Integrations

Integrations That Keep Evidence Current

Connect the systems you already run. Aurora Command prefers read-only scope and makes permissions explicit, so evidence collection stays defensible.

Catalog: 143 integrations

Connector-backed integrations: 88

Templates & manual evidence types: 55

Get a 15-Minute Walkthrough Browse Frameworks

See Export Outputs View a Sample Reviewer Export Match Integrations to Plans

Have a deadline? Tell us what you need to ship and by when. We will map the fastest path to a reviewer-ready export.

Proof outputs

Connectors are most useful when they produce reviewer-ready exports.

How It Works

How Integrations Work

Connect with least-privilege access, capture evidence with source details, and export what reviewers can verify.

01

Connect With Read-Only Permissions

Connect with read-only permissions where supported.

02

Capture Evidence With Source Details

Evidence is captured with timestamps and source details.

03

Control the Cadence

You control the collection cadence.

04

Map and Export

Captured artifacts can be mapped to controls and exported.

Produces

Evidence objects with source details
Freshness status and cadence tracking
Evidence bundle exports (plan-based)

Trust

Permissions and Scope Are Explicit

Aurora Command does not need broad access to be useful. When a connector requires elevated permissions, scope is documented and reviewed during setup.

Scoped Credentials

Least privilege access where supported.

Read-Only by Default

Prefer read-only scopes. Write actions are opt-in and logged.

Export and Access Logging

Evidence capture, exports, and Trust Center sharing are logged.

Search

Find the Integrations You Need

Search by product name or evidence type.

Do not see yours? Request a Connector. We aim to confirm feasibility within two business days.

Essential integrations

Start here

Proof: MFA enforcement, admin access, and audit events.

Native automatedEvidence captureevery 15 minutesabout 5 min

Amazon Web Services (AWS)

Proof: IAM configuration, account logging, and security guardrails.

Native automatedEvidence captureevery 1 hourabout 5 min

Microsoft Entra ID (Azure AD) and Microsoft 365

Proof: Identity configuration, MFA coverage, and admin governance.

Native automatedEvidence captureevery 15 minutesabout 5 min

Google Cloud Platform (GCP)

Proof: IAM configuration, project access, and logging coverage.

Native automatedEvidence captureevery 1 hourabout 5 min

ServiceNow (ITSM)

Proof: Remediation workflows and review trail for controls.

Native automatedEvidence captureevery 30 minutesabout 5 min

Proof: Owned remediation workflows and evidence of closure.

Native automatedEvidence captureevery 30 minutesabout 5 min

Other popular connectors

56 connectors

Core Security Platforms

Identity, cloud, endpoint, vulnerability, logging, and ticketing connectors used to keep evidence continuously current.

23 connectors

Amazon Web Services (AWS)

Native automatedEvidence captureContinuous checks

Verifies: AWS CloudTrail is enabled in all regions, AWS CloudTrail is enabled and healthy, AWS CloudTrail log file validation is enabled

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Azure Monitor Logs (Pull)

Native automatedEvidence captureContinuous checks

Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Azure Monitor Logs pull ingestion has events within last 7 days

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 15 minutes

Security note: Collector token; scoped to required sources.

Bitbucket Cloud

Native automatedEvidence capture

Collects: Repositories

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

CrowdStrike Falcon

Native automatedEvidence captureContinuous checks

Verifies: Endpoint security is installed on at least 95% of corporate endpoints

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 15 minutes

Security note: Read-only API; scoped credentials.

Datadog (Audit Trail and Logs)

Native automatedEvidence captureContinuous checks

Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Datadog audit log ingestion has events within last 7 days

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 15 minutes

Security note: Collector token; scoped to required sources.

Native automatedEvidence captureContinuous checks

Verifies: Dependabot alerts are triaged within SLA (30 days)

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Google Cloud Platform (GCP)

Native automatedEvidence captureContinuous checks

Verifies: GCP audit logs enabled, GCP Storage Public Access Prevention enforced

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Google Workspace (Directory)

Native automatedEvidence captureContinuous checks

Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 30 minutes

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: High findings create tickets, Incidents are tracked with deterministic timelines

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 30 minutes

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Multi factor authentication is enabled for all active human users, Password policy has minimum length >= 12, At least 1 break-glass account exists and is monitored

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Disk encryption is enabled on all endpoints

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 30 minutes

Security note: Read-only API; scoped credentials.

Microsoft Azure (ARM)

Native automatedEvidence captureContinuous checks

Verifies: Azure Activity Log export configured, Azure Storage public access prevention enforced

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Microsoft Entra ID (Azure AD) and Microsoft 365

Native automatedEvidence captureContinuous checks

Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 15 minutes

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 15 minutes

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Incidents are tracked with deterministic timelines

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Multi factor authentication is enabled for all active human users, Multi factor authentication is enabled for all admin users, At least 1 break-glass account exists and is monitored

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 30 minutes

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Vulnerability scans run within last 7 days

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 6 hours

Security note: Read-only API; scoped credentials.

