Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Docs/Agent API

Agent API Reference

These endpoints are used by the FTAgent running on your server. They authenticate with two headers:

Authorization: Bearer your-node-api-key X-Node-UUID: your-node-uuid

Base URL: https://flowtriq.com/api/v1/agent

Heartbeat

POST/v1/agent/heartbeat

Sent every 30 seconds to indicate the agent is online. Updates last_seen_at and status.

ParameterTypeDescription
agent_versionstringCurrent agent version
uptimeintegerAgent uptime in seconds
osstringOS identifier (e.g., "Ubuntu 22.04")

Submit Metrics

POST/v1/agent/metrics

Submits PPS/BPS samples. The agent sends one batch per second.

ParameterTypeDescription
pps*integerPackets per second
bps*integerBits per second
tcp_pctfloatTCP percentage (0-100)
udp_pctfloatUDP percentage (0-100)
icmp_pctfloatICMP percentage (0-100)
conn_countintegerActive connections
recorded_atstringISO 8601 timestamp

Report Incident

POST/v1/agent/incident

Opens or updates an incident when the agent detects an attack threshold crossing.

ParameterTypeDescription
attack_family*stringDetected family: udp_flood, syn_flood, http_flood, icmp_flood, dns_flood, multi_vector, unknown
severity*stringlow, medium, high, critical
peak_ppsintegerPeak packets/sec observed
peak_bpsintegerPeak bits/sec observed
protocol_breakdownobject{"tcp": 15.2, "udp": 82.1, "icmp": 2.7}
tcp_flag_breakdownobject{"SYN": 1200, "ACK": 400, "RST": 50}
geo_breakdownobject{"US": 4200, "CN": 1800, "RU": 920}
source_ip_countintegerUnique source IPs
top_src_ipsarray[{"ip": "1.2.3.4", "count": 5000}, ...]
top_dst_portsarray[{"port": 80, "count": 12000}, ...]
ioc_matchesarrayMatched IOC patterns
spoofing_detectedbooleanTTL analysis indicates spoofed sources
botnet_detectedbooleanTraffic pattern matches known botnet signatures

Upload PCAP

POST/v1/agent/pcap

Uploads a PCAP capture file for an incident. Multipart form upload, max 50 MB.

ParameterTypeDescription
incident_id*integerAssociated incident ID
file*filePCAP file (multipart upload)

Get Config

GET/v1/agent/config

Returns the node's remote config including IOC patterns, thresholds, and pending commands.

// Response 200 { "node_id": 1, "pps_threshold": 50000, "baseline": { "p99_pps": 12000, "mean_pps": 3400 }, "ioc_patterns": [...], "pending_commands": [ { "id": 5, "command": "iptables -I INPUT -s 1.2.3.4 -j DROP" } ] }