Skip to main content
All CollectionsIntegrations GuidanceGuides
Automated Evidence Collection
Automated Evidence Collection

Increase efficiency by establishing automated collection for routine evidence gathering.

Micah Spieler avatar
Written by Micah Spieler
Updated over 11 months ago

To maintain audit readiness, Strike Graph provides easy tools to help you keep on top of evidence collection. By pairing integrations with automation, you can configure certain evidence items to be recollected before they expire, reducing the need to refresh as many evidence attachments as they expire or ahead of a scheduled audit event.

Keep in mind that not all evidence items are good candidates for automated collection. For more details on which items are ideal candidates for automated collection, as well as the recommended integrations for certain evidence items, reference the article here.

Automated collection requires integrations and works best with evidence that does not change location (more on that below).

Let's take a quick dive in to how automated collection works:

Automated collection enables our evidence service to recollect an evidence attachment from an integration point up to 2-3 days ahead of the evidence's expiration date.

Our recollection service travels the same integration path to retrieve the updated evidence attachment, so it works best with evidence that does not change locations frequently or for integration points that handle attachment locations elegantly. For details on how each integration works in tandem with automated collection, check out the individual page for the integration.

Policy documents (from some place like an organizational shared Google Drive) or access management rules (gathered from some place like Gitlab or an AWS S3 bucket) are examples of evidence that would be easy to recapture automatically. For example, by enabling automated collection for your policy-type evidence, you no longer have to worry if the most most recent version of the policy has been added to your repository in preparation for your audit event โ€” Strike Graph will collect the most up-to-date version just before the evidence expires.

With more flexible integrations (like our AWS S3 integration), you can centralize your system evidence into a single S3 bucket and use automated collection to allow Strike Graph to regularly attach the most recent version of a specific file just before evidence expiration. Using a method like this, system evidence like access rules, load balancer configurations, or fire wall rules, can be configured for automated collection.

Setting up automated collection

Automated collection is designed to use integrations to recollect evidence attachments, so the first step is to ensure that you have the necessary integrations configured. Learn about integrations or navigate to the Integration Manager to confirm that you have the correct integrations set up.

Next, select the evidence that you would like to be automatically collected from the Evidence Repository list.

If you don't already have an effective attachment added to the evidence, you'll see the option to configure Automated Collection in the top info section, right below the evidence description.

If you do already have an effective attachment added, you'll find the option to enable Automated Collection behind the three-dot kabob-menu in the right right corner of the info section.

Select an integration

Once you've selected the attachment method as Automated Collection, you'll need to select which configured integration you would like to use as the collection point. Select it from the list presented. If you're not seeing the configured integrations that you expect, or for more details about each integration point, check out our information about Integrations.

Complete the configuration by selecting confirming the details of the integration. This will complete the first attachment collection and schedule the next collection for approximately two days before the next expiration date.

Note: Expiration dates are calculated based on the evidence's expiration schedule, which can be updated in the edit modal from the evidence detail page or from the Evidence Repository list. It is unique for each evidence item.

Once automated collection is configured, you can no longer directly upload attachments to this evidence item as this would interfere with the next recollection. If you'd like to manually attach evidence, first disable automated collection and then directly upload your evidence attachment.

Before the next expiration date, Strike Graph will recollect the evidence from this same integration location. Any changes you make to this evidence should be captured in the next collection of the attachment.

Disable automated collection

If you would like to disable automated collection and continue with manually adding evidence attachments, simply select "Remove Automated Collection" from the three-dot kabob-menu in the automated collection info section located under the evidence description. Confirm your decision and automated collection will be disabled and manual collection will be restored.

To reconfigured automated collection, just repeat the steps above!

Did this answer your question?