Frequently Asked Questions

An AI-powered DDoS detection appliance on your infrastructure. Your routers send flow telemetry; CoreDetection's Smart Detection engine scores each event and responds via BGP or alerts — with a full operations dashboard and forensic reports built in.

A 3-layer analysis engine: Rhythm Analysis (traffic cadence), Traffic Fingerprinting (source/ASN/geo patterns), and Attack Memory (repeat campaign recognition). Supporting signals — weighted consensus, trusted ASN override, per-prefix baselines, and pseudo-L7 inference — refine the final 0–100 score. Score ≥70 confirms an attack; below 50 is filtered as normal traffic.

No. CoreDetection works entirely from flow metadata exported by your existing network equipment. Pipeline: Routers → CoreDetection → BGP / Alerts. Zero impact on packet forwarding.

Yes. CoreDetection ships with a full operations dashboard — live attacks, Smart Detection score breakdown (rhythm / fingerprint / memory), prefix monitoring, BGP status — plus exportable attack reports in JSON and CSV.

NetFlow v5/v9, IPFIX, and sFlow. Routers export flows directly to CoreDetection — no third-party collector required.

Volumetric floods (SYN, ACK, UDP, ICMP), amplification attacks (DNS, NTP, SSDP), distributed botnets, and pseudo-L7 patterns (HTTP floods, Slowloris) — classified from flow metadata with Smart Detection confidence scores on your dashboard.

When Smart Detection confirms HIGH confidence (score ≥70), CoreDetection announces a /32 blackhole route or FlowSpec rule (RFC 5575/8955) to your border router — drop, rate-limit, scrubbing redirect, RT redirect, or DSCP mark with TCP flag matching. Routes are automatically withdrawn when the attack ends.

Yes. CoreDetection ingests threat-intelligence and operator-defined IP/CIDR feeds (HTTP, HTTPS, or local files) and enforces them via FlowSpec source-prefix drop. Feeds refresh on a schedule or on demand via the REST API — no restart required.

CoreDetection runs a 60-second analysis cycle by default. Each cycle evaluates per-prefix traffic through Smart Detection. Results appear on your dashboard instantly. The cycle interval is configurable via REST API.

CoreDetection requires a 1U server with AMD EPYC 9124 (16 cores), 32–64 GB DDR5 ECC RAM, BOSS-N1 boot controller with 480 GB NVMe, Intel E810-XXV 25 GbE NIC for flow ingest, and NVIDIA ConnectX-6 Dx 100 GbE for BGP. See Server Requirements for throughput tier scaling.

Offline per-server license bound to your server's unique ID. No internet connection required for validation. Contact CoreTech to obtain a license key after installation.

The complete appliance: Smart Detection engine, built-in flow pipeline, operations dashboard, GoBGP speaker, and REST API — all managed from a single installation with one config file.

Approximately 15 minutes on prepared hardware: install the appliance, configure flow export on your routers, activate your license, and access your dashboard.

Live active attacks with Smart Detection scores, prefix health and baselines, BGP session and route status, rhythm/fingerprint/memory breakdown per event, and a full alert history — all in one built-in interface.

Full forensic attack history exportable as JSON or CSV. Query by date, target prefix, severity, or attack type. Reports include Smart Detection score breakdown, source intelligence, and attack lifecycle data.

Full REST API at /CoreDetection/api/v0 on port 9009: health, attacks, reports, BGP, FlowSpec (TCP flags, redirect, mark), IP blocklist, Smart Detection stats, and live config reload. All endpoints require an API key except /health.

Yes. Technical support via [email protected] and phone (+90 501 075 60 08). Annual license includes software updates and support.