Key Concepts
Core terminology and concepts used throughout Aurva.
Understanding these terms will help you navigate Aurva and configure it effectively.
Data & Assets
Data Asset
A database, S3 bucket, data warehouse, or NoSQL store connected to Aurva. Each asset is inventoried, scanned, and monitored independently.
Sensitive Data Type
A classification label applied to data during scanning — e.g. PII, PHI, PCI, PAN, Aadhaar, email address, phone number. Aurva supports 30+ label types out of the box.
Scan
An automated discovery and classification job that inspects a data asset and identifies sensitive fields, columns, or files.
Access & Identity
Accessor
Any identity that queries a data asset — a human user, a service account, an application, or an AI agent. Aurva tracks accessors and their activity.
IAM Identity
An AWS IAM principal (user, role, or federated identity) associated with a cloud-hosted data asset.
Group
A dynamic cohort of assets, identities, or applications that share common attributes. Groups auto-update as new matching entities are added — use them to scope policies broadly without listing individual items.
Policies & Monitoring
Policy
A rule that evaluates conditions against data assets or access activity and triggers actions (alerts, tickets, webhooks) when matched. Three policy types exist: Data at Rest, Internal Activity, and External Activity.
IN / NOT IN Scope
Policy scope operators. IN applies a policy to the selected assets/identities. NOT IN applies it to everything except the selected set (allowlist approach).
Match All / Match Any
Condition logic operators. Match All = AND (all conditions must be true). Match Any = OR (any one condition triggers the policy).
Alert Route
A configured destination for policy alerts — Slack channel, Jira project, Coralogix, Amazon S3, or email.
Risk & Compliance
Risk Score
Aurva's composite index for a data asset (0–100). Higher = riskier. Factors include sensitivity of data, breadth of access, and misconfiguration findings.
Compliance Score
Percentage of applicable framework controls currently passing for a data asset.
Violation
A policy match that has been triggered and requires remediation.
| Term | Definition |
|---|---|
| Accessor | Human, service account, or AI agent identity |
| Group | Dynamic cohort of assets or identities |
| IN/NOT IN | Apply policy to selected OR exclude selected |
| Match All/Any | AND vs OR across policy conditions |
| Risk Score | Aurva's composite risk index (higher = riskier) |
| Compliance Score | % of applicable controls passing per asset |
| Alert Route | Configured notification destination |
| Data Plane | Aurva Data Plane — deployed in your environment |