๐Ÿ›ก๏ธ Interven
Console

Console โ€” first 10 minutes

Sign-in to first protected scan, with a tour of every Console page along the way.

After signing up at app.intervensecurity.com/signup, this is the path that gets you from cold start to a live protected scan, with a tour of every Console page worth knowing.

1. Land on the Setup wizard

The first time you sign in, the Console drops you on a guided setup wizard. It walks you through:

  1. Confirming your company + tenant name
  2. Picking a starter policy pack (SRE / Healthcare HIPAA / Browser Agent / etc.)
  3. Minting your first API key
  4. Running a test scan from your terminal to confirm enforcement works

You can skip the wizard and come back to it any time โ€” every step is also available as a normal Console page. The wizard is just the recommended order.

2. Dashboard โ€” the firehose

/ (or Dashboard in the sidebar)

What you see at a glance:

  • Scan volume + decision split โ€” calls/min, share of ALLOW / DENY / SANITIZE / REQUIRE_APPROVAL
  • Risk distribution โ€” how risk-banded the recent traffic is (LOW / MED / HIGH / CRITICAL)
  • Recent activity โ€” last N scans with decision and tool name
  • Recent approvals + incidents โ€” anything that needs eyes-on

Click any tile to drill into the matching filtered view.

3. Activity โ€” every scan, every decision

/activity ยท full page

The most important page in the Console for forensics. One row per scan, newest first. Each row clicks open to a full trace showing:

  • The full request that was scanned
  • The decision and reason codes
  • Which policies matched
  • Which detection engines fired and what they scored
  • Body classification (SECRETS / PII / PHI / INTERNAL)
  • Linked approval (if REQUIRE_APPROVAL) or incident (if auto-opened)

Filter by agent, tool, decision, risk band, or trace ID. Export the current view as NDJSON / CSV / Splunk / Datadog / OCSF.

4. Agents โ€” who's calling, and how much can you trust them

/agents ยท full page

Lists every agent that has hit your gateway, with:

  • Total calls + decision split
  • Last-seen timestamp
  • Current trust score (0.0โ€“1.0)
  • Risk-band over the last 24h

Click an agent to see its full history, set per-agent policy overrides, or reset trust if a noisy spell pushed it into scrutiny mode.

5. Approvals โ€” the analyst queue

/approvals ยท full page

When a scan returns REQUIRE_APPROVAL, the request lands here. You can:

  • See the full request and risk context
  • Approve or deny with one click
  • See the agent's recent history to inform the decision

Approve in Slack instead (recommended): see Alerts for the interactive-button setup. The Console queue is the fallback / audit log.

6. Policies โ€” what gets allowed, denied, sanitized

/policies ยท full page

Browse, edit, or create policies. Two edit modes:

  • Form mode โ€” guided pickers for the common case
  • Raw JSON mode โ€” multiple rules per policy, full DSL

Or manage policies as YAML in git with the policy-cli.

7. Tools โ€” the tool catalog

/tools

Every tool Interven has a normalizer for (GitHub, Slack, AWS, Salesforce, Stripe, โ€ฆ). Click a tool to see the operations Interven recognizes, the URLs that map to it, and any default policies that target it. You can add custom operations here for policy authoring.

8. Incidents โ€” when something flagged itself

/incidents ยท full page

Auto-opened by the gateway when a single scan hits a high-severity threshold, or when correlated activity matches an incident pattern (e.g. repeated denies from one agent). Each incident links back to the triggering trace(s).

9. Inbound Routes โ€” protect SaaS agents you don't control

/inbound-routes ยท full page

For Salesforce Agentforce, HubSpot Breeze, Zendesk AI, Intercom Fin, Sierra, Decagon, Microsoft Copilot Studio. Define a path prefix + upstream URL + stored credentials; point the SaaS agent at the Interven URL; every call gets scanned before forwarding.

10. API Keys โ€” mint / rotate / revoke

/api-keys ยท full page

Mint iv_live_* keys for agents. Each key supports:

  • Per-key IP allowlist (CIDR ranges)
  • Default agent identity it represents
  • Usage counter + last-seen
  • Manual revoke

For one-shot or short-lived access, mint ephemeral keys instead โ€” see Ephemeral Keys.

11. Tool Credentials โ€” the upstream-secrets vault

/tool-credentials ยท full page

Stored credentials Interven uses when forwarding inbound-route traffic. Encrypted at rest with INTERVEN_CREDENTIAL_ENCRYPTION_KEY. Rotate, revoke, attribute per route.

12. Alerts โ€” where decisions get surfaced

/alerts ยท Alerts docs

Configure Slack (with interactive Approve/Deny buttons), Discord, Microsoft Teams, Telegram, or SIEM webhook (CEF / OCSF / JSON). Per-channel event filters + severity thresholds.

13. Settings โ€” the rest

/settings

  • Team & Roles โ€” invite users, set roles (Admin / Developer / Auditor / Reviewer). See Team & Roles.
  • Billing โ€” current plan, usage, upgrade / downgrade, payment method. See Billing.
  • Environments โ€” dev / staging / production separation. See Environments.
  • Audit Log retention โ€” choose your retention window per your written policy.
  • Compliance evidence export โ€” for auditors; date range + format.

What's next

Concepts

Mental model โ€” agents, tools, scans, policies, approvals, decisions.

Activity & Traces

How to read, filter, and export the trace explorer โ€” the audit surface for every governed agent action.

On this page

1. Land on the Setup wizard2. Dashboard โ€” the firehose3. Activity โ€” every scan, every decision4. Agents โ€” who's calling, and how much can you trust them5. Approvals โ€” the analyst queue6. Policies โ€” what gets allowed, denied, sanitized7. Tools โ€” the tool catalog8. Incidents โ€” when something flagged itself9. Inbound Routes โ€” protect SaaS agents you don't control10. API Keys โ€” mint / rotate / revoke11. Tool Credentials โ€” the upstream-secrets vault12. Alerts โ€” where decisions get surfaced13. Settings โ€” the restWhat's next