Database & Storage Connectors
Connectors enable AIIA to securely ingest audit data, financial transactions, user access logs, and controls evidence from your enterprise databases, object storage systems, and third-party APIs.
Once established, these connectors serve as the data backbone for continuous auditing, automated KRI (Key Risk Indicator) monitoring, and PBC (Provided By Client) collection pipelines.
Connector Types
AIIA supports three primary categories of integration connectors:
| Connector Type | Protocol/Platform | Typical Use Cases |
|---|---|---|
| Database Connectors | PostgreSQL, Oracle EBS, SQL Server, SAP HANA | Continuous transaction monitoring, access reviews, system logs |
| Object Storage Connectors | Amazon S3, MinIO, Oracle Object Storage | Bulk evidence collection, document sampling, backup exports |
| API & Webhook Connectors | REST API, OAuth 2.0, Webhooks | GRC platform sync, ServiceNow tickets, Active Directory access logs |
Configuration Reference
When creating or modifying a connector via the Admin → Connectors interface, you will configure the following fields depending on the connector type:
1. Common Settings
- Connector Name: A unique, descriptive name for the integration (e.g.,
SAP ERP Production DB). - Schedule: A standard 5-field CRON expression (e.g.,
0 0 * * *for daily at midnight) specifying when data sync jobs should run.[!TIP] scheduleHint: Leave the schedule field blank for manual execution only.
2. Database Connectivity Fields
| Field | Requirement | Description |
|---|---|---|
| Host | Required | The hostname or IP address of the target database server. |
| Port | Required | The communication port (e.g., 5432 for PostgreSQL, 1521 for Oracle). |
| Database Name | Required | The name of the specific database instance to query. |
| Username | Required | Database user account with read-only access. |
| Password | Required | The password associated with the connection account (encrypted at rest). |
3. Object Storage Connectivity Fields
| Field | Requirement | Description |
|---|---|---|
| S3 Endpoint URL | Required | The target storage API endpoint URL (e.g., https://s3.me-central-1.amazonaws.com or custom MinIO endpoint). |
| Bucket Name | Required | The name of the S3 bucket where evidence file blobs are stored. |
| API Key / Access Key | Required | The AWS Access Key ID used for authentication. |
| Secret Key | Required | The AWS Secret Access Key (encrypted at rest). |
4. API & Webhook Connectivity Fields
| Field | Requirement | Description |
|---|---|---|
| Base URL | Required | The base REST API endpoint URL (e.g., https://api.servicenow.com/api/v1). |
| Authorization Header Value | Optional | Custom authorization header value (e.g., Bearer token-value). |
| API Key | Optional | Raw API key parameter for simple key-based APIs. |
Establishing a New Connector
Follow these steps to configure a connector:
- Access Settings: Navigate to Admin → Connectors in the dashboard.
- Launch Wizard: Click the Establish Connector (
create) button. - Specify Details: Choose your target connector type and fill in the connectivity fields detailed in the reference tables above.
- Configure Schedule: Set an optional CRON pattern or leave it blank to execute manually.
- Test Connectivity: Click the Test Connection button. This will trigger a live ping to the endpoint and validate the credentials.
- Save Changes: If the test succeeds, click Apply Updates (
update) to register the connector.
Connector Statuses & Monitoring
All connector runs are monitored in real time. Each job run emits AuditLogEvent structures and updates the connector's current execution state:
| Status Badge | Arabic Label | Description |
|---|---|---|
| Active | نشط | The connector is configured correctly and ready for execution. |
| Running | جاري التشغيل | A scheduled or manual data synchronization job is currently in progress. |
| Completed | مكتمل | The last sync completed successfully; all retrieved data was indexed. |
| Pending | قيد الانتظار | A scheduled job is waiting for worker allocation in the queue. |
| Inactive | غير نشط | The connector schedule is paused or disabled. |
| Error | خطأ | Connection settings are valid, but runtime errors occurred during sync (e.g., query timeout). |
| Failed | فشل | The connector failed to authenticate or connect (e.g., invalid credentials/port blocked). |
| Cancelled | ملغي | The running sync job was manually aborted by an administrator. |
Security & Access Governance
[!WARNING] Credentials configured for database and storage connectors must adhere to the principle of least privilege. Always use dedicated, read-only system integration accounts.
- Encryption at Rest: All credentials, access keys, and passwords configured in the connectors are encrypted at rest using AES-256-GCM via the
SECRET_ENCRYPTION_KEYenvironment variable. - Role-Based Access Control (RBAC): Creating, updating, or deleting connectors is restricted to users with the
Adminrole. Audit clients and standard auditors have read-only or no visibility into these connections. - Audit Trails: Every creation, configuration update, delete action, connection test, or synchronization run is logged as an immutable
AuditLogEventunder the admin audit trail.