We are thrilled to announce that Kentik AI Advisor, our advanced Network Intelligence Agent, is officially Generally Available (GA)!

Kentik AI Advisor replaces Kentik AI Journeys andhas already been enabled for most customers who have activated Kentik AI.This GA release marks our commitment to making intelligent, natural language-driven network operations a standard capability.

What is AI Advisor? Your Network Intelligence Agent

AI Advisor is an advanced AI agent that that deeply understands your network, thinks critically, and advises how to design, operate, and protect infrastructure at scale. It guides triage, troubleshoots, and suggests remediation for network issues by combining rich Kentik data with natural language interaction. You can simply ask a question or provide a prompt, and AI Advisor will interpret your intent, form a multi-step plan, and execute it using a wide range of tools from Kentik's platform. At every step of the way, it makes available its reasoning and the data it is collecting so you can validate AI Advisor's thinking.

Agent Tools: Actionable Network Intelligence

AI Advisor operates by leveraging a growing list of internal and external Agent Tools to perform actionable analysis on your network data. 

Key capabilities powered by these tools include:

• Rapid Network Exploration or Troubleshooting: Accelerate incident response by asking natural language questions instead of manually querying multiple dashboards. Advisor can fetch and analyze data from Flows, SNMP Metrics and Traps, Syslog, query Device, Interfaces and Site Inventories, and look up Kentik Alerts and Synthetic Test statuses.
• Cloud Network Visibility: Gain instant insights into multi-cloud environments, tracing connectivity paths between endpoints using tools for AWS and Azure Inventories, query Flow Logs or Kentik Cloud PathFinder, and helping identify optimization opportunities or security risks.

Customization for Quality, Accuracy and Your Environment

To ensure AI Advisor delivers the most accurate and relevant insights for your unique environment, we provide powerful customization options:

1. Custom Network Context

Configurable by Admin users as a natural language text that describes your network environment specifics. This context—which can include details on network design, IP addressing schemes, naming conventions, or even critical applications—is incorporated into every conversation to ground the AI's responses in your organizational reality. It can be also used to customize responses to frequently used questions by your team.

2. Natural Language Runbooks

Create predefined, Markdown-formatted recipes to guide AI Advisor through diagnostic steps for specific alerts, written in natural language. By assigning a Runbook to one or more alert policies, you ensure a pre-defined, systematic troubleshooting approach is used automatically, increasing reliability and minimizing potential AI mistakes to accelerate resolution.

3. Configurable GenAI Service Providers

We understand the necessity for control over your data and infrastructure. Kentik AI features provide configurable options for customers who need to use a specific GenAI service provider, model, or region.

For Superadmin users, the Models & Credentials settings allow you to specify the generative AI service provider used by Kentik AI (and by extension, AI Advisor). You can select the Kentik Default  that always provide the best experience or opt for a specific service providers like Google, OpenAI or AWS, including the ability to use your own credentials and API tokens ("Bring-Your-Own-Key" mode).

This feature is enabled per request, so please reach out to Kentik Support team if needed.

Flexible Access: Full-Page and Overlay Modes

We’ve ensured that AI Advisor is accessible right where and when you need it with two primary UI modes:

• Full-Page Mode: For deep, focused troubleshooting and analysis, launch AI Advisor from the main navigation menu. This maximizes the conversation area, providing maximum readability and focus for complex, multi-step investigations.
• Overlay Mode: Access AI Advisor from almost any page using the "Ask" button in the header. This opens a resizable chat window that floats over the portal, allowing you to navigate Kentik dashboards and pages while keeping your troubleshooting conversation active.
  • Contextual Triage: When launched in Overlay Mode from pages like Alert Details or Device Details, AI Advisor automatically uses the alert or device you are viewing as context. This means you can immediately start investigating without typing a prompt, accelerating your time-to-triage.

Ready to experience faster, more intelligent network operations? Start using AI Advisor [US | EU] today!

