A10 Guardian
Sends webhook alerts to Discord for DDoS attacks, mitigation events, and template changes.
Supports integration with Make (formerly Integromat) to connect A10 Guardian with other apps and automate mitigation tasks.
Provides integration with n8n for automating workflows that interact with A10 Guardian's REST API.
Sends webhook alerts to Slack for DDoS attacks, mitigation events, and template changes.
Sends notifications to Telegram about attack detections, mitigations, and template operations.
Allows integration with Zapier to trigger workflows based on A10 Guardian events like attacks or mitigation actions.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@A10 Guardianshow active DDoS incidents"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
π‘οΈ A10 Guardian
REST API + MCP Server for A10 Networks Thunder TPS DDoS mitigation devices. Provides a simplified interface to manage protected zones, monitor active incidents, and deploy mitigation configurations β accessible via HTTP endpoints or AI agents through the Model Context Protocol (MCP).
β¨ Features
π REST API β Mitigation zones, system monitoring, incident tracking, template management
π€ MCP Server β AI-agent integration via Model Context Protocol (Claude Desktop, n8n, etc.)
π Configurable Templates β JSON-based zone templates with custom profiles, policies, and services
π₯ Template Import β Import configurations from existing A10 zones to reuse across new mitigations
π Authentication β API token for REST, Bearer token for MCP HTTP transport
π Observability β Structured logging with Loguru, audit trail for write operations
π Notifications β Granular webhook alerts (Slack, Discord, Telegram) for templates, mitigations, and system events
π³ Docker Ready β Two-service Compose setup (API + MCP) with health checks and persistent template storage
π Documentação
π Documentação Completa em /docs
API Usage Guide - Documentação completa da API REST
Integration Guide - N8N, Claude API, Gemini, Make.com, Zapier
N8N Workflows - Configuração pronta para N8N
MCP Guide - Model Context Protocol server
π οΈ Tech Stack
π Python 3.10+ / β‘ FastAPI / π¦ Uvicorn
π FastMCP β MCP server with stdio and streamable-http transports
π httpx β HTTP client for A10 device communication
β Pydantic v2 β Request/response validation
π Loguru β Structured logging with rotation
β±οΈ SlowAPI β Rate limiting
π Quick Start (Docker)
Option 1: Using Pre-built Image (Recommended)
Docker Compose:
# 1. Download compose file
curl -O https://raw.githubusercontent.com/opastorello/a10-guardian/main/docker-compose.yml
curl -O https://raw.githubusercontent.com/opastorello/a10-guardian/main/.env.example
# 2. Configure
cp .env.example .env
# Edit .env with your A10 credentials
# 3. Pull and start
docker compose pull
docker compose up -dDirect Docker Run:
# Pull the image
docker pull ghcr.io/opastorello/a10-guardian:latest
# Run REST API server
docker run -d \
--name a10-guardian-api \
-p 8000:8000 \
-e A10_USERNAME=admin \
-e A10_PASSWORD=your_password \
-e A10_BASE_URL=https://your-a10-host:17489 \
-e API_SECRET_TOKEN=your_secret_token \
-e WEBHOOK_ENABLED=true \
-e WEBHOOK_URL=https://discord.com/api/webhooks/your-webhook \
-e NOTIFY_ATTACK_DETECTED=true \
-e NOTIFY_ATTACK_MITIGATED=true \
-v $(pwd)/logs:/app/logs \
-v $(pwd)/config:/app/config \
--restart unless-stopped \
ghcr.io/opastorello/a10-guardian:latest
# Run MCP Server (optional - for AI agent integration)
docker run -d \
--name a10-guardian-mcp \
-p 8001:8001 \
-e A10_USERNAME=admin \
-e A10_PASSWORD=your_password \
-e A10_BASE_URL=https://your-a10-host:17489 \
-e API_SECRET_TOKEN=your_secret_token \
-e MCP_TRANSPORT=streamable-http \
-e MCP_HOST=0.0.0.0 \
-e MCP_PORT=8001 \
