The governance control plane
for Cerbi.
CerbiShield is where teams manage policy, onboard services, validate rules, deploy governance changes, review violations, track audit history, and monitor posture — all from one tenant-hosted dashboard.
Rule authoring and policy management
Create and edit governance profiles with a visual rule editor. Define sensitive field categories, set masking or redaction actions, configure enforcement modes (Strict, Warn, Audit), set data retention periods, and validate rule deployment readiness — all without touching application code.
Deployment control across environments
View and manage rule rollouts across every target environment. The Deploy Center tracks rule name, version, target, deployment status, operator, and timestamp in a single table. Active bindings and deployment health are visible at a glance — and new deployments can be initiated without leaving the console.
Violation explorer
Review the full governance violation picture — total count, critical/error/warning breakdown, violation rate, and top violated rules. The severity distribution donut and 14-day trend chart give a clear picture of where policy is failing. Drill into individual applications to see exactly which rules are triggering and at what rate.
Governance analytics and score trends
Historical governance analytics for engineering and security leadership. The executive summary shows score movement, violations, and relaxation usage over a selected time window. Score trend sparklines track Overall, Governance, Safety, Relaxed, and Violations dimensions — with a score distribution bar, enforcement health meter, and full rule coverage table.
Onboarding, validation, audit, health, and insights.
The full CerbiShield console covers the complete governance lifecycle — from first app onboarding through long-term posture reporting.
Guided app onboarding
A 6-step wizard connects new or existing applications to a governance profile, environment, and enforcement mode. Teams are fully onboarded before the first log event fires.
Real-time validation console
Paste any log payload and validate it against live governance rules before rollout. Confirms masking, blocking, and rule behavior without touching production.
Full audit history
Immutable activity timeline for every rule change, deployment, and governance event. Searchable by actor, action, or resource — with a 7-day activity chart and top actors panel.
Platform health monitoring
Live status for every platform service — Router API, Governance Store, Validation Engine, RBAC, and more. Response time trends and throughput charts expose latency before it becomes an incident.
Usage and operations insights
Deployment velocity, violation trends, retention compliance, and Marketplace-linked usage — in one operational view. Built for teams that need to report to leadership on governance posture.
Everything needed to manage governance at scale.
CerbiShield gives platform engineering and security teams the controls they need — without building custom tooling or maintaining manual processes.
Governance Management
- Rule authoring and JSON policy editing
- Sensitive field categorization
- Enforcement mode controls (Strict / Warn / Audit)
- Version tracking and rollback
- Regex pattern support
- Data retention configuration
Rollout and Operations
- App onboarding wizard
- Multi-environment deployment targets
- Deployment status and rollout history
- Operator and actor tracking
- Platform health monitoring
- Immutable audit trail
Visibility and Posture
- Violation explorer with severity breakdown
- Top violated rules analysis
- Real-time validation console
- Governance score trends
- Reporting dashboards for leadership
- Operational insights and usage signals
Security and Access
- Role-based access control (RBAC)
- Microsoft Entra SSO integration
- Tenant-hosted deployment — no data relay
- Azure Marketplace procurement
- Environment-scoped permissions
- Admin and read-only role separation
The product your team manages governance through.
CerbiShield is the surface where engineering leads, security teams, and platform engineers interact with governance policy. It turns CerbiStream from a library into a managed platform with audit history, deployment controls, and leadership-ready reporting.
Central control over logging policy
One console to manage governance profiles across all services and environments. No per-team configuration sprawl.
Audit readiness without manual work
Immutable deployment history, violation records, and profile change tracking satisfy auditor requirements without custom tooling.
Consistent policy rollout
Push profile updates to staging and production through a controlled deployment flow. Profile versions are tracked and rollback is supported.
Easier enterprise onboarding
Entra SSO and RBAC make it straightforward to onboard teams with appropriate access. The Azure Marketplace listing shortens procurement cycles.
CerbiShield manages what CerbiStream enforces.
The two components work together — CerbiStream runs in-process inside your .NET application, CerbiShield provides the control plane above it.
Runs in-process. Applies governance rules at log emission time before anything reaches a destination.
CerbiShieldGovernance control planeThe management dashboard. Defines rules, manages deployments, and surfaces violations and posture.
CerbiScoringPosture and trend trackingTracks governance health over time. Surfaces violation trends, relaxation history, and score improvements.
Available on Azure Marketplace
CerbiShield is listed on Azure Marketplace as an ISV solution. Tenant-hosted deployment — your log data and governance records stay inside your Azure subscription.
Govern telemetry from a real control plane.
CerbiShield gives teams a central dashboard for policy, rollout, violations, audit history, and governance posture across their environment. Available through Azure Marketplace or direct deployment.