Concepts

At a high level, Indent provides audit trails and security controls for access at a company. Indent collects data via Inputs and sends data to Outputs.

Inside of Indent, data is normalized to and from the Standard Format – a specification for how to represent audit log events to capture: "Who did what, when, where and why?"

Inputs enable collection of data from any hosted, on-prem or custom-built application or service with minimal effort. Some examples:

Outputs serve as destinations for data generated or forward from Indent for alerting or remediation actions. Some examples:

Standard Format is one of the most important components of Indent. It’s how we preserve semantics of audit logs between a variety of Providers, regardless of where it originated.

The format looks like this:

export type Event = {
  actor: Actor // Who performed the action?
  event: string // What action was performed?
  resources: Resource[] // What object was the action performed upon?

  id?: string
  timestamp?: string
  sessionId?: string
  externalId?: string
}

export type Actor = Resource & {
  email?: string // The email for the Actor
}

export type Resource = {
  id?: string // The IRN for the resource
  kind?: string // The IRN for the kind of resource
  altIds?: string[] // The IRNs for alternate identifiers (e.g. IP Address or email)
  displayName?: string // The display name of the resource
}

Spaces are a collection of Inputs, Outputs and configuration for your team or project. Common patterns are one for an entire company or one for development and another for production.

Providers are a high-level resource to define an application that can provide Inputs and/or Outputs. An example would be Slack, where you can add audit logs from Slack as an Input and send a digest of recent activity to a channel as an Output.

A Provider can include transformation steps to apply when normalizing data coming from an Input like conforming to the Standard Format or optimizing data encoding for more efficient storage.

Apps define a specific application and its Inputs or Outputs. If you wanted to import justification for access from Salesforce and use that in your internal tool, that combination would be an App.