Hey HN, I'm Ilyas, founder of Vigilbase. We're a managed security services provider that works primarily with Cloudflare. Over the past few years, we kept running into the same problem with our customers: they'd invest in Cloudflare Enterprise, configure WAF, Zero Trust, Gateway, and then nobody would actually monitor what those tools were catching.

So we built Flarehawk.

It connects to your Cloudflare environment, ingests events in real time across HTTP and WAF logs, and soon Zero Trust, DNS, and Gateway. We then run them through what we call the Flarehawk Fabric, a per-tenant ML model that learns what normal looks like for your specific setup. When something deviates, our agentic platform, Flarehawk Aegis, automatically and gives you a plain-language explanation with a one-click fix.

On the infrastructure side, we run distributed Kubernetes clusters processing millions of rows per second, with a multi-stage analysis pipeline that handles normalization, enrichment, and behavioral modeling per tenant. All logs are written to ClickHouse Cloud for long-term retention (up to five years), fully queryable for audits and incident investigations.

We've been in private beta for a few months. Early customers have found misconfigured WAF rules and anomalous access patterns that had been sitting undetected for weeks. Now in open beta.

Try it out today, with a free month to get you started with code HACKERNEWS. Happy to answer questions about the architecture, the ML approach, or anything else.