Core Concepts

At a high level, Indent provides audit trails and security controls for access at a company. Indent collects data via Inputs and sends data to Outputs.

Spaces are a collection of Inputs, Outputs and configuration for your team or project. Common patterns are one for an entire company or one for development and another for production.

Webhooks are HTTP callbacks that receive a list of events using an HTTP POST request. This enables teams to securely manage access to cloud and internal resources by handling the last-mile of provisioning in their infrastructure.

Inputs enable collection of data from any hosted, on-prem or custom-built application or service with minimal effort. Some examples:

Outputs serve as destinations for data generated or forward from Indent for alerting or remediation actions. Some examples:

Standard Format is one of the most important components of Indent. Inside of Indent, data is normalized to and from the Standard Format – a specification for how to represent audit log events to capture: "Who did what, when, where and why?" It’s how we preserve semantics of audit logs between a variety of Providers, regardless of where it originated.

The format looks like this:

export type Event = {
  actor: Resource // Who performed the action?
  event: string // What action was performed?
  resources: Resource[] // What resources was the action performed on?

  id?: string
  reason?: string
  timestamp?: string
  sessionId?: string
  externalId?: string
  meta?: EventMeta
}

export type EventMeta = {
  labels?: { [label: string]: string } // The labels for the event metadata
}

export type Resource = {
  id?: string // The identifier for the resource
  kind?: string // The kind of resource
  email?: string // The email of the resource
  displayName?: string // The display name of the resource
  altIds?: string[] // Alternate identifiers for the resource (e.g. IP Address)
  labels?: { [label: string]: string } // The labels for the resource
}

Providers are a high-level resource to define an application that can provide Inputs and/or Outputs. An example would be Slack, where you can add audit logs from Slack as an Input and send a digest of recent activity to a channel as an Output.

A Provider can include transformation steps to apply when normalizing data coming from an Input like conforming to the Standard Format or optimizing data encoding for more efficient storage.

Apps define a specific application and its Inputs or Outputs. If you wanted to import justification for access from Salesforce and use that in your internal tool, that combination would be an App.