CLOUDFLARE says Attack Signature Detection is the next evolution of its managed rules, providing full visibility into every signature match while preserving protection and performance, with the detection available now in Early Access and Full-Transaction Detection still in development. When enabled, Attack Signature Detection analyses every request and attaches rich metadata before any action, so users can see exactly which signatures fire and why and build precise mitigation policies from past traffic.
The system moves beyond request-only analysis to Full-Transaction Detection, correlating the entire HTTP transaction to reduce false positives and reveal threats that other systems miss, such as reflective SQL injection, data exfiltration patterns and misconfigurations that reveal themselves in the response. An “always-on” framework allows detections to run on every proxied request, with results visible in Security Analytics, and latency is not added unless a blocking rule is employed.
Analysts can review signatures via a searchable catalog, use Security Analytics to identify top CVEs by volume, and create granular rules or exceptions based on Ref IDs, categories and confidence levels, including references to CVEs and familiar attack vectors like SQLi, XSS and RCE, with examples such as the React2Shell release. 4 March 2026.