-v $(pwd)/logs:/app/logs \
-v $(pwd)/config:/app/config \
--restart unless-stopped \
ghcr.io/opastorello/a10-guardian:latest \
python src/a10_guardian/mcp_server.pyCommon Environment Variables:
# Required
A10_USERNAME=admin # A10 device username
A10_PASSWORD=your_password # A10 device password
A10_BASE_URL=https://your-a10-host:17489 # A10 device URL
API_SECRET_TOKEN=your_internal_token # Internal master token β full access
MCP_SECRET_TOKEN=your_mcp_token # Dedicated MCP token β full access
# Optional - Webhooks
WEBHOOK_ENABLED=true # Enable webhook notifications
WEBHOOK_URL=https://discord.com/api/webhooks/... # Discord/Slack webhook URL
WEBHOOK_USERNAME=A10 Guardian # Bot display name
# Optional - Telegram (works alongside webhooks)
TELEGRAM_BOT_TOKEN=123456:ABC-DEF... # Get from @BotFather
TELEGRAM_CHAT_ID=-1001234567890 # Chat/group ID (@userinfobot)
# Optional - Attack Monitoring
NOTIFY_ATTACK_DETECTED=true # Alert on new attacks
NOTIFY_ATTACK_MITIGATED=true # Alert when attacks end
NOTIFY_ATTACK_ONGOING=false # Periodic updates (15min)
ATTACK_MONITORING_INTERVAL=30 # Check interval (seconds)
# Optional - Mitigation Notifications
NOTIFY_MITIGATION_START=true # Alert on mitigation start
NOTIFY_MITIGATION_STOP=true # Alert on mitigation stop
# Optional - Template Notifications
NOTIFY_TEMPLATE_CREATE=true # Alert on template creation
NOTIFY_TEMPLATE_IMPORT=true # Alert on template importOption 2: Build from Source
# 1. Clone and configure
git clone https://github.com/opastorello/a10-guardian.git
cd a10-guardian
cp .env.example .env
# Edit .env with your A10 credentials
# 2. Build and start
docker compose up --build -dService | Port | URL |
REST API | 8000 |
|
MCP Server | 8001 |
|
π» Running Locally
# Create virtual environment
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# Install
pip install -e .
# Start API server
uvicorn a10_guardian.main:app --reload
# Start MCP server (separate terminal)
MCP_TRANSPORT=streamable-http MCP_PORT=8001 python src/a10_guardian/mcp_server.pyπ API Endpoints
All endpoints require the x-api-token header. Interactive docs available at /docs.
π₯οΈ System
Method | Path | Description |
GET |
| Hostname, version, serial, uptime |
GET |
| All devices in inventory |
GET |
| License type, limits, expiration |
π‘οΈ Mitigation
Method | Path | Description |
POST |
| Create/deploy zone using specified template |
GET |
| Paginated list of zones |
GET |
| Full zone config by IP |
GET |
| Check if the /24 block of a given IP is under attack |
DELETE |
| Stop mitigation and delete zone |
GET |
| Check whether a specific IP is in a multi-IP zone's |
POST |
| Add an IP to a multi-IP zone (idempotent) |
DELETE |
| Remove an IP from a multi-IP zone (404 if absent, 422 if last IP) |
π Templates
Method | Path | Description |
GET |
| List all configured templates |
GET |
| Get template details |
POST |
| Create or update template |
POST |
| Validate template without saving (dry-run) |
DELETE |
| Delete template |
GET |
| Download template as JSON file |
POST |
| Import template from existing A10 zone |
π¨ Attack Monitoring
Method | Path | Description |
GET |
| List all ongoing DDoS attacks (paginated) |
GET |
| Get traffic statistics for specific incident |
GET |
| Get full incident details and raw data |
β€οΈ Health
Method | Path | Description |
GET |
| Health check (optional |
π Template System
π Overview
Templates are JSON configurations that define how zones are created and monitored. They contain:
π¦ Zone Payload: Profile, policy, device group, and service list
π Monitor Payload: Detection algorithm, sensitivity, and per-protocol thresholds
Templates are stored in config/zone_templates/ (excluded from Git for security).
