Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Docs/Use Cases

Use Cases

Flowtriq is built for anyone running infrastructure that needs to know when they're under attack. Here's how different teams use it.

Game Server Hosts

Game servers are among the most targeted infrastructure on the internet. A 30-second DDoS can empty a server and drive players to competitors. Flowtriq gives game hosts the visibility they need to respond fast.

Why game hosts need Flowtriq

  • Game traffic is spiky by nature. A new patch, tournament, or streamer event can spike PPS 10× in minutes. Static thresholds would trigger false positives constantly. Flowtriq uses dynamic baselines that learn your traffic patterns and only alert on genuine anomalies.
  • Attacks target individual game ports. Flowtriq's protocol breakdown shows exactly which port is being hit, so you can identify the affected game server instantly.
  • Players expect zero downtime. With sub-second detection and instant alerts via Discord (where most gaming communities live), your team can respond before players even notice.
  • PCAP evidence for upstream providers. When you need your ISP to null-route an attacker or apply a filter, Flowtriq's automatic PCAP captures give you the evidence they'll ask for.

Typical setup

# One agent per physical/virtual server pip install ftagent --break-system-packages sudo ftagent --setup # Monitor on the game port interface # Baseline adapts to your player count patterns

Most game hosts run one Flowtriq node per game server and use Discord alerts. The per-node pricing ($9.99/month) fits naturally into per-server cost structures.

Running multiple game servers? Generate a deploy token and deploy Flowtriq across every server with a single command. One line registers the node, installs the agent, writes the config, and starts monitoring. No manual setup per server. See the one-liner →

Hosting Providers & VPS Hosts

Whether you run bare-metal, VPS, or cloud hosting, your customers expect you to detect and communicate attacks quickly. Flowtriq gives you per-server visibility across your entire fleet.

Why hosting providers need Flowtriq

  • Fleet-wide visibility. Deploy the agent across every server and monitor PPS, BPS, and protocol mix from a single dashboard. The multi-node overview shows which servers are under attack at a glance.
  • Automated classification. When a customer asks "what kind of attack was it?", Flowtriq can tell you: UDP flood from 8,000 source IPs, 2.4 Gbps peak, likely Mirai botnet. That level of detail builds customer trust.
  • Proof for null-routes and peering disputes. PCAP captures and incident reports give you the data to justify null-routes to your upstream providers or document attacks for peering agreements.
  • Maintenance windows. Schedule maintenance windows to suppress alerts during planned migrations, reboots, or network changes.

One-liner mass deployment

Deploy the agent across your entire fleet with a single command per server. The deploy token system lets you register a node, install ftagent, write the config, enable the systemd service, and start monitoring in one shot. Add it to your provisioning pipeline (Ansible, Puppet, Terraform, cloud-init) and every new server is protected from boot.

# Deploy Flowtriq on a new server — one command, fully automated bash -c 'R=$(curl -sf https://flowtriq.com/api/deploy \ -H "Authorization: Bearer $FLOWTRIQ_DEPLOY_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"name\":\"$(hostname)\",\"ip\":\"$(curl -s ifconfig.me)\"}") \ && eval $(echo "$R" | python3 -c "import sys,json;d=json.load(sys.stdin);print(\"API_KEY=\"+d[\"api_key\"]+\" NODE_UUID=\"+d[\"node_uuid\"])") \ && pip install ftagent --break-system-packages -q \ && mkdir -p /etc/ftagent /var/lib/ftagent/pcaps \ && echo "{\"api_key\":\"$API_KEY\",\"api_base\":\"https://flowtriq.com/api/v1\",\"node_uuid\":\"$NODE_UUID\",\"interface\":\"eth0\",\"pcap_path\":\"/var/lib/ftagent/pcaps\"}" > /etc/ftagent/config.json \ && chmod 600 /etc/ftagent/config.json \ && ftagent --install-service \ && systemctl enable ftagent \ && systemctl start ftagent \ && echo "Done"'

Use workspace-level alert channels so your NOC team gets notified regardless of which server is hit. See the mass deployment guide for Ansible playbooks, cloud-init scripts, and bulk registration.

ISPs & Transit Providers

ISPs and transit providers need to identify volumetric attacks targeting their customers before the traffic saturates upstream links. Flowtriq provides per-node, per-protocol visibility at the edge.

Why ISPs use Flowtriq

  • Edge visibility. Deploy agents on edge routers, peering points, or customer-facing interfaces to detect attacks before they propagate through your network.
  • PCAP evidence for abuse reports. Automatically capture packet samples during incidents. Use them to file abuse reports, coordinate with upstream providers, or document attacks for SLA disputes.
  • Customer-facing incident reports. Generate branded incident reports showing attack type, duration, peak volume, and mitigation timeline. Share them with affected customers to demonstrate your monitoring capabilities.
  • Escalation workflows. Route alerts to your NOC via PagerDuty, OpsGenie, or Slack with escalation policies based on severity.
One-liner deployment: Roll out Flowtriq across every edge device with a deploy token. One command per server registers, installs, configures, and starts monitoring. Add it to your provisioning automation and every new device is protected from the moment it boots. See the guide →

Game Studios

Game studios running their own infrastructure (dedicated servers, matchmaking services, lobby servers) need fast detection and even faster communication. A DDoS during a live event or tournament can cost thousands in lost engagement.

