Live Detection & Mitigation
Detect. Mitigate.
Stay online.
Flowtriq detects attacks in under a second, tells you exactly what they are, and stops them automatically. Cloud scrubbing, BGP mitigation, Layer 7 detection, PCAP forensics, automated runbooks, multi-channel alerts. Everything from the first packet to the post-incident report, handled.
14-day free trial From $7.99 / node / month No credit card required
09:41:02●Agent started on eth0 · threshold 10,000 PPS
09:41:03↑Remote config: 290+ IOC patterns loaded
09:41:03●L7: tailing /var/log/nginx/access.log
09:44:17◉PPS=1,204 BPS=42Mbps NORMAL
09:44:18◉PPS=8,409 BPS=290Mbps ELEVATED
09:44:19⚠PPS=211M BPS=847Gbps ATTACK DETECTED
09:44:19→Incident opened · UUID: a3f7c2b1
09:44:19→PCAP capture started · IOC: UDP Flood
09:44:20⛨FlowSpec rule deployed · rate-limit UDP/53
09:44:20→Alert fired · Discord · Slack · PagerDuty
09:48:02✓Attack mitigated · 3m43s · PCAP uploaded
09:48:02_
211MPeak PPS
847GbpsPeak BPS
< 1sDetect Time
◆SYN Flood detected·nyc-edge-01·211M PPS
◆IOC match·mirai-variant·confidence 94%
◆Attack resolved·lon-cdn-02·3m 41s duration
◆DNS Amplification·fra-core-01·Peak 220Gbps
◆PCAP captured·tok-edge-01·10,000 packets
◆Botnet detected·syd-relay-03·3,241 source IPs
◆Baseline updated·ams-proxy-02·p99 = 2,100 PPS
◆HTTP Flood·sfo-api-01·92,000 req/s
◆Alert sent·all nodes·Discord · Slack · PD
◆FlowSpec deployed·fra-core-01·rate-limit UDP/53
◆Cloud scrub active·lon-cdn-02·Cloudflare Magic Transit
◆SYN Flood detected·nyc-edge-01·211M PPS
◆IOC match·mirai-variant·confidence 94%
◆Attack resolved·lon-cdn-02·3m 41s duration
◆DNS Amplification·fra-core-01·Peak 220Gbps
◆PCAP captured·tok-edge-01·10,000 packets
◆Botnet detected·syd-relay-03·3,241 source IPs
◆Baseline updated·ams-proxy-02·p99 = 2,100 PPS
◆HTTP Flood·sfo-api-01·92,000 req/s
◆Alert sent·all nodes·Discord · Slack · PD
◆FlowSpec deployed·fra-core-01·rate-limit UDP/53
◆Cloud scrub active·lon-cdn-02·Cloudflare Magic Transit
Real-Time Response
Attack detected and mitigated in under a second
DETECTED 211M PPS · UDP Flood
MITIGATED FlowSpec deployed · 0.71s
How It Works
Up and running in four steps
From install to first mitigation in under five minutes. No manual threshold tuning needed.
01 / INSTALL
Deploy the Agent
Two commands. The FTAgent installs on any Linux server, reads packets directly from the NIC, and connects to your Flowtriq workspace.
pip install ftagent
sudo ftagent --setup
02 / DETECT
Detect & Classify
Flowtriq learns your baseline, then detects and classifies attacks (UDP flood, SYN flood, DNS amp, HTTP flood) with confidence scoring and IOC matching.
03 / MITIGATE
Auto-Mitigate
BGP FlowSpec rate-limits, RTBH blackholes, and cloud scrubbing deploy automatically based on escalation policies you define. No manual intervention.
04 / COMMUNICATE
Alert & Communicate
Your team gets alerts on Slack, Discord, or PagerDuty in under a second. Your customers see live status on a branded page. By the time anyone checks, you're already handling it.
Proven in Production
Real attacks. Real infrastructure. Real results.
Features
Built for infrastructure teams
who run real servers.
Purpose-built for NOC teams, hosting providers, game server operators, and infrastructure engineers who need detection, mitigation, and clarity during an attack, not noise.
