groups:
  - name: credentials_leak
    rules:
      - alert: http-credentials-leaked
        annotations:
          message: "{{ $labels.job }} is leaking http basic auth credentials."
        expr: 'sum by (job) (count_over_time({job="myservice"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)'
        for: 10s
        labels:
          severity: critical