Documentation | Flowtriq DDoS Detection API & Agent Setup
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance NEW
Docs/Threat Intelligence

Threat Intelligence & IOC Matching

Correlate attacks against threat feeds and custom indicators of compromise

Threat Feeds

Flowtriq ingests and correlates against five threat intelligence feeds, updated automatically:

FeedSourceUpdate FrequencyContent
CISA KEVUS Cybersecurity & Infrastructure Security AgencyDailyKnown exploited vulnerabilities filtered to network-facing products (Fortinet, Cisco, Palo Alto, Juniper, Citrix)
Emerging ThreatsProofpoint ETDailyCompromised IP addresses actively participating in attacks
URLhausabuse.chEvery 15 minActive malware command-and-control infrastructure
CERT.PLPolish CERTDailyNetwork-level threat indicators
Trickest CVE PoCTrickestDailyCVE proof-of-concept exploit database

IOC Patterns

In addition to the feeds, Flowtriq matches traffic against 38 built-in IOC patterns:

  • 28 CVE exploit signatures: FortiOS, PAN-OS, Cisco IOS XE, Citrix Bleed, Log4Shell, OpenSSH regreSSHion, HTTP/2 Rapid Reset, and more
  • 10 network protocol exploits: SIP, MGCP, SSLv3 POODLE, Shellshock, JNDI injection, path traversal probes

Custom IOC Patterns

Create custom patterns from Dashboard → Threat Intel → IOC Patterns. Each pattern supports:

FieldDescription
Pattern typeIP address, ASN, domain, regex signature, campaign tag
Confidence0-100 score indicating reliability of the indicator
Attack familyWhich attack type this IOC correlates with

Enrichment

When an incident is detected, Flowtriq automatically correlates source IPs against all active feeds and IOC patterns. Matches appear in the incident detail with the feed source, confidence score, and IOC metadata. This gives you immediate context about whether the attack comes from known bad infrastructure.

IP Reputation

The IP reputation system aggregates data across feeds to produce a composite risk score for any IP address. Query reputation from Dashboard → Threat Intel or via the API at GET /api/dash/reputation.php?ip=1.2.3.4.