Oh no! Another developer who thinks they've cracked it! They all say the same.
1. So what should happen in these circumstances? You want the Audit failures to stop? How could this happen automatically? Block IP? Granted once you've "fixed" it you'd want a human to investigate.
2. Yes I want more space automatically allocated. In the cloud that is possible! Oh and why you using "disk" to store persistant data?
3. Drop the server out the load balancer and automatically rebuild another one or add more servers. You'd then want to investigate what happened, but any customer impact is mitigated.
Granted all these require software that's built in a certain way... Maybe the problem isn't with the monitoring systems it's with the software it's trying to monitor?