Telemetry & Signed Audit Logs
Trust the trail: OpenTelemetry signals + tamper-evident audit logs for discovery, scoring, and enforcement.
Why Telemetry & Integrity Matter
When agents act continuously, disputes about “what happened” waste time. ClarioSec emits OpenTelemetry metrics/traces/logs and produces signed, time-stamped audit records with identity, permissions, action, decision, and rationale. That means SOC, compliance, and engineering can reference the same facts—internally or in your SIEM—without manual reconstruction.
What We Emit
Normalized Security Events
Discovery jobs, agent lifecycle updates, rule matches, score deltas, enforcement outcomes (Block → Alert → Log), overrides, and JIT approvals—each with correlation IDs.
Explainable Narratives
Every decision includes a human-readable ‘why’, matched policy/rules, mapped controls (SOC 2, ISO 27001, GDPR, EU AI Act, ISO/IEC 42001), and evidence pointers.
OpenTelemetry Signals
Metrics for coverage and MTTR, traces for pipeline steps, logs for events. Stream them to your observability stack without losing semantics.
Signed, Chain-Verified Records
Per-record signatures + a running chain enable integrity checks on export or at rest. Tamper attempts are detectable.
Isolation, Privacy & Exports
Tenant Isolation by Design
All telemetry and audit records are stored per-tenant in dedicated DB schemas. Cross-tenant access is blocked by architecture, not policy alone.
Redaction Policies
Mask or drop sensitive fields (e.g., PII, tokens) before logs leave the boundary. Redaction templates are auditable and per-tenant.
SIEM/SOAR & Data Lakes
Stream to Splunk, Sentinel, Chronicle, Elastic, or S3/BigQuery via OTel exporters. Preserve integrity metadata so verification travels with the data.
Retention & Legal Hold
Configurable retention, WORM-friendly exports, and legal-hold flags. You decide where evidence lives and for how long.
What You Can Do With It
Faster Incident Reviews
Reconstruct the agent decision path in minutes: who/what acted, which permissions enabled it, what policy applied, and why the decision was made.
Audit in Days, Not Months
Export signed narratives tied to control IDs. Auditors review the same immutable facts as your teams—fewer interviews, less rework.
KPIs That Matter
Track agent coverage, permission reduction, and MTTR for agent incidents. Show improvement backed by verifiable evidence.
Frequently Asked Questions
What does ClarioSec log?
Every relevant event: discovery operations, scoring updates, policy matches, and runtime outcomes (Block → Alert → Log). Each record includes identity, permission context, attempted action, decision, rationale, control mapping, timestamps, and correlation IDs so you can recreate what happened without guesswork.
How are logs protected against tampering?
Logs are signed and time-stamped. We compute a per-record signature and chain them to enable integrity checks. Any mutation breaks the chain. You can verify integrity inside ClarioSec or externally when exporting to your SIEM or archive.
How does this integrate with my existing tools?
We emit OpenTelemetry signals (metrics/traces/logs) and support streaming to SIEM/SOAR and data lakes. You keep your central analytics while ClarioSec ensures events are explainable, normalized, and tied to controls.
How is tenant isolation handled?
Each tenant has a dedicated database schema. Telemetry routing respects tenant boundaries, and exports carry tenant-scoped credentials with optional redaction policies for sensitive fields.
Can sensitive data be redacted?
Yes. Redaction policies can mask or drop fields like PII before logs leave the boundary. We preserve enough context to maintain audit value while minimizing exposure.
See ClarioSec in action
Discover hidden agents, drift, and policy risks in minutes.