Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode NEW
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Tools/NIS2 Incident Report

Free Tool

NIS2 Incident Report Generator

Pre-fill your Article 23 early warning (24h) and incident notification (72h) from real incident data. Generates all four required report stages with the fields your national CSIRT expects.

Incident Details

Flowtriq fills all of this automatically

Every field below is captured by Flowtriq the moment an incident is detected. Detection time, classification, peak volumes, source analysis, mitigation actions. No manual entry needed. Start free trial →

The NIS2 reporting clock starts from this moment
Comma-separated list of impacted services
nis2-incident-report
Enter your incident details and click Generate NIS2 Reports to create all four Article 23 notification stages.
Important: This tool generates a reporting template based on your inputs. It does not constitute legal advice. NIS2 obligations depend on national transposition law in each EU member state. Always verify the submission format and requirements with your national CSIRT or competent authority before filing.

The NIS2 Reporting Clock

Article 23 imposes strict reporting deadlines. The clock starts the moment you become aware of a significant incident.

24 Hours: Early Warning

Must include whether the incident is suspected to be caused by unlawful or malicious acts, and whether it could have cross-border impact. This is a rapid initial notification, not a full analysis.

72 Hours: Full Notification

Update the early warning with an initial assessment: severity, impact, indicators of compromise where available. For DDoS incidents, this means attack classification, peak volumes, affected services, and mitigation actions.

1 Month: Final Report

Detailed description of the incident including root cause analysis, mitigation measures applied, and cross-border impact if any. Must also include the type of threat or root cause that likely triggered the incident.

Automate your NIS2 incident evidence

Flowtriq captures detection timestamps, attack classification, traffic volumes, source analysis, and mitigation actions automatically. Every incident generates the evidence Article 23 requires.

Start your free trial →

Skip the manual entry. Get this automatically.

Flowtriq generates every field in this report the moment an incident is detected. Enter your email for a walkthrough of the automated NIS2 evidence workflow.

No spam. Unsubscribe any time.

NIS2 Readiness Checklist: Incident Reporting

Verify your organisation can meet Article 23 obligations before an incident occurs.

Requirement What You Need
Detection capabilityAutomated detection that creates timestamped incident records within seconds, not hours
24h early warning templatePre-drafted notification template with placeholders for incident type, malicious intent assessment, cross-border flag
72h notification dataAbility to export severity, classification, peak volumes, source analysis, affected services, and mitigation actions
CSIRT contact identifiedKnow your national CSIRT, their submission portal/email, and any required format or reference number scheme
Internal reporting contactNamed person with authority and training to file NIS2 notifications on behalf of the entity
Evidence preservationPCAP captures, flow logs, audit trails, and mitigation records retained for the final report (30 days minimum)
NIS2 registrationEntity registered with national competent authority. Most enforcement actions to date have targeted registration failures, not control gaps.

Note: NIS2 covers ten categories of security measures under Article 21. DDoS detection, network monitoring, and incident handling are required controls. This tool helps with incident reporting evidence. It does not address all ten Article 21 categories. Consult your legal team for full compliance scope.

Export your results

Frequently Asked Questions

What are the NIS2 incident reporting deadlines?
NIS2 Article 23 requires covered entities to submit an early warning within 24 hours of becoming aware of a significant incident, a full incident notification within 72 hours, and a final report within one month. National CSIRTs or competent authorities may also request intermediate reports at any time.
What counts as a "significant incident" under NIS2?
An incident is significant if it has caused or is capable of causing severe operational disruption or financial loss, or if it has affected or is capable of affecting other natural or legal persons by causing considerable material or non-material damage. DDoS attacks that cause service outages typically meet this threshold.
Who do I submit NIS2 incident reports to?
Reports go to your national CSIRT or competent authority. Each EU member state designates its own. Examples include BSI (Germany), ANSSI (France), NCSC (Netherlands), and CCN-CERT (Spain). Check your national transposition law for the correct authority and submission method.

FAQ

Frequently Asked Questions

What are the NIS2 incident reporting deadlines?

NIS2 Article 23 requires covered entities to submit an early warning within 24 hours of becoming aware of a significant incident, a full incident notification within 72 hours, and a final report within one month. National CSIRTs or competent authorities may also request intermediate reports at any time.

What counts as a "significant incident" under NIS2?

An incident is significant if it has caused or is capable of causing severe operational disruption or financial loss, or if it has affected or is capable of affecting other natural or legal persons by causing considerable material or non-material damage. DDoS attacks that cause service outages typically meet this threshold.

Who do I submit NIS2 incident reports to?

Reports go to your national CSIRT or competent authority. Each EU member state designates its own. Examples include BSI (Germany), ANSSI (France), NCSC (Netherlands), and CCN-CERT (Spain). Check your national transposition law for the correct authority and submission method.