Technical Architecture

System Architecture

A technical overview of how Cerbi introduces governance to your telemetry pipeline without replacing your existing observability infrastructure.

Platform placement

Application

Your services generating telemetry

Logger

Serilog / MEL / NLog

Cerbi Governance Layer

Policy enforcement — in-process

Observability Platforms

Datadog, Splunk, Azure Monitor

Key point: Cerbi governs telemetry before it reaches observability platforms. Your existing dashboards, alerts, and workflows remain unchanged.

Runtime governance pipeline

CerbiStream
$cerbi trace --live --env production
01App emits log
02CerbiStream intercepts
03Schema validation
04Field redaction
05Governance scoring
06Forward to destination
External CerbiStream (in-process)

<1ms overhead — no network calls

Governance control plane

CerbiShield

Control Plane

Define governance profiles
Validate policies before deployment
Deploy rule sets to environments
Monitor violations in real time
Generate compliance reports
CerbiShield runs in your tenant. Cerbi does not process or own your log data pipelines.

Security model

Tenant-Hosted Deployment

Cerbi runs inside your infrastructure. We do not process or own your log data pipelines.

RBAC

Role-based access control for governance rule management and deployment permissions.

Entra SSO

Enterprise single sign-on integration with Microsoft Entra ID.

Audit Logs

Immutable audit trail for every rule change, deployment, and administrative action.

Rule Deployment Tracking

Full visibility into which rule versions are deployed to which environments.

Observability compatibility

Splunk
Datadog
Azure Monitor
Elastic
Cerbi governs before ingestion. Your existing dashboards, alerts, and workflows continue to work without modification.

Ready to add governance to your telemetry?

Start with CerbiStream in your application and connect to CerbiShield for centralized governance management.

View PricingView on GitHub