Cloudflare Security Demo

Automated SOC: Detect → Correlate → Remediate

A single Cloudflare Worker simulates a finance app, ingests Cloudflare security logs via Logpush, and drives an n8n SOAR closed loop.

PHASE 1

SQLi blocked at the edge

An attacker probes the finance app. Cloudflare WAF blocks and logs the SQL-injection attempt. Logpush streams the event to the Worker.

PHASE 2

DLP stops card exfiltration

A rogue admin exports card data over WARP and tries to upload it. Cloudflare Gateway DLP blocks the transfer and logs the violation.

PHASE 3

SOAR remediates automatically

n8n correlates both phases by admin email, asks AI for an incident report, locks down the user, blocks the domain, and files a ticket.

Open Live SOC Dashboard Open Finance App (Demo)