Optional starting points for governed logging.
Cerbi starter templates are pre-configured governance rule sets for common environments. They are starting points — not legal artifacts, not certifications, and not a substitute for your compliance team.
Cerbi provides logging governance tools and optional starter templates designed to support safer handling of sensitive data in logs. These templates are starting points only and are not legal advice, certification, or a guarantee of compliance with any law, regulation, or industry standard.
Healthcare Logging Starter
A starting point for .NET services that handle patient data
Pre-configured governance rules that block common PHI field names and patterns, require audit-friendly metadata, and track violations. Designed as a starting point — not a compliance checklist.
Included controls
- Block disallowed fields
patientId, ssn, dob, diagnosis, medication — blocked at emission
- Redact matching patterns
Values matching common identifier patterns are masked before logging
- Require audit metadata
correlationId, requestId, and actorId required on all log events
- Track violations
Governance violations are captured and surfaced without blocking application flow
Supports safer logging in healthcare environments. Not legal advice or a HIPAA certification.
Request AccessPayment Data Logging Starter
A starting point for .NET services that process payment data
Pre-configured governance rules that block payment field names, mask sensitive values, and enforce structured transaction context in log output. Reduces the risk of cardholder data appearing in exception logs.
Included controls
- Block payment fields
cardNumber, cvv, pan, routingNumber — blocked at emission
- Mask partial values
Values that pass through are masked to last 4 digits where applicable
- Enforce transaction context
transactionId and merchantId required for payment event logs
- Framework-agnostic
Works with MEL, Serilog, and NLog without changes to call sites
Supports reduced payment data exposure in logs. Not legal advice or a PCI DSS certification.
Request AccessPrivacy Guardrails Starter
A starting point for services that process personal data
Governance rules focused on data minimization in log output — blocking common personal data field names and patterns, enforcing minimal log verbosity, and reducing the volume of personal data stored in observability platforms.
Included controls
- Block PII field names
email, phone, address, name variants — blocked at emission
- Redact matching values
Values matching email, phone, and national ID patterns are masked
- Enforce minimal verbosity
Governance rules flag overly verbose log events that may expose personal data
- Configurable retention context
Log events carry retention metadata for downstream policy enforcement
Supports privacy-conscious logging practices. Not legal advice or a GDPR certification.
Request AccessAudit Logging Starter
A starting point for services that require structured audit trails
Governance rules that enforce required audit metadata, validate log schema at emission time, and support immutable audit trail patterns. Designed for internal systems and platform teams that need predictable, structured log output.
Included controls
- Require audit fields
requestId, correlationId, actorId, and tenantId enforced on all events
- Track schema violations
Missing or malformed fields are captured as governance violations
- Immutable trail support
Log output compatible with WORM-capable storage for append-only audit trails
- Governance posture reporting
Per-service violation trends surfaced in the governance dashboard
Helps generate evidence for internal logging controls. Not legal advice or a SOC 2 certification.
Request AccessNeed a custom governance profile?
Cerbi governance rules are JSON profiles that can be fully customized to match your environment, field naming conventions, and policy requirements. Talk to us about what your logging environment needs.