Documentation | Flowtriq DDoS Detection API & Agent Setup
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance NEW
Docs/Quick Start

Quick Start

6 steps, 5 minutes from zero to your first detection

Step 1: Create your account

Sign up at flowtriq.com/signup. No credit card required. Your 7-day full-access trial starts immediately.

Step 2: Add a node in the dashboard

Go to your dashboard and click Nodes in the sidebar, then Add Node. Enter your server's name and IP address.

Important: After you create the node, the dashboard shows your API key exactly once. Copy it immediately and save it somewhere safe. You will need it in the next step. If you lose it, you will need to delete the node and create a new one.

Step 3: Install the agent

SSH into your server and run the following. The agent runs on any Linux with Python 3.8+.

# Install the agent pip install ftagent --break-system-packages # Run the setup wizard (paste your API key when prompted) sudo ftagent --setup

Note: On Ubuntu 23.04+, Debian 12+, and other newer distros, the --break-system-packages flag is required for global pip installs. Alternatively, use a virtualenv.

The setup wizard prompts for your API key (from step 2), auto-detects your network interface, and starts the agent as a systemd service. The node appears online in your dashboard within 30 seconds.

For servers where root is not available, use limited mode (PPS/BPS monitoring only, no PCAP):

ftagent --setup --limited

Step 4: Verify it's running

# Check agent status sudo systemctl status ftagent # Or run in debug mode sudo ftagent --debug

You should see the agent send its first heartbeat and load IOC patterns from the remote config. After 5 minutes your node's baseline will be established.

Step 5: Configure alerts

Go to your workspace Console → Alert Channels and add at least one alert channel. Discord and Slack webhooks take about 30 seconds to configure.

Tip: Add a Discord channel first. It's the fastest to set up and you can test the connection with one click.

Step 6: Test detection

Use the --test flag to trigger a synthetic attack event:

sudo ftagent --test

This fires a simulated threshold crossing, opens a test incident, and sends alerts to all configured channels.