Compliance & evidence
Audit exports for security procedures
Burgus is alert-only — it does not replace your SOC or GRC platform — but it produces structured evidence from live LLM proxy traffic: who called what, which alerts fired, and how agents collaborated inside a workflow.
Framework alignment
- OWASP LLM Top 10 — platform baseline rules with standards matrix reporting
- MITRE ATLAS — agentic abuse and multi-agent attack patterns in baseline tier
- NIST AI RMF — behavioral detectors reference govern/map/measure practices
- ISO 27001 / ISO 42001 — policy upload workflow and exportable alert history
- NIS2 — incident-oriented alert timelines and customer export bundles
Export surfaces (MCP)
audit_export_bundle— JSON or CSV events + latency summaryaudit_customer_report— single-tenant compliance snapshotaudit_content_alert_export— policy hit historyaudit_platform_alert_full_report— baseline coverage and standards splitaudit_behavior_full_report— behavioral anomalies with explain payloads
Data scope
Default audit is metadata-only (tokens, timing, vendor, status). Content-policy and behavioral layers add ephemeral text analysis for matched rules — not long-term storage of full prompts unless your workflow exports alert records.