- How do DDoS alerts trigger?
- Silverline DDoS
- GRE Tunnels
- BGP Routing
- Email/SMS DDoS Notification
- An alert is triggered when a threshold is met or exceeded by a sampling rate detected on our mitigation appliance
- Alerts are triggered 3 primary ways:
- Static Bandwidth Thresholds - Static threshold alerts can be enabled to alert if traffic bandwidth levels surpass a specified level. Should you desire specific levels be set, Contact the Silverline SOC.
- DDoS Misuse Thresholds - Alerts can be triggered on packet per second levels for a variety of DDoS attack vectors. These include: DNS, ICMP, IP Fragment, IP Null, TCP Reset, TCP SYN, and UDP. To have specific thresholds set, Contact the Silverline SOC.
- Profiled Bandwidth - For always-on Routed customers, Silverline will build a profile of traffic levels. Alerts will trigger for anomalies that surpass profiled traffic levels.
- Alerts are displayed in Portal in 2 places:
- Monitor & Analyze > DDoS Activity
- Dashboards > DDoS Dashboard
- Real-Time Incident Procedures (RTIP)
- Always On vs. Always Available
- Q&A: Which DDoS Alerts are included in Log Export?
- How To Configure SMS Alerts for DDoS Events
- How To Receive DDoS Reports via Email For DDoS Events
- Q&A: What do the values in Monitoring Settings indicate?