Suspicious traffic alerts released to DASH

By on 2 Jun 2022

Category: Tech matters

Tags: , , ,

Blog home

APNIC is pleased to announce the release of an ‘alerts’ feature in the Dashboard for Autonomous System Health (DASH). DASH can now offer APNIC Members who have an Autonomous System Number (ASN) triggered alerts as email messages.

With the alerts feature, users can choose which address ranges and what level of suspicious traffic issues trigger an alert. The dashboard has a new option on the sidebar, and a summary page showing which alerts you have defined and their state:

Figure 1 — The new Alerts tab in DASH.
Figure 1 — The new Alerts tab in DASH.

Alerts complement reports

DASH already offers a regular report feature that summarizes the state of your suspicious traffic levels. The new alerts feature is designed to complement this and provide both targeted and timely notification. You can set what activity causes you to get an alert, and you’ll receive the alert as soon as the threshold of concern is met. If you prefer to receive the regular report, you can still select that option.

Alerts can be ‘snoozed’ as well as edited, added and removed.

We know that sometimes when an alert is sent, you may not be able to remediate it quickly enough to prevent a second alert being sent in the next reporting interval. So, there’s an option to ‘snooze’ an active alert. The alert’s definition will remain inside the system but choosing to snooze alerts will stop DASH from sending notifications. Of course, normal edit functions exist for all your defined alerts — you can rename them, change the list of associated prefixes, the trigger conditions, or remove them entirely.

Figure 2 — Creating an alert and defining the trigger in DASH.
Figure 2 — Creating an alert and defining the trigger in DASH.
Figure 3 — Defining the rule in DASH.
Figure 3 — Defining the rule in DASH.
Figure 4 — Defining the action when the system triggers an alert.
Figure 4 — Defining the action when the system triggers an alert.

More to come

Alerts currently arrive via the email address associated with the APNIC user login authoring the alert. Later this year we will be augmenting the alerts notification systems to include SMS messages, and hopefully integrating API keys into existing IP-based notification services such as Slack or Discord. We’re still exploring which of these can provide the level of service and security needed.

Read: How DASH helps monitor network health

APNIC has also been working on deployment of a routing misalignment service for DASH, which will be released later this year. It will show APNIC Members who hold Internet number resources the alignment of their Border Gateway Protocol (BGP), Resource Public Key Infrastructure (RPKI), and Internet Routing Registry (IRR) records.

The alerting method will be extended to send your choice of triggered alerts when these three systems enter a state of misalignment. Notification will be sent if your prefix suddenly acquired a new origin AS from a misconfiguration or bad actor asserting a more specific route, or when your BGP changes and no longer aligns with your Route Origin Authorization (ROA) or IRR route object. To do this, APNIC will extend DASH to permit non-ASN holders to login and manage reports, dashboards, and alerts for their prefixes, even if they don’t manage the origin AS for the delegated addresses.

Set up your alerts in DASH now.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published.

Top