Why Discord for Infrastructure Alerts
Discord has grown well beyond its gaming roots. Hosting providers, game server operators, and NOC teams increasingly use Discord as their primary real-time communication platform. If your team already coordinates incident response in Discord, routing DDoS alerts there eliminates the friction of switching between tools during an attack.
Flowtriq's Discord integration uses Discord's webhook embed format to deliver structured, color-coded alerts. Each alert includes the target IP, attack vector, traffic metrics, severity level, and a direct link to the incident in the Flowtriq dashboard. The embed color changes based on severity, giving your team an instant visual indicator of urgency.
Prerequisites
- A Flowtriq account with at least one active node
- A Discord server where you have the "Manage Webhooks" permission
- One or more text channels created for receiving alerts
Setup takes roughly 3 minutes. No bots or custom applications are needed because Discord's native webhook system handles everything.
Step 1: Create a Discord Webhook
Open your Discord server settings and navigate to Integrations > Webhooks. Click New Webhook and configure it:
- Name: Flowtriq Alerts (this appears as the sender name)
- Channel: Select the channel where alerts should appear
- Avatar: Optionally upload the Flowtriq logo for easy identification
Click Copy Webhook URL. The URL follows this format:
https://discord.com/api/webhooks/000000000000000000/abcdefghijklmnopqrstuvwxyz
Keep this URL private. Anyone with this URL can post messages to your channel.
Step 2: Configure Flowtriq
In the Flowtriq dashboard, go to Settings > Alert Channels and click Add Channel. Select "Discord" as the type and enter your configuration:
{
"channel": "discord",
"name": "Discord - Critical Alerts",
"webhook_url": "https://discord.com/api/webhooks/000000000/abcdefg...",
"severity_filter": ["high", "critical"],
"include_resolve": true,
"username": "Flowtriq",
"avatar_url": "https://flowtriq.com/assets/img/logo-icon.png"
}
The username and avatar_url fields override the webhook defaults, letting you set a consistent sender identity even if the webhook was created with different settings.
Step 3: Understanding the Embed Format
Flowtriq sends alerts using Discord's rich embed format. Each severity level maps to a distinct embed color so your team can assess urgency at a glance:
- Info:
#808080(gray) - Warning:
#FFD700(gold) - High:
#FF6B35(orange) - Critical:
#FF0040(red) - Resolved:
#00D26A(green)
Here is the full embed payload that Flowtriq sends for a high-severity UDP flood detection:
{
"username": "Flowtriq",
"avatar_url": "https://flowtriq.com/assets/img/logo-icon.png",
"embeds": [
{
"title": "DDoS Alert: UDP Flood Detected",
"description": "A high-severity attack has been detected on your infrastructure.",
"url": "https://flowtriq.com/incidents/def456",
"color": 16738101,
"fields": [
{"name": "Target", "value": "`198.51.100.22`", "inline": true},
{"name": "Severity", "value": "High", "inline": true},
{"name": "Node", "value": "edge-gw-02", "inline": true},
{"name": "Attack Vector", "value": "UDP Flood", "inline": true},
{"name": "Packets/sec", "value": "1,245,800", "inline": true},
{"name": "Bits/sec", "value": "892 Mbps", "inline": true},
{"name": "Baseline Deviation", "value": "18.7x above normal", "inline": false}
],
"footer": {
"text": "Flowtriq | Attack ID: def456"
},
"timestamp": "2026-06-07T14:32:00Z"
}
]
}
The color field uses Discord's integer color format. Flowtriq converts the hex color automatically; you do not need to configure this manually.
Resolve Embed
When an attack ends and include_resolve is enabled, Flowtriq posts a green-colored follow-up embed:
{
"embeds": [
{
"title": "Resolved: UDP Flood on 198.51.100.22",
"color": 54890,
"fields": [
{"name": "Duration", "value": "6m 41s", "inline": true},
{"name": "Peak PPS", "value": "1,245,800", "inline": true},
{"name": "Peak BPS", "value": "892 Mbps", "inline": true}
],
"footer": {"text": "Flowtriq | Attack ID: def456"},
"timestamp": "2026-06-07T14:38:41Z"
}
]
}
The green color provides an immediate visual signal that the incident has ended. Your team can see the full attack lifecycle without opening the dashboard.
Channel Organization Strategies
We recommend organizing your Discord server with a dedicated category for infrastructure alerts. Here is a structure that works well for most teams:
INFRASTRUCTURE #ddos-critical (high + critical alerts, everyone watches) #ddos-monitoring (info + warning, reviewed during business hours) #ddos-resolved (resolved events only, used for post-incident review) #incident-response (team discussion during active incidents)
To implement this, create three Flowtriq alert channels, each pointing to a different Discord webhook:
- Critical: severity_filter
["high", "critical"], include_resolvefalse - Monitoring: severity_filter
["info", "warning"], include_resolvefalse - Resolved: severity_filter
["high", "critical"], send_on"resolve_only"
The third channel only receives resolution messages, keeping your critical channel focused on active threats while still maintaining a log of when incidents ended.
Using Discord Roles for Mentions
Flowtriq supports an optional mention_role_id field that pings a specific Discord role when an alert is sent. This is useful for ensuring the on-call engineer sees critical alerts immediately:
{
"channel": "discord",
"name": "Discord - Critical with Mention",
"webhook_url": "https://discord.com/api/webhooks/...",
"severity_filter": ["critical"],
"mention_role_id": "1234567890",
"mention_content": "Critical DDoS attack detected. On-call, please respond."
}
To find a role's ID, enable Developer Mode in Discord settings, then right-click the role and select "Copy Role ID."
Security Considerations
Discord webhook URLs are effectively bearer tokens. Anyone with the URL can post to your channel. Follow these best practices:
- Never share webhook URLs in public repositories or documentation
- Restrict the webhook channels so only admins can post manually, preventing confusion between real alerts and human messages
- Rotate webhook URLs periodically by deleting and recreating the webhook in Discord, then updating the URL in Flowtriq
- Use Discord's audit log to monitor for unauthorized webhook usage
Testing and Verification
After saving the channel configuration, click Test in the Flowtriq dashboard. A sample alert embed will appear in your Discord channel within a few seconds. Verify that:
- The embed color matches the expected severity
- All fields (target, node, vector, metrics) are populated
- The "View Incident" link in the embed URL is clickable
- Role mentions (if configured) are triggering notifications
Discord rate limits webhook requests to 30 per minute. During large-scale multi-target attacks, Flowtriq batches alerts to stay within this limit. You may see a slight delay during very high volume events.
Troubleshooting
Embeds Not Appearing
If plain text appears instead of rich embeds, verify the webhook URL is correct. Discord requires HTTPS and the full /api/webhooks/ path. Also confirm that the "Embed Links" permission is enabled for the Flowtriq webhook in the channel settings.
Missing Role Mentions
Discord requires the role to be mentionable for webhook-based pings. Go to Server Settings > Roles, select the role, and enable "Allow anyone to @mention this role."
Webhook Returning 404
The webhook has been deleted in Discord. Create a new webhook and update the URL in Flowtriq.
Note: Discord works well for team visibility, but for on-call paging we recommend pairing it with PagerDuty or Slack integrations for guaranteed delivery and escalation.
Discord integration is included on all Flowtriq plans at $9.99/node/month. Set up as many channels as you need with per-channel severity filtering and role mentions. Start your free trial and have DDoS alerts flowing into your Discord server within minutes.
Back to Blog