Integrations Overview

WebDecoy integrates with popular security and DevOps tools to automate responses to detected threats. When a detection occurs, integrations can automatically block attackers, send notifications, or forward events to your security stack.

Available Integrations

Integration	Type	Capability
AWS WAF	WAF	Automatic IP blocking
Cloudflare	WAF	Automatic IP blocking
CrowdStrike	SIEM	Falcon LogScale event forwarding
Datadog	SIEM	Event forwarding
Fastly	CDN/WAF	Automatic IP blocking via ACLs
Slack	Notification	Real-time alerts
Vercel	Edge	Edge middleware + auto blocking
Webhooks	Custom	Send events to any URL

Integration Architecture

Detection Created
       │
       ▼
Integration Rules Evaluated
       │
       ├── AWS WAF → Block IP in WAF
       ├── Cloudflare → Block IP in WAF
       ├── CrowdStrike → Forward to Falcon LogScale
       ├── Datadog → Forward event
       ├── Fastly → Block IP via ACL
       ├── Slack → Send alert to channel
       ├── Vercel → Block IP at Edge + Edge Config
       └── Webhook → POST to your endpoint

Quick Comparison

Feature	AWS WAF	Cloudflare	CrowdStrike	Datadog	Fastly	Slack	Vercel	Webhooks
Auto-block IPs	✅	✅	❌	❌	✅	❌	✅	❌
Edge Detection	❌	❌	❌	❌	❌	❌	✅	❌
Notifications	❌	❌	✅	✅	❌	✅	❌	✅
Custom processing	❌	❌	❌	❌	❌	❌	✅	✅
Event forwarding	❌	❌	✅	✅	❌	❌	❌	✅
Dashboards	❌	❌	✅	✅	❌	❌	❌	❌
SIEM Integration	❌	❌	✅	✅	❌	❌	❌	❌

Recommended Setup

Minimum Protection

For basic automated protection:

Cloudflare or AWS WAF - Block malicious IPs
Slack - Get notified of high-risk detections

Full Security Stack

For comprehensive monitoring:

Cloudflare - Automatic IP blocking
Slack - Real-time team notifications
CrowdStrike or Datadog - SIEM dashboards and alerting
Webhooks - Custom automation

Accessing Integrations

Click Integrations in the sidebar
View all available integration types
See count of active integrations per type
Click any integration to configure

Integration Guides

WAF Integrations (Blocking)

Cloudflare Integration - Block IPs using Cloudflare WAF
AWS WAF Integration - Block IPs using AWS WAF IP sets
Fastly Integration - Block IPs using Fastly ACLs

Edge Integrations

Vercel Integration - Edge function protection with Next.js middleware

Notification Integrations

Slack Integration - Real-time alerts in Slack channels

Custom Integrations

Webhook Integration - Send events to your own endpoints

SIEM Integrations

CrowdStrike Integration - Forward events to Falcon LogScale
Datadog Integration - Forward events and metrics to Datadog

Best Practices

General Recommendations

✅ Test integrations before relying on them
✅ Start with notifications before automatic blocking
✅ Set appropriate score thresholds
✅ Monitor for false positives
✅ Keep API credentials secure
✅ Use dedicated API keys/tokens per integration

Blocking Integrations

✅ Start with high score threshold (75+)
✅ Set reasonable block durations (24h default)
✅ Monitor blocked IP list regularly
✅ Have a process for unblocking false positives

Notification Integrations

✅ Use “high risk only” to reduce noise
✅ Create dedicated channels for alerts
✅ Set up escalation for critical threats

Next Steps

Choose an integration to set up:

Cloudflare - Most popular WAF integration
CrowdStrike - Falcon LogScale SIEM integration
Fastly - Edge CDN with ACL-based blocking
Slack - Quick notification setup
Webhooks - Custom event processing