βοΈ Initial Setup
Option 1: Import from existing zone (recommended)
curl -X POST "http://localhost:8000/api/v1/templates/import/203.0.113.5?name=default" \
-H "x-api-token: YOUR_TOKEN"Option 2: Create manually
curl -X POST "http://localhost:8000/api/v1/templates/default" \
-H "x-api-token: YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d @docs/examples/gaming-template.jsonUsing Templates
Once configured, specify the template when creating mitigations:
# Use default template
POST /api/v1/mitigation/zones/mitigate/203.0.113.10
# Use specific template
POST /api/v1/mitigation/zones/mitigate/203.0.113.10?template=gamingAll zones created from the same template will have identical configurations (profiles, policies, services).
π¨ Real-Time Attack Monitoring
A10 Guardian provides automated real-time monitoring of DDoS attacks across all protected zones (not just those created via API). The system continuously polls the A10 device for active incidents and sends instant notifications when attacks are detected or mitigated.
βοΈ How It Works
π Background monitoring task checks for ongoing attacks every 10 seconds (configurable)
π Monitors ALL zones in the A10 device, regardless of how they were created
π¨ Detects new attacks and sends instant notifications (π¨ Attack Detected)
β±οΈ Tracks attack duration and sends notifications when attacks end (β Attack Stopped)
β οΈ Optional periodic updates for long-running attacks (β οΈ Attack Ongoing every 15 min)
βοΈ Configuration
Enable attack monitoring in .env:
# Attack Monitoring (real-time DDoS attack detection)
NOTIFY_ATTACK_DETECTED=True # Alert when DDoS attack is detected
NOTIFY_ATTACK_MITIGATED=True # Alert when attack stops
NOTIFY_ATTACK_ONGOING=False # Periodic updates for long-running attacks (every 15min)
ATTACK_MONITORING_INTERVAL=30 # Check for attacks every N seconds (min: 10, max: 300)π Webhook Notifications
When WEBHOOK_ENABLED=true, attack events are sent to Discord/Slack/n8n:
Attack Detected:
{
"title": "π¨ Attack Detected",
"description": "DDoS attack detected on 203.0.113.50",
"color": 16711680, // Red
"fields": [
{"name": "Zone", "value": "203.0.113.50"},
{"name": "Severity", "value": "High"},
{"name": "Incident ID", "value": "a1b2c3d4-..."}
]
}Attack Stopped:
{
"title": "β
Attack Stopped",
"description": "Attack on 203.0.113.50 has stopped",
"color": 65280, // Green
"fields": [
{"name": "Zone", "value": "203.0.113.50"},
{"name": "Duration", "value": "8 minutes 42 seconds"}
]
}API Endpoints
Query attack data programmatically:
# List all ongoing attacks
GET /api/v1/attacks/ongoing?page=1&items=20
# Get detailed statistics for specific attack
GET /api/v1/attacks/incident/{incident_id}/stats
# Get full incident details with raw A10 data
GET /api/v1/attacks/incident/{incident_id}/detailsExample Response (Ongoing Attacks):
{
"total": 2,
"page": 1,
"items_per_page": 20,
"incidents": [
{
"incident_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"zone_name": "203.0.113.50",
"zone_id": "f6593c0b-9c93-4736-babc-8a3828e35af6",
"severity": "High",
"start_time": "2026-02-13T10:15:30Z",
"status": "Ongoing"
}
]
}Example Response (Incident Stats):
{
"incident_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"zone_name": "203.0.113.50",
"total_packets": 15000000,
"total_bytes": 7500000000,
"peak_pps": 500000,
"peak_bps": 4000000000,
"attack_vectors": [
{"protocol": "UDP", "port": 53, "percentage": 65},
{"protocol": "TCP", "port": 80, "percentage": 25},
{"protocol": "ICMP", "port": null, "percentage": 10}
]
}π― Monitoring Scope
What's Currently Monitored:
β All ongoing DDoS attacks β Real-time incident detection across the entire A10 device
β Any protected zone β Monitors zones regardless of origin:
Zones created via this API
Zones created manually in the A10 TPS web interface
Zones created by other systems or automation
What's NOT Currently Monitored (see Roadmap):
β³ Zone creation/deletion β When zones are added/removed outside the API
β³ Zone configuration changes β When zones are manually modified in the A10 interface
β³ Template drift detection β When deployed zones differ from their original templates
This provides complete visibility into all DDoS activity. For infrastructure change monitoring (zones, configs), see planned enhancements in the Roadmap section.
