Compliance & Regulatory | Flowtriq
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance NEW
Home/ Use Cases/ Compliance

Compliance

Audit-ready from day one.

Every Flowtriq feature is built with regulatory compliance in mind. Tamper-evident audit logs, forensic PCAP capture, role-based access control, and automated incident documentation give your compliance team the evidence trail they need — without additional tools or manual work.

SOC 2
Type II Ready
PCI-DSS
Sections 6.5 & 11.4
HIPAA
Security Rule Aligned

Framework Mapping

How Flowtriq maps to your compliance framework

RequirementFrameworkFlowtriq Feature
Audit trail for security events SOC 2 CC6.1 CC7.2 Tamper-Evident Audit Log
Incident response documentation SOC 2 CC7.3 PCI-DSS 12.10 Automatic incident reports with PCAP
Network monitoring PCI-DSS 11.4 1-second PPS monitoring + flow ingestion
Access control logging SOC 2 CC6.1 HIPAA 164.312(b) Login, API key, PCAP access audit trail
Encryption in transit PCI-DSS 4.1 HIPAA 164.312(e) TLS 1.3 for all agent-dashboard comms
Change management SOC 2 CC8.1 ISO 27001 A.12.1.2 Node config, threshold, integration changes logged
Vulnerability management PCI-DSS 6.5 Threat intelligence feeds, IOC matching
Business continuity SOC 2 CC9.1 ISO 27001 A.17 Auto-mitigation, escalation policies, runbooks

Compliance Features

Built for auditors, not just engineers

Every compliance-relevant feature in Flowtriq is designed to produce auditor-ready evidence automatically. No manual log gathering, no spreadsheet exports, no scrambling before an audit. The evidence trail builds itself as you operate.

Tamper-evident audit trail

SHA-256 hash-chained log where each entry references the previous hash. Any modification, deletion, or insertion breaks the chain and is immediately detectable.

Role-based access control

Readonly, analyst, admin, and owner hierarchy. Each role scoped to specific actions with full audit trail.

IP allowlist for dashboard access

Restrict dashboard and API access to approved IP ranges. Blocked attempts logged with source IP.

PCAP evidence chain

Full chain of custody: capture trigger, file hash, upload timestamp, every download with actor and IP.

Automated incident reports

PDF and HTML reports generated automatically with timeline, peak metrics, PCAP references, and resolution steps.

Data retention controls

Configurable retention periods by plan (90 days standard, 365 enterprise). S3 export for indefinite archival.

Evidence Output

Compliance reports, generated automatically.

When an incident occurs, Flowtriq automatically assembles the evidence auditors need: timeline, metrics, PCAP references, actor history, and resolution documentation. Export as PDF for your compliance team or share directly with auditors.

flowtriq · compliance report
INCIDENT REPORT   #INC-2026-0342

Node: nyc-edge-01
Detected: 2026-03-09 09:44:19 UTC
Resolved: 2026-03-09 09:48:03 UTC
Duration: 3m 44s
Peak PPS: 2.4M (baseline: 180K)

Evidence chain:
Audit log entries (7)
PCAP capture (sha256: a3f7c2...)
Mitigation actions (2)
Notification log (Slack, PagerDuty)

[Export PDF] [Export HTML] [Share with auditor]

Industries

Compliance by industry

Fintech & Financial Services

PCI-DSS 11.4 network monitoring out of the box. SOC 2 audit trail for every security event. Incident forensics with PCAP evidence for regulators and internal review.

Healthcare

HIPAA Security Rule alignment with access logging, encryption in transit, and audit controls. Protect PHI-adjacent infrastructure during DDoS events with automated mitigation.

E-commerce

PCI compliance for payment infrastructure with continuous network monitoring. Automated incident response documentation reduces audit prep from weeks to minutes.

FAQ

Common questions about compliance

Can Flowtriq generate compliance reports for auditors?

Yes. Flowtriq automatically generates incident reports with full timeline, peak metrics, mitigation actions, and PCAP references. Reports are available in PDF and HTML format, ready to share directly with auditors or attach to your compliance documentation.

Does Flowtriq support SOC 2 Type II requirements?

Yes. The tamper-evident audit log, role-based access controls, and change management logging directly support SOC 2 Type II criteria including CC6.1 (access control), CC7.2 (security monitoring), CC7.3 (incident response), CC8.1 (change management), and CC9.1 (business continuity).

How does Flowtriq handle data retention for compliance?

Audit log and incident data are retained for 90 days on the standard plan and up to 365 days on the enterprise plan. Automatic nightly export to S3-compatible storage allows indefinite retention under your own data governance policy. Retention periods are configurable per workspace.

How is audit log integrity guaranteed?

Every audit log entry is hash-chained to the previous entry using SHA-256. Each entry's hash is computed from its contents plus the hash of the preceding entry, forming a cryptographic chain. If any entry is modified, deleted, or inserted out of order, the chain breaks and the tampering is immediately detectable. There is no API endpoint or dashboard action that modifies log entries. Chain integrity can be verified at any time from the dashboard.

Get Started

Compliance-ready network security, from day one.

Audit log, PCAP forensics, and access controls included in every plan. Free 7-day trial, no credit card required.

Start Free Trial → All Features