Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
Docs
Documentation Quick Start API Reference Agent Setup Your Problems, a Comic
Learn
Free Certifications Mirai Botnet Kill Switch State of DDoS 2026 REPORT DDoS Protection Landscape Hackathon Sponsorships
Company
About Us Partners White Label Managed Protection Contact Us System Status
Legal
Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All use cases →
Elastic Integration Kibana Dashboard Elasticsearch

Flowtriq for
Elastic / Kibana

Ingest DDoS incidents into Elasticsearch with ECS-mapped fields and pre-built Kibana dashboards. Real-time attack visibility, ingest pipelines, and seamless integration with Elastic Security.

Setup

Connect in three steps

1. Create the ingest pipeline
PUT _ingest/pipeline/flowtriq-incidents { "description": "Flowtriq DDoS incident pipeline", "processors": [ { "rename": { "field": "target_ip", "target_field": "destination.ip" } }, { "rename": { "field": "peak_bps", "target_field": "network.bytes" } }, { "rename": { "field": "peak_pps", "target_field": "network.packets" } }, { "set": { "field": "event.category", "value": "intrusion_detection" } }, { "set": { "field": "event.kind", "value": "alert" } } ] }
2. Configure the webhook in Flowtriq
Dashboard > Settings > Integrations > Add Webhook URL: https://your-elastic:9200/flowtriq-incidents/_doc Headers: Authorization: ApiKey YOUR_API_KEY Format: JSON
3. Import the Kibana dashboard
Stack Management > Saved Objects > Import File: flowtriq-kibana-dashboard.ndjson

Capabilities

DDoS intelligence in Elastic

ECS Field Mapping

All Flowtriq incident fields map to Elastic Common Schema (ECS). Source IPs, destination IPs, network bytes, event categories, and threat indicators follow standard ECS naming for cross-tool compatibility.

Ingest Pipeline

A pre-built ingest pipeline transforms raw Flowtriq events into ECS-compliant documents on indexing. No Logstash required. The pipeline handles field renaming, enrichment, and geo-IP lookups.

5-Panel Kibana Dashboard

The pre-built dashboard includes panels for active incidents, attack family distribution, severity timeline, top targeted IPs, and mitigation action breakdown. Clone and customize as needed.

Webhook or Direct Export

Send incidents to Elasticsearch via webhook from the Flowtriq dashboard, or configure direct API export for high-volume environments. Both methods deliver real-time data with identical field mappings.

Bring DDoS visibility into Elastic

Set up the integration and start receiving incident data in your Kibana dashboards within minutes.

FAQ

Frequently Asked Questions

How does Flowtriq send data to Elasticsearch?

Flowtriq sends DDoS incident data to Elasticsearch via webhook or direct API export. Configure your Elasticsearch endpoint in the Flowtriq dashboard, and incidents are indexed in real time as structured JSON documents with ECS-mapped fields.

What fields are mapped to ECS?

The integration maps Flowtriq fields to Elastic Common Schema (ECS). This includes event.category, event.kind, source.ip, destination.ip, network.bytes, network.packets, threat.indicator.type, and rule.name. All fields follow ECS naming conventions.

Can I customize the Kibana dashboard?

Yes. The pre-built dashboard is a standard Kibana saved object that you can clone and modify. It includes 5 panels: active incidents, attack family distribution, severity timeline, top targeted IPs, and mitigation action breakdown.

Does it work with Elastic Security?

Yes. Because all fields follow ECS conventions, Flowtriq data integrates with Elastic Security detection rules, correlation engines, and the SIEM app. You can create custom detection rules that trigger on Flowtriq incident data.