Can Flowtriq generate reports for individual downstream customers?

Yes. Per-downstream-customer reporting lets each end customer see attacks that targeted their specific traffic, without seeing data from other customers on the same infrastructure. This is designed for hosting providers, ISPs, and MSPs who resell DDoS protection and need to provide individual reporting to each customer.

What report formats does Flowtriq support?

Flowtriq generates incident reports in PDF, HTML, and JSON formats. AI-generated summaries provide plain-language explanations alongside technical data. Scheduled monthly digests aggregate attack history for executive reporting. Shared public incident reports can be accessed via token link without requiring a Flowtriq account.

How does DDoS reporting become a competitive advantage?

Hosting providers and ISPs can use DDoS reporting to differentiate their offerings. A "DDoS-protected" hosting plan with per-customer reports, trust badges, and incident transparency commands a premium over commodity hosting. Customers who can see that attacks are being detected and mitigated are less likely to churn after an incident.

DDoS Reporting

Your customers deserve to know what hit them

Q: Why do ISPs and hosting providers need customer-facing DDoS reports?

When customers experience downtime from a DDoS attack, they want to know what happened, how large it was, what was done about it, and whether it is likely to recur. Without customer-facing reports, your support team spends hours manually compiling data for each inquiry. Automated per-customer reports reduce ticket volume, build trust, and let you sell DDoS protection as a differentiated service.

Q: What is a DDoS trust badge?

A DDoS trust badge is an embeddable SVG that your customers can place on their website to show that their infrastructure is actively protected. Flowtriq trust badges include real-time verification, so visitors can click the badge to confirm protection status. This is similar to SSL badges but for DDoS protection.

You detect and mitigate attacks on behalf of your customers, but they never see the evidence. When they ask "what happened?" you have nothing to hand them.

Start Free Trial → ← All Problems

"More granular reporting, down to our customer level, would be helpful." Product Manager, MSx Security Services, PeerSpot

"They should improve the reporting section and make it a little bit more detailed." Network Operations Lead, Gartner Peer Insights

"Limitation on reporting front." Infrastructure Manager, G2

"Could improve out-of-the-box reporting." Security Engineer, PeerSpot

A customer asked what happened during the attack. I opened a spreadsheet. We have 400 customers.

See the full comic

The gap

Internal monitoring is not customer communication

Most DDoS tools were built for NOC engineers, not for customer-facing teams. The gap between what your operations team sees and what your customers receive is where trust breaks down.

The ticket storm

An attack hits. Customers see degraded performance or outages. Twenty tickets come in within ten minutes, all asking the same question: "What is going on?" Your support team scrambles to pull data from internal dashboards, manually compile it, and respond to each ticket individually. This takes hours.

The silence after

The attack ends. Your team resolves the tickets with "the issue has been resolved." No details on what happened, how large it was, or what was done. Customers are left wondering if it will happen again and whether you actually have protection in place. Some start looking at competitors.

The invisible protection

You invest in DDoS protection, absorb attacks successfully, and your customers never know. They have no visibility into the attacks you stopped. The protection you provide is invisible, which means it does not factor into retention or justify premium pricing.

The manual report

When a large customer demands a post-incident report, someone on your team spends two hours pulling screenshots, exporting logs, and writing a summary in a Word document. This is not scalable, and the quality varies depending on who writes it and how busy they are.

The multi-tenant problem

Your infrastructure serves hundreds of customers. An attack targets one customer's IP range but your detection tool sees it as aggregate traffic on a shared server. You cannot tell Customer A what happened to their traffic without exposing data about Customer B, C, and D.

The monthly question

Enterprise customers expect monthly security summaries. How many attacks were detected? What types? What was the largest? What is the trend? Manually compiling this across dozens of customers each month is a full-time job that nobody signed up for.

