Evidence Collection
Automated evidence gathering from 50+ integrations. Axura continuously collects, organizes, and maps compliance evidence so you're always audit-ready.
How Evidence Collection Works
Axura automatically collects evidence from your connected integrations on a continuous basis. Each piece of evidence is timestamped, hashed for integrity, and mapped to relevant compliance controls.
Automated Capture
Evidence is collected automatically during scheduled scans. No manual screenshots or exports required.
Integrity Verification
Each piece of evidence is cryptographically hashed (SHA-256) to prove it hasn't been tampered with.
Deduplication
Intelligent deduplication ensures you don't store redundant evidence, saving storage and audit time.
Control Mapping
AI automatically maps evidence to relevant compliance framework controls.
Evidence Types
| Type | Description | Examples |
|---|---|---|
| Configuration | System settings and policies | S3 bucket settings, IAM policies, firewall rules |
| Screenshot | Visual proof of settings | MFA settings screen, audit log dashboard |
| Document | Policy and procedure documents | Security policy PDF, training certificates |
| Log | Audit and access logs | CloudTrail logs, access reviews, change history |
| Report | Generated compliance reports | Vulnerability scans, penetration test results |
Evidence Lifecycle
COLLECTION → PROCESSING → STORAGE → MAPPING → RETRIEVAL 1. COLLECTION └─ Scheduled scan pulls data from integration └─ Real-time events trigger immediate collection 2. PROCESSING └─ Data is normalized to standard format └─ SHA-256 hash is calculated for integrity └─ Metadata is extracted (timestamps, resource IDs) 3. STORAGE └─ Evidence stored in encrypted database └─ Retention policies applied └─ Deduplication removes redundant entries 4. MAPPING └─ AI maps to compliance controls └─ Manual overrides supported └─ Cross-framework mapping applied 5. RETRIEVAL └─ Available for audit export └─ Searchable by control, date, type └─ Chain of custody maintained
Manual Evidence Upload
While most evidence is collected automatically, you can upload manual evidence for items that require human documentation:
- Penetration test reports from third parties
- Signed policy acknowledgments
- Physical security documentation
- Business continuity test results
- Vendor security assessments
Documents: PDF, DOCX, DOC, TXT, MD
Images: PNG, JPG, JPEG, GIF, WebP
Spreadsheets: XLSX, XLS, CSV
Archives: ZIP (for multiple files)
Maximum file size: 50MB per fileEvidence Search & Filtering
Find evidence quickly with powerful search capabilities:
Full-Text Search
Search evidence content, metadata, and descriptions.
Control Filter
Filter by specific compliance control (e.g., "SOC 2 CC6.1").
Date Range
Find evidence collected within a specific time period.
Integration Filter
Show evidence from specific integrations (AWS, GitHub, etc.).
Type Filter
Filter by evidence type (configuration, screenshot, document).
Chain of Custody
Every piece of evidence maintains a complete audit trail:
{
"id": "ev_abc123",
"title": "S3 Encryption Configuration",
"type": "configuration",
"hash": "sha256:a1b2c3d4e5...",
"collected_at": "2026-01-15T10:30:00Z",
"integration": "aws",
"resource_id": "arn:aws:s3:::customer-data",
"controls": ["SOC2-CC6.7", "ISO27001-A.10.1.1"],
"chain_of_custody": [
{
"action": "collected",
"timestamp": "2026-01-15T10:30:00Z",
"actor": "system:scanner"
},
{
"action": "mapped",
"timestamp": "2026-01-15T10:30:05Z",
"actor": "system:ai-mapper"
},
{
"action": "reviewed",
"timestamp": "2026-01-16T09:00:00Z",
"actor": "user:compliance-manager@company.com"
}
]
}Evidence Export
Export evidence packages for auditors in multiple formats:
- PDF Bundle - Formatted evidence with table of contents
- ZIP Archive - Raw files with metadata JSON
- Excel Workbook - Evidence list with control mappings
- Auditor Portal - Secure link for external auditors
✅ Audit Ready
With continuous evidence collection, you're always audit-ready. No more scrambling to gather screenshots and documents before an audit.