Skip to main content
GET
/
edr
/
alerts
List Alerts
curl --request GET \
  --url https://api.leen.dev/v1/edr/alerts \
  --header 'X-API-KEY: <api-key>' \
  --header 'X-CONNECTION-ID: <api-key>'
{
  "count": 123,
  "items": [
    {
      "vendor_id": "<string>",
      "title": "<string>",
      "description": "<string>",
      "assigned_user": "<string>",
      "vendor_severity": "<string>",
      "vendor_status": "<string>",
      "first_event_time": "2023-11-07T05:31:56Z",
      "last_event_time": "2023-11-07T05:31:56Z",
      "resolved_time": "2023-11-07T05:31:56Z",
      "pid": "<string>",
      "process_created_at": "2023-11-07T05:31:56Z",
      "process_filename": "<string>",
      "process_command_line": "<string>",
      "process_filepath": "<string>",
      "process_sha1": "<string>",
      "process_sha256": "<string>",
      "process_md5": "<string>",
      "parent_pid": "<string>",
      "user_name": "<string>",
      "windows_sid": "<string>",
      "active_directory_user_id": "<string>",
      "active_directory_domain": "<string>",
      "device": {
        "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "last_seen": "2023-11-07T05:31:56Z",
        "first_seen": "2023-11-07T05:31:56Z",
        "source_vendors": [
          {
            "vendor": "<string>",
            "vendor_id": "<string>",
            "agent_info": {
              "agent_version": "<string>",
              "signature_version": "<string>",
              "policies": [
                {}
              ]
            }
          }
        ],
        "installed_software": [
          "<string>"
        ],
        "ad_info": {
          "org_unit": "<string>",
          "site_name": "<string>",
          "domain": "<string>",
          "device_id": "<string>"
        },
        "hostnames": [
          "<string>"
        ],
        "os_version": "<string>",
        "os_major_version": "<string>",
        "os_minor_version": "<string>",
        "fqdns": [
          "<string>"
        ],
        "ipv4s": [
          "<string>"
        ],
        "ipv6s": [
          "<string>"
        ],
        "mac_addresses": [
          "<string>"
        ],
        "cloud_metadata": {
          "cloud_provider": "aws",
          "account_id": "<string>",
          "region": "<string>",
          "availability_zone": "<string>",
          "instance_id": "<string>",
          "instance_type": "<string>",
          "image_id": "<string>",
          "kernel_id": "<string>",
          "vpc_id": "<string>",
          "subnet_id": "<string>"
        },
        "tags": [
          {
            "key": "<string>",
            "value": "<string>"
          }
        ],
        "identities": [
          {
            "username": "<string>",
            "user_sid": "<string>"
          }
        ],
        "vendor_data": {}
      },
      "mitre": [
        {
          "techniques": [
            {
              "technique_name": "<string>",
              "technique_id": "<string>",
              "technique_link": "<string>"
            }
          ],
          "tactic_name": "<string>",
          "tactic_id": "<string>",
          "tactic_source": "<string>"
        }
      ],
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "severity": "none",
      "status": "unknown",
      "observables": [
        {
          "name": "<string>",
          "value": "<string>"
        }
      ],
      "vendor_data": {
        "aggregate_id": "<string>",
        "vendor": "CROWDSTRIKE",
        "falcon_host_link": "<string>"
      }
    }
  ],
  "total": 123
}

Authorizations

X-CONNECTION-ID
string
header
required
X-API-KEY
string
header
required

Query Parameters

sort
string | null

Sort by field

Pattern: ^severity$|^severity\:asc$|^severity\:desc$
enableCursor
boolean
default:false

Enable cursor based pagination instead of default offset-based pagination

updatedSince
string<date-time> | null

Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00

limit
integer
default:100

Limit size (page size)

Required range: x >= 0
offset
integer
default:0

Offset index (starting index of page)

Required range: x >= 0
excludeTotal
boolean
default:false

Skips returning the total rows, total is set to null when true

cursor
string | null

Skip token to continue from the last item in the previous page

device_id
string
severity
string
status
string
includeDeviceGroups
boolean
default:false

Include device groups in the devices attached to the vulnerability

includeObservables
boolean
default:false

Include observable data in the response

Response

Successful Response

count
integer
required

Number of items return in the response

items
ScopedEDRAlertRespModel · object[]
required

List of items returned in the response

total
integer | null

Total number of items that can be returned