Flowtriq Compliance Brief | SOC 2, PCI-DSS, HIPAA
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance

Flowtriq Compliance Brief

SOC 2 Type II · PCI-DSS 4.0 · HIPAA · April 2026

Overview

Flowtriq is a real-time DDoS detection and mitigation platform deployed as a lightweight Linux agent on each monitored server. This document describes how Flowtriq's capabilities map to specific compliance requirements across SOC 2 Type II, PCI-DSS 4.0, and HIPAA. It is intended for security teams, auditors, and compliance officers evaluating Flowtriq as part of their infrastructure security controls.

Flowtriq provides: sub-second attack detection with dynamic baselines, automated classification of seven attack families, pre-attack PCAP forensics with a continuous ring buffer, automated mitigation across 46 rule types, 4-level BGP auto-escalation (FlowSpec, RTBH, cloud scrubbing), tamper-evident SHA-256 hash-chained audit logging, role-based access control, and 12+ alert channel integrations.

SOC 2 Type II

SOC 2 Type II audits evaluate the operating effectiveness of controls over a period of time. The following table maps Flowtriq capabilities to relevant SOC 2 Trust Service Criteria.

CriteriaRequirementFlowtriq Capability
CC6.1 Logical access security over infrastructure Role-based access control (Owner, Admin, Readonly). API key authentication with rotation. Session management with secure cookies (HttpOnly, SameSite, Secure).
CC6.6 Monitoring of system boundaries Per-second traffic monitoring at the kernel level. Native sFlow/NetFlow/IPFIX ingestion from border routers. Protocol breakdown (TCP/UDP/ICMP) with dynamic baseline comparison.
CC7.1 Detection of unauthorized or anomalous activity Dynamic EWMA baselines detect deviations from normal traffic patterns. Seven attack families auto-classified with confidence scoring. IP spoofing detection via TTL analysis. Botnet detection (300+ distinct source IPs).
CC7.2 Monitoring for indicators of compromise Five threat intelligence feeds (CISA KEV, Emerging Threats, URLhaus, CERT.PL, Trickest CVE PoC). 38 IOC patterns covering CVE exploit signatures and network protocol exploits. Source IP correlation against known compromised hosts.
CC7.3 Response to identified security incidents Automated 4-level mitigation escalation: local firewall rules, BGP FlowSpec, RTBH blackholing, cloud scrubbing. 46 auto-mitigation actions. Automated rollback on collateral detection. Alerts via 12+ channels within 1 second of detection.
CC7.4 Incident response communication Real-time alerts to Discord, Slack, PagerDuty, OpsGenie, Teams, Telegram, email, SMS, and signed webhooks. Severity-based escalation policies. Public status pages for customer-facing communication.
CC8.1 Change management Hash-chained audit log records every configuration change, mitigation action, and user activity. Each log entry contains SHA-256 hash of previous entry for tamper detection.
Audit evidence: Flowtriq's audit log is tamper-evident. Each entry includes a SHA-256 hash computed from the previous entry's hash concatenated with all current entry fields. Auditors can verify chain integrity to confirm no entries have been modified or deleted. Audit logs are exportable as CSV or JSON for offline review.

PCI-DSS 4.0

PCI-DSS 4.0 requires organizations handling cardholder data to implement network monitoring, intrusion detection, and incident response controls. Flowtriq addresses the following requirements.

RequirementDescriptionFlowtriq Capability
6.4.1 Protect public-facing web applications against attacks Layer 7 HTTP flood detection via access log analysis. Auto-mitigation with Nginx/Apache rules, XDP/eBPF packet filtering, and upstream BGP FlowSpec.
10.2 Implement audit trails for system components Every detection event, mitigation action, configuration change, and user login is recorded in the hash-chained audit log with timestamp, actor, action, and outcome.
10.4.1 Audit logs are reviewed at least daily Dashboard provides real-time audit log viewer with filtering by event type, user, node, and time range. Scheduled daily digest emails available via alert channels.
10.7 Retain audit trail history for at least 12 months Audit log entries are stored in the database with no automatic expiry. Exportable for long-term archival in external systems.
11.4 Intrusion detection/prevention to monitor network traffic Per-second packet-level monitoring on every node. Native flow ingestion from border routers. Attack detection in under 1 second with automatic classification. PCAP capture for forensic analysis.
11.5 Deploy change-detection mechanisms Dynamic baselines detect changes in traffic patterns. Protocol ratio monitoring identifies unexpected traffic shifts. Configuration change audit logging with hash-chain integrity.
12.10 Implement an incident response plan Automated incident lifecycle: detection, classification, severity assignment, alert dispatch, mitigation escalation, resolution, and post-incident PCAP export. Complete timestamped audit trail for each incident.

HIPAA

HIPAA's Security Rule requires covered entities and business associates to implement safeguards to protect electronic protected health information (ePHI). Flowtriq addresses infrastructure-level security controls in the Technical Safeguards and Administrative Safeguards categories.

SafeguardSpecificationFlowtriq Capability
164.312(a)(1) Access control: unique user identification, automatic logoff Per-user accounts with role-based permissions (Owner, Admin, Readonly). Session timeout and secure cookie management. API key authentication with per-key scoping.
164.312(b) Audit controls: record and examine activity Hash-chained audit log captures all system activity. Tamper-evident SHA-256 chain allows post-hoc verification. Filterable by user, event type, node, and time range.
164.312(c)(1) Integrity: protect ePHI from improper alteration Audit log integrity guaranteed by SHA-256 hash chain. Any modification breaks the chain and is detectable. PCAP captures are checksummed at creation.
164.312(e)(1) Transmission security: guard against unauthorized access during transmission All dashboard and API communication over TLS (HSTS enforced). Agent-to-platform communication encrypted. Webhook notifications support HMAC signing for authenticity verification.
164.308(a)(6) Security incident procedures: identify and respond to incidents Automated incident detection, classification, and response. Sub-second detection latency. 4-level auto-escalation through firewall, FlowSpec, RTBH, and cloud scrubbing. Complete incident timeline with PCAP evidence.
164.308(a)(5) Security awareness and training Dashboard provides real-time visibility into attack patterns, traffic anomalies, and threat intelligence. Incident reports include AI-generated summaries explaining attack type, impact, and mitigation actions taken.

Audit-Ready Evidence

Flowtriq generates the following evidence artifacts that can be provided directly to auditors:

ArtifactDescriptionFrameworks
Audit Log Export Complete hash-chained log of all detection events, mitigation actions, configuration changes, and user activity. Exportable as CSV or JSON. Chain integrity verifiable offline. SOC 2PCIHIPAA
Incident Timeline Per-incident chronological record: detection timestamp, classification, severity, alert dispatch, mitigation actions, escalation decisions, and resolution. Includes peak PPS/BPS, attack family, confidence score, and source IP analysis. SOC 2PCIHIPAA
PCAP Captures Packet-level forensic evidence captured from a pre-attack ring buffer. Contains traffic from before, during, and after the incident. Downloadable per-incident for offline analysis in Wireshark or tshark. PCISOC 2
BGP Mitigation Log Record of every BGP announcement and withdrawal: FlowSpec rules, RTBH routes, adapter used, payload sent, response received, TTL, and automatic rollback events. SOC 2PCI
User Activity Log Login/logout events, role changes, API key creation/rotation, configuration modifications, and manual mitigation actions with actor identification. SOC 2HIPAA
Flowtriq · flowtriq.com · April 2026
This document is provided for informational purposes. Flowtriq does not guarantee compliance with any specific framework. Compliance depends on the totality of an organization's controls, policies, and procedures.