Skip to main content
Every request that passes through TrustGate becomes a structured event. Observability is how your security, platform, and compliance teams see what the runtime is actually doing.

What is captured

Requests & responses

Full request and response bodies with redaction applied, plus headers, identity, and route metadata.

Detections

Every detector signal — PII category, jailbreak class, toxicity score, schema violation, tool name and arguments.

Decisions

The matched policies and the final action (allow, log, mask, block), with the chain of conditions that fired.

Performance

Latency, upstream time, plugin overhead, error rates, and retry counts per route.

Views

Logs

Structured, searchable events per request — filter by policy, route, app, detection, or identity.

Traces

End-to-end traces that include plugin execution and upstream calls, with OpenTelemetry-compatible context.

Alerts

Rules that fire on event patterns — repeated blocks, new jailbreak classes, unusual tool activity.

Dashboards

Usage, detection rates, action breakdowns, and SLOs per application and provider.

SIEM and downstream pipelines

Events stream out of TrustGate in formats your security tooling already speaks:
  • JSON logs via HTTP, file, or message bus.
  • OpenTelemetry traces and metrics.
  • Native SIEM connectors — ship audit events and detections directly to Splunk (HEC), Elastic (ELK Stack), IBM QRadar, Microsoft Sentinel (via Azure Monitor + Entra ID), and Datadog, so AI detections can be correlated with identity, network, and application telemetry. See SIEM Integration for setup.

Privacy by default

Sensitive fragments (PII, secrets, tool arguments) are redacted in logs by policy. The runtime keeps a minimal token or hash so you can investigate without re-exposing the original content.