Manual Mitigation

The management of manual mitigation in Kentik is covered in the following topics:

• About Manual Mitigation
• Start Manual Mitigation Dialog
• Start a Manual Mitigation
• Stop a Manual Mitigation

Notes:
- For information on how mitigations are shown on the v4 portal's Mitigations page, see Mitigations.
- For a high-level overview of mitigation, see About Mitigation.
- For information on mitigation methods and platforms, see Manage Mitigations.

Kentik's manual mitigation capability enables you to start and stop mitigation independently rather than as an automated response to an alarm (see Threshold Mitigations). Once a manual mitigation is configured and started it will appear in the Mitigations List on the Mitigations page. The mitigation can either auto-stop based on its TTL setting (see Manual Mitigation Settings) or be stopped manually using the options in the Actions menu at the right of its row in the list (see Manual Mitigation Actions).

Note: The states in the life cycle of a manual mitigation are covered in Mitigation Status.

Manual mitigation is exposed in the portal via the Start Manual Mitigation Dialog, which is accessed via the Start Manual Mitigation button on the following pages:

• Mitigations page at Protect » Mitigations
• Manage Mitigations page at Settings » Mitigations

The Start Manual Mitigation dialog is covered in the topics below:

• Manual Mitigation Dialog UI
• Manual Mitigation Settings

The Start Manual Mitigation dialog includes the following general UI elements:

• Close button: Click the X in the upper right corner to close the dialog.
• Cancel button: Cancel the manual mitigation operation and exit the dialog.
• Add Manual Mitigation button: Start the mitigation.

Note: Kentik requires a period of one to two minutes for provisioning after a mitigation method or platform has been created or edited. A mitigation using that platform or method cannot be applied during that time.

The dialog includes the following settings and controls used to configure a manual mitigation:

• Mitigation Platform and Method: Choose one of the existing platform-method combinations in the drop-down menu.
• IP/CIDR to Mitigate: The IP range to which you want the mitigation applied.
  Note: For Flowspec mitigations, see Manual Mitigation with Flowspec.
• Comment: Optional comment string (reserved for future use).
• Minutes Before Auto-Stop (TTL): Set the number of minutes after which the mitigation will stop. If specified as “0” the mitigation will continue until stopped manually in the portal (see Stop a Manual Mitigation).
• Matching mitigations: A field that appears once you've entered a valid IP/CIDR for the IP/CIDR to Mitigate setting:
  - If there's no existing mitigation on the same IP/CIDR then the field says "No matching mitigations found."
  - If there is an existing mitigation on the same IP/CIDR then the field displays the status, ID, and target of the existing mitigation.
  Note: The mitigation system allows creation of only one mitigation per IP/CIDR.

Notes:
- To appear on the platform-method drop-down, a method must be linked to a platform in the Mitigation Methods field of the Edit Mitigation Platform page (see Common Platform Settings).
- If you select a Flowspec method, View Method Details appears below the drop-down menu. Click it to open the Mitigation Method Details dialog.
- To add a mitigation platform or method, see Add a Mitigation Platform or Add a Mitigation Method).

For Flowspec-based manual mitigations, the IP/CIDR setting in the Start Manual Mitigation dialog depends on how the IP/CIDR is specified in the Flowspec itself, which is set in the source or destination IP/CIDR condition group in the Traffic Matching pane of the Details tab of the Mitigation Method Dialogs:

• If the Infer from Alarm switch in the condition group is on, then for manual mitigation the user must enter the IP in the Start Manual Mitigation dialog.
• If the Infer from Alarm switch is off, then the user must enter the IP in the condition group itself, in which case the IP/CIDR to Mitigate field in the Start Manual Mitigation dialog will be locked.

Notes:
- Only one Flowspec mitigation with a statically specified IP/CIDR may be active at a given time.
- A Flowspec mitigation will not be available on the Mitigation Platform and Method menu if the Infer From Alarm switch is on for a Port or Protocol condition group in the Traffic Matching pane of the Details tab of the Add Mitigation Method or Edit Mitigation Method dialog (see Protocol and Port Components).

The Mitigation Method Details dialog appears when you select a Flowspec method in the Start Manual Mitigation Dialog and then click View Method Details. The dialog displays the mitigation method’s name and the possible default values that can be associated with it. While it cannot be edited, the dialog shows if any of the 11 dimensions listed are inferred, not considered, or specified with certain default values. The information displayed is what will be included in the mitigation announcement. The dialog also includes a Close button (X) in the upper right corner.

Note: This dialog is also accessible via the Thresholds tab of an Add/Edit Policy page after you add a Flowspec method to the policy (see Threshold Mitigations).

To start a manual mitigation:

1. As described in Accessing Manual Mitigation, navigate to one of the following pages:
   - Protect » Mitigations
   - Settings » Mitigations
2. Click the Start Manual Mitigation button to open the Start Manual Mitigation dialog.
3. In the dialog, specify the settings covered in Manual Mitigation Settings.
4. Click the Add Manual Mitigation button. The manual mitigation starts immediately and appears in the Mitigations List.

Note: Because manual mitigation is intended for use on a one-off basis, the settings in the dialog are not saved for later reuse.

To stop a manual mitigation:

1. Go to the Protect » Mitigations page as described in Accessing Manual Mitigation.
2. Find the row for the manual mitigation in the Mitigations List.
3. At the right of the row, click to display the Action menu (vertical ellipsis).
4. Click the Stop button (gray square) in the popup menu. The mitigation will stop.