Some Cyclops users have been asking questions about the “Mark as False Alert” feature, so I would like to spend some time here trying to explain how this works. Cyclops triggers a variety of alerts based on conditions that each user inputs - “My Prefixes”, “My ASNs” and “My Neighbors”. These three lists is what Cyclops calls the user configuration. Ideally, Cyclops would discover and mirror the routing objects of each network automatically, so that the user configuration mirrors the network configuration. Unfortunately, Cyclops is still far from this point, and it still requires manual intervention to reduce both false positives and false negatives in alerting. That means that some alerts that users receive are false alerts, in the sense that the condition that triggered them is not aligned with  their current network configuration. The “Mark as False Alert” feature allow users to change the user configuration to reduce the false positives.

For example, if I have “New Prefix” alert condition ON  for AS52, I will receive alerts every time AS52 announces a prefix that is not present in “My Prefixes” list. If I click on “Mark as False Alert” for a “New Prefix” alert, i’m implicitly adding the prefix that triggered the alert to “My Prefixes” list, so that alerts on this prefix will stop. So basically, “Mark as False Alert” feature changes the user configuration to avoid future alerts from being triggered from the same condition, and thus reduce the number of false positives. We are still researching ways of how to deal with false negatives, more to come soon. –Ricardo