Configure alerting rules to get notified when Golf Gateway detects security threats, scrubs PII from responses, or blocks suspicious requests.
Prerequisites
- Golf Gateway deployed with audit log export configured
- One of the following export destinations:
Key fields for alerting
Golf Gateway audit logs include security fields specifically designed for alerting. See the Audit Log Schema for complete field documentation.
| Field | Type | Alert Use Case |
|---|
security.blocked | boolean | Request/response was blocked |
security.threats_detected | array | Specific threat types detected |
security.threat_category | string | Threat classification |
security.was_scrubbed | boolean | PII was detected and removed |
security.entities_redacted | integer | Count of PII entities found |
security.entities_by_type | object | PII breakdown by type |
Recommended alerts
Set up these alerts to monitor security events:
| Alert | Condition | Severity |
|---|
| Threat Blocked | security.blocked = true | Critical |
| Prompt Injection | security.threats_detected contains prompt_injection | Critical |
| PII Detected | security.was_scrubbed = true | Warning |
| Rate Limit Exceeded | security.threat_category = "rate_limit_exceeded" | Warning |
| Replay Attack | security.threats_detected contains replay_attack | Critical |
In-app notifications
Golf Gateway also provides built-in notifications in the Admin Portal:
- Go to Notifications in the Admin Portal
- View real-time alerts for:
- Threat detections
- Blocked requests
- Pending capability approvals
- Click any notification to navigate to the related session or server
In-app notifications complement SIEM alerting. Use SIEM for incident response workflows and in-app notifications for quick operational awareness.
