Cloudflare exposure monitoring

Turn domain context into an exposure repair queue.

OpenWiz plans to use Cloudflare DNS and proxy context alongside outside-in discovery and AWS ownership, so public endpoints can be understood as connected risks.

OpenWiz is in development. The one-time $10 reservation includes the first live month and does not start a recurring subscription.

More than a DNS list

A hostname matters because of what sits behind it.

Cloudflare can show how a hostname is configured, while an external check shows what the internet can reach. OpenWiz is designed to join those signals with the cloud workload behind the endpoint. The result should explain whether the exposure is expected, direct, proxied, forgotten, or tied to a higher-impact AWS resource.

01

Start with the root domain and every discovered subdomain

The founding scope is organized around one root domain and includes its subdomains. Planned discovery looks for the endpoints that form the public attack surface, including services that may not be obvious from the primary application hostname.

  • Keep the root domain as the ownership boundary
  • Discover public subdomains and services
  • Preserve the evidence that an endpoint is reachable
02

Add DNS and proxy state to the external observation

A reachable hostname means something different when it is proxied through Cloudflare than when it exposes an origin directly. OpenWiz plans to place record type, target, and proxy state beside the observed endpoint so the team can reason about the intended path.

  • Show DNS record and target context
  • Distinguish proxied and direct origin paths
  • Highlight configuration that deserves manual validation
03

Connect the domain to the AWS workload behind it

Domain monitoring becomes more useful when it can identify the cloud resource and environment that own an endpoint. OpenWiz plans to correlate Cloudflare and AWS evidence, then group related observations into a single prioritized issue.

  • Match endpoint evidence to cloud resource IDs
  • Explain why the combined path matters
  • Send owners to one issue instead of several disconnected alerts
Designed for

Teams that operate both Cloudflare and AWS

OpenWiz is aimed at teams whose public domain configuration and cloud ownership live in different tools but describe the same exposure path.

  • Cloudflare manages the public DNS boundary
  • AWS hosts the workloads behind those records
  • The team needs one explanation across both systems
Clear boundary

Context and prioritization—not a Cloudflare replacement

The planned product does not replace Cloudflare security, CDN, DNS, or application protection services.

  • No Cloudflare API token is requested during reservation
  • No automatic DNS or proxy changes are promised
  • No claim of replacing Cloudflare Security Center
  • Remediation remains under the customer's review and control
Questions

Cloudflare exposure monitoring questions

Will OpenWiz change Cloudflare DNS records?

No automatic changes are part of the founding reservation. The planned MVP focuses on discovery, context, and prioritization.

Does the plan include subdomains?

Yes. The founding scope covers one root domain and all of its discovered subdomains.

Why combine Cloudflare with AWS?

Cloudflare explains the public domain path; AWS explains the workload and cloud context behind it. Combining both can make remediation priority easier to justify.

Founding access

Help decide what OpenWiz builds first.

The first successful paid reservation starts the 30-day MVP delivery window. If it is not delivered in that window, every founding reservation will be proactively refunded in full.

Reserve founding access — $10