Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Integrations/Docker/Kubernetes
Docker Hub Kubernetes DaemonSet docker-compose

DDoS Detection for
Docker & Kubernetes

Run ftagent as a container on Docker hosts or as a DaemonSet across your Kubernetes cluster. The official image on Docker Hub gives you the same kernel-level DDoS detection and auto-mitigation in containerized environments.

Docker Hub → Start free trial

Quick Start

Deploy in one command

Docker Run
docker run -d \ --name ftagent \ --network host \ --cap-add NET_ADMIN \ --cap-add SYS_PTRACE \ -v /etc/ftagent:/etc/ftagent \ -v /var/lib/ftagent:/var/lib/ftagent \ --restart unless-stopped \ flowtriq/ftagent:latest
docker-compose.yml
version: "3.8" services: ftagent: image: flowtriq/ftagent:latest container_name: ftagent network_mode: host cap_add: - NET_ADMIN - SYS_PTRACE volumes: - /etc/ftagent:/etc/ftagent - /var/lib/ftagent:/var/lib/ftagent restart: unless-stopped
Kubernetes DaemonSet
apiVersion: apps/v1 kind: DaemonSet metadata: name: ftagent namespace: flowtriq spec: selector: matchLabels: app: ftagent template: metadata: labels: app: ftagent spec: hostNetwork: true containers: - name: ftagent image: flowtriq/ftagent:latest securityContext: capabilities: add: ["NET_ADMIN", "SYS_PTRACE"] volumeMounts: - name: config mountPath: /etc/ftagent - name: data mountPath: /var/lib/ftagent volumes: - name: config hostPath: path: /etc/ftagent - name: data hostPath: path: /var/lib/ftagent

After starting the container, run docker exec -it ftagent ftagent --setup to configure your API key and node UUID.

Capabilities

Full detection in a container

Host-Level Monitoring

ftagent monitors /proc/net/dev from the host network namespace. It sees all traffic entering and leaving the node, regardless of how many containers are running. DDoS attacks are volumetric and visible at the host level.

Firewall Rule Deployment

With NET_ADMIN capability and host network mode, ftagent deploys iptables and nftables rules directly on the host. For Docker container workloads, rules go in the DOCKER-USER chain automatically.

PCAP Capture

Full packet capture works with host network mode. PCAPs are stored in the mounted /var/lib/ftagent volume and uploaded to the dashboard on incident resolution for forensic analysis.

Kubernetes DaemonSet

Deploy as a DaemonSet for automatic one-agent-per-node coverage across your cluster. Works on managed Kubernetes (EKS, GKE, AKS), self-managed clusters, and bare-metal k8s deployments.

Auto-Update

Pin to a specific tag for stability or use :latest for automatic updates. The container pulls new detection rules and IOC patterns from the Flowtriq API without restarting.

Full Alert Pipeline

All alerting channels work identically in containerized deployments: Discord, Slack, PagerDuty, OpsGenie, email, SMS, and webhooks. No configuration differences from a bare-metal install.

Protect your containerized infrastructure

Pull the image from Docker Hub and have DDoS detection running in under 5 minutes.

Docker Hub → PyPI → GitHub → Talk to us →
Source on GitHub | Helm chart planned for Q3 2026

FAQ

Frequently Asked Questions

Can ftagent run inside a Docker container?

Yes. The official ftagent Docker image is available on Docker Hub at hub.docker.com/r/flowtriq/ftagent. It requires host network mode and the NET_ADMIN and SYS_PTRACE capabilities to read kernel-level network stats and deploy firewall rules.

How do I deploy ftagent on Kubernetes?

Deploy ftagent as a DaemonSet so one pod runs on every node in your cluster. The DaemonSet spec uses hostNetwork: true and the required security capabilities. Each pod monitors the node-level traffic, not individual container traffic.

Does ftagent work with Docker Compose?

Yes. Add the ftagent service to your docker-compose.yml with network_mode: host and the required capabilities. Mount the config directory as a volume for persistent configuration.

Is there a Helm chart?

A Helm chart is on the roadmap. For now, apply the DaemonSet YAML directly with kubectl. The manifest is under 50 lines and straightforward to customize for your environment.

Does ftagent monitor individual container traffic or host traffic?

ftagent monitors host-level traffic via /proc/net/dev. It sees aggregate traffic for the entire node, which is where DDoS volumetric attacks are visible. Individual container network namespaces are not monitored separately.

What about PCAP capture in containers?

PCAP capture works in containerized ftagent when running with host network mode and the required capabilities. Captures are stored in the mounted volume directory and uploaded to the Flowtriq dashboard on incident resolution.