Ch 5 — The Dashboard Record

Governance Active
Chapter 5 of 8 — The Dashboard Record

What does the dashboard record, and why does it matter?

Every governance decision — whether a violation was detected or the log passed cleanly — is written to the dashboard as an immutable audit record. This is not a log viewer. It is a governance ledger. Let's understand what each record contains and why it exists.

1

Step 1 of 3

What the dashboard does not store

The dashboard does not store your log messages. It does not store the content of your log lines. It stores the governance decision: which field was evaluated, which rule it matched, what action was taken, and when. This is intentional — the dashboard is a compliance instrument, not a log aggregator. Your logs still go to Datadog, Elasticsearch, or wherever you route them. The dashboard only records what governance did.

Stored in the dashboard

  • Which field triggered a rule
  • Which rule was triggered
  • What action was taken (redacted / flagged / passed)
  • Profile name and version active at the time
  • Timestamp and violation ID
  • Status: Open or Resolved

Not stored in the dashboard

  • The raw value of any field
  • Your full log message
  • Any user data or PII
  • Application business logic
  • Log volume or throughput metrics
2

Step 2 of 3

The four audit records from our checkout log

Below are the four audit records the runtime created when it processed the checkout log from Chapter 3. Three are violations. One is a clean pass from the next log event. Click any record to read exactly what it contains and what it means.
3

Step 3 of 3

Why immutability matters for compliance

Audit records cannot be edited, amended, or deleted — by anyone, including Cerbi administrators. This is what makes them useful to a compliance auditor. When an auditor asks "was sensitive data ever written to your log infrastructure?", you can point to a timestamped record showing the governance engine intercepted it, redacted it, and recorded the decision — along with the exact profile version that was in effect at the time. The record is your evidence.

What a compliance auditor sees

Was creditCardNumber ever written to your logs?

Audit record AUD-0091 shows it was detected, redacted, and never written to any sink. Profile version v1.0.0 was active and its disallowedFields rule triggered the redaction.

When did you become aware of the violation?

The violation was recorded at 14:22:03 UTC on 2025-06-07, the same millisecond the runtime processed the log. Detection is automatic and immediate.

Has this been fixed?

Status: Open — the developer has not yet deployed the code fix. When they do, the status changes to Resolved, with a timestamp and the version of the fix.

Chapter 6 of 8

The Developer Fix — the exact code change that closes the violation

Continue
Cerbi | Logging Governance for Your Stack