Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
Docs
Documentation Quick Start API Reference Agent Setup Your Problems, a Comic
Learn
Free Certifications Mirai Botnet Kill Switch State of DDoS 2026 REPORT DDoS Protection Landscape Hackathon Sponsorships
Company
About Us Partners White Label Managed Protection Contact Us System Status
Legal
Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All use cases →
CrowdSec Hub Community Blocklist Threat Intel

Flowtriq + CrowdSec

Feed DDoS attacker IPs from Flowtriq into CrowdSec's community blocklist. Parse ftagent attack logs, trigger CrowdSec ban decisions, and share threat intelligence with the CrowdSec network.

Setup

Connect in three steps

1. Install the Flowtriq CrowdSec collection
sudo cscli collections install flowtriq/flowtriq
2. Configure the log parser (acquis.yaml)
filenames: - /var/log/ftagent/attacks.log labels: type: flowtriq
3. Restart CrowdSec
sudo systemctl restart crowdsec sudo cscli decisions list

CrowdSec will begin parsing ftagent attack logs and triggering ban decisions for DDoS source IPs automatically.

Capabilities

Community-powered DDoS defense

Attack Log Parsing

CrowdSec parses ftagent attack logs to extract source IPs, attack families, and severity levels. The custom parser handles all ftagent log formats and extracts structured fields for scenario evaluation.

Automatic IP Banning

When ftagent detects a DDoS attack and logs the source IPs, CrowdSec automatically triggers ban decisions. Bans are enforced by whatever CrowdSec bouncers you have installed: iptables, nginx, HAProxy, or cloud firewalls.

Community Sharing

DDoS attacker IPs detected by your Flowtriq deployment are shared with the CrowdSec community threat intelligence network. Other CrowdSec users benefit from your detections, and you benefit from theirs.

Scenario-Based Detection

The Flowtriq scenario evaluates attack severity and frequency to make intelligent ban decisions. Configure thresholds, ban durations, and decision types to match your security policy.

Add community threat intelligence to your DDoS defense

Install the CrowdSec collection and start sharing DDoS threat intelligence in minutes.

FAQ

Frequently Asked Questions

How does Flowtriq integrate with CrowdSec?

Flowtriq writes attack logs that CrowdSec parses with a custom scenario. When ftagent detects a DDoS attack and logs the source IPs, CrowdSec reads those logs, evaluates the scenario, and triggers ban decisions against the attacker IPs.

Does this share attacker IPs with the CrowdSec community?

Yes. When CrowdSec bans an IP based on Flowtriq data, that signal is shared with the CrowdSec community threat intelligence network (if you have community sharing enabled). Other CrowdSec users benefit from your DDoS attack intelligence.

What CrowdSec decisions are triggered?

The default scenario triggers a ban decision for the configured duration. You can customize the decision type (ban, captcha, throttle) and duration in the CrowdSec scenario configuration. Decisions are enforced by whatever CrowdSec bouncers you have installed.

Do I need both ftagent and CrowdSec running?

Yes. ftagent handles DDoS detection and writes attack logs. CrowdSec parses those logs and manages the blocklist decisions. They complement each other: ftagent detects volumetric attacks, CrowdSec distributes the threat intelligence to its bouncer network.