CerbiShield in Beta

Govern logs before they reach
your log platforms

CI and runtime guardrails for structured logging with automatic redaction. Keep your existing log destinations and observability tools.

Cut log spend before it spirals

Prevent PII leaks at the source

Stabilize dashboards with schemas

Try CerbiStream in 60 Seconds

Microsoft Partner (ISV)

Harvard i-Lab

50.6KNuGet Downloads

50.6K

NuGet Downloads(updated daily)

As of: 2026-02-03

40%

Log spend eliminated

95%

Compliance pass rate

Faster incident response

Works with Serilog, NLog, Microsoft.Extensions.LoggingTenant-hosted governance control planeYou keep routing to your log destinations

Signals from the field

CerbiSuite exists because these failure modes kept showing up. We built governance at the source.

Security

What teams needed

Teams needed sensitive data to be caught before it hit Datadog/Splunk.

How Cerbi responds

Cerbi enforces rules and redacts at runtime before events leave the app.

Outcomes

Lower leak risk
Consistent redaction behavior
Governance metadata attached

See runtime governance

Examples are illustrative. Policies and scoring can be configured per profile.

Everything you need for governed logging

CerbiSuite gives you complete control over your .NET log pipeline, from schema enforcement to runtime redaction.

Schema Enforcement

Validate log structures at CI/CD time. Catch missing fields, wrong types, and policy violations before deployment.

PII/PHI Redaction

Automatically strip sensitive data before logs leave your application. GDPR, HIPAA, and SOC 2 friendly.

Governance Scoring

Real-time scoring of your logging posture. Track compliance trends and identify risk hotspots.

Multi-Provider Support

Works with MEL, Serilog, and NLog. Keep your existing log destinations like Azure Monitor, Datadog, and Splunk.

Minimal Overhead

Sub-millisecond validation. Async processing and smart batching keep your app performant.

Developer Experience

Rich IDE support, clear error messages, and simple configuration. Governance that doesn't slow you down.

How Cerbi Fits Your Stack

Cerbi governs and scores at the source. Your existing log destinations stay unchanged

Your .NET App

MEL / Serilog / NLog

Cerbi Layer

CerbiStream

Validate • Redact • Score

PII strippedSchema OK

Your Destinations

Datadog, Splunk, Azure, etc.

(unchanged routing)

Cerbi does NOT route logs. It governs + scores at the source. Your sinks and observability tools handle routing.

Governance runs in-process; scoring/analytics can be configured asynchronously via queues to keep the request path clean.

Governance Modes by Environment

Cerbi governance adapts to environment. Designed to catch issues early in development and provide observability in production without blocking log delivery.

Development & CI

Strict Enforcement (Early Safety)

•Compile-time and CI validation with build-stopping feedback
•Required and forbidden fields checked at commit/build time
•Shifts governance issues left before production
•Build failures scoped to CI pipeline only

Staging / Pre-Production

Validation & Tuning

•Same governance rules evaluated as production would
•Non-blocking; violations reported but do not drop logs
•Visibility into violations for tuning and validation
•Evaluate rule effectiveness before production rollout

Production

Governance with Bounds

•Non-blocking; logs are tagged, redacted, and forwarded
•Per-event analysis bounded to limit overhead; configurable by policy
•Violations scored and reported asynchronously or out-of-band
•Graceful degradation under high load; policy-based limits respected

Cerbi runs strict early and bounded in production. Policy enforcement, governance insight, and observability all respect your configured limits and performance constraints.

Learn how governance modes are configured

See governance scoring in action

Toggle rule states to see how governance scoring works in real-time.

Sample Log Event

{
  "timestamp": "2024-01-15T10:30:00Z",
  "level": "Information",
  "message": "User login successful",
  "correlationId": "abc123",
  
  "email": "user@example.com"
}

Required field missing

Forbidden field present

Sensitive field detected (redacted)

Relax mode (bypass validation)

Governance Result

100

Governance Score

Validation Results

Sensitive field 'email' redacted

Redaction Applied

email: "***@***.com"

Explore full scoring system

CerbiShield Dashboard

Governance at a Glance

CerbiShield provides a comprehensive dashboard for managing governance rules, monitoring compliance, and generating audit reports

Overview Dashboard

Real-time governance metrics and compliance status. Track total rules, active deployments, governed apps, and average governance scores across your organization.

Product Videos

See CerbiSuite in action with walkthroughs and demos

2:30

Cerbi: Brief Overview

A quick introduction to CerbiSuite and governed logging for .NET

5:45

The Story of Cerbi

Learn the origin and mission behind CerbiSuite governance

4:20

PII Safe Logging with Scoring

See how CerbiStream handles PII redaction and governance scoring

View all videos on YouTube

Works with your existing stack

CerbiSuite works with popular .NET logging providers and observability platforms.

Log Providers

MEL

Microsoft.Extensions.Logging

Serilog

Structured logging

NLog

Flexible logging

CerbiSuite

Governance Layer

ValidateRedactScore

Destinations

Azure Monitor

Application Insights

Datadog

Observability platform

Splunk

Data platform

+ 2 more

View full ecosystem

Enterprise-Grade Security

Built for compliance from day one. Cerbi gives you the guardrails and evidence you need to pass real audits.

Deployment & Licensing Truth

Tenant-Hosted Governance

CerbiShield and the governance control plane are deployed entirely in your tenant. Your log data never leaves your infrastructure.

App-Based Licensing

Licensing counts governed applications, not environments. One app across dev/test/uat/stage/prod counts as a single governed application.

Tenant-Hosted

Your infrastructure, your control. Cerbi runs entirely in your tenant so logs stay in your environment.

Encryption at Rest & Transit

AES-256 file encryption for fallback logs. Cerbi fits into TLS-secured infrastructure.

Automatic PII Redaction

Rule-based redaction identifies and masks sensitive fields before they reach your log destinations.

Compliance Aligned

Built-in audit trails designed for SOC 2 Type II, HIPAA, GDPR, and ISO 27001 logging controls.

Real-Time Violation Alerts

Catch governance violations quickly with structured tags your existing pipelines can forward.

Immutable Audit Logs

Append-only audit trails designed for WORM-capable storage, making changes tamper-evident.

Supports SOC 2 logging controlsHIPAA-oriented log hygieneGDPR-sensitive data handlingISO 27001 logging practices

Founder-led

Thomas Nelson

Principal architect with 15+ years building enterprise logging and observability infrastructure. Former lead on high-scale .NET systems processing billions of events daily.

LinkedIn|GitHub

Ready to govern your logs?

Start with CerbiStream in under 60 seconds, or book a governance POC for your organization.

Try CerbiStream in 60 Seconds Book a Governance POC

CerbiStream + analyzers free on NuGet|CerbiShield licensed by governed apps

Govern logs before they reach
your log platforms