AUTO-DISCOVERY

Automatically discover what runs in your IT

Connect integrations, discover assets, automatically check compliance.

Book a demo

HOW IT WORKS

1

Connect provider

Establish read-only API access to M365, Azure, AWS, GitHub and more.

2

Scan resources

Automatically discover, categorize and inventory assets.

3

Map to controls

Automatically link findings to framework controls.

INTEGRATIONS

What Kopexa discovers

Each provider delivers specific asset types. Here you see what gets automatically discovered.

Microsoft 365

  • Users & licenses
  • OAuth apps & consent
  • Conditional access policies
  • SharePoint sites

Azure / Entra ID

  • Virtual machines & storage
  • IAM roles & policies
  • MFA configuration
  • Network security groups

AWS

Beta
  • EC2 instances
  • S3 buckets
  • IAM users & policies
  • Security groups

GitHub

  • Repositories
  • Branch protection rules
  • Deploy keys & secrets
  • Collaborators & permissions

Intune / Jamf

  • Managed devices
  • Compliance policies
  • App inventory
  • Encryption status

Cloudflare

  • DNS records
  • WAF rules
  • SSL/TLS certificates
  • Page rules

Hetzner Cloud

  • Servers
  • Firewalls
  • Volumes
  • SSH keys

Atlassian

  • Jira projects & permissions
  • Confluence spaces
  • User access & groups

Factorial HR

  • Employee data
  • Teams & departments
  • Onboarding/offboarding status

POLICY-AS-CODE

Policy-as-code with kspec

Coming Soon
policy.kspec.yaml
policies:
  - name: "MFA für alle Admins"
    resource: m365.users
    query: "resource.isAdmin && resource.mfaEnabled"
    severity: critical
    controls: ["ISO 27001 A.8.5"]

Control Implementations: Microsoft 365

kspec PolicyChecksMaps to
MFA active for all adminsEntra ID Conditional AccessISO 27001 A.8.5, TISAX 1.3.1
No legacy auth protocolsAuthentication MethodsISO 27001 A.8.5, NIS2 Art. 21
Externally shared SharePoint sitesSharePoint Sharing SettingsISO 27001 A.8.10, DSGVO Art. 32
Inactive users > 90 daysUser Sign-In ActivityISO 27001 A.8.2, A.5.18
OAuth apps without admin consentEnterprise ApplicationsISO 27001 A.8.26
Mailbox audit enabledExchange Online PoliciesISO 27001 A.8.15

When kspec is integrated, known assets bring their own control implementations. Your M365 tenant delivers not just an inventory, but also evidence of which controls are already implemented.

GitHubJoin waitlist

SHADOW IT

Uncover Shadow IT

By analyzing IDP and OAuth data, Kopexa discovers SaaS apps used without IT approval.

IDP analysis

Analyze OAuth tokens and SSO logins to identify unknown SaaS apps.

Risk assessment

Instantly assess each discovered app: data access, compliance status, user count.

Governance

Decide: approve, restrict or block. Everything documented in the audit trail.

Full transparency across your IT landscape

Let us show you in 30 minutes how auto-discovery keeps your asset inventory up to date.

Book a demo