A great ecosystem of applications and open source projects has emerged to cover different needs and use cases. However, most of the time we always think about using these applications in the use case that they have been designed for. One example is Prometheus, which is the graduated monitoring project in the CNCF. However, monitoring can become a complementary defensive tool for other projects like Falco. Its access via metrics to other kinds of information that is not available in the kernel calls and the ability to look back in the past, allows Prometheus to cover some blindspots that can be exploited by potential attackers. In this talk, David and Mirco will explore some interesting use cases and practical examples where Prometheus can be used for defensive monitoring, giving some ready to use examples and comparing the pros and cons of this approach with runtime security.