→ Find more information about Kentik AI and AI Advisor in our Knowledge Base.

Hey Kentik Users!

We've heard you, and we're excited to announce a small-but-mighty quality-of-life update for your Alerting page! Say goodbye to manual refreshes and hello to the latest alerts, delivered automatically!

What's New?

You can now select a refresh frequency directly on the Alerting page! We've added new refresh rate options—1, 2, or 5 minutes—that will cause the page to periodically reload and pull in the most recent alerts automatically. 

Why This Matters for You

This feature is a game-changer for anyone who needs eyes on the latest network health status, especially your NOC and SOC teams! 

• Real-time Visibility: Automatic reloading means you're always looking at the freshest data without lifting a finger, ensuring you catch critical events as soon as they happen. 
• Operational Efficiency: Free up your operators' attention from hitting the refresh button so they can focus on what matters: analyzing and responding to the alerts! 

This update is all about making your workflow smoother and ensuring your teams can receive the most recent alerts automatically. 

Head over to the Alerting page today and set your preferred refresh rate! Let us know what you think—we're always working to make your Kentik experience better! 

Since launching Kentik Market Intelligence (KMI) in 2022, it's grown to become one of our service provider customers' all time favorites (press release linked here). 

In a nutshell, KMI uses the global routing table to classify the peering and transit relationships between ASes, and to identify the providers, peers, and customers for any AS in any geography.

Today, we're extending KMI's reporting functionalities to include Report Subscriptions – a feature already available in multiple workflows in Kentik Portal. 

A few words on Kentik Market Intelligence (KMI)

KMI is a dynamic database that leverages public BGP routing data (amongst others from the RouteViews project) to determine, rank, and classify relations between all networks that make up the Internet. It's essentially a living database of the ever-changing relations between networks. 

Kentik's service provider customers, notably IP Transit providers and customers, rely on KMI for a couple of key use cases: 

• Competitive Rankings: Leverage KMI's benchmarking and rankings to evaluate how well connected your ASN/network is to other networks in any geographic region. Use these insights to compare your network’s connectivity against competitors, and highlight strong rankings to promote your network’s performance and market position with objective, third-party data.
• Sales Prospecting: Uncover all upstream transit providers for any prospect network and understand each provider’s share of the network’s advertised IP space. Identify the downstream customers of those transit providers — including which are single-homed (critically dependent on a single upstream) — to build targeted sales prospecting lists.
• Competitive Intelligence: Receive daily insights on shifting interconnection relationships across the global internet. Track how competitor rankings evolve, monitor customer gains and losses, and stay ahead of changes that may signal new business opportunities or threats.

As our service provider customers have grown to rely on this intelligence to prospect, highlight their competitive advantages, and monitor competitors, a common request has been the ability to generate recurring weekly or monthly reports for their internal teams on specific networks or regions of interest. That’s exactly what today’s new feature delivers.

Pulling Report Subscriptions into KMI

The Share button in the top-right corner of the KMI interface just got more powerful. It now offers a set of report subscriptions designed to help service providers stay ahead of the connectivity competition and keep track of the latest changes in the marketplace. To access these new subscriptions, head to the Subscriptions tab in the updated Share modal window.

For now, all of these reports will generate spreadsheet compatible reports in the form of .csv files, and are currently capped to the 100 Top Entries. All reports leverage the current/freshest KMI data at the exact time they are being generated.

Convenience Features for Report Subscriptions

In addition to the report-specific configuration options, Report Subscriptions let users fine-tune how their reports are delivered:

• File naming: Choose how the attached CSV file should be named, with suggestions on how to include the date in the filename.
• Recipients: Specify who should receive the report by adding To, Cc, and Bcc recipients for each scheduled delivery.
• Scheduling: Define when and how often the report should be generated and sent — daily, weekly, monthly, or on the last day of the month — including the exact time of delivery.

