We're thrilled to announce a major granularity enhancement to Role-Based Access Control (RBAC) in Kentik. Gone are the days of broad, level-based access for Kentik Alerting and Protect. Build custom roles to define exactly who can create, view, update, or delete your critical alert policies, notification channels, and DDoS mitigations.

What's New?

We've rolled out a comprehensive set of permissions and custom roles specifically for Alerting and Protect. This update moves these modules into our modern RBAC framework, replacing the legacy user-level system for these features. 

You can now create custom roles with specific permissions for:

• Alerts: Control who can read, acknowledge, or clear alerts. 
• Alerting Policies: Manage permissions for creating, reading, updating, and deleting policies. 
• Notification Channels: Define who can create, read, and update notification channels. 
• DDoS Mitigation: Assign precise control over who can create, view, start, stop, and delete mitigations. 
• BGP Announcements: Manage who has the ability to view or withdraw BGP announcements. 

Why It Matters

This is a huge step forward for security and operational efficiency. By creating custom roles, you can ensure your team members have exactly the access they need to do their jobs.

• Enforce Least Privilege: Grant NOC operators the ability to acknowledge alerts without letting them change policies.
• Delegate with Confidence: Allow your network security team to manage mitigations without giving them full administrator access to your entire Kentik account.
• Streamline Workflows: Create roles like "Mitigation Authors" or "Alerting Policy Viewers" to match your team's specific responsibilities. 

Take control of your user permissions today!

Ready to fine-tune your team's access? Administrators can head over to the Manage RBAC Roles page in your Organization Settings. From there, you can click "+ Create a Role" to start building your own custom roles with these powerful new permissions! 

Your existing permissions within Alerting and Protect were all migrated to this new RBAC schema and existing role access will be unaffected by this update.

We're excited to see how you use these new controls to secure and streamline your network operations. As always, let us know if you have any feedback!

Hello Kentik Users

Ever felt like you were searching for a needle in a haystack of alerts? We get it. When you need to find a specific alert, you need to find it now. That's why we're thrilled to announce a massive power-up to the search bar on the Alerting page!

What's New?

Previously, your search was limited to the Alert Policy name and its dimensions. While useful, we knew it could be better. You can now use the search bar to find alerts based on any information contained within the alert details.

Just type what you're looking for, and we'll scan everything. This includes, but is not limited to:

• Site names or geographic locations
• NMS device details like manufacturer or model
• Alert Policy labels
• Specific IP addresses, ASNs, or tenants
• Mitigation IDs or Alert IDs

Why You'll Love It 

This enhancement is all about speed and precision, helping you slash the time you spend managing alerts.

• Find What You Need, Faster: No more clicking through complex filter combinations. Instantly pinpoint the exact alerts you're looking for with a simple text search.
• Deeper, Quicker Investigations: Need to find all "Critical" alerts from your "Cisco" routers in the "Ashburn" site? Just type it in. Troubleshooting has never been this easy.
• Improved Workflow: Spend less time hunting and more time resolving. This intuitive search experience streamlines your entire incident response process.

Jump into the Alerting page today and take the new, supercharged search for a spin.

Happy searching!

Hey, Kentik community! 👋

Many of you told us that managing alerts can feel too manual, fragmented across tools, and noisy with unnecessary notifications. We've listened to your feedback and have expanded our capabilities to provide you with more granular control over your alerting environment with the launch of Alerting API v6! This new version is available through REST endpoints and gRPC RPCs, extending the existing Alerting API features. That means you can plug alerting directly into your existing workflows and systems, so automation and integration happen where you already work. Enable your teams with automation, cut down on alert fatigue, and gain clearer visibility into your mitigations with this new update. 

What's the Value?

These new capabilities provide you with unprecedented automation and control, saving you time and effort. With Alerting API v6, you can:

• Automate your incident response: Integrate Kentik Alerting with your existing tools to automatically create tickets, trigger scripts, or execute other actions when an alert fires.
• Enhance network visibility: Get real-time, programmatic access to the status of your alerts and mitigations, giving you a clear picture of your network's health.
• Reduce alert fatigue: Use the new silence and suppression features to fine-tune your alerting policies and reduce unnecessary notifications, so your team can focus on what matters most.

