Identity Provider (IDP)
List IDP Alerts
VMS
Identity Provider (IDP)
Provisioning
- POSTCreate Organization
- GETList Organizations
- GETGet Organization by ID
- DELSoft Delete Organization By Id And Environment Id
- POSTCreate Connection
- GETList Connections
- GETGet Connection by ID
- GETList Jobs by Connection ID
- GETTest Connection Credentials by Connection ID
- DELDelete Connection
- PATCHUpdate Connection by ID and Organization ID
Connectors
Enrichments
Identity Provider (IDP)
List IDP Alerts
List all the IDP alerts for a given connection. sort - supports severity:asc (eg. lowest to highest criticality) and severity:desc. If no direction is provided it will default to asc
GET
/
idp
/
alerts
curl --request GET \
--url https://api.leen.dev/v1/idp/alerts \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"activity_id": 123,
"activity_name": "<string>",
"category_name": "<string>",
"category_uid": 123,
"class_name": "<string>",
"class_uid": 123,
"enrichments": [
{
"name": "<string>",
"value": "<string>",
"data": {},
"created_time": "2023-11-07T05:31:56Z",
"provider": "<string>",
"short_desc": "<string>",
"src_url": "<string>",
"type": "<string>",
"created_time_dt": "2023-11-07T05:31:56Z",
"desc": "<string>",
"reputation": {
"base_score": 123,
"score_id": 0,
"provider": "<string>",
"score": "UNKNOWN"
}
}
],
"evidences": [
{
"actor": {
"process": {},
"user": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"account": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"labels": [
"<string>"
],
"type": "<string>"
},
"credential_uid": "<string>",
"domain": "<string>",
"email_addr": "<string>",
"full_name": "<string>",
"groups": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
],
"ldap_person": {
"cost_center": "<string>",
"created_time": 123,
"created_time_dt": "<string>",
"deleted_time": 123,
"deleted_time_dt": "<string>",
"email_addrs": [
"<string>"
],
"employee_uid": "<string>",
"given_name": "<string>",
"hire_time": 123,
"hire_time_dt": "<string>",
"job_title": "<string>",
"labels": [
"<string>"
],
"last_login_time": 123,
"last_login_time_dt": "<string>",
"ldap_cn": "<string>",
"ldap_dn": "<string>",
"leave_time": 123,
"leave_time_dt": "<string>",
"location": {
"city": "<string>",
"continent": "<string>",
"coordinates": [
123
],
"country": "<string>",
"desc": "<string>",
"geohash": "<string>",
"is_on_premises": true,
"isp": "<string>",
"lat": 123,
"long": 123,
"postal_code": "<string>",
"provider": "<string>",
"region": "<string>"
},
"manager": {},
"modified_time": 123,
"modified_time_dt": "<string>",
"office_location": "<string>",
"surname": "<string>"
},
"org": {
"uid": "<string>",
"name": "<string>",
"ou_uid": "<string>",
"ou_name": "<string>"
},
"risk_level": "Info",
"risk_level_id": 0,
"risk_score": 123,
"type": "Unknown",
"uid_alt": "<string>"
},
"app_uid": "<string>",
"app_name": "<string>",
"authorizations": [
{}
],
"idp": {},
"invoked_by": "<string>",
"session": {}
},
"api": {
"operation": "<string>",
"request": {},
"response": {},
"group": {},
"service": {},
"version": "<string>"
},
"connection_info": {
"direction_id": 0,
"protocol_name": "<string>",
"protocol_num": 123,
"protocol_ver_id": 0,
"boundary_id": 0,
"uid": "<string>",
"boundary": "<string>",
"direction": "<string>",
"protocol_ver": "<string>",
"session": {},
"tcp_flags": 123
},
"container": {
"hash": {},
"image": {},
"name": "<string>",
"size": 123,
"uid": "<string>",
"tag": "<string>",
"network_driver": "<string>",
"orchestrator": "<string>",
"pod_uuid": "<string>",
"runtime": "<string>"
},
