Incident Correlation | Multi-Node Attack Grouping | Flowtriq
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages IP Safelist Correlation Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services

Feature

Incident Correlation

When the same attack hits multiple nodes, Flowtriq automatically groups related incidents together. See the full blast radius, respond once, and track the campaign as a single event.

Auto
correlation engine
5 min
correlation window
Unified
group visibility

How It Works

When a new incident is detected, Flowtriq checks if any other active incidents in your workspace share the same attack family and occurred within the last 5 minutes. If a match is found, both incidents are grouped into an incident group with a unified title showing all affected nodes.

Automatic Grouping

No manual tagging required. When a UDP flood hits Node A and the same attack type appears on Node B within 5 minutes, they are automatically linked into a multi-node group.

Unified Dashboard View

Incident groups appear above your incidents list with expandable member details. See all affected nodes, combined peak PPS, and group status at a glance.

Auto-Resolve

When all member incidents in a group are resolved, the group automatically closes. No manual cleanup required.

Cross-Reference

Each incident detail page shows a banner linking to its group and all sibling incidents. Jump between related attacks instantly.

Why It Matters

Multi-node attacks are increasingly common. Attackers target entire infrastructure, not just individual servers. Without correlation, your team investigates each incident separately, missing the bigger picture.

With incident correlation, you see the full campaign: which nodes were hit, in what order, and with what combined volume. This enables faster escalation decisions and more accurate impact assessment for post-incident reports.

Related Features

Multi-Channel Alerts

Correlated incidents fire alerts once per group, reducing noise during multi-node campaigns.

Automated Runbooks

Trigger multi-step playbooks based on correlated group severity and blast radius.

Real-Time Analytics

Aggregate traffic analytics across all nodes in a correlated group for unified impact assessment.

See the Full Picture

Detect multi-node campaigns automatically. Start your free trial and deploy across your infrastructure.

Start Your Free Trial