Alerts
Alerts where your
team actually lives.
Twelve notification channels fire within one second of detection. Rich embeds on Discord and Slack. Microsoft Teams and Telegram for modern teams. Grafana, DataDog, and Prometheus Alertmanager for observability stacks. PagerDuty incidents with automatic duplicate prevention. Cryptographically signed webhooks for custom integrations. Escalation policies with per-severity routing.
Channels
Every channel your team uses
Discord
Rich embeds with attack type, peak PPS/BPS, PCAP link, and severity-colored formatting.
Slack
Block Kit messages with structured incident fields and severity formatting for your NOC channel.
PagerDuty
Incidents created automatically. Duplicate prevention ensures ongoing attacks create only one page.
OpsGenie
Alert creation with team routing, tags, and priority mapped from Flowtriq severity.
Delivery via your own email server or Flowtriq's. HTML and plain-text incidents. Per-address severity filtering.
SMS
SMS delivery via Textbelt or your own Twilio account. Critical alerts only, with severity threshold control.
Webhooks
JSON POST to any HTTPS endpoint. Cryptographically signed for verification. Full incident payload with severity and classification.
Microsoft Teams
Adaptive card messages posted to any Teams channel via incoming webhook. Severity-colored headers and structured incident fields.
Telegram
Instant alerts to any Telegram chat or group via bot. Supports private and group chats with full incident detail.
Grafana
Push incidents as Grafana annotations or Grafana Alerting webhook events. Overlay attack windows directly on your dashboards.
DataDog
Create DataDog events and timeline markers for every incident. Correlate DDoS attacks with your existing APM and infrastructure metrics.
Prometheus Alertmanager
Fire alerts directly into your Prometheus Alertmanager pipeline. Routes through your existing silences, inhibitions, and receivers.
Rich Notifications
Every alert tells the full story
Discord and Slack alerts use rich embed formatting with color-coded severity (red for critical, yellow for medium), structured fields for peak packets, peak bandwidth, attack family, threat match, and a direct link to the incident PCAP.
PagerDuty incidents are created with a stable identifier per incident, so a single ongoing attack creates exactly one PagerDuty incident, no matter how many times the threshold is crossed and cleared.
Webhook payloads are cryptographically signed using a secret you configure. The signature is in the X-Flowtriq-Signature header, allowing your endpoint to verify authenticity before processing.
Escalation Policies
Route by severity. Escalate by silence.
Define escalation policies to route critical attacks to your on-call engineer and low-severity alerts to a review channel. Set per-step delays so a second notification fires if the first isn't acknowledged.
Step 1: Immediate
Discord #incidents + Slack #noc-alerts
Step 2: If unacknowledged
PagerDuty incident + SMS to on-call engineer
Step 3: Escalate
SMS to engineering manager + email to CTO
✓ Slack #noc-alerts +0.11s
✓ Teams #ops-alerts +0.14s
✓ Telegram @noc_bot +0.16s
✓ PagerDuty PD-38421 +0.41s
✓ Webhook api.company.com +0.19s
SMS suppressed · severity < critical
_
FAQ
Common questions about alerts
Can I configure different channels for different severity levels?
Yes. Each alert channel has a minimum severity threshold (low, medium, high, critical). You can configure Discord to receive all severities for visibility, while SMS only fires on critical attacks. Escalation policies allow per-step severity filtering as well.
Do I get an alert when an attack resolves?
Yes. Resolution alerts are sent to the same channels as the detection alert by default. Resolution messages include attack duration, peak PPS/BPS, and a link to the PCAP. You can disable resolution alerts per-channel in your notification settings.
How do I verify webhook authenticity?
Every webhook POST includes an X-Flowtriq-Signature header containing a cryptographic signature. Verify this on your endpoint using your configured secret. If the signature doesn't match, the request should be rejected. Docs include example verification code in Python, Node.js, and PHP.
What happens if a channel is down when an alert fires?
Each channel is notified independently and in parallel, so a slow or failing channel does not block other channels. Delivery failures are logged in the notification log with full error details for troubleshooting.
Related Features