All the Report Subscriptions configured in Kentik Portal across the available workflows can be displayed in the Company Settings > Report Subscriptions section of Kentik Portal, where they can be edited once they've been created.

We're thrilled to announce a major granularity enhancement to Role-Based Access Control (RBAC) in Kentik. Gone are the days of broad, level-based access for Kentik Alerting and Protect. Build custom roles to define exactly who can create, view, update, or delete your critical alert policies, notification channels, and DDoS mitigations.

What's New?

We've rolled out a comprehensive set of permissions and custom roles specifically for Alerting and Protect. This update moves these modules into our modern RBAC framework, replacing the legacy user-level system for these features. 

You can now create custom roles with specific permissions for:

• Alerts: Control who can read, acknowledge, or clear alerts. 
• Alerting Policies: Manage permissions for creating, reading, updating, and deleting policies. 
• Notification Channels: Define who can create, read, and update notification channels. 
• DDoS Mitigation: Assign precise control over who can create, view, start, stop, and delete mitigations. 
• BGP Announcements: Manage who has the ability to view or withdraw BGP announcements. 

Why It Matters

This is a huge step forward for security and operational efficiency. By creating custom roles, you can ensure your team members have exactly the access they need to do their jobs.

• Enforce Least Privilege: Grant NOC operators the ability to acknowledge alerts without letting them change policies.
• Delegate with Confidence: Allow your network security team to manage mitigations without giving them full administrator access to your entire Kentik account.
• Streamline Workflows: Create roles like "Mitigation Authors" or "Alerting Policy Viewers" to match your team's specific responsibilities. 

Take control of your user permissions today!

Ready to fine-tune your team's access? Administrators can head over to the Manage RBAC Roles page in your Organization Settings. From there, you can click "+ Create a Role" to start building your own custom roles with these powerful new permissions! 

Your existing permissions within Alerting and Protect were all migrated to this new RBAC schema and existing role access will be unaffected by this update.

We're excited to see how you use these new controls to secure and streamline your network operations. As always, let us know if you have any feedback!

Hello Kentik Users

Ever felt like you were searching for a needle in a haystack of alerts? We get it. When you need to find a specific alert, you need to find it now. That's why we're thrilled to announce a massive power-up to the search bar on the Alerting page!

What's New?

Previously, your search was limited to the Alert Policy name and its dimensions. While useful, we knew it could be better. You can now use the search bar to find alerts based on any information contained within the alert details.

Just type what you're looking for, and we'll scan everything. This includes, but is not limited to:

• Site names or geographic locations
• NMS device details like manufacturer or model
• Alert Policy labels
• Specific IP addresses, ASNs, or tenants
• Mitigation IDs or Alert IDs

Why You'll Love It 

This enhancement is all about speed and precision, helping you slash the time you spend managing alerts.

• Find What You Need, Faster: No more clicking through complex filter combinations. Instantly pinpoint the exact alerts you're looking for with a simple text search.
• Deeper, Quicker Investigations: Need to find all "Critical" alerts from your "Cisco" routers in the "Ashburn" site? Just type it in. Troubleshooting has never been this easy.
• Improved Workflow: Spend less time hunting and more time resolving. This intuitive search experience streamlines your entire incident response process.

Jump into the Alerting page today and take the new, supercharged search for a spin.

Happy searching!

Ever wonder exactly what measurements Kentik NMS collects for a specific device model before you actually add it? Planning a rollout and need to verify support for your entire network inventory? Thinking of adding a new device model to your environment and wondering if we already support it?

We're excited to announce the new NMS Device Support Explorer, a powerful tool that gives you unprecedented transparency into Kentik’s monitoring capabilities. Know precisely what data you’ll get from every device in your network.

