AISEC

by CipherFort Security

Sign inGet started
Integrations

Integrations Guide

AISEC can pull compliance evidence directly from your cloud, identity, and security tools. Once connected, the background scheduler collects and maps evidence to the relevant controls automatically — no manual uploads required.

9 supported connectorsScheduled sync: hourly, daily, or weeklyEvidence mapped to ISO 27001, SOC 2, and GDPR controlsManual "Sync now" available at any time

9

Supported integrations

10 min

Scheduler check interval

Auto

Control mapping on every sync

How it works

From credentials to evidence in four steps

Every integration follows the same pattern: you provide credentials once, the scheduler does the rest.

1. Configure credentials

Go to Settings → Integrations. Click Configure on the integration you want to connect and enter the required credentials — API keys, service principal IDs, or IAM role ARNs depending on the connector.

  • Credentials are stored encrypted at rest
  • Secret fields are never returned to the UI after saving
  • You can update credentials at any time without disconnecting

2. Choose sync frequency

Select how often AISEC should pull new evidence from the integration: hourly, daily (default), or weekly. You can also trigger a manual sync at any time using the Sync now button.

  • Hourly: best for active threat monitoring (CrowdStrike, Datadog)
  • Daily: recommended for most identity and cloud posture tools
  • Weekly: suitable for low-change sources like Jira backlogs

3. Evidence is collected and mapped

The background scheduler runs every 10 minutes and syncs any integration that is due. Each connector produces structured evidence items with ISO 27001, SOC 2, and GDPR control hints pre-attached.

  • Duplicate detection prevents re-importing unchanged evidence
  • Content hash comparison skips items already in the register
  • All collected items appear in the Evidence section for review

4. Review and approve

Collected evidence items arrive with status "Pending Review". A Manager or Auditor reviews the item and marks it as Approved to include it in control coverage and audit exports.

  • Evidence links directly to the mapped controls
  • Approved evidence counts toward SoA implementation status
  • Download presigned URLs available for audit pack attachments

Available connectors

Choose your integrations

Each connector is purpose-built for the evidence it collects. Click a guide below for step-by-step setup instructions.

AWS Config

IAM MFA coverage, Config rule compliance, GuardDuty findings, and CloudTrail audit logging.

Azure Defender

Microsoft Defender for Cloud secure score, recommendations, and security alerts.

Okta

MFA enrolment policies, sign-on policies, and admin access review.

GitHub

Branch protection coverage and code scanning alerts across repositories.

CrowdStrike

Falcon EDR detections, prevention policies, device inventory, and Spotlight CVEs.

Datadog

Security signals, compliance monitors, and CSPM posture findings.

Jira

Security backlog issue counts, high-priority tickets, and workflow tracking.

Google Workspace

MFA enrolment, super admin access review, and failed login audit.

Microsoft 365

Secure Score, security alerts, risky users, and Conditional Access policies.

Permissions and security

Credential security model

AISEC follows the principle of least privilege for all integration credentials.

  • Credentials are stored as JSON in an encrypted column — secret values are never returned to the UI after the initial save.
  • All connectors operate read-only: they collect evidence but never write back to source systems.
  • AWS Config uses IAM role assumption (no long-lived AWS keys stored); CrowdStrike and Azure use short-lived OAuth2 tokens obtained at sync time.
  • Google Workspace requires a service account with domain-wide delegation scoped to read-only Admin SDK APIs.
  • Disconnecting an integration immediately removes the stored credentials from the database.

Troubleshooting

Common issues and fixes

Check these first if a sync shows "failed" status.

Sync status shows "failed"

The most common causes are expired credentials, revoked API tokens, or insufficient permissions on the service principal or IAM role.

  • Re-enter credentials via Settings → Integrations → Edit
  • Check that the required permissions listed in the setup guide are still assigned
  • Verify the API token or secret has not expired in the source system

No evidence appears after sync

A sync can complete with zero items if the source system returns no results matching the query criteria.

  • AWS Config: confirm Config rules are enabled in the target region
  • GitHub: confirm the token has repo scope for the org
  • Jira: confirm the JQL filter matches at least one open issue
  • Google Workspace: confirm the service account has domain-wide delegation active

Related

Keep exploring

Evidence section

Controls & SoA

API reference

Documentation hub

Ready to connect your first integration?

Go to Settings → Integrations and click Configure on any connector to get started.