Why game studios use Flowtriq

  • Per-service monitoring. Run one agent per game server, matchmaking service, or voice chat relay. See exactly which service is under attack and which players are affected.
  • Discord-native alerts. Your team is already in Discord. Flowtriq sends rich embed alerts with attack type, volume, and protocol breakdown directly to your ops channel.
  • Tournament protection. Use maintenance windows to tune sensitivity during scheduled events. Get alerted only on genuine attacks, not player traffic spikes.
  • Post-incident forensics. PCAP captures and full incident timelines give you the data to understand what happened, report to your community, and work with your ISP on filtering.
Mass deployment: Spin up 50 game servers? One deploy token and a single command per server registers, installs the agent, and starts monitoring automatically. Add it to your server spin-up script and every new instance is protected. See the one-liner →

Managed Service Providers (MSPs)

MSPs managing infrastructure for multiple clients need isolation, delegation, and consolidated billing. Flowtriq's workspace architecture is built for exactly this.

Multi-tenant workspace model

Create a separate workspace for each client. Each workspace has its own nodes, incidents, alert channels, and team members - completely isolated from other workspaces.

# Your account structure MSP Account ([email protected]) ├── ClientA Workspace # 5 nodes, their Discord alerts │ ├── web-prod-1 │ ├── web-prod-2 │ └── ... ├── ClientB Workspace # 12 nodes, PagerDuty escalation │ ├── game-eu-1 │ └── ... └── ClientC Workspace # 3 nodes, email alerts └── ...

How workspaces work for MSPs

  • Client isolation. Each workspace is fully isolated. Client A cannot see Client B's data, nodes, incidents, or settings. You switch between workspaces with one click in the dashboard.
  • Per-client alert channels. Configure different alert destinations per workspace. Client A gets Discord alerts, Client B gets PagerDuty, Client C gets email. Each client's team can be invited to their own workspace.
  • Client-facing access. Invite your clients as readonly or analyst users to their workspace. They see their own incidents and metrics without seeing your other clients or your billing.
  • API automation. Use the REST API to programmatically create workspaces, provision nodes, and pull incident data into your own MSP portal or ticketing system. For bulk node provisioning, use a deploy token to register nodes with a single API call per server.

Automated node provisioning

Use a deploy token to automate node provisioning for each client workspace. Generate a token in Settings → Workspace, then run a single command on each client server:

# One-liner: register node + install agent + configure + start bash -c 'R=$(curl -sf https://flowtriq.com/api/deploy \ -H "Authorization: Bearer $DEPLOY_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"name\":\"$(hostname)\",\"ip\":\"$(curl -s ifconfig.me)\"}") \ && eval $(echo "$R" | python3 -c "import sys,json;d=json.load(sys.stdin);print(\"API_KEY=\"+d[\"api_key\"]+\" NODE_UUID=\"+d[\"node_uuid\"])") \ && pip install ftagent --break-system-packages -q \ && mkdir -p /etc/ftagent /var/lib/ftagent/pcaps \ && echo "{\"api_key\":\"$API_KEY\",\"api_base\":\"https://flowtriq.com/api/v1\",\"node_uuid\":\"$NODE_UUID\",\"interface\":\"eth0\",\"pcap_path\":\"/var/lib/ftagent/pcaps\"}" > /etc/ftagent/config.json \ && chmod 600 /etc/ftagent/config.json \ && ftagent --install-service \ && systemctl enable ftagent \ && systemctl start ftagent \ && echo "Done"'

Each workspace has its own deploy token, so you can provision nodes for Client A and Client B independently. Add this command to your Ansible playbooks, Terraform scripts, or cloud-init templates to auto-protect every server at provisioning time.

Consolidated billing

All nodes across all workspaces bill to your single account. Your clients never see Flowtriq billing - you bundle it into your MSP service pricing however you want.

  • One invoice, all workspaces. Whether you have 3 workspaces or 30, all nodes are billed to your account at $9.99/node/month ($7.99/year). There are no per-workspace fees and no per-seat fees.
  • Volume discounts. Enterprise plans are available for MSPs with 50+ nodes. Contact us for custom pricing.
  • Client reporting. Use the API to pull per-workspace metrics, incident counts, and uptime data to generate client-facing reports or include DDoS monitoring line items in your invoices.
One-liner mass deployment: Each workspace gets its own deploy token. Run a single command on any client server to register the node, install ftagent, write the config, enable the systemd service, and start monitoring. Perfect for onboarding new clients with dozens of servers. See the guide →
MSP tip: Combine workspaces with the referral program - if clients sign up for their own Flowtriq accounts through your referral link, you earn 15% commission on their payments.