Watchdog

Feature Availability

Watchdog is available to customers who have the Watchdog feature enabled on their account. If you do not see the Watchdog menu item in the sidebar, please contact your account manager or support to have the feature enabled.

Overview

Watchdog is the automated cost-monitoring and alerting system in Cloud Ctrl. It continuously watches your cloud spend and notifies you whenever a pattern you care about appears — a sudden cost increase in a single service, a brand-new account that has started spending, an unexpected region lighting up, or a slow drift away from a long-term average.

Each Watchdog Policy combines:

  • A Strategy — the detection rule (e.g. "spend increased by more than 20% week-over-week").
  • A Dimension — the lens you want the results grouped by (e.g. Service, Cost Centre, Environment).
  • A Schedule — how often the policy is evaluated.
  • A Mailing List (and optional Webhook) — who gets told when something is found.

When a policy runs and finds matching records, Watchdog records a Policy Result, sends an email to the mailing list, optionally posts to your webhook, and updates the Watchdog dashboard so the breach is visible to your team.

Watchdog is policy-based and threshold-driven, which makes it complementary to — not a replacement for — Budgets (which cap and track spend) and Recommendations (which suggest optimisation actions).

Key Concepts

  • Policy — A reusable monitoring rule with a name, severity, strategy, schedule, scope and recipient list.
  • Strategy — The detection algorithm. See Strategies below.
  • Dimension — The grouping/breakdown used for detection and reporting. Every policy needs a primary dimension; additional dimensions can be added (in beta) to slice findings across multiple breakdowns at once.
  • Severity — The importance assigned to a finding: Critical, Warning or Information. Severity drives the dashboard summary tiles and helps recipients prioritise.
  • Schedule — How often the policy runs: Every Import, Twice Daily, Weekly (with day-of-week), or Monthly (with day-of-month).
  • Custom View — Optional scope filter. When set, the policy only considers spend that falls inside the selected custom view.
  • Line Item Type — Whether the policy looks at Usage Only, Usage + Fees (including reserved-instance and savings-plan purchases), or Fees Only.
  • Mailing List — The group of people emailed when a policy result is generated. A mailing list is required to create a policy.
  • Webhook — An optional HTTP endpoint that receives a notification payload alongside the email.
  • Policy Result — A single execution of the policy. Each result records the run timestamp, the record count, the date range that was evaluated, and the downloadable result data.

The Watchdog Dashboard

The Watchdog dashboard is the landing page for the feature, accessible from the Watchdog menu item in the sidebar.

Summary Cards

Three cards at the top of the page summarise your monitoring posture:

  • Critical Risks (24h) — The number of Critical-severity policy results in the last 24 hours.
  • Potential Risks (24h) — The number of Warning-severity results in the last 24 hours.
  • Active Policies — The total number of policies currently configured for your tenant.

Policy List

Below the summary cards, every policy is listed in a table showing its name, primary dimension, severity, schedule, the timestamp of its most recent run, and the number of records found on that run. Each row links through to the Policy Detail page.

A New Policy button on the dashboard launches the creation wizard.

Creating a Policy

To create a new policy, click New Policy on the Watchdog dashboard and complete the form:

  1. Name — A short, descriptive name for the policy (e.g. "AWS — Weekly EC2 cost jump").
  2. Severity — Choose Critical, Warning or Information.
  3. Primary Dimension — The dimension findings will be grouped by. Optionally, enable Additional Dimensions (beta) to also group by other dimensions in the same run.
  4. Custom View (optional) — Restrict the policy to a specific custom view.
  5. Strategy — Pick a detection strategy and configure its parameters. See Strategies below.
  6. Line Item Type — Choose whether fees (e.g. reservation purchases) are included.
  7. Schedule — Pick how often the policy runs.
  8. Mailing List — Select the recipients to be notified. This is required.
  9. Webhook (optional) — Select a configured webhook to receive notifications.
  10. Click Save. The policy will run on its next scheduled tick (or on the next data import if you chose Every Import).

Tips

Mailing lists and webhooks are configured in Settings → Notifications. Set those up before creating a policy.

