Kikimora
← all integrations

Edge & Network

Cloudflare

Audit DNS, firewall rules, and edge security - then deploy changes from the same conversation.

TRY ASKING:

“List all firewall rules configured for the production zone.”

  • “Find DNS records pointing at origins that no longer exist.”
  • “Audit WAF rules across all zones and flag any in log-only mode.”
  • “Create a firewall rule to block this attacking IP range.”

Kikimora speaks directly to your Cloudflare zones. List firewall rules, audit DNS records, and review WAF posture, and when something needs to change, the agent proposes the exact rule and deploys it only after you approve.

Manage Cloudflare edge security from one conversation

The integration covers the edge controls that sit in front of your applications: WAF rules, custom and managed firewall rules, DNS records, and zone-level security configuration. Stale DNS is a common way attackers find a way in, so the same conversation that audits your WAF can also surface dangling records before anyone else does.

What you can do

  • List and audit firewall rules across zones.
  • Create firewall rules to block attacking ranges, with one-message approval.
  • Manage DNS records and catch stale or dangling entries.
  • Review edge security configuration zone by zone.

Things you might ask

  • “Which DNS records point at origins that have been decommissioned?” Dangling DNS is one of the first things attackers look for. Our guide on how to find every internet-facing asset you forgot you had covers why these stale records turn into footholds.
  • “Audit the WAF across every zone and show me which managed rulesets are only in log mode.”
  • “Block this attacking IP range on the production zone and confirm the rule before deploying.”

Cloudflare guards the edge, but it is not the only place network rules live. If your perimeter also runs on Fortinet hardware, the FortiGate integration brings those firewall policies into the same conversation, so edge and on-prem rules get reviewed together.

Connect Cloudflare - free Browse all integrations

[ faq ]

What Cloudflare permissions does Kikimora need? +

An API token scoped to the zones you want covered. Reading firewall rules, DNS, and WAF posture is the default. Deploying a rule change is a separate, approval-gated step.

Will it deploy WAF or firewall changes on its own? +

No. The agent proposes the exact rule and deploys it only after you approve in the conversation. Read and audit are the default behaviors; every change is logged.

How long does setup take? +

A few minutes. You create a scoped API token in the Cloudflare dashboard and paste it in. There is nothing to install at the edge.

Can it work across many zones at once? +

Yes. Grant the token access to multiple zones and ask audit questions that span all of them in one go.

More in Edge & Network

FortiGate