto-advertisement). |
 | **Rule IP prefix** | The IP prefix associated with the rule for monitoring traffic volume. Must be a CIDR range such as `160.168.0.1/24`. Max is 5,000 unique CIDR entries. To learn more and see an example, view the [Rule IP prefixes](/magic-network-monitoring/rules/#rule-ip-prefixes) section. |
 
 ## API documentation

@@ -0,0 +1,14 @@
+---
+{}
+---
+
+Webhook, PagerDuty, and email notifications are sent following an auto-advertisement attempt for all prefixes inside the flagged rule.
+
+You will receive the status of the advertisement for each prefix with the following available statuses:
+
+- **Advertised**: The prefix was successfully advertised.
+- **Already Advertised**: The prefix was advertised prior to the auto advertisement attempt.
+- **Delayed**: The prefix cannot currently be advertised but will attempt advertisement. After the prefix can be advertised, a new notification is sent with the updated status.
+- **Locked**: The prefix is locked and cannot be advertised.
+- **Could not Advertise**: Cloudflare was unable to advertise the prefix. This status can occur for multiple reasons, but usually occurs when you are not allowed to advertise a prefix.
+- **Error**: A general error occurred during prefix advertisement.