At a high level, Indent provides audit trails and security controls for access at a company. Indent collects data via Inputs and sends data to Outputs.

Inside of Indent, data is normalized to and from the Standard Format – a specification for how to represent audit log events to capture: "Who did what, when, where and why?"

Inputs enable collection of data from any hosted, on-prem or custom-built application or service with minimal effort. Some examples:

Outputs serve as destinations for data generated or forward from Indent for alerting or remediation actions. Some examples:

Standard Format is one of the most important components of Indent. It’s how we preserve semantics of audit logs between a variety of Providers, regardless of where it originated.

The format looks like this:

export type Event = {
  actor: Resource // Who performed the action?
  event: string // What action was performed?
  resources: Resource[] // What resources was the action performed on?

  id?: string
  reason?: string
  timestamp?: string
  sessionId?: string
  externalId?: string
  meta?: EventMeta

export type EventMeta = {
  labels?: { [label: string]: string } // The labels for the event metadata

export type Resource = {
  id?: string // The identifier for the resource
  kind?: string // The kind of resource
  email?: string // The email of the resource
  displayName?: string // The display name of the resource
  altIds?: string[] // Alternate identifiers for the resource (e.g. IP Address)
  labels?: { [label: string]: string } // The labels for the resource

Spaces are a collection of Inputs, Outputs and configuration for your team or project. Common patterns are one for an entire company or one for development and another for production.

Providers are a high-level resource to define an application that can provide Inputs and/or Outputs. An example would be Slack, where you can add audit logs from Slack as an Input and send a digest of recent activity to a channel as an Output.

A Provider can include transformation steps to apply when normalizing data coming from an Input like conforming to the Standard Format or optimizing data encoding for more efficient storage.

Apps define a specific application and its Inputs or Outputs. If you wanted to import justification for access from Salesforce and use that in your internal tool, that combination would be an App.