Microsoft Marketplace
Source-side log governance for Azure teams. Deploy CerbiShield into your Azure tenant and govern application logs before sensitive data reaches observability platforms.
Why Microsoft Marketplace
Cleaner procurement path
CerbiShield is available through Microsoft Marketplace for Azure customers who want a cleaner procurement path and a customer-hosted deployment model.
Deploys into your Azure tenant
CerbiShield is designed to run in the customer's Azure environment. Cerbi does not replace Splunk, Datadog, Azure Monitor, OpenTelemetry, SIEM tooling, or existing logging frameworks. It adds governance before log data reaches those systems.
How Cerbi works
Five steps from scan to governed runtime. Each step is independent — teams can start at build-time scanning and adopt runtime enforcement incrementally.
Scan application code for risky logging patterns
The Cerbi Scanner identifies unsafe log calls, missing governance fields, sensitive field exposure, and schema drift before anything ships.
Review sensitive fields and schema drift
CerbiShield surfaces detected sensitive fields, field aliases, and schema inconsistencies across services so your team can review before enforcing.
Create governance rules
Author JSON-based governance profiles that declare required fields, disallowed fields, enforcement modes, field masking, and encryption configuration per environment.
Enforce policy at runtime
CerbiStream intercepts log events in-process and applies governance rules before events reach Splunk, Datadog, Azure Monitor, or any other observability sink.
Audit violations, relax-mode usage, and profile history
Every violation, relax-mode exception, rule deployment, and administrative action is recorded in an immutable audit trail with full actor and timestamp context.
Who it is for
CerbiShield is built for engineering and compliance teams operating in regulated environments on Azure.
Platform engineering
Define and version governance profiles centrally. Push rule sets to dev, staging, and production independently. Track deployment history in the CerbiShield deploy center.
Security engineering
Block PII, PHI, tokens, and secrets at emission — before they reach any observability platform. Monitor violations in real time with severity breakdowns and trend data.
Compliance
Demonstrate governance controls for HIPAA, GDPR, PCI DSS, and SOC 2 audits. The immutable audit trail captures every rule change and deployment action.
DevSecOps
Shift governance left. The Cerbi Scanner runs in CI and flags dangerous log calls as diagnostics before code reaches staging or production.
Application teams in regulated environments
Use CerbiStream as a drop-in addition to your existing logging framework — MEL, Serilog, NLog, Log4j, Zap, Logback, Pino, or Winston. No call-site rewrites.
What teams can govern
Governance rules are declared in a JSON profile per environment. Below are the field categories and control types teams configure through CerbiShield.
- PII and PHI fields
- Tokens and secrets
- Customer identifiers
- Required correlation fields
- Field masking, hashing, encryption, blocking, and allow rules
- Relax-mode exceptions with audit history
Data stays in your tenant
CerbiShield deploys into your Azure environment. Cerbi does not process, store, or have access to your log data. All governance decisions — field masking, violation detection, rule enforcement — happen on your infrastructure. Microsoft Entra SSO and RBAC are supported out of the box.
Get started
Govern logs before they become downstream risk.
Start with the free Cerbi Scanner to find risky logging patterns in your codebase, then deploy CerbiShield through Microsoft Marketplace for runtime enforcement and governance reporting.
The Cerbi Scanner is free, requires no account, and runs in your terminal or CI pipeline. CerbiShield is deployed and billed through your Azure subscription via Microsoft Marketplace.