Strategies

Watchdog ships with several strategies. Each one answers a different question.

Delta Spend

Detects when spend, broken down by your chosen dimension, has increased by more than a configured threshold compared to a historical look-back period.

Use it for: "Tell me when any service costs more than X% more this week than last week."

Parameters:

  • Threshold — The percentage increase that triggers a finding.
  • Granularity / Look-back — The period used as the comparison baseline.

New Spend

Detects when a value of the chosen dimension (e.g. a new Service or Resource Group) appears with non-trivial spend for the first time.

Use it for: "Tell me when a brand-new service starts costing money."

Parameters:

  • Minimum spend — The spend threshold below which new items are ignored.

New Account

Detects when a new cloud account has been added and is generating spend above a threshold.

Use it for: "Tell me when an unexpected subscription or AWS account starts spending."

Regional Spend

Detects when spend is being incurred across more than a configured number of regions, with each region exceeding a per-region spend threshold.

Use it for: "Tell me when workloads spread into regions we don't expect to operate in."

Average Delta Spend

Detects when current spend deviates from a rolling average by more than the configured percentage. This is more tolerant of week-to-week noise than Delta Spend.

Use it for: "Tell me about sustained drifts away from our baseline, ignoring short spikes."

Scheduling Options

ScheduleWhen it runs
Every ImportAfter each successful cloud-data refresh — the fastest feedback loop.
Twice DailyAt roughly 12-hour intervals.
WeeklyOn a chosen day of the week.
MonthlyOn a chosen day of the month.

Watchdog automatically calculates the next run time when a policy is created or edited, so you don't need to wait for the schedule to "tick over" before the first run takes effect.

Policy Detail

Clicking a policy in the dashboard opens its detail page, which shows:

  • The policy metadata — name, severity, dimension, schedule, custom view, mailing list, webhook.
  • A plain-language summary of the configured strategy (e.g. "Detect when Service spend increases by 20% week-over-week").
  • A table of recent Policy Results, with the run timestamp, record count, and links to view or download the underlying data.
  • Edit and Delete buttons.

Editing a Policy

Click Edit to change any aspect of the policy — including its strategy, dimensions, schedule and recipients. Saved changes take effect on the next scheduled run.

Deleting a Policy

Click Delete to remove the policy. Deletion also removes all of the policy's previous results and any dimension associations. There is no soft-delete or pause; if you want to silence a policy temporarily, change its mailing list to an empty distribution group or shorten its schedule.

Viewing Result Data

Selecting a row in the Recent Results table opens the Policy Run view. This shows:

  • The execution timestamp and severity.
  • The total number of records found.
  • A paginated table of result pages. Each page can be downloaded individually as a CSV.

Tips

Result downloads are served through short-lived (10 minute) signed URLs. If a download link expires, simply re-open the Policy Run page to generate a fresh one.

Notifications

When a policy run produces one or more records, Watchdog:

  1. Sends an email to every recipient on the policy's mailing list. The email summarises the policy, the strategy, the number of records found, and provides the result data as attachments.
  2. Posts to the configured webhook (if one is set), allowing you to forward findings into Slack, Microsoft Teams, ticketing systems or your own automation.
  3. Updates the dashboard — the Critical Risks and Potential Risks tiles reflect the new finding within seconds.

If a policy run finds zero records, no email or webhook call is made — the run is recorded silently for the audit trail.

Permissions

  • Anyone with Read permission on the tenant can view the Watchdog dashboard, individual policies and result data.
  • Contribute permission is required to create, edit or delete policies.
  • The Watchdog feature itself must be enabled on the tenant — see the Feature Availability note at the top of this page.
  • Budgets — Track planned vs actual spend and (optionally) enforce caps. Use Budgets for "are we on track?" and Watchdog for "did something just change?".
  • Reporting — Build dashboards and scheduled reports for ongoing visibility. Use Reporting for known cadences and Watchdog for exception alerting.
  • Recommendations — Surface concrete actions to reduce spend. Use Recommendations to act on the trends Watchdog highlights.