Reports & Analytics
Flowtriq provides both on-demand reports and a historical analytics dashboard. Use reports for sharing with stakeholders or compliance, and analytics for trend analysis and capacity planning.
Report Types
Flowtriq supports four report types:
Incident Report
A detailed report for a single incident. Includes:
- Summary table: title, attack family, severity, status, node, start time, duration
- Attack timeline: chronological events from detection through resolution, including PPS spikes, peak traffic, source distribution, PCAP capture start, alert deliveries, mitigation deployments, and resolution
- Peak statistics: peak PPS, peak BPS, source IP count
- Protocol breakdown: percentage split across TCP, UDP, ICMP, and other protocols
- IOC matches: matched threat intelligence patterns with attack names and confidence scores
- AI analysis: the AI-generated summary of the attack
- Node information: name, IP, source country, source ASN, spoofing/botnet detection flags
- PCAP details: capture filename and file size
Monthly Report
An aggregate summary of the last 30 days of security activity. Includes:
- Total incident count, peak PPS, and peak BPS for the period
- Breakdown by attack family (table with counts)
- Breakdown by severity
- Most targeted nodes (top 5 by incident count)
Compliance Report
Designed for regulatory or audit purposes. Covers the last 30 days and includes:
- Total incidents, average response time, fastest and slowest response
- Severity distribution
- Per-node uptime calculations (incidents vs. total time)
- Response time metrics (MTTR)
Custom Reports
Custom reports allow you to specify parameters and generate tailored output. Stored in the reports table for future reference.
Generating Reports
- Go to Reports in the sidebar.
- Choose a report type (Incident, Monthly, or Compliance).
- For incident reports, select the specific incident from the dropdown.
- Click Generate.
- The report is generated immediately and stored. Workspace admins receive an email notification.
Reports are stored with a UUID and can be viewed anytime from the Reports list. Each report records who generated it and when.
Report Preferences
Configure automated report delivery in Settings → Workspace. Options:
- Weekly: Receive a weekly summary report
- Monthly: Receive a monthly summary report
- Both: Receive both weekly and monthly (default)
- None: Disable automated reports
Analytics Dashboard
The Analytics page provides historical trend analysis with interactive charts.
Filters
- Time range: 30 Days, 90 Days, 1 Year, or All Time
- Node filter: Select a specific node or view all nodes combined
Stat Cards
Five stat cards summarize the selected period:
| Card | Description |
|---|---|
| Total Incidents | Count of all incidents in the selected period and node filter |
| Avg Duration | Average incident duration across all incidents |
| Most Common Family | The attack family that occurred most frequently, with count |
| Largest Attack | Peak PPS of the single biggest attack in the period |
| MTTR | Mean Time to Resolve for resolved incidents |
Charts
- Incidents over time: Line chart showing incident counts per day (or per week for periods over 90 days), with peak PPS overlay
- Attack family distribution: Doughnut chart showing the top 10 attack families by count
- Severity distribution: Doughnut chart with color-coded severity levels (Critical = red, High = orange, Medium = yellow, Low = blue)
- Geographic origin: Top 10 source countries by attack traffic, aggregated from incident geo-breakdown data
Export Formats
- Reports: Generated in HTML format and stored in the dashboard. Can be viewed and printed from the browser.
- Incident list: Exportable as CSV with all filters applied
- Full data export: Available in Settings → Account. Exports all incidents, nodes, audit logs, and notification logs as a JSON file.