Configure alerting rules to get notified when Golf Gateway detects security threats, scrubs PII from responses, or blocks suspicious requests.Documentation Index
Fetch the complete documentation index at: https://docs.golf.dev/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
- Golf Gateway deployed with audit log export configured
- One of the following export destinations:
Key fields for alerting
Golf Gateway audit logs include security fields specifically designed for alerting. See the Audit Log Schema for complete field documentation.| Field | Type | Alert Use Case |
|---|---|---|
security.blocked | boolean | Request/response was blocked |
security.threats_detected | array | Specific threat types detected |
security.threat_category | string | Threat classification |
security.was_scrubbed | boolean | PII was detected and removed |
security.entities_redacted | integer | Count of PII entities found |
security.entities_by_type | object | PII breakdown by type |
Recommended alerts
Set up these alerts to monitor security events:| Alert | Condition | Severity |
|---|---|---|
| Threat Blocked | security.blocked = true | Critical |
| Prompt Injection | security.threats_detected contains prompt_injection | Critical |
| PII Detected | security.was_scrubbed = true | Warning |
| Rate Limit Exceeded | security.threat_category = "rate_limit_exceeded" | Warning |
| Replay Attack | security.threats_detected contains replay_attack | Critical |
In-app notifications
Golf Gateway also provides built-in notifications in the Admin Portal:- Go to Notifications in the Admin Portal
- View real-time alerts for:
- Threat detections
- Blocked requests
- Pending capability approvals
- Click any notification to navigate to the related session or server
Related guides
Audit Log Schema
Complete field reference for audit log entries
Set Up Monitoring
Configure health endpoints and metrics
Export to Elasticsearch
Set up Elasticsearch audit log export
Export to Sentinel
Set up Azure Sentinel export