{"id":28816212,"url":"https://github.com/iamask/slack-alert-cloudflare-ruleset-engine","last_synced_at":"2026-05-10T02:03:16.844Z","repository":{"id":299172467,"uuid":"1001282643","full_name":"iamask/slack-alert-cloudflare-ruleset-engine","owner":"iamask","description":"A Cloudflare Worker that monitors Security events/ Rulesets and automatically blocks malicious JA4 fingerprints.","archived":false,"fork":false,"pushed_at":"2025-06-15T05:24:45.000Z","size":46,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-15T05:38:49.831Z","etag":null,"topics":["alerts","auotmation","cloudflare","cloudflare-workers","slack"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iamask.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-13T05:59:32.000Z","updated_at":"2025-06-15T05:24:48.000Z","dependencies_parsed_at":"2025-06-15T05:38:59.882Z","dependency_job_id":"0e8cdd77-4884-48cc-82b5-d16c6685d5a2","html_url":"https://github.com/iamask/slack-alert-cloudflare-ruleset-engine","commit_stats":null,"previous_names":["iamask/slack-alert-cloudflare-ruleset-engine"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/iamask/slack-alert-cloudflare-ruleset-engine","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fslack-alert-cloudflare-ruleset-engine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fslack-alert-cloudflare-ruleset-engine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fslack-alert-cloudflare-ruleset-engine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fslack-alert-cloudflare-ruleset-engine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iamask","download_url":"https://codeload.github.com/iamask/slack-alert-cloudflare-ruleset-engine/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fslack-alert-cloudflare-ruleset-engine/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260595652,"owners_count":23033787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alerts","auotmation","cloudflare","cloudflare-workers","slack"],"created_at":"2025-06-18T17:02:42.962Z","updated_at":"2026-05-10T02:03:16.765Z","avatar_url":"https://github.com/iamask.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Alert Action Automation\n\nA Cloudflare Worker that monitors Security events/ Rulesets and sends alerts to Slack when events are detected.\n\n[![Deploy to Cloudflare](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/iamask/slack-alert-cloudflare-ruleset-engine)\n\n## Features\n\n- Monitors Security events using Cloudflare's GraphQL API at account level\n- Sends alerts to Slack when events are detected\n- State management using KV to prevent duplicate alerts\n- Configurable through environment variables and secrets\n\n## Prerequisites\n\n- Cloudflare account with API access\n- Cloudflare Workers subscription\n- Slack workspace with webhook URL\n- Cloudflare API Token with appropriate permissions\n\n## Deployment\n\n### Option 1: Deploy Button (Recommended)\n\n1. Click the \"Deploy to Cloudflare\" button above\n2. Create Workers KV and add bindings to worker as `ALERTS_KV`\n3. Update Variables and secrets in the Cloudflare dashboard\n\n![Screenshot](https://r2.zxc.co.in/git_readme/slack-alert-dash.png)\n\n### Option 2: Manual Deployment\n\nIf you prefer to deploy manually:\n\n1. Clone this repository:\n\n   ```bash\n   git clone https://github.com/iamask/slack-alert-cloudflare-ruleset-engine.git\n   cd slack-alert-cloudflare-ruleset-engine\n   ```\n\n2. Install Wrangler CLI:\n\n   ```bash\n   npm i -D wrangler@latest\n   ```\n\n3. Create KV Namespace (Required for state management):\n\n   **Option A: Using Cloudflare Dashboard**\n\n   1. Go to Workers \u0026 Pages \u003e KV\n   2. Click \"Create a namespace\"\n   3. Name it \"ALERTS_KV\"\n   4. Copy the namespace ID\n\n   **Option B: Using Wrangler CLI**\n\n   ```bash\n   wrangler kv:namespace create \"ALERTS_KV\"\n   ```\n\n   This will output something like:\n\n   ```bash\n   Add the following to your wrangler.jsonc:\n   {\n     \"kv_namespaces\": [\n       {\n         \"binding\": \"ALERTS_KV\",\n         \"id\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"\n       }\n     ]\n   }\n   ```\n\n4. Configure your environment variables and secrets:\n\n   **Required Variables:**\n\n   - `API_TOKEN`: Your Cloudflare API Token\n   - `ACCOUNT_ID`: Your Cloudflare Account Tag (Account ID)\n   - `RULESET_ID`: Ruleset ID for monitoring\n   - `SLACK_WEBHOOK_URL`: Your Slack Webhook URL\n\n   Configure these in either:\n\n   - Cloudflare Dashboard \u003e Workers \u003e Your Worker \u003e Variables\n   - Or using Wrangler secrets:\n     ```bash\n     wrangler secret bulk .env.vars\n     or\n     wrangler secret put API_TOKEN\n     wrangler secret put SLACK_WEBHOOK_URL\n     # ... repeat for other sensitive variables\n     ```\n\n5. Update `wrangler.jsonc` with your configuration:\n\n   ```jsonc\n   {\n   \t\"name\": \"worker-name\",\n   \t\"main\": \"src/index.js\",\n   \t\"compatibility_date\": \"2025-06-10\",\n   \t\"kv_namespaces\": [\n   \t\t{\n   \t\t\t\"binding\": \"ALERTS_KV\",\n   \t\t\t\"id\": \"your-kv-namespace-id\" // Use the ID from step 3\n   \t\t}\n   \t],\n   \t\"triggers\": {\n   \t\t\"crons\": [\n   \t\t\t\"*/30 * * * *\" // Runs every 30 minutes\n   \t\t]\n   \t}\n   }\n   ```\n\n6. Deploy the worker:\n   ```bash\n   wrangler deploy\n   ```\n\n## How It Works\n\n1. The worker runs every 30 minutes (configurable via cron trigger) // configurables\n2. It queries the last 24 hours of firewall events using Cloudflare's GraphQL API at account level\n3. The query filters for events matching:\n   - Override rule name containing \"pages%\"\n   - OR specific rule ID (configurable via RULESET_ID)\n4. When new events are detected:\n   - Sends an alert to Slack with event details\n   - Uses KV to maintain state and prevent duplicate alerts\n\n## Security Considerations\n\n- The worker requires appropriate API token permissions\n- All sensitive operations are logged for audit purposes\n- Events are filtered to focus on specific security patterns\n\n## Alert Format\n\n![Screenshot](https://r2.zxc.co.in/git_readme/alert-slack.png)\n\n## License\n\nMIT License - feel free to use this code for your own projects.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamask%2Fslack-alert-cloudflare-ruleset-engine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiamask%2Fslack-alert-cloudflare-ruleset-engine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamask%2Fslack-alert-cloudflare-ruleset-engine/lists"}