Telemetry & SIEM Integration

Centralized visibility is a mandatory requirement in Vendor Risk Management (VRM). ABS Core exports cryptographic audit data in strictly typed formats compatible with major SIEM platforms (Splunk, IBM QRadar, Datadog).

1. Base Schema (OpenTelemetry)

ABS Core natively adopts OpenTelemetry (OTel) for latency metrics, tracing, and events. The Octagon Ledger audit schema is serialized via gRPC/HTTP using the following base fields:

{
  "timestamp": "2026-04-21T20:25:00Z",
  "severity": "WARN",
  "event_id": "abs.policy.evaluation",
  "attributes": {
    "abs.agent_id": "agent-7f89d",
    "abs.policy_id": "pol_financial_limits_v3",
    "abs.decision": "DENY",
    "abs.signature": "ed25519:a3b4c5...",
    "abs.hash_chain_prev": "sha256:f1e2d3..."
  }
}

• Status: [OK] Implemented (OTel and local JSONL formats).

2. Enterprise Standards (CEF / LEEF)

For banking and defense institutions using legacy or heavy-enterprise tools, the OConnector Gateway can act as a Log Forwarder, translating the cryptographic log into:

• CEF (Common Event Format - Micro Focus/ArcSight): CEF:0|OConnector|ABSCore|4.3.1|100|Policy Evaluation|7|src=10.0.0.5 msg=Transaction denied by policy_id=pol_financial_limits_v3 cs1Label=AgentID cs1=agent-7f89d cs2Label=Signature cs2=ed25519:a3b4c5...

• LEEF (Log Event Extended Format - IBM QRadar): LEEF:2.0|OConnector|ABSCore|4.3.1|Policy Evaluation|sev=7\tAgentID=agent-7f89d\tDecision=DENY\tSignature=ed25519:a3b4c5...

• Status: [WARNING] In validation (OTel Collector plugin in Beta).

3. Zero-Trust Integration & Data Erasure

In Air-Gapped and Sovereign Deployments scenarios:

• Push vs Pull: ABS Core actively pushes via mutual TLS (mTLS) to the company's internal collector.
• Data Erasure: Transient telemetry data in memory (such as the raw rejected payload of an LLM) undergoes immediate cryptographic shredding in the Gateway RAM after serialization of the SIEM event and recording in the Ledger. No raw data leaks into logs, ensuring strict compliance with LGPD (Art. 38).