Manual Mitigation

The management of manual mitigation in Kentik Detect is covered in the following topics:

Notes:
- For a high-level overview of mitigation, see About Mitigation.
- For information on mitigation methods, see Mitigation Methods.
- For information on mitigation platforms, see Mitigation Platforms.
- For information on how mitigations are shown in alert dashboards (Active page and History page), see Alert Dashboards.

Kentik Detect includes the ability to trigger a mitigation manually, even without an active alert.

 

About Manual Mitigation

Kentik Detect’s manual mitigation capability enables you to start and stop mitigation independently rather than as an automated response to an alarm (see Threshold Mitigations). This capability is exposed in the Start Manual Mitigation Dialog, which can be accessed in the following locations within the Alerting section of the portal:

  • Active page: Click the plus sign in the Mitigations tile of the Alerting Counters.
  • Alerting sidebar: Choose Manual Mitigation from the pop-out sidebar at left.

Once a manual mitigation is configured and started it will appear in the Active Alerts List on the Alerting » Active page. The mitigation can either auto-stop based on its TTL setting (see Manual Mitigation Settings) or be stopped manually from the Manual Mitigation Actions icons at the right of its row in the list.

Note: The states in the life cycle of a manual mitigation are covered in Manual Mitigation States.

 

Start Manual Mitigation Dialog

The Start Manual Mitigation dialog is covered in the topics below:

 
top  |  section

Manual Mitigation Dialog UI

The Start Manual Mitigation dialog includes the following general UI elements:

  • Close button: Click the X in the upper right corner to close the dialog.
  • Cancel button: Cancel the add manaual mitigation operation and exit the dialog.
  • Add Manual Mitigation button: Start the mitigation.

Note: Kentik requires a period of one to two minutes for provisioning after a mitigation method or platform has been created or edited. A mitigation using that platform or method cannot be applied during that time.

 
top  |  section

Manual Mitigation Settings

The following settings and controls are used to configure a manual mitigation:

  • Mitigation Platform and Method: Choose one of the existing platform-method combinations in the drop-down menu.
    Note: To appear on the menu, a method must be linked to a platform in the Mitigation Methods field of the Edit Mitigation Platform dialog (see Common Platform Settings). To add a platform or method, see Add or Edit Mitigation Platform or Add or Edit Mitigation Method).
  • IP/CIDR to Mitigate: The IP range to which you want the mitigation applied.
    Note: For flowspec mitigations, see Manual Mitigation with Flowspec.
  • Comment: Optional comment string (reserved for future use).
  • Minutes Before Auto-Stop (TTL): Set the number of minutes after which the mitigation will stop. If specified as “0” the mitigation will continue until stopped manually in the portal (see Stop a Manual Mitigation).

Manual Mitigation with Flowspec

For flowspec-based manual mitigations, the IP/CIDR setting in the Start Manual Mitigation dialog depends on how the IP/CIDR is specified in the flowspec itself, which is set in the source or destination IP/CIDR condition group in the Traffic Matching pane of the Details tab of the Mitigation Method Dialogs:

  • If the Infer From Alarm switch in the condition group is on, then for manual mitigation the user must enter the IP in the Start Manual Mitigation dialog.
  • If the Infer From Alarm switch is off, then the user must enter the IP in the condition group itself, in which case the IP/CIDR to Mitigate field in the Start Manual Mitigation dialog will be locked.
    Note: Only one flowspec mitigation with a statically specified IP/CIDR may be active at a given time.

Note also that a flowspec mitigation will not be available on the Mitigation Platform and Method menu if the Infer From Alarm switch is on for a Port or Protocol condition group in the Traffic Matching pane of the Details tab of the Add Mitigation Method or Edit Mitigation Method dialog (see Protocol and Port Components).

 

Start a Manual Mitigation

To trigger a manual mitigation:

  1. Click Alerting on the main portal navbar.
  2. Do one of the following to open the Start Manual Mitigation dialog:
    - Click the plus sign in the Mitigations tile of the Alerting Counters.
    - Choose Manual Mitigation from the sidebar at left.
  3. In the dialog, specify the settings covered in Manual Mitigation Settings.
  4. Click the Add Manual Mitigation button. The manual mitigation starts immediately and appears in the Active Alerts List.
 

Stop a Manual Mitigation

Because manual mitigation is intended for use on a one-off basis, the settings in the dialog are not saved for later reuse. Instead the mitigation exists only until it is manually ended.

To stop a manual mitigation:

  1. Click Alerting on the main portal navbar.
  2. Choose Active from the sidebar at left.
  3. Find the row for the manual mitigation in the Active Alerts List.
  4. At the right of the row, click the gray square Stop button in the Actions column. The mitigation will stop.
© 2014- Kentik

In this article: