One dimension: monthly governed event volume. No feature tiers, no hidden seats, no data egress fees. We enforce monthly totals - not rolling averages.
Why governance
Security tools govern code.
CI tools govern builds.
IAM governs access.
Logs have no governance layer.
Sensitive identifiers, tokens, and customer metadata end up in telemetry. Once ingested, removal is difficult, expensive, and sometimes impossible.
Governance runs in-process.
Rules enforced at emission.
Zero pipeline changes required.
Sensitive data never reaches the sink.
One SDK. One line of setup. Governance applied before any downstream call is made.
Product model
CerbiStream
In-process enforcement
Cerbi's own logging framework, built from the ground up with governance, compression, and enrichment as first-class features. Use it directly, or use the plugin-model adapters to govern Serilog, MEL, NLog, Java, Go, or Python loggers using the same governance engine.
+ Redacts PII and PHI fields at emission
+ Enforces schema and structure rules
+ Built-in compression and enrichment
+ Zero network calls on the hot path
+ Plugin adapters for Serilog, MEL, NLog, Java, Go, Python, Node.js
CerbiShield
Control plane / dashboard
The hosted control plane deployed into your Azure subscription. Manages governance policies, surfaces violations, shows compliance posture, and handles audit history.
+ Governance rule editor and version control
+ Violation dashboards and trend reports
+ RBAC, audit log, and export
+ Deployed via Azure Marketplace
// CerbiStream and CerbiShield are licensed together. Pricing is based on governed event volume, not seats.
Deployment & licensing
Deployment & Licensing Truth
CerbiShield and the governance control plane are deployed entirely in your tenant. Your log data never leaves your infrastructure.
Licensing is based on governed log events per month.
Usage is counted per billing month.
If you exceed your tier in a month, Cerbi continues operating for the rest of that month.
Starting the next billing month, Cerbi enforces your tier cap.
Once the cap is reached, additional events are not accepted until you upgrade.
Your applications keep running normally. Only Cerbi event intake is affected.
Available through Microsoft Marketplace. CerbiShield deploys into your Azure tenant and works with your existing observability stack.
View listing14-day free trial: up to 5 million governed log events
No credit card required. Full access to CerbiStream and CerbiShield. Trial volume counts against your first paid month if you continue.
Plans
One
For teams beginning to apply logging governance.
Ideal for small teams and early production services establishing governance practices across their services.
Includes a 20-min video call for questions & onboarding - use it whenever you need it.
Pro
For multi-service production platforms.
Designed for growing platforms where logging governance needs to be enforced consistently across services and environments.
Includes a 20-min video call for questions & onboarding - use it whenever you need it.
Pro++
For high-volume platforms and regulated workloads.
Built for production platforms operating at scale where governance, compliance visibility, and audit readiness are non-negotiable.
Includes a 20-min video call for questions & onboarding - use it whenever you need it.
Architecture
Cerbi validates and governs telemetry before it reaches observability platforms such as Splunk, Datadog, or Azure Monitor. By enforcing schema validation, sensitive field protection, and governance metadata at runtime, teams prevent telemetry issues before they propagate through monitoring systems.
Overage & enterprise
Overage policy
For workloads exceeding 1 billion events per month, contact Cerbi for volume pricing.
Contact UsCost estimator
ROI Estimator
Based on public vendor pricing and U.S. BLS labor benchmarks - not Cerbi customer results.
Log Ingest
Monthly estimated at 30.4 days
Governance typically reduces noise by 10–30%
Labor Recovered
Time recaptured by security and compliance staff when governance policies reduce investigation, cleanup, and audit prep. Based on U.S. BLS median hourly rates.
$86/hr median - BLS SOC 15-1212 (2024)
$54/hr median - BLS SOC 13-1041 (2024)
Log Ingest Monthly
Log savings / mo
$401
ingest cost reduction
Labor value / yr
$12k
3h/wk × BLS rates
Cerbi cost / yr
$3.0k
Pro plan
Est. annual value
$17k
ingest + labor combined
Estimated net annual impact
+0+$13,576
Cerbi cost is covered. Remaining value is net return.
Cost drivers
Platform notes
Built to Scale Without Cost Surprises
CerbiShield is designed to operate at scale without becoming a performance bottleneck or introducing usage-based costs. Governance is enforced efficiently and scales linearly as environments grow.
// Internal benchmarks confirm negligible infrastructure overhead
// vs. downstream observability ingestion costs.
Cerbi does not replace your existing log platforms. It governs what gets logged before data reaches tools like Datadog, Splunk, Azure Monitor, or ELK - helping teams control cost, enforce structure, and reduce noise.
Feature comparison
All capabilities included on every plan
There are no feature-based tiers. Licensing is based on throughput only.
| Feature | one | pro | pro++ |
|---|---|---|---|
| Governed log events per month | 25M | 250M | 1B |
| 20-min onboarding / Q&A video call (as needed) | |||
| Unlimited applications and environments | |||
| Governance profiles and schema rules | |||
| Structured logging enforcement | |||
| PII and PHI field controls | |||
| Log scoring and classification | |||
| Dashboards and operational visibility | |||
| Role-based access control (RBAC) | |||
| Governance audit history | |||
| Reporting and data export | |||
| Multiple deployment targets | |||
| High-throughput ingestion and scoring |
Licensing is based on throughput only. All features are always enabled.
Trial paths
Two ways to evaluate Cerbi
Choose based on how much time you have and what you want to validate.
Local demo
Fast evaluation, no infrastructure
Install CerbiStream into any .NET, Java, Go, or Python project on your machine. Governance runs immediately against local log output. No Azure account required.
Good for:
+ Validating the SDK fits your logging setup
+ Testing redaction rules against real log output
+ No Azure admin access needed
Azure deployment
Production-style trial, full control plane
Deploy CerbiShield into your Azure subscription via Marketplace. Connects to your real services. Full dashboard, violation tracking, and governance policy editor from day one.
Good for:
+ Validating against real production log volume
+ Testing dashboard and compliance reporting
+ Sharing results with your security or platform team
Step-by-step onboarding
What happens after you click start
No ambiguity. Here is exactly what you are signing up for.
Local path
Choose your entry point
Use CerbiStream directly, or install a plugin adapter for your existing logger (Serilog, MEL, NLog, Logback, slog, Python logging). One package per runtime.
Register the governance provider
One line of setup wires the governance engine into your logging pipeline. No call-site changes. No routing changes.
Define a governance profile
Specify which fields to redact or block. Profiles are JSON files checked into your repo alongside your code.
Run your app
The governance engine evaluates every log event at emission time. Violations are flagged in local output immediately.
Azure path
Open Azure Marketplace
Find CerbiShield on the Azure Marketplace and select the trial or paid plan. Billing is handled by Microsoft.
Deploy to your subscription
CerbiShield deploys into your own Azure subscription. Your data stays in your infrastructure.
Install CerbiStream
Follow the post-deploy guide to install the SDK in each service you want governed. Takes under ten minutes per service.
Connect and govern
CerbiStream reports governed events to your CerbiShield control plane. Policy violations appear in the dashboard within minutes.
Book your onboarding call
Every plan includes a 20-minute video call with the Cerbi team. Use it to configure rules, review violations, or ask questions.
Cost control
Ingest reduction
30 - 60%
Teams typically reduce observability ingest volume by filtering verbose, duplicate, and structurally invalid events before they reach Datadog, Splunk, or Azure Monitor.
Compliance remediation avoided
Hours per incident
When sensitive data reaches a sink it is difficult to remove. Cerbi prevents the event from leaving the process, eliminating the remediation cost entirely.
Governance overhead
Near zero
In-process governance adds no meaningful latency on the hot path. There are no network calls during log emission. Rules are evaluated in memory.
Common questions
Objections we hear most
Book a guided pilot session
Not sure where to start or want a second set of eyes on your governance setup? Book a 30-minute office hours call with the Cerbi team. We will review your logging architecture, help configure rules, and answer any questions - no sales process attached.
Pricing reflects published Azure Marketplace plans. Final terms and SLAs are confirmed in order forms or private offers. Cerbi governs schemas, scoring, and redaction while leaving log routing entirely under customer control.
Have questions? Check the FAQ or contact us.