What's New?

The new V6 Alerting API is a huge leap forward, offering a comprehensive suite of new methods to streamline your alerting workflows. Beyond the ability to manage alerts, you can now programmatically control the entire alert lifecycle, from suppression to mitigation.

Here's a look at some of the exciting new features:

• List alerts or a single alert: Get a complete overview of all your alerts or drill down into the details of a specific one to investigate and troubleshoot.
• List policies: Pull a list of all your alerting policies to keep a pulse on what's configured in your environment.
• List mitigations: See all active, inactive, and failed mitigations to ensure your network is protected.
• List mitigation methods and platforms: Gain a full view of your mitigation infrastructure, including all available methods and platforms.
• Create a manual mitigation: Start a manual mitigation programmatically without needing to use the Kentik portal.
• Create, update, and delete silences and suppressions: Take control of alert notifications by creating, updating, or deleting silences and suppressions to prevent unwanted noise during maintenance windows or other planned events.
• Acknowledge and clear an alert: Programmatically acknowledge an alert to let your team know you're on the case and clear it once the issue is resolved.

Check out the  API Tester section of the portal to see all the new v202505 Alerting endpoints!  

🔓 Unlocked: More Power and Flexibility for Custom Webhook Headers!

Get ready to level up your integrations! We've heard your feedback and have supercharged our Custom Webhook notification channels. Gone are the days of being restricted in how you format your headers.

Previously, Custom Headers were limited to 

Authorization and headers prefixed with x-. We're excited to announce that we've removed this limitation, giving you far more freedom and flexibility!

What's New?

We've enhanced our Custom Webhook notifications to support a much broader range of HTTP headers. You can now send notifications with virtually any custom header required by your third-party systems, internal tools, and automation scripts. The only headers we restrict are standard ones that could conflict with the HTTP connection itself.

This means you can now seamlessly integrate with services that require specific header formats for authentication, routing, or metadata without needing complex workarounds.

Why It Matters

This update is all about making your life easier and your integrations more powerful.

• Ultimate Flexibility: Integrate Kentik alerts with an even wider universe of applications and services. If your endpoint needs a X-Custom-Auth-Token, My-App-Identifier, or any other unique header, you can now add it directly.
• Streamlined Automation: Simplify your incident response playbooks. Send alerts with the exact headers your systems expect, making your custom scripts and downstream tools more robust and easier to maintain.
• Enhanced Security: Securely pass custom API keys, tokens, or other authentication data in the precise header format required by your infrastructure.

Get Started!

Putting this new flexibility to work is easy:

1. Navigate to 
   Settings > Notification Channels in the Kentik portal. 
2. Click 
   Add Notification Channel and select 
   Custom Webhook, or edit an existing webhook channel by clicking the pencil icon.
3. In the 
   Custom Headers section, click the + Add button and input any key-value pair you need for your custom headers. 

That's it! We can't wait to see the powerful and creative integrations you build with this new capability. Happy automating!

Feature Overview

Adding event ingestion for real-time alerts and deeper network understanding

We’re excited to announce that Kentik NMS now supports SNMP Traps and syslog ingestion, giving network teams even greater flexibility and insight when managing modern infrastructure.

With this release, Kentik NMS adds support for two of the most widely used protocols for real-time network event communication. Whether it’s a hardware failure, interface status change, or critical software log message, you can now capture, query, and alert on these events natively within Kentik.

🛰️ SNMP Trap Support

SNMP Traps are a cornerstone of traditional network monitoring, allowing SNMP-enabled devices to push events without waiting for polling intervals. With Kentik’s SNMP Trap integration, you can:

• Receive SNMP Traps in real-time
• Filter and search trap events by name and OID
• Receive policy-based alerts and notifications
• Visualize trap events alongside other telemetry for faster root cause analysis

📜 Syslog Ingestion

Syslog messages are vital for capturing detailed system-level events across a wide range of devices. Kentik NMS now ingests and parses syslog data, enabling you to:

• Collect syslog events from routers, switches, firewalls, and servers
• Filter and search syslog events by name, severity, and message content
• Create alerts and notification policies based on syslog messages
• Visualize syslog events alongside other telemetry for faster root cause analysis

Why This Matters

These new ingestion capabilities allow network operators to centralize and correlate even more telemetry within a single observability platform. Whether you're troubleshooting outages, proactively monitoring infrastructure health, or securing your environment, Kentik NMS now has the signal coverage you need.

