Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
Docs
Documentation Quick Start API Reference Agent Setup Integrations 18
Learn
Free Tools 37 Free Certifications State of DDoS 2026 REPORT DDoS Protection Landscape Buyer's Guide PDF Hackathon Sponsorships DDoS Protection Facts
Company
About Us Become a Consultant 30% Partners White Label Managed Protection Contact Us System Status
Open Source
ftagent-lite MIT NetHawk MIT
Legal
Security Trust Center Terms & Privacy
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All use cases →

Settings Reference

The Settings page is organized into tabs grouped by function. This reference covers every configurable option.

Profile Tab

Personal settings for your user account.

SettingDescription
NameYour display name. Shown in team lists, incident notes, and audit logs. If you are the workspace owner, this is synced to your Stripe customer profile.

Workspace Tab

Workspace-wide settings. Requires the Admin role.

SettingDescription
Workspace NameThe name of your workspace. Shown in the sidebar and synced to Stripe.
TimezoneControls how timestamps are displayed in reports and the dashboard. Options include UTC, US timezones, European timezones, Asia/Pacific, and more.
Preferred FirewallThe firewall system used for generating mitigation rules. Options: iptables, nftables, ufw, firewalld, pf, ipfw, csf, shorewall, MikroTik, VyOS, JunOS, Cisco.
Correlation Alert ModeHow correlated multi-node attacks are alerted. Grouped: one alert for the group. Individual: separate alerts per incident.
Auto-Resolve MinutesHow long before active incidents are auto-resolved if traffic normalizes. Options: 0 (disabled), 5, 10, 15 (default), 30, 60 minutes.
Min Alert SeverityThe minimum severity level that triggers alerts. Set to "Medium" to suppress Low severity notifications. Options: Low (default), Medium, High, Critical.
Report FrequencyAutomated report delivery schedule. Options: Weekly, Monthly, Both (default), None.

IP Allowlist for Dashboard Access

The workspace Owner can restrict dashboard access to specific IP addresses or CIDR ranges. Enter one IP or CIDR per line. Both IPv4 and IPv6 are supported.

Caution: If you misconfigure the IP allowlist and lock yourself out, contact support to have it reset.

Deploy Token

Generate or revoke a deploy token for automated node provisioning via the POST /api/deploy endpoint. The token is a 64-character hex string. Only one deploy token exists per workspace. Generating a new one replaces the old one.

ISP Abuse Auto-Notification

When enabled, Flowtriq can automatically send abuse reports to upstream ISPs for attacks that meet minimum severity, PPS, and BPS thresholds.

Service Port Defaults

Set workspace-wide defaults for service port detection. These settings are applied to new nodes when they are created. See the Service Port Detection guide for details.

Security Tab

Authentication and security settings.

SettingDescription
Change PasswordUpdate your password. Requires your current password and a new password of at least 8 characters. Passwords are hashed with bcrypt (cost=12).
Login AlertsWhen enabled, you receive an email notification each time someone logs into your account. Useful for detecting unauthorized access.

API Tab

Manage API tokens for programmatic access. Requires the Admin role.

Generating an API Token

  1. Go to Settings → API.
  2. Enter a Token Name (e.g., "CI/CD Pipeline" or "Monitoring Script").
  3. Click Generate Token.
  4. The token is displayed once. Copy it immediately. It starts with ft_ followed by 64 hex characters.
Important: API tokens are shown only once at creation time. The dashboard stores only a SHA-256 hash and a prefix for identification. If you lose the token, revoke it and generate a new one.

Revoking a Token

Click Revoke next to any active token. Revoked tokens are immediately invalidated and cannot be used for authentication.

Token Details

Each token entry shows:

  • Token name
  • Prefix (first 10 characters, e.g., ft_a3b2c1...)
  • Created timestamp
  • Last used timestamp (updated on each API call)

Account Tab

Account-level settings and dangerous operations.

Change Email

Update your login email address. Requires your current password for verification. If you are the workspace owner, the email change is synced to Stripe.

Notification Preferences

SettingDescription
Email DigestHow email notifications are batched. Options: Instant (every event), Hourly, Daily.
Mute Low SeveritySuppress notifications for Low severity incidents.
Mute Medium SeveritySuppress notifications for Medium severity incidents.
Mute Attack UpdatesSuppress notifications for attack status updates (peak changes, etc.).
Quiet HoursSet a start and end time (HH:MM) during which notifications are suppressed.

Export Data

Download a JSON export of all your workspace data, including user profile, incidents, nodes, audit log (last 1,000 entries), and notification log (last 1,000 entries).

Delete Account

Permanently delete your user account. Type DELETE to confirm, then enter your password. If you are the only member of a workspace, the entire workspace and all its data are deleted. If other members exist, you are removed and they retain access.

This action is irreversible. All your data, nodes, incidents, and configurations will be permanently destroyed if you are the sole member.

Delete Workspace

Workspace owners can delete the entire workspace. This requires typing the exact workspace name and entering your password. All members are emailed a notification. All workspace data (nodes, incidents, channels, integrations, etc.) is permanently deleted.

ESC