This article discusses the Mitigations page in the Kentik portal.
Notes:
For more on mitigations in Kentik, see Mitigation Overview.
For mitigation platforms and methods, see Manage Mitigations.
For assigning mitigations in an alert policy, see Threshold Mitigations.
For more on manual mitigations, see Manual Mitigation.
.png?sv=2022-11-02&spr=https&st=2025-08-29T02%3A29%3A28Z&se=2025-08-29T02%3A50%3A28Z&sr=c&sp=r&sig=geo4AmM47OXm6qteZgsLRdeso7MUXKMR7uECz6ZzW3w%3D)
The Mitigations page enables management of current and past mitigations.
Mitigations Page UI
The Mitigations page provides information about mitigations currently underway in your organization. The page includes the following UI elements:
Manage Mitigations (in the subnav): A button that opens the Manage Mitigations page (Settings » Mitigations).
Actions (in the subnav): A drop-down from which you can choose to export or subscribe to the current view:
Export: Export the page’s content as a visual report (PDF). A notification appears when the export is ready to download.
Subscribe: Opens the Subscription Dialog, which enables you to subscribe to regular reports from the page, either by choosing an existing subscription (combination of email address and schedule) or specifying a new one.
Start Manual Mitigation: A button that opens the Start Manual Mitigation Dialog.
Show/Hide Filters (filter icon): A button that toggles the Filters pane between expanded and collapsed.
Group By: Choose a property (e.g. status) from the drop-down menu to group the mitigations in the table by the value of that property. The table supports grouping by status, policy, platform, method, target, day, or week.
Filter field: A field that you can use to narrow the mitigations shown in the Mitigations list. If text is entered the list will show only mitigations that match the text in at least one column. The field will also display any filters applied with the Filters pane.
Filters pane: Filters that narrow the mitigations listed in the Mitigations List (see Mitigations List Filters).
Action controls: Present only when one or more checkboxes are selected in the Mitigations list, enabling you to apply an action to all selected mitigations:
Action buttons: Buttons that apply the actions detailed in Mitigation Actions.
Selection indicator: Indicates how many alerts are currently selected.
Mitigations List: A table listing mitigations (see Mitigations List).
Mitigations List
The Mitigations List on the Mitigations page is a filtered table (see Mitigations List Filters) providing information about mitigations triggered by your organization's alert policies. Each row in the table represents an individual mitigation. The table includes the following columns:
Select All (in heading row): A checkbox for toggling the selection state of all mitigations in the list:
If either no checkboxes in the list itself are checked or only some are checked then clicking this checkbox will select all mitigations.
If all checkboxes in the list are checked, clicking this checkbox will deselect all mitigations.
Select (in mitigation rows): Check the box to select this mitigation. The mitigation will be included in any action applied with the Action controls (see Mitigation Actions).
Status: Shows the current state of the mitigation (see Mitigation Status).
Mitigation ID: The Kentik-generated unique ID for the mitigation.
Policy: Displays the name of the alert policy that triggered the mitigation, or if the mitigation was performed manually.
Alert ID: The Kentik-generated unique ID for the alert that triggered the mitigation. This will be blank for manual mitigations.
Platform: The mitigation platform associated with this mitigation.
Method: The mitigation method associated with this mitigation.
Target: The entity to which this mitigation is applied, which may be an IP/CIDR or something else defined by, for example, a Flowspec filter, such as a protocol or port number.
This column also displays any dimensions that may apply to the mitigation (automatic only) under the target.
If a mitigation was triggered by an alert policy (automatic mitigation), this column gives the alert key(s) that matched the condition specified in the alert policy threshold and thus triggered the alert, which in turn triggered the mitigation.
Date: The date-time at which the mitigation began.
Min. Time Remaining: An estimate of how much time remains for the mitigation.
Action (vertical ellipsis): A popup with Mitigation Actions that may be available for this mitigation.
Note: To see further details about an individual mitigation, click the mitigation’s row to open a Mitigation Details Drawer that slides out from the right of the page.
Mitigation Status
The status shown for each row in the Mitigations list may apply to either an automated mitigation or a manual mitigation.
Note: Cloudflare applies Magic Transit mitigation only when traffic volume exceeds protocol-dependent minimums (100K pps for TCP or UDP; 60K pps for ICMP or GRE). If the platform of a mitigation in the Alerting list is Cloudflare MT and the traffic volume of the alert policy threshold that triggered the mitigation is below these minimums, then the mitigation state may be indicated as active even when Cloudflare isn’t actually mitigating.