"database": {
"type_id": 0,
"name": "<string>",
"type": "<string>",
"uid": "<string>",
"created_time": "2023-11-07T05:31:56Z",
"desc": "<string>",
"groups": [
{}
],
"modified_time": "2023-11-07T05:31:56Z",
"size": 123
},
"databucket": {
"type_id": 0,
"uid": "<string>",
"type": "<string>",
"name": "<string>",
"size": 123,
"modified_time": "2023-11-07T05:31:56Z",
"groups": [
{}
],
"file": {},
"desc": "<string>",
"created_time": "2023-11-07T05:31:56Z"
},
"device": {
"type_id": 0,
"uid": "<string>",
"type": "<string>",
"region": "<string>",
"owner": {},
"interface_name": "<string>",
"interface_uid": "<string>",
"instance_uid": "<string>",
"hostname": "<string>",
"vpc_uid": "<string>",
"vlan_uid": "<string>",
"agent_list": [
{}
],
"uid_alt": "<string>",
"autoscale_uid": "<string>",
"boot_time": "2023-11-07T05:31:56Z",
"is_compliant": true,
"created_time": "2023-11-07T05:31:56Z",
"desc": "<string>",
"domain": "<string>",
"first_seen_time": "2023-11-07T05:31:56Z",
"location": {},
"groups": [
{}
],
"hw_info": {},
"hypervisor": "<string>",
"imei": "<string>",
"ip": "<string>",
"image": {},
"last_seen_time": "2023-11-07T05:31:56Z",
"mac": "<string>",
"is_managed": true,
"modified_time": "2023-11-07T05:31:56Z",
"name": "<string>",
"network_interfaces": [
{}
],
"zone": "<string>",
"os": {
"name": "<string>",
"type_id": 0,
"build": "<string>",
"country": "<string>",
"cpe_name": "<string>",
"cpu_bits": 123,
"edition": "<string>",
"lang": "<string>",
"sp_name": "<string>",
"sp_ver": 123,
"type": "<string>",
"version": "<string>"
},
"org": {},
"is_personal": true,
"risk_level": "<string>",
"risk_level_id": 123,
"risk_score": 123,
"subnet": "<string>",
"subnet_uid": "<string>",
"is_trusted": true
},
"dst_endpoint": {
"container": {},
"hostname": "<string>",
"instance_uid": "<string>",
"interface_name": "<string>",
"interface_uid": "<string>",
"ip": "<string>",
"name": "<string>",
"namespace_pid": 123,
"owner": {},
"port": 123,
"svc_name": "<string>",
"type_id": 0,
"uid": "<string>",
"agent_list": [
{}
],
"autonomous_system": {},
"domain": "<string>",
"hw_info": {},
"intermediate_ips": [
"<string>"
],
"location": {},
"mac": "<string>",
"os": {
"name": "<string>",
"type_id": 0,
"build": "<string>",
"country": "<string>",
"cpe_name": "<string>",
"cpu_bits": 123,
"edition": "<string>",
"lang": "<string>",
"sp_name": "<string>",
"sp_ver": 123,
"type": "<string>",
"version": "<string>"
},
"proxy_endpoint": {},
"subnet_uid": "<string>",
"type": "Unknown",
"vlan_uid": "<string>",
"vpc_uid": "<string>",
"zone": "<string>"
},
"email": {
"from": "<string>",
"to": [
"<string>"
],
"message_uid": "<string>",
"reply_to": "<string>",
"size": 123,
"smtp_from": "<string>",
"smtp_to": [
"<string>"
],
"subject": "<string>",
"uid": "<string>",
"cc": [
"<string>"
],
"delivered_to": "<string>",
"raw_header": "<string>",
"x_originating_ip": [
"<string>"
]
},
"file": {},
"job": {},
"process": {},
"query": {},
"reg_key": {},
"reg_value": {},
"src_endpoint": {
"container": {},
"hostname": "<string>",
"instance_uid": "<string>",
"interface_name": "<string>",
"interface_uid": "<string>",
"ip": "<string>",
"name": "<string>",
"namespace_pid": 123,
"owner": {},
"port": 123,
"svc_name": "<string>",
"type_id": 0,
"uid": "<string>",
"agent_list": [
{}
],
"autonomous_system": {},
"domain": "<string>",
"hw_info": {},
"intermediate_ips": [
"<string>"
],
"location": {},
"mac": "<string>",
"os": {
"name": "<string>",
"type_id": 0,
"build": "<string>",
"country": "<string>",
"cpe_name": "<string>",
"cpu_bits": 123,
"edition": "<string>",