Sub-Second Detection
L3/L4 volumetric floods caught in under a second via kernel-level PPS sampling. L7 application-layer attacks detected in real-time from access logs. No polling intervals.
Auto-Mitigation
BGP FlowSpec rate-limits, RTBH blackholes, and cloud scrubbing deploy automatically via escalation policies you define.
Attack Classification
Automatically identifies UDP floods, SYN floods, HTTP floods, ICMP floods, DNS amplification, and multi-vector attacks.
Full Packet Capture
PCAP files include pre-attack traffic so you can see the ramp-up. Stream captures to the dashboard during active attacks.
30+ Firewall Rule Types
iptables, nftables, ipset, ufw, firewalld, XDP/eBPF, nginx, apache, fail2ban, and more. Rules generated for 12 firewall platforms including Cisco, Juniper, and MikroTik.
Multi-Channel Alerts
Route alerts to Discord, Slack, PagerDuty, OpsGenie, SMS, email, or webhooks. Digest modes, quiet hours, and per-severity routing.
ISP Abuse Auto-Notify
Automatically send RFC-compliant abuse reports to source network operators when attacks resolve. RDAP contact lookup, rate-limited, fully auditable.
SIEM Integrations
Push incidents to Splunk, Elasticsearch, Microsoft Sentinel, Wazuh, MISP, or any CEF-compatible SIEM. All 6 integrations included.
Cloud Scrubbing
Trigger Cloudflare, OVH, Hetzner, Path.net, Voxility, G-Core, and 8 more providers automatically when attacks escalate.
IDS/IPS Feeds
Live Suricata, Snort, and Zeek threat intelligence feeds generated from cross-network attacker data. Pull via API on any schedule.
Audit + Compliance
Hash-chained audit log, 2FA, IP allowlist, GDPR data export, PDF incident reports, and scheduled weekly/monthly summaries.
Public Status Pages
Customers see real-time server health on a branded page. Incidents auto-publish and auto-resolve. Support tickets drop.
Automated Runbooks
Define response playbooks that execute automatically when specific attack types or thresholds trigger. Chain mitigation actions, notifications, and escalations without manual intervention.
Maintenance Windows
Schedule planned maintenance periods where detection sensitivity adjusts automatically. Prevent false positives during upgrades, migrations, and planned downtime.
Baseline Learning
Flowtriq learns your normal traffic patterns automatically. No manual thresholds to configure. Anomalies are detected by deviation from your actual baseline, not static rules.
Why Flowtriq
Detect before the damage lands
Most DDoS tools sit at one end of the stack. Cloud scrubbers absorb floods. Hardware appliances filter at the edge. Nothing in between does both detection and mitigation cleanly — until Flowtriq.
NetFlow / sFlow polling
Routers export sampled flow data every 1-5 minutes. Your collector aggregates, correlates, and fires an alert. By then, upstream links are saturated and customers are calling.
✗ 1-5 minute detection lag
✗ Sampled — misses short bursts
✗ No built-in mitigation
✗ Separate tools for alert + response
Flowtriq real-time
A lightweight agent on each node reads kernel-level traffic stats every second. Detection, classification, mitigation, and alerting all happen before a NetFlow interval even starts.
✓ Under 1 second from attack to mitigation
✓ Every packet — no sampling
✓ BGP FlowSpec + RTBH + cloud scrubbing built in
✓ Detection and mitigation in one platform
✓ Auto-reports abuse to source networks after mitigation
278,202
Threat intel indicators
7
Attack families classified
100%
Packet-level visibility
Coming soon: Flowtriq Shield Managed scrubbing that detects, routes, scrubs, and returns clean traffic. No BGP expertise required. Join the waitlist →
Autonomous Operation
Configure once. It handles the rest.
Set your escalation policy and runbooks during business hours. When an attack hits at 3 AM, Flowtriq detects it, deploys firewall rules, escalates to BGP FlowSpec or cloud scrubbing if needed, updates your status page, and alerts your team. By the time you check Slack, the incident is already resolving.
