GET
/
edr
/
alerts
/
{alert_id}
curl --request GET \
  --url https://api.leen.dev/v1/edr/alerts/{alert_id} \
  --header 'X-API-KEY: <api-key>' \
  --header 'X-CONNECTION-ID: <api-key>'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "vendor_id": "<string>",
  "title": "<string>",
  "description": "<string>",
  "assigned_user": "<string>",
  "severity": "none",
  "vendor_severity": "<string>",
  "status": "unknown",
  "vendor_status": "<string>",
  "first_event_time": "2023-11-07T05:31:56Z",
  "last_event_time": "2023-11-07T05:31:56Z",
  "resolved_time": "2023-11-07T05:31:56Z",
  "vendor": "crowdstrike",
  "pid": "<string>",
  "process_created_at": "2023-11-07T05:31:56Z",
  "process_filename": "<string>",
  "process_command_line": "<string>",
  "process_filepath": "<string>",
  "process_sha1": "<string>",
  "process_sha256": "<string>",
  "process_md5": "<string>",
  "parent_pid": "<string>",
  "user_name": "<string>",
  "windows_sid": "<string>",
  "active_directory_user_id": "<string>",
  "active_directory_domain": "<string>",
  "device": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "status": "active",
    "platform": "mac",
    "hostnames": [
      "<string>"
    ],
    "os_version": "<string>",
    "os_major_version": "<string>",
    "os_minor_version": "<string>",
    "fqdns": [
      "<string>"
    ],
    "ipv4s": [
      "<string>"
    ],
    "ipv6s": [
      "<string>"
    ],
    "mac_addresses": [
      "<string>"
    ],
    "last_seen": "2023-11-07T05:31:56Z",
    "first_seen": "2023-11-07T05:31:56Z",
    "source_vendors": [
      {
        "vendor": "<string>",
        "vendor_id": "<string>",
        "agent_info": {
          "agent_version": "<string>",
          "signature_version": "<string>",
          "policies": [
            {}
          ]
        }
      }
    ],
    "installed_software": [
      "<string>"
    ],
    "ad_info": {
      "org_unit": "<string>",
      "site_name": "<string>",
      "domain": "<string>",
      "device_id": "<string>"
    },
    "cloud_metadata": {
      "cloud_provider": "aws",
      "account_id": "<string>",
      "region": "<string>",
      "availability_zone": "<string>",
      "instance_id": "<string>",
      "instance_type": "<string>",
      "image_id": "<string>",
      "kernel_id": "<string>",
      "vpc_id": "<string>",
      "subnet_id": "<string>"
    },
    "tags": [
      {
        "key": "<string>",
        "value": "<string>",
        "source": "aws"
      }
    ],
    "identities": [
      {
        "username": "<string>",
        "user_sid": "<string>"
      }
    ],
    "vendor_data": {}
  },
  "mitre": [
    {
      "tactic_name": "<string>",
      "tactic_id": "<string>",
      "tactic_source": "<string>",
      "techniques": [
        {
          "technique_name": "<string>",
          "technique_id": "<string>",
          "technique_link": "<string>"
        }
      ]
    }
  ],
  "observables": [
    {
      "name": "<string>",
      "type_id": 0,
      "type": "UNKNOWN",
      "value": "<string>"
    }
  ]
}

Authorizations

X-CONNECTION-ID
string
header
required
X-API-KEY
string
header
required

Path Parameters

alert_id
string
required

Response

200
application/json
Successful Response

The response is of type object.