EVIDENCE GUIDES
Evidence Collection Guides
Step-by-step export instructions for security platforms. Follow these guides to collect MFA, EDR, backup, and email security evidence that carriers accept.
Not sure which evidence a carrier requires? See our underwriting answers. Need a template to structure your evidence? Browse our evidence templates.
Okta
Export Okta MFA evidence for cyber insurance: MFA Enrollment by User, Authentication Activity, and System Log exports. 90-day retention — collect early.
Microsoft 365 / Entra ID
Export Microsoft 365 and Entra ID MFA evidence for cyber insurance. Sign-in logs, Conditional Access, and Security Defaults — what underwriters expect.
CrowdStrike Falcon
Export CrowdStrike Falcon EDR evidence for cyber insurance: host coverage, detection data, and Spotlight vulnerabilities. Define your coverage denominator.
Google Workspace
Export Google Workspace MFA evidence for cyber insurance. Admin audit logs, Context-Aware Access, and DMARC/SPF/DKIM settings.
Veeam Backup & Replication
Export Veeam backup evidence for cyber insurance: immutability proof, SureBackup restore verification, and job reports. Follow the 3-2-1-1-0 rule.
Cisco Duo
Export Cisco Duo MFA evidence for cyber insurance: authentication logs, user enrollment, and policy scope. 180-day retrieval limit — export early.
SentinelOne
Export SentinelOne EDR evidence for cyber insurance: endpoint coverage, threat reports, and Deep Visibility telemetry. Detect vs. Protect mode matters.
KnowBe4
Export KnowBe4 training evidence for cyber insurance: Training Activity, Phishing Activity, and Phish-prone Percentage reports.
Datto RMM
Export Datto RMM patch and device evidence for cyber insurance. Per-client reporting, Windows-only patch scope, and audit-backed inventory.
ConnectWise Automate
Export ConnectWise Automate patch and inventory evidence for cyber insurance. Per-client reporting via Report Center and Dataviews.
Automate evidence collection with BindLedger connectors
Create Free Account →