Automated Runbooks
Chain firewall rules, scrubbing activation, team alerts, and status page updates into playbooks that execute without you.
4-Level Auto-Escalation
Local firewall rules at 100 Mbps, FlowSpec at 500 Mbps, RTBH at 2 Gbps, cloud scrubbing at 5 Gbps. Each level fires automatically.
Self-Updating Status Pages
Customers see live server health at your branded URL. Incidents auto-publish, maintenance windows auto-announce. Zero manual updates.
Inside the Dashboard
See it before you sign up
CRITICALINC-4821
UDP Flood
Confidence 94% · Mirai variant · 2,847 source IPs
211MPeak PPS
847GPeak BPS
0.71sResponse
Auto-mitigating · FlowSpec deployed
ONLINEnyc-edge-01
4,218PPS
148MBPS
99.98%Uptime
New York · eth0 · Agent v2.4.1
#incidents
DDoS Attack Detected
UDP Flood on nyc-edge-01 (203.0.113.5)
Peak211M PPS
FamilyUDP Flood
StatusMitigating
ActionFlowSpec
Today at 09:44 AM
Integrations
Makes your stack attack-aware
Flowtriq pushes the classified attack, confidence score, peak PPS/BPS, affected node, and mitigation taken to the tools your team already uses. Alerts fire within one second of detection.
Cloudflare
Scrubbing + WAF
BGP / ExaBGP
FlowSpec & RTBH
PagerDuty
On-Call Escalation
OpsGenie
Alert Management
Prometheus
Metrics Scraping
Webhooks
Custom Automation
Works With Your Stack
Native integrations for firewalls, panels, and platforms
Deploy on your infrastructure the way it already runs. No middleware, no proxying.
The Ecosystem
Programs, tools, and resources
Flowtriq is more than a detection platform. Free tools, certifications, managed services, partner programs, and open-source projects for the network security community.
Managed Protection
Let our analysts watch your network
24/7 monitoring, active incident response, custom runbooks. Three tiers from $499/mo. No long-term contracts.
See plans →Free Tools
37 network security tools, no account needed
Risk calculators, PCAP analyzer, BGP FlowSpec builder, iptables generator, attack map, IP threat lookup, and more.
Browse tools →Free Certifications
Prove your DDoS expertise
Four certification tracks from foundations to incident commander. Verifiable credentials, LinkedIn badges, and a consultant directory listing.
Get certified →White Label
Run Flowtriq under your own brand
Custom domain, full visual rebrand, branded login page, API tokens, and multi-tenant architecture for MSPs and hosting providers.
Learn more →Consultant Program
Earn 30% recurring commission for life
Help hosting and ISP clients protect their infrastructure. Affiliate dashboard, directory listing, co-marketing, and certified credential.
Start earning →Open Source
ftagent-lite and NetHawk, MIT licensed
Standalone DDoS monitor and Go-based traffic analyzer. Free forever, no account needed. Use in labs, coursework, or production.
View on GitHub →Managed SOC
Who monitors your network at 3 AM?
A junior SOC analyst costs $60K+ per year. Our Respond plan is $17,988/year with 24/7 coverage, incident response, and threshold tuning included.
Watch
$499/mo
Business-hours coverage for teams that want a second set of eyes on their traffic.
- Mon-Fri, 8 AM - 8 PM ET
- Alert review and triage
- Monthly threshold optimization
- Email incident summaries
Respond
$1,499/mo
Round-the-clock on-call analysts who actively respond when attacks hit.
- 24/7 on-call coverage
- 15-minute response SLA
- Active incident response
- Threshold tuning and escalation
- Slack or Teams war room
Dedicated
$3,999/mo
A named analyst who knows your infrastructure as well as you do.
- Named analyst assigned to you
- 5-minute response SLA
- Custom runbooks and playbooks
- Quarterly architecture reviews
- Direct phone escalation
Pricing
Simple, honest pricing
Per-node or per-flow-source pricing. No traffic-volume surcharges, no per-alert fees, no seat limits.
