Core Concepts
Understand the fundamental concepts and architecture of Axura to get the most out of the platform.
Platform Architecture
Axura is built on a modern, secure architecture designed for enterprise scalability and reliability. Here's how the key components work together:
┌─────────────────────────────────────────────────────────────┐ │ AXURA PLATFORM │ ├─────────────────────────────────────────────────────────────┤ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ AWS │ │ GCP │ │ GitHub │ ... │ │ │ Scanner │ │ Scanner │ │ Scanner │ │ │ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ │ │ │ │ │ │ └────────────────┼────────────────┘ │ │ ▼ │ │ ┌───────────────────────┐ │ │ │ Evidence Collector │ │ │ │ & Deduplication │ │ │ └───────────┬───────────┘ │ │ ▼ │ │ ┌───────────────────────┐ │ │ │ Compliance Engine │ │ │ │ (Control Mapping) │ │ │ └───────────┬───────────┘ │ │ ▼ │ │ ┌───────────────────────────────────────────────────────┐ │ │ │ AI Layer │ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ │ │ │ │ Copilot │ │ Predict │ │ Auto-Remediation │ │ │ │ │ └──────────┘ └──────────┘ └──────────────────┘ │ │ │ └───────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────┘
Key Terminology
Organizations
An Organization represents your company in Axura. All users, integrations, evidence, and compliance data are scoped to an organization. Multi-tenant isolation ensures your data is completely separate from other customers.
Integrations
Integrations are connections to your external systems like AWS, GitHub, or Okta. Axura uses these connections to scan resources and collect compliance evidence automatically.
Cloud Providers
AWS, GCP, Azure - Infrastructure security scanning
Identity Providers
Okta, Azure AD, Google Workspace - User and access management
Developer Tools
GitHub, GitLab - Code security and repository scanning
Security Tools
Snyk, CrowdStrike, Datadog - Additional security data
Findings
A Finding is a security issue or compliance gap discovered during scanning. Findings have severity levels (Critical, High, Medium, Low) and are mapped to specific compliance controls.
Example Finding:
Title: S3 Bucket Public Access Enabled
Severity: High
Resource: my-company-data-bucket
Controls: SOC 2 CC6.1, ISO 27001 A.9.4.1
Evidence
Evidence is the proof that a compliance control is implemented and working. Axura automatically collects evidence from your integrations, such as screenshots of configurations, policy documents, and scan results.
Controls
Controls are specific requirements from compliance frameworks. For example, SOC 2 has controls like CC6.1 (Logical Access) and CC7.2 (System Monitoring). Axura maps your evidence and findings to these controls automatically.
Frameworks
A Framework is a compliance standard like SOC 2, ISO 27001, or HIPAA. Each framework contains multiple controls organized into categories or domains.
Data Flow
Understanding how data flows through Axura helps you optimize your compliance workflow:
1. Integration Connection
You connect your AWS/GCP/GitHub accounts using secure, read-only credentials.
2. Scheduled Scanning
Axura automatically scans your resources daily (or on-demand) to detect changes.
3. Evidence Collection
Scan results are processed and stored as compliance evidence with timestamps.
4. Control Mapping
Evidence is automatically mapped to relevant compliance framework controls.
5. Finding Generation
Security issues are flagged as findings with severity and remediation guidance.
6. Dashboard Updates
Your compliance score and dashboards update in real-time.
User Roles & Permissions
Axura uses Role-Based Access Control (RBAC) to manage user permissions:
| Role | Permissions |
|---|---|
| Owner | Full access, billing, delete organization |
| Admin | Manage users, integrations, settings |
| Compliance Manager | Manage controls, evidence, run scans |
| Viewer | Read-only access to dashboards and reports |
| Auditor | Special access to audit workspace and evidence |
Security Model
💡 Enterprise-Grade Security
Axura follows a zero-trust security model with encryption at rest (AES-256) and in transit (TLS 1.3). All integration credentials are encrypted using AWS KMS with customer-managed keys.
Key security features include:
- Multi-Factor Authentication (MFA) - Required for all accounts
- Single Sign-On (SSO) - SAML 2.0 and OIDC support
- Audit Logging - Immutable logs of all user actions
- Session Management - Configurable session timeouts and device management
- IP Allowlisting - Restrict access to specific IP ranges