Integrations and Evidence Sources
Have a deadline? Tell us what you're responding to and by when. We'll map the fastest path to clear, controlled sharing.
How Automation Levels Are Labeled
Automated (where supported)
Evidence can be collected on schedule. Aurora records the source and capture time.
Export-based
You upload an export from the system. Aurora keeps it organized, current, and linked to the right controls.
Manual
Some evidence is inherently manual (attestations, reviews, approvals). Aurora still tracks ownership, dates, and history.
What Aurora Records for Every Piece of Evidence
- Source system (or "manual upload")
- Capture date and "freshness" expectations
- Owner and review history
- Links to the controls and requirements it supports
- Snapshots for defined review windows (where enabled)
Browse the Catalog
Do not see yours? Request a Connector. We aim to confirm feasibility within two business days.
Start here
Okta
Evidence captured: MFA enforcement, admin access, and audit events.
Automated (where supported)Evidence captureevery 15 minutesabout 5 min
Amazon Web Services (AWS)
Evidence captured: IAM configuration, account logging, and security guardrails.
Automated (where supported)Evidence captureevery 1 hourabout 5 min
Microsoft Entra ID (Azure AD) and Microsoft 365
Evidence captured: Identity configuration, MFA coverage, and admin governance.
Automated (where supported)Evidence captureevery 15 minutesabout 5 min
Google Cloud Platform (GCP)
Evidence captured: IAM configuration, project access, and logging coverage.
Automated (where supported)Evidence captureevery 1 hourabout 5 min
ServiceNow (ITSM)
Evidence captured: Remediation workflows and review trail for controls.
Automated (where supported)Evidence captureevery 30 minutesabout 5 min
Jira Cloud
Evidence captured: Owned remediation workflows and evidence of closure.
Automated (where supported)Evidence captureevery 30 minutesabout 5 min
56 connectors
Core Security Platforms
Identity, cloud, endpoint, vulnerability, logging, and ticketing connectors used to keep evidence continuously current.
23 connectors
Amazon Web Services (AWS)
Automated (where supported)Evidence captureContinuous checks
Verifies: AWS CloudTrail is enabled in all regions, AWS CloudTrail is enabled and healthy, AWS CloudTrail log file validation is enabled
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Azure Monitor Logs (Pull)
Automated (where supported)Evidence captureContinuous checks
Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Azure Monitor Logs pull ingestion has events within last 7 days
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 15 minutes
Security note: Collector token; scoped to required sources.
View details
Bitbucket Cloud
Automated (where supported)Evidence capture
Collects: Repositories
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
CrowdStrike Falcon
Automated (where supported)Evidence captureContinuous checks
Verifies: Endpoint security is installed on at least 95% of corporate endpoints
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 15 minutes
Security note: Read-only API; scoped credentials.
View details
Datadog (Audit Trail and Logs)
Automated (where supported)Evidence captureContinuous checks
Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Datadog audit log ingestion has events within last 7 days
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 15 minutes
Security note: Collector token; scoped to required sources.
View details
GitLab
Automated (where supported)Evidence captureContinuous checks
Verifies: Dependabot alerts are triaged within SLA (30 days)
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Google Cloud Platform (GCP)
Automated (where supported)Evidence captureContinuous checks
Verifies: GCP audit logs enabled, GCP Storage Public Access Prevention enforced
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Google Workspace (Directory)
Automated (where supported)Evidence captureContinuous checks
Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 30 minutes
Security note: Read-only API; scoped credentials.
View details
Jira Cloud
Automated (where supported)Evidence captureContinuous checks
Verifies: High findings create tickets, Incidents are tracked with deterministic timelines
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 30 minutes
Security note: Read-only API; scoped credentials.
View details
JumpCloud
Automated (where supported)Evidence captureContinuous checks
Verifies: Multi factor authentication is enabled for all active human users, Password policy has minimum length >= 12, At least 1 break-glass account exists and is monitored
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Kandji
Automated (where supported)Evidence captureContinuous checks
Verifies: Disk encryption is enabled on all endpoints
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 30 minutes
Security note: Read-only API; scoped credentials.
View details
Microsoft Azure (ARM)
Automated (where supported)Evidence captureContinuous checks
Verifies: Azure Activity Log export configured, Azure Storage public access prevention enforced
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Microsoft Entra ID (Azure AD) and Microsoft 365
Automated (where supported)Evidence captureContinuous checks
Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 15 minutes
Security note: Read-only API; scoped credentials.
View details
Okta
Automated (where supported)Evidence captureContinuous checks
Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 15 minutes
Security note: Read-only API; scoped credentials.
View details
PagerDuty
Automated (where supported)Evidence captureContinuous checks
Verifies: Incidents are tracked with deterministic timelines
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
PingOne
Automated (where supported)Evidence captureContinuous checks
Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 30 minutes
Security note: Read-only API; scoped credentials.
View details
Qualys VMDR
Automated (where supported)Evidence captureContinuous checks
Verifies: Vulnerability scans run within last 7 days
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 6 hours
Security note: Read-only API; scoped credentials.
View details
ServiceNow (ITSM)
Automated (where supported)Evidence captureContinuous checks
Verifies: High findings create tickets, Incidents are tracked with deterministic timelines
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 30 minutes
Security note: Read-only API; scoped credentials.