π± Telegram Notifications
A10 Guardian supports Telegram notifications alongside Slack/Discord webhooks. Telegram notifications work independently and can be enabled concurrently with webhook notifications.
βοΈ Setup
Create a Telegram Bot:
Message @BotFather on Telegram
Send
/newbotand follow the promptsCopy the bot token (format:
123456789:ABCdefGHIjklMNOpqrsTUVwxyz)
Get your Chat ID:
Start a conversation with your bot or add it to a group
Message @userinfobot to get your Chat ID
For private chats: positive number (e.g.,
123456789)For groups: negative number (e.g.,
-1001234567890)
Configure in
.env:
TELEGRAM_BOT_TOKEN=123456789:ABCdefGHIjklMNOpqrsTUVwxyz
TELEGRAM_CHAT_ID=-1001234567890π¨ Message Format
Telegram notifications use Markdown formatting with emojis:
Attack Detected:
*π¨ Attack Detected*
DDoS attack detected on zone 203.0.113.50
π *IP:* 203.0.113.50
π *Zone ID:* f6593c0b-...
βοΈ *Mode:* monitor
_A10 Guardian API_Mitigation Started:
*π‘οΈ Mitigation Started*
Protection activated for 203.0.113.50
π *IP:* 203.0.113.50
π‘οΈ *Services:* 23
π *Profile:* Gaming_Profile
π *Template:* default
_A10 Guardian API_β Features
β Works alongside webhooks β Send to Telegram AND Discord/Slack simultaneously
β Same event coverage β Templates, mitigations, attacks, system health
β Markdown formatting β Bold, italics, code blocks for better readability
β Event-specific emojis β π¨ attacks, π‘οΈ mitigations, π templates
β Granular control β Use same
NOTIFY_*settings as webhooks
π§ Example Configuration
# Enable both Telegram and Discord
WEBHOOK_ENABLED=true
WEBHOOK_URL=https://discord.com/api/webhooks/...
TELEGRAM_BOT_TOKEN=123456:ABC-DEF...
TELEGRAM_CHAT_ID=-1001234567890
# Notification preferences (apply to both)
NOTIFY_ATTACK_DETECTED=true
NOTIFY_ATTACK_MITIGATED=true
NOTIFY_MITIGATION_START=true
NOTIFY_TEMPLATE_CREATE=trueπ€ MCP Integration
The MCP server exposes 15 tools for AI agents:
π₯οΈ System & Monitoring
Tool | Description |
| Check if the A10 device is online |
| List all devices in the A10 inventory |
| License type, limits, and expiration |
| List all IPs currently under mitigation |
| List all DDoS attacks currently being mitigated |
| Full config and status of a specific zone |
π‘οΈ Mitigation Management
Tool | Description |
| Create or re-sync mitigation using specified template |
| Stop mitigation and remove the zone |
| Check whether an IP is in a multi-IP zone's |
| Add an IP to a multi-IP zone (idempotent, lock-protected) |
| Remove an IP from a multi-IP zone |
π Template Management
Tool | Description |
| List all available templates |
| Retrieve template configuration |
| Create/update template with validation |
| Import template from existing A10 zone |
Connecting via Claude Code (HTTP)
claude mcp add a10-guardian --transport http http://<host>:8001/mcp \
--header "Authorization: Bearer <MCP_SECRET_TOKEN>"Connecting via n8n (HTTP)
Use the MCP Client Tool node with:
URL:
http://<host>:8001/mcpAuthentication: Bearer Token
Token: Your
MCP_SECRET_TOKENvalue
Connecting via Claude Desktop (stdio)
Add to your claude_desktop_config.json:
{
"mcpServers": {
"a10-guardian": {
"command": "python",
"args": ["src/a10_guardian/mcp_server.py"],
"cwd": "/path/to/a10-guardian",
"env": {
"A10_USERNAME": "admin",
"A10_PASSWORD": "your_password",
"API_SECRET_TOKEN": "your_internal_token",
"MCP_SECRET_TOKEN": "your_mcp_token",
"A10_BASE_URL": "https://your-a10-host:17489"
}
}
}
}See docs/MCP_USAGE.md for the full MCP integration guide.