Per Node
$7.99/node/mo
billed annually · $9.99 monthly
Install our lightweight agent on each server. Kernel-level detection, zero sampling. Includes built-in flow adapter for that node's traffic.
- Sub-second DDoS detection
- Automated mitigation (iptables, nftables, XDP/eBPF, cloud APIs)
- BGP FlowSpec + RTBH + cloud scrubbing
- PCAP capture + AI forensics
- NOC alerts in seconds
- Full dashboard + REST API
- Unlimited incidents, users, support
Per Flow Source
from $19/source/mo
Send sFlow, NetFlow, or IPFIX from your routers. Pay per source, not per gigabit. Volume discounts from $39 down to $15/source (annual).
- sFlow v5, NetFlow v5/v9, IPFIX
- Unlimited destination IPs
- All features included
- Same dashboard, alerting, API
- Volume pricing (20+ sources = $19/ea)
- Works standalone or alongside agents
Enterprise
Custom
Volume discounts, dedicated support, extended retention, SSO, and SLA guarantees.
- Everything in Per Node + Flow Source
- Volume pricing (50+ nodes)
- 365-day PCAP + audit retention
- Dedicated Slack + named CSM
- SSO / SAML
- 99.9% uptime SLA
Managed Protection
Don't have a NOC? We'll be yours.
24/7 analyst monitoring, active incident response, custom runbooks. Three tiers from $499/mo. Costs less than a single junior SOC hire.
5-min response (Dedicated) Named analyst No long-term contracts
FAQ
Frequently asked questions
What is Flowtriq?
Flowtriq is a real-time DDoS detection and auto-mitigation platform. It installs as a lightweight agent on your Linux servers, monitors every packet, classifies attack types (SYN flood, UDP amplification, DNS reflection, etc.), and can automatically deploy BGP FlowSpec rules, RTBH, or trigger cloud scrubbing, all within one second of detection.
How does Flowtriq detect DDoS attacks?
Flowtriq monitors network traffic in real time using per-packet inspection. It learns your normal traffic baseline, then detects anomalies like sudden spikes in packets-per-second, unusual protocol distributions, or known attack signatures. It classifies attacks into specific types and alerts your team within one second.
How much does Flowtriq cost?
$7.99 per node per month billed annually, or $9.99 billed monthly. Flow source pricing from $15/source/mo (annual) for router-level sFlow/NetFlow/IPFIX ingestion. No per-seat charges, no traffic-volume surcharges, no per-alert fees. Every plan includes all features. Enterprise and volume pricing available. 14-day free trial, no credit card required.
What alert channels does Flowtriq support?
Discord, Slack, email, SMS, PagerDuty, OpsGenie, and custom webhooks. Alerts fire within one second of detection and include attack type, severity, packets-per-second, and affected node details.
Does Flowtriq offer auto-mitigation?
Yes. Flowtriq can automatically deploy BGP FlowSpec rules, RTBH routing, or trigger cloud scrubbing when an attack is detected. You can configure mitigation rules with thresholds, cooldowns, and specific attack type triggers from the dashboard.
How long does it take to set up?
Under two minutes. Run pip install ftagent, then sudo ftagent --setup with your API key. The agent immediately begins monitoring traffic. You'll see data in your dashboard within seconds of installation.
What is PCAP capture?
When Flowtriq detects an attack, it automatically captures raw packet data (PCAP) for forensic analysis. Download captures from the dashboard, filter by protocol and time range, and use them with tools like Wireshark. Retention is 7 days on standard plans, up to 365 days on enterprise.
Can I monitor multiple servers?
Yes. Install the agent on as many servers as you need and manage them all from one dashboard. Each node is billed independently. You can organize servers into separate workspaces for different teams or clients.
What is the Flowtriq Protected trust badge?
A verified, embeddable badge that hosting providers display on their website, WHMCS order pages, and server listing profiles. It reflects real-time protection status and links to a public verification page where anyone can confirm the provider has active DDoS monitoring. Available to any Flowtriq user with at least one online node.