APNIC is pleased to announce the release of an ‘alerts’ feature in the Dashboard for Autonomous System Health (DASH). DASH can now offer APNIC Members who have an Autonomous System Number (ASN) triggered alerts as email messages.
With the alerts feature, users can choose which address ranges and what level of suspicious traffic issues trigger an alert. The dashboard has a new option on the sidebar, and a summary page showing which alerts you have defined and their state:
Alerts complement reports
DASH already offers a regular report feature that summarizes the state of your suspicious traffic levels. The new alerts feature is designed to complement this and provide both targeted and timely notification. You can set what activity causes you to get an alert, and you’ll receive the alert as soon as the threshold of concern is met. If you prefer to receive the regular report, you can still select that option.
Alerts can be ‘snoozed’ as well as edited, added and removed.
We know that sometimes when an alert is sent, you may not be able to remediate it quickly enough to prevent a second alert being sent in the next reporting interval. So, there’s an option to ‘snooze’ an active alert. The alert’s definition will remain inside the system but choosing to snooze alerts will stop DASH from sending notifications. Of course, normal edit functions exist for all your defined alerts — you can rename them, change the list of associated prefixes, the trigger conditions, or remove them entirely.
More to come
Alerts currently arrive via the email address associated with the APNIC user login authoring the alert. Later this year we will be augmenting the alerts notification systems to include SMS messages, and hopefully integrating API keys into existing IP-based notification services such as Slack or Discord. We’re still exploring which of these can provide the level of service and security needed.
APNIC has also been working on deployment of a routing misalignment service for DASH, which will be released later this year. It will show APNIC Members who hold Internet number resources the alignment of their Border Gateway Protocol (BGP), Resource Public Key Infrastructure (RPKI), and Internet Routing Registry (IRR) records.
The alerting method will be extended to send your choice of triggered alerts when these three systems enter a state of misalignment. Notification will be sent if your prefix suddenly acquired a new origin AS from a misconfiguration or bad actor asserting a more specific route, or when your BGP changes and no longer aligns with your Route Origin Authorization (ROA) or IRR route object. To do this, APNIC will extend DASH to permit non-ASN holders to login and manage reports, dashboards, and alerts for their prefixes, even if they don’t manage the origin AS for the delegated addresses.
Set up your alerts in DASH now.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.