Key Workflows

Data Explorer

Query/browse traps and syslog events in Data Explorer:

Alerting

You can also bring your query context forward from Data Explorer into NMS's alert policy workflow to alert and send notifications when specific event conditions are met.

For example, let's say we're really interested when an SNMP traps of type "ciscoConfigManEvent" shows up. From the "Add NMS Alert Policy" workflow, we start by selecting a "Policy Type" of "Event" and then an "Event Type" of "SNMP Trap".

 
We then create an alert condition that will trigger a Major alert when a trap arrives of type "ciscoConfigManEvent", and configure a notification to email the interested parties when it occurs.

It's that easy.

Operability

We've also included some admin views to assist in troubleshooting and setup of the SNMP Trap and Syslog Server capabilities on the Universal Agent.

Feature Requests & Bugs

This is a new feature and we're actively seeking your feedback and ideas to make it better. Reach out through your customer success rep or directly to the Kentik NMS Product Manager (Jason Carrier, jcarrier@kentik.com) if you'd like to influence our future development.

Feature Overview

NMS's device-centric alerting now includes the ability to use nested condition groups and Boolean logic when creating alert trigger conditions. 

Trigger logic using operators (ANY, ALL, or NONE) can now be combined and nested, which provides several key advantages, including:

1. More precise control over alert policies
2. Reduced alert noise
3. Better automation potential

This allows policy creators extremely granular control over determining what conditions cause an alert to fire, keeping focus on the alerts that are most meaningful to you, and minimizing noise. 

Here's what the starting alert conditions section looked like before:

And here it is now:

You'll notice you can now add "Condition Groups" and "Nested Condition Groups". These condition groups provide for Boolean logic in the alert trigger conditions - making Kentik NMS significantly more effective at managing complex network environments.

Key Workflows

Condition Groups

Condition groups are the "top level" layer. They can contain conditions and/or additional nested condition groups. Below is an example of a policy starting out with three condition groups. In this case, you can think of an implied OR operator between each of the red box condition groups. 

Nested Condition Groups

Nested condition groups exist in a hierarchy which can go four layers deep, each with their own operator, as shown here. This allows you to express complex decision-making processes clearly and efficiently.

Advanced Alert Policies

By using nested condition groups, NMS policy creators can now tune their alerts and notifications to only grab focus from network operators when doing so brings them critical network awareness.

Feature Requests & Bugs

This is a new feature and we're actively seeking your feedback and ideas to make it better. Reach out through your customer success rep or directly to the Kentik NMS Product Manager (Jason Carrier, jcarrier@kentik.com) if you'd like to influence our future development.

Feature Overview

We're excited to announce our new device-based alert-policy-creation workflow which provides a simpler, more powerful approach to creating intent-based alerts and notifications. Our now-deprecated "Up/Down" policies only allowed alerting on present states, "up" or "down" for example. The new system understands state changes and allows for multi-measurement comparison.

Specifically, Kentik users can now:

• Alert on entity state changes
  ex: BGP transitions from “established” to “active or “idle”
• Alert on multi-measurement threshold breaches
  ex: laser temp and fan-speed high, where int desc is “X”
• Enjoy Alert Manager Support for notifications, suppressions, silencing, acknowledgements, clearing and alert detail views

Key Workflows

Where to Start

From the Alert Policies Management page, users will notice the first change when adding new alert policies. These new "NMS" type alerts entirely replace our now-legacy "Up/Down" policy type. "Up/Down" policies that existed prior to release of this new feature still exist, and are editable. However, it is no longer possible to create alert policies of this type. Our new "NMS" alerting capabilities are better in every way.

Adding a new policy: General

The General section of the "Add NMS Alert Policy" workflow allows you to put a name and description on the policy, as well as control whether or not it's enabled.