With the NMS Device Support Explorer, you can now:

• Instantly Verify Support: Search our entire library by Vendor, Model, or even the SNMP sysOID to confirm full support for your hardware.
• See Every Measurement: Get a granular, model-specific list of every measurement we collect—from interface stats and CPU utilization to temperature, BGP peers, and more.
• Streamline Planning: Accelerate your onboarding and network expansions by planning with certainty, knowing exactly what types of data you'll have from day one.

This level of transparency into the NMS platform itself isn't just a feature; it's a reflection of our philosophy. The NMS Device Explorer is unique to Kentik and is only possible because of our state-of-the-art architecture and OpenConfig-inspired data modeling. We don't just show you your network's data—we give you unparalleled understanding of it.

[Explore device support in our Knowledge Base]

Don't see the measurements you need listed for your devices?

Submit an NMS New Metric Request from our portal.

Hey, Kentik community! 👋

Many of you told us that managing alerts can feel too manual, fragmented across tools, and noisy with unnecessary notifications. We've listened to your feedback and have expanded our capabilities to provide you with more granular control over your alerting environment with the launch of Alerting API v6! This new version is available through REST endpoints and gRPC RPCs, extending the existing Alerting API features. That means you can plug alerting directly into your existing workflows and systems, so automation and integration happen where you already work. Enable your teams with automation, cut down on alert fatigue, and gain clearer visibility into your mitigations with this new update. 

What's the Value?

These new capabilities provide you with unprecedented automation and control, saving you time and effort. With Alerting API v6, you can:

• Automate your incident response: Integrate Kentik Alerting with your existing tools to automatically create tickets, trigger scripts, or execute other actions when an alert fires.
• Enhance network visibility: Get real-time, programmatic access to the status of your alerts and mitigations, giving you a clear picture of your network's health.
• Reduce alert fatigue: Use the new silence and suppression features to fine-tune your alerting policies and reduce unnecessary notifications, so your team can focus on what matters most.

What's New?

The new V6 Alerting API is a huge leap forward, offering a comprehensive suite of new methods to streamline your alerting workflows. Beyond the ability to manage alerts, you can now programmatically control the entire alert lifecycle, from suppression to mitigation.

Here's a look at some of the exciting new features:

• List alerts or a single alert: Get a complete overview of all your alerts or drill down into the details of a specific one to investigate and troubleshoot.
• List policies: Pull a list of all your alerting policies to keep a pulse on what's configured in your environment.
• List mitigations: See all active, inactive, and failed mitigations to ensure your network is protected.
• List mitigation methods and platforms: Gain a full view of your mitigation infrastructure, including all available methods and platforms.
• Create a manual mitigation: Start a manual mitigation programmatically without needing to use the Kentik portal.
• Create, update, and delete silences and suppressions: Take control of alert notifications by creating, updating, or deleting silences and suppressions to prevent unwanted noise during maintenance windows or other planned events.
• Acknowledge and clear an alert: Programmatically acknowledge an alert to let your team know you're on the case and clear it once the issue is resolved.

Check out the  API Tester section of the portal to see all the new v202505 Alerting endpoints!  

🔓 Unlocked: More Power and Flexibility for Custom Webhook Headers!

Get ready to level up your integrations! We've heard your feedback and have supercharged our Custom Webhook notification channels. Gone are the days of being restricted in how you format your headers.

Previously, Custom Headers were limited to 

Authorization and headers prefixed with x-. We're excited to announce that we've removed this limitation, giving you far more freedom and flexibility!

What's New?

We've enhanced our Custom Webhook notifications to support a much broader range of HTTP headers. You can now send notifications with virtually any custom header required by your third-party systems, internal tools, and automation scripts. The only headers we restrict are standard ones that could conflict with the HTTP connection itself.

This means you can now seamlessly integrate with services that require specific header formats for authentication, routing, or metadata without needing complex workarounds.

Why It Matters

This update is all about making your life easier and your integrations more powerful.

