Functionality, Performance, and Scalability
Beyond new features, we’ve continued our ongoing work on refining the utility and performance of Kentik Detect. The following enhancements cover areas that you can see as well as areas that are under the hood.
Enhanced Mitigation States and Controls
Anomaly detection, alerting, and mitigation, which are among the core features of Kentik Detect, sometimes involve complex situations like multiple mitigation actions and overlapping alarms. To better handle these scenarios we’ve simplified our state machine model. Updates include:
- Take manual control – Users can now assert manual control over mitigations that were originally triggered automatically. To support this change, we’ve created a separate set of manual mitigation states that parallel the states used in automated mitigation.
- Easier mitigation deletion – When deleting a mitigation, users now don’t have to additionally clear the mitigation on the mitigation appliance or wait for state transition to occur.
- Mitigation escalation – When an alarm escalates (starts as Minor and becomes Major), mitigations will now escalate in parallel. That means users can now associate a particular mitigation method with the minor threshold and a different method with the major threshold.
In addition to these backend changes, the UI for mitigation actions in the Active Alarms table (Alerting » Active) has been changed to provide more flexible and granular control. Play and Stop icons have now been replaced with context dependent icons and tool tips that reflect the current mitigation state.
Selective Interface Classification
A number of customers requested that we allow Interface Classification rules to be applied to some devices and not others. As shown below, the IF settings in the Add Rule dialog now include two new controls that enable you to tailor sets of Included Devices and Excluded Devices that govern application of the rule.
These whitelists and blacklists will also be displayed, as shown below, in the Rules List on the main classification page (Admin » Interface Classification).
For more information, please see the Rule IF Settings topic in the Kentik Knowledge Base or contact the Kentik Customer Success team at support@kentik.com.
Query Engine Improvements
Kentik Data Engine is the backend where your network traffic data is collected and enriched, and from which it is pulled at query run-time. Recent enhancements enable Kentik Detect to support ad-hoc queries over longer time ranges with much higher cardinality. For example, we can see source/destination IP pairs as a time series over a time range of 90 or more days. As requested by some customers, Data Explorer’s Table view can also now display much deeper results — up to 50,000 rows — for queries on certain group-by dimensions when the metric type is Total. Additional changes include improved performance for queries that filter on long lists of IP addresses.