The following table lists the statuses displayed in the Status column (label) for automatic and manual mitigations in the Mitigations list, as well as the mitigation filter status to which each label corresponds:
Status Filter | Status Column | Description |
|---|---|---|
Active | Active | The mitigation is active. |
Active | Clearing | Disabling/removing a mitigation on a remote platform. This is an interim state whose destination state is Acknowledgement Required. |
Active | End Grace | The mitigation has ended but the grace period has not yet expired (see Grace period in Automated Mitigation Settings). Only applies to automatic mitigations. |
Active | Starting | Mitigation is being added or activated on the third-party mitigation platform. |
Failed | Failed to clear | Unable to disable/remove a mitigation on the remote platform. |
Failed | Failed to start | Mitigation was attempted but could not be added or activated on the third-party mitigation platform. |
Inactive | Archived | The mitigation is no longer active and is not awaiting user acknowledgement. Inactive mitigations do not appear in the Mitigations List by default. To see them displayed, select Inactive under Status in the Mitigations List Filters. |
Inactive | Clear | The mitigation is cleared and no longer active. Inactive mitigations do not appear in the Mitigations List by default. To see them displayed, select Inactive under Status in the Mitigations List Filters. |
Waiting | Acknowledgment Required | The mitigation is no longer active:
|
Waiting | End Wait | Mitigation stop is pending: The conditions that triggered the mitigation no longer exist but one of the following is required before stopping (see Clear Mitigation in Threshold Mitigations):
|
Waiting | Start Wait | Mitigation start is pending: Mitigation has been triggered but requires one of the following before starting (see Apply Mitigation in Threshold Mitigations):
|
Mitigation Actions
Available mitigation actions vary depending on the current state of the mitigation and whether the mitigation is automatic (see Automatic Mitigation Actions) or manual (see Manual Mitigation Actions).
Actions can be applied to mitigations in a couple of different ways:
Checkboxes: When one or more Select checkboxes are checked in the Mitigations list, the list is shifted down to reveal the Action controls (see Mitigations Page UI), which include buttons that enable you to apply an action to all selected alerts.
Action menu: The popup menu from the vertical ellipsis at the right of a given alert's row in the Mitigations list enables you to apply an action to that alert.
Automatic Mitigation Actions
The table below shows the action buttons that may be available in a row representing an automatic mitigation and in the top right corner of the Mitigation Details Drawer for that mitigation. Both the available actions and the results of those actions vary depending on the current state of the mitigation (see Mitigation Status).
Note: When you take manual control of an automatic mitigation, the mitigation won’t stop automatically even when the triggering alert is cleared; it will continue until manually stopped or removed.
Status Filter | Status | Available Actions | Action Description |
|---|---|---|---|
Active | Active |
| Stop the mitigation. |
Active | Clearing |
| Take manual control of the mitigation without affecting the stop process. |
Active | End Grace |
| Take manual control of the mitigation, which remains active. |
Active | Starting |
| Take manual control and continue starting the mitigation. |
Failed | Failed to clear |
| Archive the mitigation to remove it from the Mitigations List. |
Failed | Failed to Start |
| Take manual control, at which point you can either retry or archive the mitigation. |
Inactive | Archived | None | No actions are available once the mitigation is archived. |
Waiting | Ack Required |
| Once acknowledged, the mitigation is removed from the Mitigations List. |
Waiting | End Wait |
| Take manual control of the mitigation, which remains active. |
Waiting | Start Wait |
| Immediately start a mitigation that has been waiting for acknowledgement or expiration of timer (see Mitigation Settings). |
Stop
Take manual control
Skip EndGrace, go to EndWait
Archive
Retry
Note: To see archived mitigations displayed, select Inactive under Status in the Mitigations List Filters.
Manual Mitigation Actions
The table below shows the action buttons that may be available in a row representing a manual mitigation and in the top right corner of the Mitigation Details Drawer for that mitigation. Both. Both the available actions and the results of those actions vary depending on the current state of the mitigation (see Mitigation Status).