Adding a new policy: Target & Filter Settings

The "Target & Filter Settings" section of the "Add NMS Alert Policy" workflow allows users to set their intent. This field defines what "entity" or custom measurement the user wishes to drive a notification against and grab their attention. Currently supported "entity" types are BGP Neighborships, Components, Devices, and Interfaces. The selected "Target Type" will control what "Measurements" are available to alert against.

The "Edit Devices" button will open a dialog box to determine which devices the alert policy should apply to.

Adding a new policy: Activate & Clear Settings

This new NMS alerting system will only support a single severity level per policy for now. We intend to expand this in the future. From this screen, users can also toggle acknowledgement and manual clearance requirements, set notification channels, and tune activation and clearance delay.

The part of the new system we're most excited to share is our Alert Conditions workflow! This allows users to build sentence-style conditions with advanced logic to build out complex and specific alert criteria. At least one trigger condition is required. The measurement determines what metric is available. Condition dropdowns allow for construction of readable sentences. Threshold and state conditions can be stacked. It's a massively flexible system, and this is just our first release. In the near future we intend to add support for "nested Boolean", or "compound expression" conditions.

Managing Alerts

There are essentially no changes in terms of how and where to manage this new type of alert. NMS device-centric alerts work just like traditional Kentik alerts in that they are viewed from the Alerting page, have Alert Detail sub-views, and can be suppressed, silenced, acknowledged, commented on, or cleared.

Feature Requests & Bugs

This is a new feature and we're actively seeking your feedback and ideas to make it better. Reach out through your customer success rep or directly to the Kentik NMS Product Manager (Jason Carrier, jcarrier@kentik.com) if you'd like to influence the future development of this feature.

We've introduced the Alerting Overview to help you manage your network health. We recognized that customers needed a clear way to spot patterns, assess risks, and share progress with stakeholders using their alerting data. By providing an interactive view of how the shape of alert volume change over time, you can pinpoint recurring issues, address them quickly, and avoid future disruptions. The new page is designed to provide an executive-level source of truth for the overall shape of historical alert data, making it easier to identify and prioritize problems from a macro view. This means you can adapt faster, keep stakeholders better informed, and maintain higher service quality. The new dashboard highlights:

• Alerts by Type (NMS, Traffic, Protect, and Cloud)
• Most Triggered Policies
• Monthly Alert Trends by Severity
• Alerts by Site

You can also filter the report by quarter and source alert type.

And easily export reports to PDF for convenient sharing.

To access the new Alerting Overview, go to the Alerting page and click the Alerting Overview button.

Today, we're excited to announce an exciting update to Kentik's Alerting threshold condition capabilities. We've improved our threshold conditions to make them easier to configure and more powerful than ever. For those unfamiliar, kentik's threshold conditions allow users to set thresholds including baselines, to alert them when key performance metrics exceed or fall below-specified values. We have made it easier to configure these thresholds when using baselines, by providing a simple "Above or Below" drop-down, versus in the past, to configure a policy to trigger at 20% below the baseline, we had to set the rule to 125% above the baseline, as this is what the API was expecting. This was confusing and hard to understand for the user.

You know can simply select a % above or below the baseline. This should provide a much easier-to-understand experience for users creating alert policies with baselines.

Kentik has released a new Alerts reporting feature that lets you choose the type of Alerts (including DDoS) that you are interested in, along with the retention period (up to 90 days) and then either export this data or choose to schedule and subscribe to this report. 

This is version 1 of reporting for Alerts. This feature was suggested by our customers and provides initial reporting functionality around alerts. We plan to enhance this in future releases with more types of data, visualizations and analytics.

Example: I want to create a report of all my DDoS alerts (attacks) grouped by policies for the last 30 days.

Start by using the filter to apply the alert types, the retention period, summarization, grouping, etc. This is the main configuration of the report. Whatever you see here in the view is how the report will be created and viewed.

Then under the "Actions" drop-down in the upper right corner of the portal UI, you can choose to export this data directly or choose to set up a subscription to create a new report, say Monthly, and deliver it by email.

Fill out all of the desired subscription information and click "Subscribe"