VMS
Identity Provider (IDP)
Provisioning
- POSTCreate Organization
- GETList Organizations
- GETGet Organization by ID
- DELSoft Delete Organization By Id And Environment Id
- POSTCreate Connection
- GETList Connections
- GETGet Connection by ID
- GETList Jobs by Connection ID
- GETTest Connection Credentials by Connection ID
- DELDelete Connection
- PATCHUpdate Connection by ID and Organization ID
Connectors
Enrichments
EDR
List Alerts
List all the EDR alerts for a given connection.
GET
/
edr
/
alerts
curl --request GET \
--url https://api.leen.dev/v1/edr/alerts \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"vendor_id": "<string>",
"title": "<string>",
"description": "<string>",
"assigned_user": "<string>",
"severity": "none",
"vendor_severity": "<string>",
"status": "unknown",
"vendor_status": "<string>",
"first_event_time": "2023-11-07T05:31:56Z",
"last_event_time": "2023-11-07T05:31:56Z",
"resolved_time": "2023-11-07T05:31:56Z",
"vendor": "crowdstrike",
"pid": "<string>",
"process_created_at": "2023-11-07T05:31:56Z",
"process_filename": "<string>",
"process_command_line": "<string>",
"process_filepath": "<string>",
"process_sha1": "<string>",
"process_sha256": "<string>",
"process_md5": "<string>",
"parent_pid": "<string>",
"user_name": "<string>",
"windows_sid": "<string>",
"active_directory_user_id": "<string>",
"active_directory_domain": "<string>",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"mitre": [
{
"tactic_name": "<string>",
"tactic_id": "<string>",
"tactic_source": "<string>",
"techniques": [
{
"technique_name": "<string>",
"technique_id": "<string>",
"technique_link": "<string>"
}
]
}
],
"observables": [
{
"name": "<string>",
"type_id": 0,
"type": "UNKNOWN",
"value": "<string>"
}
]
}
]
}Query Parameters
Sort by field
Enable cursor based pagination instead of default offset-based pagination
Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Limit size (page size)
Required range:
x >= 0Offset index (starting index of page)
Required range:
x >= 0Skips returning the total rows, total is set to null when true
Include device groups in the devices attached to the vulnerability
Include observable data in the response
Response
200
application/json
Successful Response
The response is of type object.
The response is of type object.
The response is of type object.
curl --request GET \
--url https://api.leen.dev/v1/edr/alerts \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"vendor_id": "<string>",
"title": "<string>",
"description": "<string>",
"assigned_user": "<string>",
"severity": "none",
"vendor_severity": "<string>",
"status": "unknown",
"vendor_status": "<string>",
"first_event_time": "2023-11-07T05:31:56Z",
"last_event_time": "2023-11-07T05:31:56Z",
"resolved_time": "2023-11-07T05:31:56Z",
"vendor": "crowdstrike",
"pid": "<string>",
"process_created_at": "2023-11-07T05:31:56Z",
"process_filename": "<string>",
"process_command_line": "<string>",
"process_filepath": "<string>",
"process_sha1": "<string>",
"process_sha256": "<string>",
"process_md5": "<string>",
"parent_pid": "<string>",
"user_name": "<string>",
"windows_sid": "<string>",
"active_directory_user_id": "<string>",
"active_directory_domain": "<string>",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"mitre": [
{
"tactic_name": "<string>",
"tactic_id": "<string>",
"tactic_source": "<string>",
"techniques": [
{
"technique_name": "<string>",
"technique_id": "<string>",
"technique_link": "<string>"
}
]
}
],
"observables": [
{
"name": "<string>",
"type_id": 0,
"type": "UNKNOWN",
"value": "<string>"
}
]
}
]
}