From c325744540cb6f88a796ad137771d4145513a9bf Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sun, 12 Apr 2026 12:19:42 -0300 Subject: [PATCH] monitoring(alerts): watch soteria authz denial spikes --- .../monitoring/grafana-alerting-config.yaml | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/services/monitoring/grafana-alerting-config.yaml b/services/monitoring/grafana-alerting-config.yaml index 5f240bc0..0dd06bf5 100644 --- a/services/monitoring/grafana-alerting-config.yaml +++ b/services/monitoring/grafana-alerting-config.yaml @@ -543,6 +543,54 @@ data: summary: "One or more PVCs are stale, missing, or failed per Soteria backup health" labels: severity: warning + - uid: maint-soteria-authz-denials + title: "Soteria authorization denials elevated" + condition: C + for: "10m" + data: + - refId: A + relativeTimeRange: + from: 900 + to: 0 + datasourceUid: atlas-vm + model: + expr: sum(increase(soteria_authz_denials_total[15m])) or on() vector(0) + intervalMs: 60000 + maxDataPoints: 43200 + legendFormat: soteria-authz-denials-15m + datasource: + type: prometheus + uid: atlas-vm + - refId: B + datasourceUid: __expr__ + model: + expression: A + intervalMs: 60000 + maxDataPoints: 43200 + reducer: last + type: reduce + - refId: C + datasourceUid: __expr__ + model: + expression: B + intervalMs: 60000 + maxDataPoints: 43200 + type: threshold + conditions: + - evaluator: + params: [10] + type: gt + operator: + type: and + reducer: + type: last + type: query + noDataState: OK + execErrState: Alerting + annotations: + summary: "Soteria saw >10 authorization denials in 15m" + labels: + severity: warning - orgId: 1 name: ariadne folder: Alerts