CoreDetection™

CoreDetection Documentation

CoreDetection is an AI-powered DDoS detection & mitigation appliance. It watches your network traffic, scores candidate events with Smart Detection, and automatically triggers BGP blackhole mitigation — all managed through a REST API, with built-in reporting and alerting that run entirely on your own server.

Server Requirements

Hardware, OS, and network prerequisites for the appliance.

Installation

Install the binary, register the service, and activate your license.

Configuration

Tune detection thresholds, BGP mitigation, alerts, and reporting.

API Reference

Full REST API to monitor and manage the appliance — no GUI required.

What CoreDetection does

CoreDetection consumes network flow telemetry (NetFlow / IPFIX / sFlow) exported by your routers, analyzes it continuously, and acts autonomously when an attack is detected. It is designed to run as an unattended appliance: once installed and licensed, it needs no operator intervention to detect, mitigate, log, and alert.

Smart Detection

3-layer analysis — rhythm, traffic fingerprinting, attack memory — plus ASN trust, baselines, pseudo-L7 inference, and weighted consensus scoring per event.

Operations Dashboard

Live attack monitor, prefix intelligence, Smart Detection score breakdown, BGP control panel, and alert center — built in.

Attack Reports

Full forensic history exportable as JSON or CSV. Query by target, severity, date, or attack type.

Push Alerting

Instant Telegram and email notifications on attack start/end, gated by severity.

Full REST API

Manage every setting, view live attacks, and pull reports programmatically.

Offline Licensing

Server-bound license verified locally — no call-home, works in isolated networks.

How it fits in your network

Your routers send flow telemetry to CoreDetection. It analyzes the traffic in real time, and when it confirms an attack it acts autonomously — triggering mitigation, alerting your team, and recording the event.

Your Routers

Edge / core network

flow telemetry

CoreDetection™

Smart Detection scores attacks in real time

On attack

Mitigation

BGP FlowSpec

RFC 5575/8955 · TCP flags

Mitigation

IP Blocklist

Feeds → FlowSpec drop

Mitigation

BGP Blackhole

Route announcement

Alerts

Telegram · Email

Reports & API

JSON · CSV · REST

When an attack is confirmed, CoreDetection announces a BGP blackhole, FlowSpec rule (drop, rate-limit, scrubbing redirect, RT redirect, or DSCP mark), or enforces an IP blocklist — while alerting your team and recording the event. Everything CoreDetection needs is included in your deployment package; see Server Requirements.

Next steps

Review the server requirements & specifications.
Follow the installation & license activation guide.
Tune detection and mitigation in configuration.
Integrate with the REST API.