Alerting Overview

Kentik includes two alerting systems that can notify you of DDoS attacks and a wide variety other traffic anomalies. These two systems are discussed in the following topics:

• Policy-based Alerting
• SQL-based Alerts

The policy-based alerting system is built around alert policies that define the conditions in which an alert will enter alarm state. Policies are defined using the Alert Policy Settings page, which is accessed via the Alert Policies tab of the Alerting page (Alerts » Alerting). Each policy-based alert includes one or more thresholds for triggering an alarm and specifying the actions — notification and/or mitigation — that result when alarm state is entered.

For more information about the policy-based alerting system and the alarms it generates, refer to the following KB articles:

• Policy Alerts Overview: A high-level explanation of the policy-based alerting system.
• Alert Policies: Managing policies and setting a policy.
• Alerting: Viewing alerts that are either currently active were previously active.
• Notifications: Specify who is notified about alerts and how they are notified.
• Mitigations Overview: Define mitigation platforms and methods as well as when mitigation should be applied.

Note: Please contact support@kentik.com to provide feedback or request assistance with policy-based alerting.

The SQL-based alerting system, now deprecated, allowed the query at the heart of each alert to be specified in SQL rather than with a policy. SQL alerts do not support any mitigation options.

For more information about the SQL-based alerting system, refer to the following KB articles:

• SQL Alerts Overview: An in-depth discussion of the terminology and components of the SQL-base alerting system.
• SQL Alert Settings: The portal interface used to set and monitor SQL-based alerts.