"lang": "<string>",
"sp_name": "<string>",
"sp_ver": 123,
"type": "<string>",
"version": "<string>"
},
"proxy_endpoint": {},
"subnet_uid": "<string>",
"type": "Unknown",
"vlan_uid": "<string>",
"vpc_uid": "<string>",
"zone": "<string>"
},
"url": {},
"user": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"account": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"labels": [
"<string>"
],
"type": "<string>"
},
"credential_uid": "<string>",
"domain": "<string>",
"email_addr": "<string>",
"full_name": "<string>",
"groups": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
],
"ldap_person": {
"cost_center": "<string>",
"created_time": 123,
"created_time_dt": "<string>",
"deleted_time": 123,
"deleted_time_dt": "<string>",
"email_addrs": [
"<string>"
],
"employee_uid": "<string>",
"given_name": "<string>",
"hire_time": 123,
"hire_time_dt": "<string>",
"job_title": "<string>",
"labels": [
"<string>"
],
"last_login_time": 123,
"last_login_time_dt": "<string>",
"ldap_cn": "<string>",
"ldap_dn": "<string>",
"leave_time": 123,
"leave_time_dt": "<string>",
"location": {
"city": "<string>",
"continent": "<string>",
"coordinates": [
123
],
"country": "<string>",
"desc": "<string>",
"geohash": "<string>",
"is_on_premises": true,
"isp": "<string>",
"lat": 123,
"long": 123,
"postal_code": "<string>",
"provider": "<string>",
"region": "<string>"
},
"manager": {},
"modified_time": 123,
"modified_time_dt": "<string>",
"office_location": "<string>",
"surname": "<string>"
},
"org": {
"uid": "<string>",
"name": "<string>",
"ou_uid": "<string>",
"ou_name": "<string>"
},
"risk_level": "Info",
"risk_level_id": 0,
"risk_score": 123,
"type": "Unknown",
"uid_alt": "<string>"
},
"win_service": {},
"data": {}
}
],
"finding_info": {
"title": "<string>",
"uid": "<string>",
"analytic": {
"type_id": 0,
"name": "<string>",
"uid": "<string>",
"category": "<string>",
"desc": "<string>",
"type": "<string>",
"version": "<string>"
},
"attacks": [
{}
],
"created_time": "2023-11-07T05:31:56Z",
"data_sources": [
"<string>"
],
"desc": "<string>",
"first_seen_time": "2023-11-07T05:31:56Z",
"kill_chain": [
{}
],
"last_seen_time": "2023-11-07T05:31:56Z",
"modified_time": "2023-11-07T05:31:56Z",
"product_uid": "<string>",
"related_analytics": [
{
"type_id": 0,
"name": "<string>",
"uid": "<string>",
"category": "<string>",
"desc": "<string>",
"type": "<string>",
"version": "<string>"
}
],
"related_events": [
{}
],
"src_url": "<string>",
"types": [
"<string>"
]
},
"metadata": {
"product": {
"vendor_name": "<string>",
"name": "<string>",
"uid": "<string>",
"version": "<string>",
"cpe_name": "<string>",
"feature": {},
"lang": "<string>",
"path": "<string>",
"url_string": "<string>"
},
"version": "<string>",
"log_name": "<string>",
"log_provider": "<string>",
"original_time": "<string>",
"tenant_uid": "<string>",
"correlation_uid": "<string>",
"event_code": "<string>",
"uid": "<string>",
"labels": [
"<string>"
],
"log_level": "<string>",
"log_version": "<string>",
"logged_time": "2023-11-07T05:31:56Z",
"loggers": [
{}
],
"modified_time": "2023-11-07T05:31:56Z",
"processed_time": "2023-11-07T05:31:56Z",
"profiles": [
"<string>"
],
"extensions": [
{}
],
"sequence": 123
},
"message": "<string>",
"severity": "UNKNOWN",
"severity_id": 0,
"type_uid": 200400,
"type_name": "Detection Finding: Unknown",
"time": "2023-11-07T05:31:56Z",
"end_time": "2023-11-07T05:31:56Z",
"status": "Unknown",
"status_id": 0,
"risk_level": "Unknown",
"risk_level_id": 0,
"risk_details": "<string>",
"resources": [
{
"uid": "<string>",
"name": "<string>",
