Skip to content

MagicNetworkMonitoringRule

Source: src/Cloudflare/MagicNetworkMonitoring/Rule.ts

A Magic Network Monitoring (MNM) rule — alerts when traffic to a set of IPv4 prefixes exceeds a static threshold (threshold), deviates from the learned baseline (zscore), or matches advanced DDoS criteria (advanced_ddos, Magic Transit only).

Rules require the account’s MNM configuration to exist first — pass the Config resource’s accountId output as this rule’s accountId to sequence the deployment. Rule names are unique per account; the rule type is immutable and changing it triggers a replacement.

Threshold rules

Section titled “Threshold rules”

Alert when bandwidth exceeds 1 Mbps for 5 minutes

const config = yield* Cloudflare.MagicNetworkMonitoringConfig("Mnm", {
  name: "my-network",
  defaultSampling: 1,
});
yield* Cloudflare.MagicNetworkMonitoringRule("BandwidthAlert", {
  accountId: config.accountId,
  type: "threshold",
  prefixes: ["10.0.0.0/24"],
  bandwidthThreshold: 1_000_000,
  duration: "5m",
});

Packet-rate alert

yield* Cloudflare.MagicNetworkMonitoringRule("PacketAlert", {
  accountId: config.accountId,
  type: "threshold",
  prefixes: ["10.0.1.0/24"],
  packetThreshold: 10_000,
});

Anomaly detection

Section titled “Anomaly detection”
yield* Cloudflare.MagicNetworkMonitoringRule("AnomalyAlert", {
  accountId: config.accountId,
  type: "zscore",
  prefixes: ["10.0.2.0/24"],
  zscoreSensitivity: "medium",
  zscoreTarget: "bits",
});