• Ultimate Flexibility: Integrate Kentik alerts with an even wider universe of applications and services. If your endpoint needs a X-Custom-Auth-Token, My-App-Identifier, or any other unique header, you can now add it directly.
• Streamlined Automation: Simplify your incident response playbooks. Send alerts with the exact headers your systems expect, making your custom scripts and downstream tools more robust and easier to maintain.
• Enhanced Security: Securely pass custom API keys, tokens, or other authentication data in the precise header format required by your infrastructure.

Get Started!

Putting this new flexibility to work is easy:

1. Navigate to 
   Settings > Notification Channels in the Kentik portal. 
2. Click 
   Add Notification Channel and select 
   Custom Webhook, or edit an existing webhook channel by clicking the pencil icon.
3. In the 
   Custom Headers section, click the + Add button and input any key-value pair you need for your custom headers. 

That's it! We can't wait to see the powerful and creative integrations you build with this new capability. Happy automating!

In a previous announcement, we introduced Universal Agent as a foundational piece of software to further operationalize and unify our collection of telemetry agents under a single umbrella. With the benefits of this approach, we are hard at work porting all of our existing collection agents towards this new paradigm as Universal Agent Capabilities. 

Today, we will be talking about our OTT Service Tracking DNS tapping agent, and how as an existing OTT Service Tracking user you can migrate these DNS taps at no operational cost and start benefiting as early as today from their highly improved operability. Read on!

OTT Enrichments, how do they work?

Firstly, let's review how Kentik's OTT Service Tracking functionality works. Contrary to DPI (Deep Packet Inspection) which requires you to deploy DPI hardware at your network edge to map your subscribers' consumed applications, Kentik offers a creative, lightweight, and operationally and financially efficient method to perform the same task: users deploy a DNS Tapping Agent, in addition to exporting network flow telemetry from their devices, and our True Origin engine maps DNS query responses to traffic based on an ever-growing library of domain name patterns to directly color this flow telemetry with OTT describing attributes – OTT Service, OTT Category, OTT Provider.

Until today, the DNS tap collection was instrumented via our former host monitoring agent kprobe in a specific mode that did not export host telemetry, but only DNS query/responses. The drawbacks of this legacy approach are:

• kprobe is not observable in Kentik Portal, both from a DNS tapping activity metrics standpoint and an out-of-the box alerting standpoint
• kprobe upgrades are manual, requiring deployment for each new version
• combining host monitoring and DNS tapping in the same telemetry agent introduces a shared bug surface between two very different functions
• in cases where kprobe couldn't be installed on a DNS resolver, deploying it as a DNS tap required a complicated launch command

Taking a hard look at these constraints, we are now happy to offer a much more operable and easy-to-deploy solution via a new Universal Agent capability, so let's look at the benefits now!

So what's new ?

Trivial deployment of DNS taps, under the hood upgrades

As of today, all Universal Agents deployed offer a new capability aptly named DNS OTT Tap which replaces kprobe's legacy role of conveying DNS query/responses to our flow ingest clusters for OTT-related flow enrichments. Installing it will download the capability's core binary and enable it.

Once the capability is enabled, users will be able to configure the few parameters, and the Universal Agent host will keep the OTT DNS Tap capability in its latest version without any further operational attendance needed.

Easy promiscuous mode

You can now select a specific host interface to capture DNS queries and responses. In addition, if you’re using port mirroring, port spanning, or tunneling to send this traffic from the server-facing port to another host, you can enable Promiscuous Mode on that interface to capture it, as shown in the diagram below.

OTT DNS Tap metrics

Every Universal Agent capability comes with its own set of metrics. The OTT DNS Tap is no exception to this principle: clicking on the capability [Details] button will show two charts – one for the amount of DNS query/response funneled by the capability to Kentik's ingest clusters, and a second on the number of query/responses discarded, to monitor for any issue related to the capability's specific job.

