diff --git a/Netgrimoire/Audits/monitoring-2026-05-04.md b/Netgrimoire/Audits/monitoring-2026-05-04.md
new file mode 100644
index 0000000..8257df9
--- /dev/null
+++ b/Netgrimoire/Audits/monitoring-2026-05-04.md
@@ -0,0 +1,41 @@
+---
+title: Audit - monitoring.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:28:41.090Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:28:41.090Z
+---
+
+# Audit Report — monitoring.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/monitoring.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**1. Homepage labels:** All services have the required homepage.labels configured.
+
+**2. Uptime Kuma labels:**
+   - **FAIL:** The `kuma.prometheus.http.url` for Prometheus is not correctly formatted as it uses an HTTP URL instead of HTTPS.
+     * **Fix:** Update to `https://prometheus.netgrimoire.com`.
+   - **FAIL:** The `kuma.grafana.http.url` and `kuma.alertmanager.http.url` are not correctly formatted as they use HTTP URLs instead of HTTPS.
+     * **Fix:** Update both to `https://grafana.netgrimoire.com` and `https://alertmanager.netgrimoire.com`.
+   - **FAIL:** The `kuma.blackbox.http.url` for Blackbox Exporter is not correctly formatted as it uses an HTTP URL instead of HTTPS.
+     * **Fix:** Update to `https://blackbox.netgrimoire.com`.
+
+**3. Caddy labels on exposed services:**
+   - All exposed services have the required `caddy=<domain>` and `caddy.reverse_proxy` labels.
+
+**4. Placement constraints:**
+   - All services have a placement constraint specifying `node.hostname == znas`.
+
+**5. Volumes use /DockerVol/<service> path convention:** All volumes follow the `/DockerVol/<service>` path convention.
+
+**6. Network references external netgrimoire overlay:**
+   - The `netgrimoire` network is correctly referenced as an external network.
+
+**VERDICT: FAIL**
\ No newline at end of file