Evidence Artifacts
View and manage collected evidence artifacts
Evidence Artifacts
Artifacts are the individual pieces of evidence that support your compliance posture. Learn to view, manage, and organize your evidence collection.
Understanding Artifacts
Artifact Types
| Type | Description | Examples |
|---|---|---|
| Configuration | System settings captured via API | Conditional Access policies, security settings |
| Screenshot | Visual captures of configurations | Admin portal screenshots |
| Document | Written policies and procedures | Security policy PDF |
| Log | System or audit logs | Sign-in logs, audit trails |
| Attestation | Signed acknowledgments | Training completion, policy acceptance |
| Report | External reports or assessments | Penetration test results |
Artifact Sources
| Source | How Collected |
|---|---|
| Automatic | Collected during assessments |
| Manual | Uploaded by users |
| Integration | Pulled from connected systems |
Viewing Artifacts
Artifact List
Navigate to Evidence > Artifacts to see all evidence:
| Column | Description |
|---|---|
| Name | Artifact identifier/filename |
| Type | Configuration, document, etc. |
| Control | Linked compliance control |
| Framework | Associated framework |
| Collected | Date collected/uploaded |
| Status | Current, expired, superseded |
Filtering Artifacts
Filter by:
- Type - Document, screenshot, configuration
- Framework - Specific frameworks
- Control - Individual controls
- Date - Collection period
- Status - Current, expired
Artifact Details
Click an artifact to see:
- Full content or preview
- Metadata (source, date, collector)
- Linked controls
- Version history
- Related artifacts
Managing Artifacts
Uploading Artifacts
Add new evidence:
- Go to Evidence > Artifacts
- Click Upload
- Select file(s)
- Complete the form:
- Link to control(s)
- Add description
- Set evidence type
- Click Upload
Supported Formats
| Category | Formats |
|---|---|
| Documents | PDF, DOCX, XLSX, TXT |
| Images | PNG, JPG, GIF |
| Data | JSON, CSV, XML |
| Archives | ZIP (for multiple files) |
Size limits: 25 MB per file, 100 MB per upload batch
Editing Artifacts
Update artifact metadata:
- Open artifact details
- Click Edit
- Modify description, links, or tags
- Click Save
Artifact content cannot be edited after upload. Upload a new version if content changes.
Versioning
When evidence is updated:
- Upload new artifact
- Link to same control
- Mark previous as "Superseded"
- Version history maintained
Deleting Artifacts
Remove evidence no longer needed:
- Select artifact(s)
- Click Delete
- Confirm deletion
Deleted artifacts cannot be recovered. Consider archiving instead of deleting for audit trail purposes.
Artifact Organization
Linking to Controls
Connect artifacts to compliance controls:
- Open artifact details
- Click Link Controls
- Search or browse for controls
- Select applicable controls
- Click Save
One artifact can link to multiple controls if it provides evidence for each.
Tags
Organize with custom tags:
annual-reviewexternal-auditpolicyQ4-2024
Filter by tags to find related artifacts.
Collections
Group related artifacts:
- Go to Evidence > Collections
- Click Create Collection
- Name and describe the collection
- Add artifacts
- Save
Use collections for:
- Audit packages
- Policy bundles
- Review sets
Automatic Evidence
Assessment Evidence
During compliance assessments:
- Configuration data is captured
- API responses are stored
- Screenshots are generated (where applicable)
- Evidence is auto-linked to controls
Drift Evidence
During drift detection:
- Configuration snapshots saved
- Change details recorded
- Baseline comparisons stored
Evidence Freshness
Automatic evidence is timestamped:
| Age | Status |
|---|---|
| < 30 days | Current |
| 30-90 days | Recent |
| > 90 days | May need refresh |
Run new assessments to refresh automatic evidence.
Evidence Quality
Good Evidence Includes
- Clear identification - What system, setting, or control
- Timestamp - When evidence was collected
- Context - Why it demonstrates compliance
- Complete data - Full configuration, not partial
Evidence Review
Periodically review evidence quality:
- Check for expired evidence
- Verify links are correct
- Ensure coverage is complete
- Update descriptions as needed
Searching Artifacts
Basic Search
Search by:
- Artifact name
- Description text
- Control name
- Framework name
Advanced Search
Combine criteria:
type:document AND framework:"CIS" AND date:>2024-01-01
Saved Searches
Save frequent searches:
- Perform search
- Click Save Search
- Name the search
- Access from Saved Searches
Best Practices
Naming Conventions
Use consistent naming:
- ✅
CIS-2.1.1_MFA-Policy_2024-01-15.pdf - ❌
screenshot1.png
Regular Updates
- Refresh automatic evidence monthly
- Review manual evidence quarterly
- Update after configuration changes
Documentation
- Add descriptive context
- Explain why artifact is evidence
- Note any exceptions or caveats
What's Next?
- Evidence Gaps - Find missing evidence
- Attestations - Manage acknowledgments
- Evidence Bundles - Package for audits