View details
Slack Audit Logs (Enterprise Grid)
Automated (where supported)Evidence captureContinuous checks
Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Slack audit log ingestion has events within last 7 days
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 15 minutes
Security note: Collector token; scoped to required sources.
View details
Splunk HEC Compatible Receiver
Automated (where supported)Evidence captureContinuous checks
Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Splunk HEC receiver is receiving logs within last 60 minutes
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: continuous
Security note: Collector token; scoped to required sources.
View details
Syslog over TLS Receiver
Automated (where supported)Evidence captureContinuous checks
Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Syslog/TLS receiver is receiving logs within last 60 minutes
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: continuous
Security note: Collector token; scoped to required sources.
View details
Tenable.io
Automated (where supported)Evidence captureContinuous checks
Verifies: Vulnerability scans run within last 7 days
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 6 hours
Security note: Read-only API; scoped credentials.
View details
Trello
Automated (where supported)Evidence capture
Collects: User accounts, Tickets and workflows, Incident
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
People, Training & Collaboration
HR and collaboration connectors that help prove training completion, account governance, and communications posture.
10 connectors
DocuSign
Automated (where supported)Evidence capture
Collects: Evidence and settings relevant to your controls
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
KnowBe4 Security Awareness Training
Automated (where supported)Evidence captureContinuous checks
Verifies: Security training completed within last 12 months
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: daily
Security note: Read-only API; scoped credentials.
View details
RingCentral
Automated (where supported)Evidence capture
Collects: Evidence and settings relevant to your controls
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Rippling
Automated (where supported)Evidence capture
Collects: User accounts, Employment Event
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: daily
Security note: Read-only API; scoped credentials.
View details
TriNet
Automated (where supported)Evidence capture
Collects: User accounts, Employment Event
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: daily
Security note: Read-only API; scoped credentials.
View details
Twilio
Automated (where supported)Evidence capture
Collects: Evidence and settings relevant to your controls
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Vonage
Automated (where supported)Evidence capture
Collects: Evidence and settings relevant to your controls
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Webex
Automated (where supported)Evidence capture
Collects: Evidence and settings relevant to your controls
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Workday (RaaS)
Automated (where supported)Evidence capture
Collects: User accounts, Employment Event
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: daily
Security note: Read-only API; scoped credentials.
View details
Zoom
Automated (where supported)Evidence capture
Collects: Evidence and settings relevant to your controls
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Industry Systems
Line-of-business platforms Aurora can connect to for inventory, workflow evidence, and operational context.
19 connectors
Adyen
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Applied Epic
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
BigCommerce
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
CDK Fortellis / APIs
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
EZLynx
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Five9
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Genesys Cloud
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
HawkSoft
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
ICE Encompass (LOS)
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Microsoft Purview (Retention/eDiscovery)
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
QQCatalyst
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Reynolds & Reynolds (RCI ecosystem)
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Shopify
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Square
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Stripe
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Tekion Partner Cloud APIs
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Vertafore AMS360 (WSAPI)
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Wealthbox CRM
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
WooCommerce
Automated (where supported)Evidence captureContinuous checks
Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Other
Additional production-ready connectors.
4 connectors
Cloudflare
Automated (where supported)Evidence captureContinuous checks
Verifies: Single sign on is enforced for the application, Audit logging is enabled for the application, Admin users are approved explicitly
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Evidence Dropbox (S3)
Automated (where supported)Evidence capture
Collects: Artifact, Import Job
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: daily
Security note: Read-only API; scoped credentials.
View details
Snyk
Automated (where supported)Evidence capture
Collects: Repositories, Findings, Artifact
Produces: Evidence artifacts. Supports evidence bundle exports.
Cadence: scheduled
Security note: Read-only API; scoped credentials.
View details
Wiz
Automated (where supported)Evidence captureContinuous checks
Verifies: Vulnerability scans run within last 7 days
Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.
Cadence: every 1 hour
Security note: Read-only API; scoped credentials.
View details
Readiness states from generated classification
Automated (where supported): 88
Export-based: 11
Partner required: 35
Needs research: 4
Alias / consolidated: 5
Manual: 0
Tier 0/1 entries: 73 total (65 connector-backed).
Know what is automated before the reviewer asks.
Aurora labels each integration by automation level, so you can explain what is automated, what is export-based, and what stays manual.
Need a connector we don't list?
Tell us which control(s) you need to prove and your deadline. If a connector isn't possible, we'll recommend the next-best evidence pattern (export-based or manual).
Integration Questions
Can we start without integrations?
Can we start without integrations?
Yes. Manual uploads are supported. Add connectors later without redoing mapping.
Do integrations run automatically?
Do integrations run automatically?
Some are automated and some are export-based. Aurora labels integrations by automation level so you always know the source.
What if an integration is export-based?
What if an integration is export-based?
You can upload exports and still keep evidence organized with source details, capture time, owners, and review history.
Want to See Evidence Automation in Your Stack?
Tell us what systems you use. We'll show what can be automated and what stays manual, without guesswork.
No obligation. We respond within one business day. No compliance guarantees.