OpenTelemetry Export
Overview
Every alert and rule match Cerbera AI produces is available in OpenTelemetry format. This is the primary way to get AI signals out of Cerbera and into your SIEM, where they can be correlated with the rest of your telemetry and feed your existing detection and response workflows.
Exporting over an open standard avoids stacking opaque blocking tools on top of one another. You route AI signals to the places where they make sense for you, instead of treating Cerbera as a separate silo.
This reflects the design goal behind Cerbera AI: spend as little time in the app as possible. Telemetry should flow to where your team already works. See Openness & Interoperability.
What Gets Exported
| Signal | Example fields |
|---|---|
| AI tool usage | tool, model, user, device, timestamp |
| Rule match | rule name, action (monitor / redact / block), severity |
| MCP activity | mcp.method, mcp.tool_name, mcp.server_name, mcp.result |
See MCP Governance for the full MCP telemetry schema, and Dashboards & Alerts for the in-app view of the same data.
How It Works
Cerbera emits records over OTLP, the OpenTelemetry protocol, to the collector or SIEM endpoint you provide. Because OpenTelemetry is vendor-neutral, any backend that ingests OTLP can receive Cerbera AI signals without a custom integration.
Provide your endpoint
Share the OTLP endpoint (and credentials) for your collector or SIEM with your Cerbera security engineer.
Choose what to export
Decide which signals to stream. What each record contains for prompt and response bodies is governed by your privacy settings.
Correlate in your SIEM
AI usage, rule matches, and MCP activity arrive alongside your other telemetry for detection, dashboards, and audit.
Privacy controls apply to exported data exactly as they do in the app. By default, records carry metrics and the fact that a rule matched, not prompt or response bodies. See Privacy.