π Authentication
Interface | Header | Format |
REST API |
| Plain token value |
MCP (HTTP) |
|
|
Token Profiles
A10 Guardian supports multiple tokens with granular scopes. Configure them in .env:
Token | Variable | Scopes | Use Case |
Internal / Team |
| all | Full API access β internal team |
MCP clients |
| all | Dedicated token for Claude, n8n, AI agents |
External sites |
| configurable | Read-only embeds, partner integrations |
Available scopes: system:read, mitigation:read, mitigation:write, templates:read, templates:write, attacks:read
Example β read-only token for an external website:
# .env
API_TOKENS={"tok_mysite": ["mitigation:read"]}# Can call:
GET /api/v1/mitigation/under-attack/{ip} β
GET /api/v1/mitigation/zones/list β
GET /api/v1/mitigation/zones/status/{ip} β
# Blocked:
POST /api/v1/mitigation/zones/mitigate β 403
DELETE /api/v1/mitigation/zones/remove β 403Brute-force protection: 10 failed attempts per IP per 60 seconds β 429 Too Many Requests.
βοΈ Environment Variables
Variable | Description | Default |
A10 Device | ||
| A10 device username | required |
| A10 device password | required |
| Full URL to A10 device |
|
| Verify SSL certificates |
|
API Settings | ||
| Internal master token β full access, all scopes | required |
| Dedicated token for MCP clients (Claude, n8n) β full access | required |
| Additional tokens with granular scopes (JSON) |
|
| Allowed CORS origins, comma-separated |
|
| Enable debug mode |
|
| Logging level |
|
| API rate limit |
|
Webhooks | ||
| Enable webhook notifications |
|
| Slack/Discord/n8n webhook URL | β |
| Display name for webhook messages |
|
| Footer text for webhook messages |
|
Notification Control | ||
| Notify on template creation |
|
| Notify on template updates |
|
| Notify on template deletion |
|
| Notify on template imports |
|
| Notify when mitigation starts |
|
| Notify when mitigation stops |
|
| Monitor A10 health (60s interval) |
|
Attack Monitoring | ||
| Alert when attack is detected |
|
| Alert when attack ends |
|
| Periodic updates for long attacks |
|
| Check interval in seconds (10-300) |
|
π§ Roadmap
Planned enhancements for future releases:
π Enhanced Monitoring
Zone Change Detection β Monitor and notify when zones are created, modified, or deleted directly in the A10 device (outside API/MCP)
Real-time alerts when zones appear/disappear from the A10 inventory
Configuration drift detection (when zones are manually modified)
Reconciliation suggestions when external changes are detected
Advanced Attack Analytics β Historical attack data with pattern recognition
Attack frequency trends and heatmaps
Top attacked services and ports
Automatic baseline learning for anomaly detection
β‘ Performance & Scale
Batch Zone Operations β Create/update multiple zones in a single API call
Zone Grouping β Organize zones by customer, environment, or service type
Async Background Tasks β Celery integration for long-running operations
π§ Operations
A10 Device Pool Management β Support for multiple A10 devices with load distribution
Configuration Backup/Restore β Automated snapshots of A10 configurations
Dry-run Mode β Preview changes before applying to production
π€ AI/Automation
Incident Response Playbooks β Pre-defined MCP workflows for common scenarios
Auto-mitigation Rules β Trigger zone creation based on attack patterns
Natural Language Queries β Ask questions about attacks and zones in plain English
Want to contribute? Open an issue or PR on GitHub!
π License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/opastorello/a10-guardian'
If you have feedback or need assistance with the MCP directory API, please join our Discord server