Status Filter | Status | Available Actions | Action Description |
|---|---|---|---|
Active | Active |
| Stop the mitigation, at which point you can either restart or archive it. |
Active | Clearing |
| Restart the mitigation. |
Active | Starting |
| Stop the mitigation, at which point you can either restart or archive it. |
Failed | Failed to clear |
| Remove the mitigation from the Mitigations List. |
Failed | Failed to start |
| Remove the mitigation from the Mitigations List. |
Inactive | Archived | None | No actions are available once the mitigation is archived. |
Inactive | Cleared |
| Restart the mitigation. |
StartNote: To see archived mitigations displayed, select Inactive under Status in the Mitigations List Filters.
Mitigations List Filters
The mitigations displayed in the Mitigations list can be filtered using the controls in the Filters pane on the left. The pane includes the following filters:
Reset To Default (appears only when you’ve specified one or more filters): Click to clear all current filters.
Time Range: A drop-down that displays the time range within which mitigations will be included in the list. Click to set a different time with the Time Range Selector.
Status: A set of checkboxes that allow you to select one or more status (Active, Failed, Waiting, or Inactive) to include in the list.
Sources: Filter the list by whether a mitigation was run manually or automatically.
Mitigation ID: Include only mitigations whose ID equals the entered numbers.
Alert ID: Include only mitigations for which the ID of the triggering alarm equals the entered numbers.
Method: Filter the list by selecting a method from the drop-down menu.
Platform: Filter the list by selecting a platform from the drop-down menu.
Show Tenant Mitigations: A switch that determines whether tenant mitigations are shown on the list.
Tenants (appears only when Show Tenant Mitigations is toggled): Filters the list by selecting a tenant from the drop-down menu.
Policy: Include only mitigations for which the name(s) of the triggering alert policy equals the one or more policies selected from the drop-down menu. Click in the Policy field and start typing in the Filter options field to see a list of policies with that text and then select one or more from the list.
Target Search: Include only mitigations for which the entered text matches specific instances of the dimension that the mitigation method used to identify which traffic to mitigate.
Dimension Search: Include only mitigations for which the entered text matches the dimension that the mitigation method used to identify which traffic to mitigate.
Exact Match: A switch that determines whether the string entered in the Dimension Search field is matched strictly or loosely.
Time Range Selector
This selector is a popup that opens from the drop-down and sets the time range within which mitigations will be included in the list. The popup includes the following controls:
Lookback list: Preset durations back from the current time, listed along the left side of the popup.
Calendars: Side-by-side monthly calendars that enable you to click on a start date and end date.
Start date field: The start of the time range, filled in from the lookback list or the calendars.
End date field: The end of the time range, filled in from the lookback list or the calendars.
Apply: A button that applies the time range from the values in the start and end fields and hides the popup. The applied range will be shown in the Time-range Drop-down.
Cancel: A button that closes the popup and leaves the time range as it was before the popup was opened.
Mitigation Details Drawer
The details drawer for a given mitigation slides out from the right of the page when the row for that alarm is clicked in the Mitigations List. The drawer shows the following additional information:
.png?sv=2022-11-02&spr=https&st=2025-08-29T02%3A29%3A28Z&se=2025-08-29T02%3A50%3A28Z&sr=c&sp=r&sig=geo4AmM47OXm6qteZgsLRdeso7MUXKMR7uECz6ZzW3w%3D)
Mitigation ID: The Kentik-generated unique ID for the mitigation.
Action buttons: Any actions available to take for the mitigation are available in the top right corner of the drawer. Hover over the button(s) to see the action(s) available.
Policy: The alert policy that triggered the mitigation (if applicable). Click the link to jump to the Alert Policies Page with that policy displayed.
Alert ID: The Kentik-generated unique ID for the alarm that triggered the mitigation. Click the link to access the alert’s details page (see Alert Details Page).
Method: The mitigation method associated with this mitigation.
Platform: The mitigation platform associated with this mitigation.
Target: The specific instances of the dimension(s) that the mitigation method used to identify which traffic to mitigate (i.e. the precise thing that is mitigated). This section may also include any other dimensions specified by the policy.
BGP Monitor Test: Click to run a BGP Monitor test on the selected mitigation. You’ll be redirected to the BGP Monitor Details Page in Synthetics » Test Control Center.
Note: Clicking this button may bring up a Confirm BGP Test Creation dialog. If you are at your credit limit, you will not be permitted to create the test.
Key: A unique combination of values for the set of dimensions selected (see About Keys).
Event list: A table listing, in chronological order, events involving the mitigation:
Status: The mitigation state at the time of the event.
Event: The event.
Date (UTC): The date-time of the event.
© 2014-25 Kentik