Integrations Overview
WebDecoy integrates with popular security and DevOps tools to automate responses to detected threats. When a detection occurs, integrations can automatically block attackers, send notifications, or forward events to your security stack.
Available Integrations
Section titled “Available Integrations”| Integration | Type | Capability |
|---|---|---|
| Cloudflare | WAF | Automatic IP blocking |
| AWS WAF | WAF | Automatic IP blocking |
| Vercel | Edge | Edge middleware + auto blocking |
| Webhooks | Custom | Send events to any URL |
| Slack | Notification | Real-time alerts |
| Datadog | SIEM | Event forwarding |
Integration Architecture
Section titled “Integration Architecture”Detection Created │ ▼Integration Rules Evaluated │ ├── Cloudflare → Block IP in WAF ├── AWS WAF → Block IP in WAF ├── Vercel → Block IP at Edge + Edge Config ├── Slack → Send alert to channel ├── Webhook → POST to your endpoint └── Datadog → Forward eventQuick Comparison
Section titled “Quick Comparison”| Feature | Cloudflare | AWS WAF | Vercel | Webhooks | Slack | Datadog |
|---|---|---|---|---|---|---|
| Auto-block IPs | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
| Edge Detection | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ |
| Notifications | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| Custom processing | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
| Event forwarding | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |
| Dashboards | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
Recommended Setup
Section titled “Recommended Setup”Minimum Protection
Section titled “Minimum Protection”For basic automated protection:
- Cloudflare or AWS WAF - Block malicious IPs
- Slack - Get notified of high-risk detections
Full Security Stack
Section titled “Full Security Stack”For comprehensive monitoring:
- Cloudflare - Automatic IP blocking
- Slack - Real-time team notifications
- Datadog - Dashboards and alerting
- Webhooks - Custom automation
Accessing Integrations
Section titled “Accessing Integrations”- Click Integrations in the sidebar
- View all available integration types
- See count of active integrations per type
- Click any integration to configure
Integration Guides
Section titled “Integration Guides”WAF Integrations (Blocking)
Section titled “WAF Integrations (Blocking)”- Cloudflare Integration - Block IPs using Cloudflare WAF
- AWS WAF Integration - Block IPs using AWS WAF IP sets
Edge Integrations
Section titled “Edge Integrations”- Vercel Integration - Edge function protection with Next.js middleware
Notification Integrations
Section titled “Notification Integrations”- Slack Integration - Real-time alerts in Slack channels
Custom Integrations
Section titled “Custom Integrations”- Webhook Integration - Send events to your own endpoints
SIEM Integrations
Section titled “SIEM Integrations”- Datadog Integration - Forward events and metrics to Datadog
Best Practices
Section titled “Best Practices”General Recommendations
Section titled “General Recommendations”- ✅ Test integrations before relying on them
- ✅ Start with notifications before automatic blocking
- ✅ Set appropriate score thresholds
- ✅ Monitor for false positives
- ✅ Keep API credentials secure
- ✅ Use dedicated API keys/tokens per integration
Blocking Integrations
Section titled “Blocking Integrations”- ✅ Start with high score threshold (75+)
- ✅ Set reasonable block durations (24h default)
- ✅ Monitor blocked IP list regularly
- ✅ Have a process for unblocking false positives
Notification Integrations
Section titled “Notification Integrations”- ✅ Use “high risk only” to reduce noise
- ✅ Create dedicated channels for alerts
- ✅ Set up escalation for critical threats
Next Steps
Section titled “Next Steps”Choose an integration to set up:
- Cloudflare - Most popular WAF integration
- Slack - Quick notification setup
- Webhooks - Custom event processing