OrbitMesh logo
OrbitMesh Gateway continuous enforcement evidence
Problem Regulatory Sample Queries Integrations How FAQ
Join waitlist
monitor-only • cryptographically signed evidence • siem-ready

Stop guessing. Start attesting.

OrbitMesh captures audit-grade evidence of what your API gateway actually enforced (TLS/mTLS, JWT outcomes, route decisions, upstream attempts, phase-level timing) and ties it to immutable config lineage. No traffic blocking. No routing changes. Just defensible truth.

Zero impact on p99 (design goal) Non-blocking capture patterns designed to avoid request-path stalls.
Cryptographic chain-of-custody Hash-linked, tamper-evident evidence tied to config snapshot IDs.
💾
Up to 90% lower storage Shallow vs deep streams reduce noise while preserving forensic fidelity.
🧠
Root-cause ready Phase + backend attribution to accelerate investigations.
🎯
API Truthfulness Sitting in the datapath, we provide real-time attestations and forensic certainty that passive observation cannot match.
📦
API Truthfulness Deploy bank-grade forensics in minutes, that never blocks your datapath.
Evidence integrity Config lineage & drift TLS / JWT enforcement Incident root-cause

The problem

Most logs say 'a request happened.' Auditors ask 'what controls were enforced?

In the 2026 regulatory landscape, "Adequate" is no longer the standard; Continuous Proof is. Frameworks like DORA (Article 17) and PCI DSS 4.0 have moved beyond traditional sampling, now requiring financial entities to demonstrate that security controls—like mTLS, rate limiting, and JWT validation—were active and effective for 100% of transactions, not just a sampled subset.

OrbitMesh bridges the "Accountability Gap" by sitting directly in the datapath to provide Runtime Attestation. Instead of an auditor asking for a manual sample, we provide an immutable, cryptographically-linked record of every request, proving that your security policy was enforced at the exact millisecond of execution.

Audits need evidence

Prove TLS policy, JWT enforcement, route decisions, and outcomes at request time—without external guesswork.

Config truth is blurry

During incidents, teams can’t confidently answer what config was running and whether drift occurred.

SIEM is flooded

Raw access logs create volume without fidelity. OrbitMesh focuses on high-value enforcement facts.

Engineered for the 2026 Regulatory Storm

Compliance-ready evidence framing (monitor-only; avoids raw payload storage).

DORA — Article 17

Supports root-cause analysis by recording the gateway phase and specific backend instance involved in failures.

PCI-DSS 4.0 (10.2.x)

Captures user identifiers, source port, and success/failure indicators with PII-minimized evidence patterns.

SOC 2 effectiveness

Signed evidence that controls like rate limiting, JWT validation, and mTLS enforcement were active for evaluated traffic.

Supply chain & deployment integrity

Tracks config lineage and upstream service versions to detect drift and shadow deployments. Optional hooks for runtime SBOM attestation workflows.

Evidence integrity under breach

Hash-linked chain-of-custody makes deletion/reordering/modification detectable during audit or legal review.

Operational safety under pressure

Shallow vs deep streams reduce “data tsunami” risk during incidents while preserving high-fidelity forensics when anomalies occur.

Sample Queries & Reports

Examples of the questions OrbitMesh enables across audits, monitoring, and rapid isolation.

Major Incident Evidence

Automated root-cause isolation for DORA Article 17 compliance.

Query
Generate a DORA Major Incident Report for last Tuesday's 5xx spike on the Payments Gateway.

Third-Party Risk Mapping

Identify every ICT provider and service version involved in performance degradations.

Query
Which third-party ICT providers were involved in the latency degradation on July 10th?

MTTR Resilience Audit

High-precision recovery window analysis across the entire API perimeter.

Query
Produce a 3-month resilience report showing Mean Time to Recovery (MTTR).

What makes these queries different?

Each result can be tied back to immutable config lineage (config_snapshot_id) and tamper-evident evidence (chain-of-custody). This is how you answer audit questions like "what was enforced at request time?" with confidence.

Integrations

SIEM-first, with standard ingestion paths.

SIEM
SplunkHEC + sourcetype templates for “gateway-evidence” events.
SIEM
Microsoft SentinelAzure Monitor / Log Analytics ingestion patterns.
SIEM
Elastic (ELK)Elastic Agent / Beats / Logstash pipelines + ECS mapping.
SIEM
IBM QRadarSyslog / DSM-friendly event formatting.
SIEM
Google ChronicleForward via cloud logging / forwarders where applicable.
SIEM
Sumo LogicHTTP source / collector pipeline support.
Pipes
Syslog (RFC5424)Lowest-friction enterprise ingestion path.
Pipes
KafkaHigh-throughput streaming into existing pipelines.
Pipes
S3 / Blob ArchiveBatch evidence files for offline analytics + retention.
Format
JSON / NDJSONReadable, searchable, SIEM-friendly for early deployments.
Format
Binary evidence (optional)Compact structured export when volume demands it.
Pipes
OpenTelemetry Logs (optional)When teams standardize on OTel for logs.

How it works

1) Capture enforcement truth

TLS/mTLS details, JWT outcomes (reason codes), route match, upstream attempts, and phase-level timing.

2) Snapshot config lineage

Structured snapshots on reload/restart. Each request references a snapshot ID for “what was active then.”

3) Tamper-evident evidence

Hash linking makes deletion/reordering/modification detectable during audit or legal review.

Architecture (high level)

OrbitMesh is a low-level, C-based gateway agent built for correctness and minimal overhead. It writes fixed-size evidence records using non-blocking techniques and streams structured evidence to your existing collectors for archival and analysis.

FAQ

Clear boundaries (truthful positioning).

Is OrbitMesh a WAF or prevention tool?

No. OrbitMesh is monitor-only. It does not block requests or modify routing. It produces evidence of enforcement and config lineage.

Do you provide resiliency / failover?

No. OrbitMesh does not provide traffic resiliency (failover, retries, routing decisions). It provides evidence integrity and forensic continuity under pressure.

How do you avoid impacting p99?

Design goal is minimal request-path work and predictable memory usage. Export can be buffered/batched and offloaded to a relay/collector depending on deployment.