Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
Docs
Documentation Quick Start API Reference Agent Setup Integrations 18
Learn
Free Tools 37 Free Certifications State of DDoS 2026 REPORT DDoS Protection Landscape Buyer's Guide PDF Hackathon Sponsorships DDoS Protection Facts
Company
About Us Become a Consultant 30% Partners White Label Managed Protection Contact Us System Status
Open Source
ftagent-lite MIT NetHawk MIT
Legal
Security Trust Center Terms & Privacy
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All use cases →

Reports & Analytics

Flowtriq provides both on-demand reports and a historical analytics dashboard. Use reports for sharing with stakeholders or compliance, and analytics for trend analysis and capacity planning.

Report Types

Flowtriq supports four report types:

Incident Report

A detailed report for a single incident. Includes:

  • Summary table: title, attack family, severity, status, node, start time, duration
  • Attack timeline: chronological events from detection through resolution, including PPS spikes, peak traffic, source distribution, PCAP capture start, alert deliveries, mitigation deployments, and resolution
  • Peak statistics: peak PPS, peak BPS, source IP count
  • Protocol breakdown: percentage split across TCP, UDP, ICMP, and other protocols
  • IOC matches: matched threat intelligence patterns with attack names and confidence scores
  • AI analysis: the AI-generated summary of the attack
  • Node information: name, IP, source country, source ASN, spoofing/botnet detection flags
  • PCAP details: capture filename and file size

Monthly Report

An aggregate summary of the last 30 days of security activity. Includes:

  • Total incident count, peak PPS, and peak BPS for the period
  • Breakdown by attack family (table with counts)
  • Breakdown by severity
  • Most targeted nodes (top 5 by incident count)

Compliance Report

Designed for regulatory or audit purposes. Covers the last 30 days and includes:

  • Total incidents, average response time, fastest and slowest response
  • Severity distribution
  • Per-node uptime calculations (incidents vs. total time)
  • Response time metrics (MTTR)

Custom Reports

Custom reports allow you to specify parameters and generate tailored output. Stored in the reports table for future reference.

Generating Reports

  1. Go to Reports in the sidebar.
  2. Choose a report type (Incident, Monthly, or Compliance).
  3. For incident reports, select the specific incident from the dropdown.
  4. Click Generate.
  5. The report is generated immediately and stored. Workspace admins receive an email notification.

Reports are stored with a UUID and can be viewed anytime from the Reports list. Each report records who generated it and when.

Generating reports requires the Analyst role or higher and a card on file.

Report Preferences

Configure automated report delivery in Settings → Workspace. Options:

  • Weekly: Receive a weekly summary report
  • Monthly: Receive a monthly summary report
  • Both: Receive both weekly and monthly (default)
  • None: Disable automated reports

Analytics Dashboard

The Analytics page provides historical trend analysis with interactive charts.

Filters

  • Time range: 30 Days, 90 Days, 1 Year, or All Time
  • Node filter: Select a specific node or view all nodes combined

Stat Cards

Five stat cards summarize the selected period:

CardDescription
Total IncidentsCount of all incidents in the selected period and node filter
Avg DurationAverage incident duration across all incidents
Most Common FamilyThe attack family that occurred most frequently, with count
Largest AttackPeak PPS of the single biggest attack in the period
MTTRMean Time to Resolve for resolved incidents

Charts

  • Incidents over time: Line chart showing incident counts per day (or per week for periods over 90 days), with peak PPS overlay
  • Attack family distribution: Doughnut chart showing the top 10 attack families by count
  • Severity distribution: Doughnut chart with color-coded severity levels (Critical = red, High = orange, Medium = yellow, Low = blue)
  • Geographic origin: Top 10 source countries by attack traffic, aggregated from incident geo-breakdown data

Export Formats

  • Reports: Generated in HTML format and stored in the dashboard. Can be viewed and printed from the browser.
  • Incident list: Exportable as CSV with all filters applied
  • Full data export: Available in Settings → Account. Exports all incidents, nodes, audit logs, and notification logs as a JSON file.
ESC