Core Concepts

At a high level, Indent provides audit trails and security controls for access at a company. Indent collects data via Inputs and sends data to Outputs.

Spaces

Spaces are a collection of Inputs, Outputs and configuration for your team or project. Common patterns are one for an entire company or one for development and another for production.

Webhooks are HTTP callbacks that receive a list of events using an HTTP POST request. This enables teams to securely manage access to cloud and internal resources by handling the last-mile of provisioning in their infrastructure.

Inputs

Inputs enable collection of data from any hosted, on-prem or custom-built application or service with minimal effort. Some examples:

Identity providers like Okta or Active Directory
Cloud apps like Salesforce, Zendesk or ServiceNow
Custom-built applications like React, Rails or Django
Cloud storage buckets like Amazon S3 or Google Cloud Storage
Infrastructure like Amazon Web Services or Google Cloud Platform

Outputs

Outputs serve as destinations for data generated or forward from Indent for alerting or remediation actions. Some examples:

Custom-built handlers like Webhooks or Blocks
Identity providers like Okta or Active Directory
Messaging apps like Slack

Standard Format

Standard Format is one of the most important components of Indent. Inside of Indent, data is normalized to and from the Standard Format – a specification for how to represent audit log events to capture: "Who did what, when, where and why?" It’s how we preserve semantics of audit logs between a variety of Providers, regardless of where it originated.

The format looks like this:

export type Event = {
  actor: Resource // Who performed the action?
  event: string // What action was performed?
  resources: Resource[] // What resources was the action performed on?

  id?: string
  reason?: string
  timestamp?: string
  sessionId?: string
  externalId?: string
  meta?: EventMeta
}

export type EventMeta = {
  labels?: { [label: string]: string } // The labels for the event metadata
}

export type Resource = {
  id?: string // The identifier for the resource
  kind?: string // The kind of resource
  email?: string // The email of the resource
  displayName?: string // The display name of the resource
  altIds?: string[] // Alternate identifiers for the resource (e.g. IP Address)
  labels?: { [label: string]: string } // The labels for the resource
}

Providers

Providers are a high-level resource to define an application that can provide Inputs and/or Outputs. An example would be Slack, where you can add audit logs from Slack as an Input and send a digest of recent activity to a channel as an Output.

A Provider can include transformation steps to apply when normalizing data coming from an Input like conforming to the Standard Format or optimizing data encoding for more efficient storage.

Apps

Apps define a specific application and its Inputs or Outputs. If you wanted to import justification for access from Salesforce and use that in your internal tool, that combination would be an App.

Creating a Space →

Learn how to create your first Space.