Flowtriq for Splunk
Receive DDoS incident data in Splunk via HTTP Event Collector. Pre-built dashboard with severity-colored panels, field extractions, and CIM-compliant tags for seamless integration with Splunk Enterprise Security.
Setup
Connect in three steps
Capabilities
DDoS intelligence in Splunk
Real-Time Incident Feed
Every DDoS incident detected by Flowtriq is forwarded to Splunk via HEC as it happens. No batch delays. Incidents appear in Splunk within seconds of detection.
Severity-Colored Dashboard
The pre-built dashboard uses severity-based coloring for at-a-glance triage. Critical incidents surface immediately. Panels show active attacks, historical trends, and top targeted infrastructure.
Attack Family Breakdown
Incidents are tagged by attack family: UDP floods, TCP SYN floods, DNS amplification, NTP reflection, and more. Filter and correlate by attack type across your infrastructure.
CIM Tagging
All fields map to the Splunk Common Information Model for Network Traffic and Intrusion Detection. Flowtriq data works with your existing correlation searches and Enterprise Security content out of the box.
Bring DDoS visibility into Splunk
Download the add-on from Splunkbase and start receiving incident data in minutes.
FAQ