What good looks like

DDoS reporting that serves your customers, not just your NOC

Per-incident forensic reports

Every detected attack automatically generates a full incident report. Attack type, duration, peak volume, source analysis, mitigation actions taken. Available in PDF for executive distribution, HTML for web viewing, and JSON for integration with your own tools. No manual compilation required.

Shared public incident pages

Generate a token link for any incident report. Share it with a customer, paste it in a support ticket, or include it in a status page update. The recipient sees the full incident details without needing a Flowtriq account. You control which incidents get shared and which stay internal.

AI-generated incident summaries

Technical incident data is valuable, but not everyone reads packet size histograms. AI-generated summaries translate forensic data into plain-language explanations that your support team can paste directly into customer responses. "A 4.2 Gbps UDP amplification attack lasting 7 minutes was detected and mitigated within 2 seconds of onset. Source traffic originated primarily from spoofed addresses across 14 ASNs."

Scheduled monthly digests

Automated monthly reports summarizing all detected attacks, mitigation actions, and traffic trends. Send these to your customers proactively so they see the value of your protection even during quiet months. No manual effort, no missed deadlines.

Trust badges

An embeddable SVG badge that your customers can place on their website. It shows that their infrastructure is actively monitored and protected. Visitors can click the badge for real-time verification. Think of it like an SSL seal, but for DDoS protection. It gives your customers something tangible to point to.

Per-downstream-customer reporting

Each of your end customers gets their own view of attacks targeting their traffic. Customer A sees attacks on their IP ranges. Customer B sees theirs. No data leakage between tenants. This is built for hosting providers, ISPs, and MSPs who resell protection and need to give each customer independent visibility.

The business case

Reporting turns DDoS protection into a revenue feature

Most hosting providers treat DDoS protection as a cost center. You absorb attacks, your customers barely notice, and nobody pays more for it. Reporting changes that equation.

When you can show customers a monthly digest of attacks detected and mitigated, hand them a PDF forensic report after an incident, and give them a trust badge for their website, DDoS protection becomes something they can see and value. "DDoS-protected" hosting with evidence and transparency commands a premium over commodity infrastructure.

Customers who receive proactive attack reports after an incident are less likely to churn than customers who experienced the same attack and heard nothing. Transparency builds trust, and trust drives retention. The reporting is not just a feature. It is a retention tool and a sales differentiator.

Where we're still improving

Per-downstream-customer reporting just shipped as v1. We are continuing to refine the tenant isolation, expand export formats, and add white-labeling options based on provider feedback.

Each customer gets their own report link. They stop asking me and start checking it themselves.

See the full comic

Frequently asked questions

DDoS reporting: FAQ

Why do ISPs and hosting providers need customer-facing DDoS reports?

When customers experience downtime from an attack, they want details: what happened, how large, what was done, and whether it will recur. Without automated reports, your support team spends hours manually compiling data for each inquiry. Customer-facing reports reduce ticket volume, build trust, and let you sell protection as a premium service.

What is a DDoS trust badge?

An embeddable SVG badge that your customers place on their website to show active DDoS protection. Flowtriq trust badges include real-time verification, so visitors can click the badge and confirm that protection is active. It gives customers tangible proof of the protection you provide.

Can reports be shared with customers who do not have Flowtriq accounts?

Yes. You can generate a token link for any incident report. The recipient views the full incident details in their browser without needing a Flowtriq account. You control which reports are shared and can revoke access at any time.

Does per-downstream-customer reporting isolate data between tenants?

Yes. Each downstream customer only sees attacks targeting their specific IP ranges. There is no data leakage between tenants. This is designed for multi-tenant environments where providers need to give each end customer an independent view of their traffic.

How do monthly digests work?

Flowtriq generates automated monthly summaries covering all detected attacks, mitigation actions, and traffic trends for the period. These are sent on a schedule you configure and can be directed to your customers proactively. No manual compilation, no missed deadlines. The digests cover attack counts, types, peak volumes, and response metrics.