ServiceNow (ITSM)

Native automatedEvidence captureContinuous checks

Verifies: High findings create tickets, Incidents are tracked with deterministic timelines

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 30 minutes

Security note: Read-only API; scoped credentials.

Slack Audit Logs (Enterprise Grid)

Native automatedEvidence captureContinuous checks

Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Slack audit log ingestion has events within last 7 days

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 15 minutes

Security note: Collector token; scoped to required sources.

Splunk HEC Compatible Receiver

Native automatedEvidence captureContinuous checks

Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Splunk HEC receiver is receiving logs within last 60 minutes

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: continuous

Security note: Collector token; scoped to required sources.

Syslog over TLS Receiver

Native automatedEvidence captureContinuous checks

Verifies: Centralized logging is receiving events within last 24 hours, Centralized logging has received events within last 24 hours, Syslog/TLS receiver is receiving logs within last 60 minutes

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: continuous

Security note: Collector token; scoped to required sources.

Native automatedEvidence captureContinuous checks

Verifies: Vulnerability scans run within last 7 days

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 6 hours

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: User accounts, Tickets and workflows, Incident

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

People, Training & Collaboration

HR and collaboration connectors that help prove training completion, account governance, and communications posture.

10 connectors

Native automatedEvidence capture

Collects: Evidence and settings relevant to your controls

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

KnowBe4 Security Awareness Training

Native automatedEvidence captureContinuous checks

Verifies: Security training completed within last 12 months

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: Evidence and settings relevant to your controls

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: User accounts, Employment Event

Produces: Evidence artifacts. Supports evidence bundle exports.

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: User accounts, Employment Event

Produces: Evidence artifacts. Supports evidence bundle exports.

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: Evidence and settings relevant to your controls

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: Evidence and settings relevant to your controls

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: Evidence and settings relevant to your controls

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: User accounts, Employment Event

Produces: Evidence artifacts. Supports evidence bundle exports.

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: Evidence and settings relevant to your controls

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Industry Systems

Line-of-business platforms Aurora can connect to for inventory, workflow evidence, and operational context.

19 connectors

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

CDK Fortellis / APIs

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

ICE Encompass (LOS)

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Microsoft Purview (Retention/eDiscovery)

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Reynolds & Reynolds (RCI ecosystem)

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Tekion Partner Cloud APIs

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Vertafore AMS360 (WSAPI)

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Admin users are approved explicitly, Terminated users are removed or deprovisioned, Single sign on is enforced for the application

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Other

Additional production-ready connectors.

4 connectors

Native automatedEvidence captureContinuous checks

Verifies: Single sign on is enforced for the application, Audit logging is enabled for the application, Admin users are approved explicitly

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Evidence Dropbox (S3)

Native automatedEvidence capture

Collects: Artifact, Import Job

Produces: Evidence artifacts. Supports evidence bundle exports.

Security note: Read-only API; scoped credentials.

Native automatedEvidence capture

Collects: Repositories, Findings, Artifact

Produces: Evidence artifacts. Supports evidence bundle exports.

Cadence: scheduled

Security note: Read-only API; scoped credentials.

Native automatedEvidence captureContinuous checks

Verifies: Vulnerability scans run within last 7 days

Produces: Evidence artifacts, check results, control mapping. Supports coverage verdict exports.

Cadence: every 1 hour

Security note: Read-only API; scoped credentials.

Readiness states from generated classification

Native automated: 88

Export ingest: 11

Partner required: 35

Needs research: 4

Alias / consolidated: 5

Manual: 0

Tier 0/1 entries: 73 total (65 connector-backed).

Coverage Verdicts

Know what is automated before the auditor asks.

Export a coverage verdict that marks automated checks versus manual evidence requirements.

See Export Outputs

Request a Connector

Need a connector we don't list?

Tell us which control(s) you need to prove and your deadline. If a connector isn't possible, we'll recommend the next-best export path.

FAQ

Integration Questions

Short answers about read-only access, evidence semantics, and collection schedules.

Can we start without integrations?

Yes. Manual uploads are supported. Add connectors later without redoing mapping.

Do integrations run automatically?

In eligible plans, connectors can run on a cadence you control.

Can we export what an integration captured?

Yes. Captured evidence can be included in evidence bundles and reviewer-ready exports.

Next step

Not Sure What Integrations You Need?

Tell us what reviewers asked for. We’ll map which sources matter and what you can export now.

Get a 15-Minute WalkthroughView a Sample Reviewer ExportRequest a Connector

No obligation. We respond within one business day. We will show a sample reviewer-ready export.