- Process and distinguish incoming and/or outgoing traffic
- Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
- Thresholds can be configured per-subnet with the hostgroups feature
- Announce blocked IPs via BGP to routers with ExaBGP
- GoBGP integration for unicast IPv4 announcements (you need build support manually).
- Full integration with Graphite and InfluxDB
- API
- Redis integration
- MongoDB integration
- VLAN untagging in mirror mode
- Detects DoS/DDoS in as little as 1-2 seconds
- Captures attack fingerprints in PCAP format
- Complete support for most popular attack types