As can be seen on both screenshots, both metrics are instantly available in Metrics Explorer for further reporting, so that administrators of the DNS Tap fleet can quickly troubleshoot. Here's an example of a single Metrics Explorer query showing the number of query/responses per seconds that an entire fleet of DNS Taps is performing:

At last, we've improved the [Configuration] screen of our Service Provider > OTT Service Tracking workflow to now include all deployed OTT DNS Taps with their agent status health. 

What does the migration path to the OTT DNS Tap Universal Agent Capability look like?

The process to switch from a standalone kprobe setup to Universal Agent's OTT DNS Tap capability couldn't be safer and simpler. It consists of the below steps:

1. On each DNS server where kprobe is currently running on, deploy Universal Agent. (Knowledge Base Article)
   The process is trivial: enter the command line on the server's shell and follow the instructions until Kentik Portal offers you to register the newly detected agent.
2. Once Universal Agent is installed successfully on the DNS server, install the OTT DNS Tap capability. (see Knowledge Base entry here)
3. Configure the OTT DNS Tap capability to your liking – default settings should cover most of the installs.
4. At this point both kprobe and the OTT DNS Tap will be sending the same data to Kentik's DNS ingest cluster, and it does not affect the OTT enrichment data at all.
5. Verify that the OTT DNS Tap capability is receiving DNS Query/Responses from the capability's drawer in the Universal Agent UI. (see screenshot in the OTT DNS Tap metrics paragraph in this post)
6. 🎓 Congratulations, you are done: you can now safely uninstall kprobe and proceed to the next DNS server.

The simplicity of the migration path relies in the fact that both kprobe and the new Universal Agent capability can coexist without causing any OTT Flow enrichment issues.
👌 So, go ahead and migrate your kprobe instances right away and benefit from the improved observability of our Universal Agent as soon as today!

Note: if any doubt whether the kprobe instance running on a DNS server is used as a Legacy DNS Tap or to generate host flow telemetry, the following command on the host will help disambiguate - if it yields any result, then there's a kprobe running on this instance needing to be replaced with a Universal Agent OTT DNS Tap capability:  ps auxw | grep kprobe | grep dns

What comes next ?

In one of our next releases, we'll be adding out-of-the-box alerting for both Universal Agents and capabilities, sending you notifications whenever your fleet of telemetry agents is encountering issues.

In addition, we have a really neat slate of improvements that we are also going to bring to life in the near future, amongst others: new agents such as Flow Proxy (fka kproxy) will be ported over under Universal Agents, as well as some large scale deployment options, and also an initial set of HA (High Availability) options – so watch this space!

We're thrilled to announce a significant upgrade to the Knowledge Base (KB), designed to help you find information about Kentik’s powerful Network Intelligence features more efficiently than ever before. While you'll still access the KB at https://kb.kentik.com, we've made substantial enhancements to deliver a truly new and improved experience.

What's New and Improved?

So. Many. Things.

Search

We wanted an easier path to Kentik product knowledge, so we added these search enhancements:

• Search the entire KB at once: Platform, Portal, and in the near future, API documentation
• Search with natural language questions

Streamlined Access to Information

Navigating the KB is now easier than ever:

• The redesigned “Explore Articles” sidebar simplifies your learning and troubleshooting journeys. 
• The “In This Article” table of contents now has an improved layout and automatically highlights where you are in the article.
• Next/Previous Article buttons, Feedback, and Related Articles at the bottom of every article
• Recently Modified, Recently Created, and Most Viewed article lists on the home page

A Modern, Intuitive Experience

It might have been overdue, but we think you’re gonna love these:

• Refreshed look and feel
• More variety of visual elements like callouts, accordions, tabs, and videos
• Ability to copy code blocks with a single click
• Choice of Dark/Light/Auto themes

We are committed to continuously improving your experience with Kentik, and this Knowledge Base evolution is a key part of that commitment. Dive in and explore the enhanced capabilities  at https://kb.kentik.com and let us know how it goes!