Send data

Vanta can receive multiple types of data. You'll need to choose:

🚧

At a minimum, you must send us the UserAccount resource.

Resources

A resource is a piece of data (formatted as JSON) that describes an asset, such as a computer or user account. Resources power a vast range of product functionality in Vanta, including:

Each resource has a "resource type" that specifies the exact properties Vanta needs to power functionality. Simply send data matching that schema, and Vanta takes care of the rest.

Sending resources not only reduces the amount of work customers have to spend collecting compliance evidence, but also lets them monitor the security of your tool's assets in Vanta.

Supported resource types

πŸ“˜

You don't have to send us every resource type - just the subset that make sense for your product. For example, if your product is a task tracker, you'd likely only send UserAccounts and SecurityTasks.

Resource typeDescription / functionality powered in Vanta Recommended
for
UserAccount
(info)
Accounts of users of your tool. Vanta will:

- Display on Access page
- Check that accounts have MFA and are deprovisioned when employees leave
All partners
MacOS
UserComputer
(info)
Employee or contractor MacOS computers. Vanta will:

- Display on Computers page
- Display on Inventory page
- Check that computers have password managers, encrypted hard drives, and more
MDMs
Windows
UserComputer
(info)
Same as MacOsUserComputerMDMs
Secret
(info)
Secrets used to access applications or infrastructure. Vanta will:

- Check all secrets have owners and are rotated frequently
Secret storage
SecurityTask
(info)
Security-relevant tasks or followups. Vanta will:

- Check that tasks are finished promptly
- Task trackers
- Incident
management tools
UserSecurity
TrainingStatus
(info)
Evidence of user security trainings. Vanta will:

- Check that employees complete security training promptly
Security training providers
VulnerableComponent
(info)
The asset that is vulnerable. A VulnerableComponent must be synced before any of the below vulnerabilities are synced. The vulnerability types below reference their affected component using the uniqueId of the component.Vulnerability Scanners
ApiEndpoint
VulnerabilityConnectors
(info)
Known vulnerabilities detected in API endpoints. Vanta will:

- Check that vulnerabilities are remediated in an appropriate timeline
Vulnerability Scanners
PackageVulnerability
Connectors (info)
Known vulnerabilities detected in package dependencies. Vanta will:

- Check that vulnerabilities are remediated in an appropriate timeline
Vulnerability Scanners
StaticAnalysisCode
VulnerabilityConnectors (info)
Known vulnerabilities detected from static code analysis. Vanta will:

- Check that vulnerabilities are remediated in an appropriate timeline
Vulnerability Scanners
BackgroundCheck
Connector (info)
Employee background check statuses. Vanta will:

- Display on [People Page](https://app.vanta.com/people/people)
- Check that background checks are completed within the required SLA.
- HR services
- Background Check services

Documents

A document is a file - such as a PDF or CSV - that you can upload to Vanta on your customers' behalf. Uploading these documents reduces the amount of time customers have to spend gathering compliance evidence from your tool when preparing for an audit.

All documents are associated with an "Evidence request", which defines what the document is providing evidence for. Each evidence request has a list of compliance controls that it is mapped to.

For example:

You are responsible for choosing the evidence requests to upload documents for. The best place to view all evidence requests is on the Documents page. You can also view all compliance controls on the Compliance page, and see which evidence requests are listed under each control.

πŸ“˜

To decide which evidence requests to upload documents for, visit the Documents page. If you're having trouble figuring out which documents to upload, contact us.


What’s Next