This feature is in early release. If you have any issues, please reach out to your CSM and we'll help!
This article is part of the Automated Evidence help center collection
New to Thoropass and getting started? Start Here
Feature Walkthrough: Automated Evidence Overview
Automated Evidence gives you a centralized view of all active compliance monitors and collectors in your workspace.
Automated evidence is composed of both monitors and collectors. Both provide auditor-approved evidence for audit but have some key differences.
Monitors: Monitors provide evidence when healthy and observe and evaluate your compliance posture by being related to your control health. If a related monitor shows “Violations Found” the related controls will be at Risk. Evidence cannot be sent to an audit from a monitor until the monitor is healthy.
Collectors: Collectors gather evidence automatically without evaluation. These evidence collections are designed by Thoropass auditors. They automate some of the most time-consuming parts of an audit, such as populating datasets and handling complex infrastructure configurations normally managed by DevOps engineers.
From this screen, you can quickly assess system health, investigate violations, and manage your audit readiness.
Pictured: The Automated Evidence Overview (List View)
Navigation & Layout
The automated evidence page is divided into three primary sections:
Filters and search
Top Summary Panel
Table of monitors and collectors (Main Content)
Let’s break these down:
Filters
Use these filters to narrow down which monitors are displayed in the table:
Status
Healthy: No issues found. (Monitors Only)
Collected: A collector obtained evidence successfully. (Collectors only)
Flagged: Violations detected.
Connection Error: Integration or data issue.
No Data Detected: Nothing returned, often due to lack of resources. Often, this indicates you do not use this service and may safely disable the monitor or collector.
Thoropass Review: A special case where Thoropass is actively reviewing this collector for approval in audit. If you are hoping to use this collector in an upcoming audit reach out to your CSM.
Active
Active: Automated evidence is currently enabled.
Inactive: Automated evidence has been disabled (not contributing to audit evidence).
Source(s)
Filter automated evidence by their data source (e.g., AWS, GCP, Azure, Bitbucket).
Helpful for reviewing coverage across cloud providers or tools in use.
Top Summary Panel
This summary provides a high-level snapshot of your monitoring coverage:
Automated Evidence (Enabled): Total number of enabled monitors and collectors across your workspace.
Controls Monitored: The number of monitors tied to your control health.
Addressed Evidence: The number of your evidence requests your automated evidence supports.
✨ Use this to gauge how much automated coverage you have and where to focus your attention
Automated Evidence Table (Main Area)
Each row in the table represents a monitor, and includes:
Column | Description |
ID | Unique identifier for the monitor (e.g., |
Name | Automated evidence title and associated platform (e.g., "[GCP] All Compute Instances...") |
Health Status | Shows current status (e.g., Violations Found, Healthy, Collected) |
Enabled | Indicates if the automated evidence is currently active (toggleable from detail view) |
Last Run | Timestamp of the most recent execution of the monitor query |
💡 Additional Features:
Select one or more monitors or collectors using the checkboxes to bulk-enable/disable or watch them.
Click the monitor or collector name to open its detail page, where you can review logic, related controls, and address violations.
Enable/Watch Actions
Enable: Activate selected monitors (if previously disabled).
Watch: Subscribe to monitor updates — you’ll get email summaries for any that are failing, broken, or newly flagged.
Practical Use Cases
Daily triage: Use filters to review all flagged or broken monitors.
Audit prep: Confirm that all active monitors are healthy and mapped to in-scope systems.
Platform-specific review: Filter by AWS, GCP, Azure, etc., to evaluate coverage per cloud environment.