Skip to main content

OpenTelemetry Export

Overview

Every alert and rule match Cerbera AI produces is available in OpenTelemetry format. This is the primary way to get AI signals out of Cerbera and into your SIEM, where they can be correlated with the rest of your telemetry and feed your existing detection and response workflows.

Exporting over an open standard avoids stacking opaque blocking tools on top of one another. You route AI signals to the places where they make sense for you, instead of treating Cerbera as a separate silo.

tip

This reflects the design goal behind Cerbera AI: spend as little time in the app as possible. Telemetry should flow to where your team already works. See Openness & Interoperability.

What Gets Exported

SignalExample fields
AI tool usagetool, model, user, device, timestamp
Rule matchrule name, action (monitor / redact / block), severity
MCP activitymcp.method, mcp.tool_name, mcp.server_name, mcp.result

See MCP Governance for the full MCP telemetry schema, and Dashboards & Alerts for the in-app view of the same data.

How It Works

Cerbera emits records over OTLP, the OpenTelemetry protocol, to the collector or SIEM endpoint you provide. Because OpenTelemetry is vendor-neutral, any backend that ingests OTLP can receive Cerbera AI signals without a custom integration.

  1. Provide your endpoint

    Share the OTLP endpoint (and credentials) for your collector or SIEM with your Cerbera security engineer.

  2. Choose what to export

    Decide which signals to stream. What each record contains for prompt and response bodies is governed by your privacy settings.

  3. Correlate in your SIEM

    AI usage, rule matches, and MCP activity arrive alongside your other telemetry for detection, dashboards, and audit.

info

Privacy controls apply to exported data exactly as they do in the app. By default, records carry metrics and the fact that a rule matched, not prompt or response bodies. See Privacy.

Next Steps