Creating a new connection

Before you can create a new connection we need a few prerequisites: an API Key and an Organization. For more information on these two items please review our quick start guide here. The last step of the quick start describes how to create a new connection, the POST body consists of:

vendor - The Enum of the vendor product you want to connect to.
credentials - The specific credential body for the vendor you are connecting to, this is not required for Oauth based connections.
options - (Optional) Any additional options you want to pass to the connection, each vendor has different options available.

Since creating a connection requires you to have the correct combination of vendor, credentials, and options in the correct combination we have provided examples of each below.

VMS Connections

Tenable

{
  "credentials": {
    "client_key": "<string>",
    "secret_key": "<string>"
  },
  "vendor": "TENABLE"
}

Qualys

{
  "credentials": {
      "username": "test",
      "password": "pass",
  },
  "options": { # Optional not required
      "init_load_timestamp": "2021-01-01T00:00:00+00:00", # Timestamp to start the data pull from
  },
  "vendor": "QUALYS"
}

InsightVM

{
  "credentials": {
    "base_url": "https://api.url.com",
    "api_key": "api_key"
  },
  "vendor": "INSIGHTVM"
}

MS Defender VMS

{
  "vendor": "MS_DEFENDER_VMS",
  "options": { # Optional not required
    "oauth2_redirect_urls": { # Overried the default redirect to Leen's splash page'
      "success": "https://myapp.com/success",
      "error": "https://myapp.com/error"
    }
  }
}

More info on our OAuth flow can be found here

SentinelOne VMS

{
  "credentials": {
    "base_url": "https://api.url.com",
    "api_token": "api_token"
  },
  "vendor": "SENTINELONE_VMS"
}

CrowdStrike Spotlight

{
  "credentials": {
    "client_id": "client_id",
    "client_secret": "client_secret"
  },
  "vendor": "CROWDSTRIKE_SPOTLIGHT"
}

AWS Inspector2

Direct access

{
  "credentials": {
    "aws": {
      "aws_access_key_id": "access_key_id",
      "aws_secret_access_key": "secret_key",
      "aws_region_name": "us-east-1",
      "type": "direct_access"
    }
  },
  "vendor": "AWS_INSPECTOR2"
}

Leen Role

{
  "credentials": {
    "aws": {
      "aws_role_arn": "role_arn",
      "external_id": "external_id",
      "aws_region_name": "us-east-1",
      "type": "leen_role"
    }
  },
  "vendor": "AWS_INSPECTOR2"
}

Role Chaining

{
  "credentials": {
    "aws": {
      "aws_role_arn": "role_arn",
      "external_id": "external_id",
      "aws_region_name": "us-east-1",
      "type": "role_chaining"
    }
  },
  "vendor": "AWS_INSPECTOR2"
}

Wiz VMS

{
  "credentials": {
    "base_url": "https://api.usxx.app.wiz.io",
    "client_id": "client_id",
    "client_secret": "client_secret"
  },
  "vendor": "WIZ_VMS"
}

EDR Connections

MS Defender Endpoint

{
  "vendor": "MS_DEFENDER_ENDPOINT",
  "options": { # Optional not required
    "oauth2_redirect_urls": { # Overried the default redirect to Leen's splash page'
      "success": "https://myapp.com/success",
      "error": "https://myapp.com/error"
    }
  }
}

More info on our OAuth flow can be found here

SentinelOne Endpoint

{
  "credentials": {
    "base_url": "https://api.url.com",
    "api_token": "api_token"
    },
    "vendor": "SENTINELONE"
}

CrowdStrike Falcon

{
  "credentials": {
    "client_id": "client_id",
    "client_secret": "client_secret"
  },
  "vendor": "CROWDSTRIKE"
}

AppSec Connections

Snyk

{
    "vendor": "SNYK",
    "options": { # Optional not required
        "oauth2_redirect_urls": { # Overried the default redirect to Leen's splash page'
          "success": "https://myapp.com/success",
          "error": "https://myapp.com/error"
        }
    }
}

More info on our OAuth flow can be found here

Semgrep

{
  "vendor": "SEMGREP",
  "credentials": {
    "web_api_token": "web_api_token"
  }
}

Aikido

{
  "vendor": "AIKIDO",
  "credentials": {
    "client_id": "client_id",
    "client_secret": "client_secret",
  }
}

Wiz Code

{
  "credentials": {
    "base_url": "https://api.usxx.app.wiz.io",
    "client_id": "client_id",
    "client_secret": "client_secret"
  },
  "vendor": "WIZ_CODE"
}

Checkmarx

{
  "credentials": {
    "base_url": "https://us.ast.checkmarx.net",
    "tenant_name": "tenant-name",
    "client_id": "client_id",
    "client_secret": "client_secret"
  },
  "vendor": "CHECKMARX"
}

Mend.io

{
  "credentials": {
    "user_email": "user-email",
    "user_key": "user-key",
    "org_uuid": "org-uuid",
    "base_url": "https://api-saas.mend.io"
  }
  "vendor": "MEND"
},

IDP Connections

Okta

{
    "vendor": "OKTA",
    "credentials": {
      "org_url": "https://{your-tenant}.okta.com",
      "api_token": "api_token"
    }
}

MS Entra

OAuth2

{
  "vendor": "MS_ENTRA",
  "options": { # Optional not required
    "oauth2_redirect_urls": { # Overried the default redirect to Leen's splash page'
      "success": "https://myapp.com/success",
      "error": "https://myapp.com/error"
    }
  }
}

More info on our OAuth flow can be found here

Secret

{
  "vendor": "MS_ENTRA",
  "credentials": {
    "client_id": "client_id",
    "client_secret": "client_secret",
    "tenant_id": "tenant_id"
  }
}

API Documentation

AppSec

EDR

VMS

CSPM

Identity Provider (IDP)

Entities

Configuration

Provisioning

Connectors

OnRamp

Enrichments

VMS Connections

EDR Connections

AppSec Connections

IDP Connections

API Documentation

AppSec

EDR

VMS

CSPM

Identity Provider (IDP)

Entities

Configuration

Provisioning

Connectors

OnRamp

Enrichments

​VMS Connections

​EDR Connections

​AppSec Connections

​IDP Connections

VMS Connections

EDR Connections

AppSec Connections

IDP Connections