Security

Logystera is built for regulated environments with on-premises deployment, private PKI, and zero external dependencies. Security posture covers deployment, data handling, network design, compliance, and vulnerability management.

Deployment Security

On-Premises & Air-Gapped

  • Deploy entirely within your network perimeter.
  • No external telemetry or phone-home requirements.
  • All components run in customer-controlled infrastructure.
  • Supports fully air-gapped environments.

Cloud-Hosted via API Gateway

  • Logs forwarded over encrypted connection; customer controls data sent.
  • No raw secrets or credentials transmitted.
  • Compliance-friendly deployment option.

Private PKI (On-Prem)

  • Customer-controlled certificate authority.
  • mTLS between all Logystera components.
  • No reliance on external certificate services.
  • Supports enterprise PKI integration.

Data Security

No Sensitive Data Storage

  • Only semantic metadata retained (usernames, paths, timestamps).
  • No plaintext secrets, passwords, or tokens stored.
  • Right to deletion and GDPR alignment.

Logystera V1 does not store audit logs or event batches. Long-term retention is provided by the customer's Prometheus or remote-write backend, and historical metrics availability depends on Prometheus retention.

Role-Based Access Control

  • Per-component authentication and authorization.
  • Namespace-level isolation for multi-tenant deployments.
  • Audit logging for all administrative actions.
  • Integration with enterprise identity providers.

Network Security

Zero Inbound Connections (On-Prem)

  • All data flows are push-based from customer environments.
  • No inbound firewall rules required; nothing exposed to the internet.
  • Customer-controlled network topology.

Encrypted Communication

  • mTLS for all inter-component communication.
  • TLS 1.3 minimum for all endpoints.
  • Configurable cipher suites and certificate rotation support.

Compliance

GDPR

  • EU data residency
  • Privacy by design
  • Right to deletion
  • Data portability

SOC 2 Type II

  • Status: In progress (Q2 2026)
  • Security controls audit
  • Availability commitments
  • Confidentiality measures

HIPAA

  • Supports HIPAA-compliant deployments
  • BAA available for healthcare customers
  • PHI handling guidance

FedRAMP

  • Architecture supports FedRAMP requirements
  • On-prem deployment for gov cloud
  • Audit trail capabilities

Compliance Features

  • Complete audit trail for all configuration changes.
  • Compliance-focused metric packs (DORA, NIS2, SOC2).
  • Support for compliance reporting and evidence gathering.
  • Historical metrics availability depends on Prometheus retention; Logystera V1 does not store audit logs or event batches.

Vulnerability Management

Security Disclosure Policy

We take security vulnerabilities seriously and appreciate responsible disclosure.

Reporting:

What to Include:

  • Detailed description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Contact information for follow-up

Our Commitment:

  • Acknowledge receipt within 48 hours
  • Provide regular updates on remediation progress
  • Credit researchers in security advisories (if desired)
  • No legal action against good-faith researchers

Security Documentation

For Evaluation

  • Security whitepaper (architecture overview)
  • Security questionnaire responses — Request
  • Compliance documentation — Available under NDA

For Customers

  • Deployment security guide
  • Hardening checklist
  • Incident response procedures
  • Security configuration templates

For Auditors

  • Penetration test summary — Available under NDA
  • Third-party security assessment — Available under NDA
  • Compliance evidence package — Available under NDA

Recent Security Updates

December 2025

  • TLS 1.3 enforced across all components.
  • Redis authentication strengthened with ACL support.
  • Audit logging expanded to cover all administrative actions.
  • API Gateway launch with encrypted log forwarding.

View complete security changelog →

Security Team

For security inquiries, assessments, or to report vulnerabilities:

Email: security@logystera.com

Response time: Within 48 hours for security issues, 24 hours for critical vulnerabilities.

LogysteraLogystera
Logystera turns JSON audit and operational logs into real-time metrics, rules, and alerts. Built for distributed teams that need clean, low-noise signals. Vault is our flagship example, but any JSON log source is supported.
Why Logystera? Real-time signals from JSON logs, multi-tenancy and namespace isolation, Prometheus integration, and on-prem readiness.
Product
OverviewFeaturesPricingArchitecture
Documentation
InstallationMetricsAlertingAPI
Services
OverviewEngagement Models
Legal
PrivacyTermsSecurityCookies
Company
ContactAbout
Follow us
TwitterLinkedin
Copyright © 2025 Logystera. All rights reserved.