VMS
Identity Provider (IDP)
Provisioning
- POSTCreate Organization
- GETList Organizations
- GETGet Organization by ID
- DELSoft Delete Organization By Id And Environment Id
- POSTCreate Connection
- GETList Connections
- GETGet Connection by ID
- GETList Jobs by Connection ID
- GETTest Connection Credentials by Connection ID
- DELDelete Connection
- PATCHUpdate Connection by ID and Organization ID
Connectors
Enrichments
EDR
Get Alert by ID
Retrieve an EDR alert by its ID (Leen’s UUID).
GET
/
edr
/
alerts
/
{alert_id}
curl --request GET \
--url https://api.leen.dev/v1/edr/alerts/{alert_id} \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"vendor_id": "<string>",
"title": "<string>",
"description": "<string>",
"assigned_user": "<string>",
"severity": "none",
"vendor_severity": "<string>",
"status": "unknown",
"vendor_status": "<string>",
"first_event_time": "2023-11-07T05:31:56Z",
"last_event_time": "2023-11-07T05:31:56Z",
"resolved_time": "2023-11-07T05:31:56Z",
"vendor": "crowdstrike",
"pid": "<string>",
"process_created_at": "2023-11-07T05:31:56Z",
"process_filename": "<string>",
"process_command_line": "<string>",
"process_filepath": "<string>",
"process_sha1": "<string>",
"process_sha256": "<string>",
"process_md5": "<string>",
"parent_pid": "<string>",
"user_name": "<string>",
"windows_sid": "<string>",
"active_directory_user_id": "<string>",
"active_directory_domain": "<string>",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"mitre": [
{
"tactic_name": "<string>",
"tactic_id": "<string>",
"tactic_source": "<string>",
"techniques": [
{
"technique_name": "<string>",
"technique_id": "<string>",
"technique_link": "<string>"
}
]
}
],
"observables": [
{
"name": "<string>",
"type_id": 0,
"type": "UNKNOWN",
"value": "<string>"
}
]
}
Path Parameters
Response
200
application/json
Successful Response
The response is of type object
.
curl --request GET \
--url https://api.leen.dev/v1/edr/alerts/{alert_id} \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"vendor_id": "<string>",
"title": "<string>",
"description": "<string>",
"assigned_user": "<string>",
"severity": "none",
"vendor_severity": "<string>",
"status": "unknown",
"vendor_status": "<string>",
"first_event_time": "2023-11-07T05:31:56Z",
"last_event_time": "2023-11-07T05:31:56Z",
"resolved_time": "2023-11-07T05:31:56Z",
"vendor": "crowdstrike",
"pid": "<string>",
"process_created_at": "2023-11-07T05:31:56Z",
"process_filename": "<string>",
"process_command_line": "<string>",
"process_filepath": "<string>",
"process_sha1": "<string>",
"process_sha256": "<string>",
"process_md5": "<string>",
"parent_pid": "<string>",
"user_name": "<string>",
"windows_sid": "<string>",
"active_directory_user_id": "<string>",
"active_directory_domain": "<string>",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"mitre": [
{
"tactic_name": "<string>",
"tactic_id": "<string>",
"tactic_source": "<string>",
"techniques": [
{
"technique_name": "<string>",
"technique_id": "<string>",
"technique_link": "<string>"
}
]
}
],
"observables": [
{
"name": "<string>",
"type_id": 0,
"type": "UNKNOWN",
"value": "<string>"
}
]
}