"type": "<string>",
"version": "<string>",
"namespace": "<string>",
"criticality": "<string>",
"owner": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"account": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"labels": [
"<string>"
],
"type": "<string>"
},
"credential_uid": "<string>",
"domain": "<string>",
"email_addr": "<string>",
"full_name": "<string>",
"groups": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
],
"ldap_person": {
"cost_center": "<string>",
"created_time": 123,
"created_time_dt": "<string>",
"deleted_time": 123,
"deleted_time_dt": "<string>",
"email_addrs": [
"<string>"
],
"employee_uid": "<string>",
"given_name": "<string>",
"hire_time": 123,
"hire_time_dt": "<string>",
"job_title": "<string>",
"labels": [
"<string>"
],
"last_login_time": 123,
"last_login_time_dt": "<string>",
"ldap_cn": "<string>",
"ldap_dn": "<string>",
"leave_time": 123,
"leave_time_dt": "<string>",
"location": {
"city": "<string>",
"continent": "<string>",
"coordinates": [
123
],
"country": "<string>",
"desc": "<string>",
"geohash": "<string>",
"is_on_premises": true,
"isp": "<string>",
"lat": 123,
"long": 123,
"postal_code": "<string>",
"provider": "<string>",
"region": "<string>"
},
"manager": {},
"modified_time": 123,
"modified_time_dt": "<string>",
"office_location": "<string>",
"surname": "<string>"
},
"org": {
"uid": "<string>",
"name": "<string>",
"ou_uid": "<string>",
"ou_name": "<string>"
},
"risk_level": "Info",
"risk_level_id": 0,
"risk_score": 123,
"type": "Unknown",
"uid_alt": "<string>"
},
"group": {
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
},
"agent_list": [
{
"uid": "<string>",
"uid_alt": "<string>",
"name": "<string>",
"type": "<string>",
"type_id": "0",
"vendor_name": "<string>",
"version": "<string>",
"policies": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"version": "<string>",
"is_applied": true,
"group": {
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
}
]
}
],
"labels": [
"<string>"
],
"data": {}
}
]
}
]
}Query Parameters
Sort by field
Enable cursor based pagination instead of default offset-based pagination
Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Limit size (page size)
Required range:
x >= 0Offset index (starting index of page)
Required range:
x >= 0Skips returning the total rows, total is set to null when true
Severity filter, comma separated
Response
200
application/json
Successful Response
The response is of type object.
The response is of type object.
The response is of type object.
curl --request GET \
--url https://api.leen.dev/v1/idp/alerts \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"activity_id": 123,
"activity_name": "<string>",
"category_name": "<string>",
"category_uid": 123,
"class_name": "<string>",
"class_uid": 123,
"enrichments": [
{
"name": "<string>",
"value": "<string>",
"data": {},
"created_time": "2023-11-07T05:31:56Z",
"provider": "<string>",
"short_desc": "<string>",
"src_url": "<string>",
"type": "<string>",
"created_time_dt": "2023-11-07T05:31:56Z",
"desc": "<string>",
"reputation": {
"base_score": 123,
"score_id": 0,
"provider": "<string>",
"score": "UNKNOWN"
}
}
],
"evidences": [
{
"actor": {
"process": {},
"user": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"account": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"labels": [
"<string>"
],
"type": "<string>"
},
"credential_uid": "<string>",
"domain": "<string>",
"email_addr": "<string>",
"full_name": "<string>",
"groups": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
],
"ldap_person": {
"cost_center": "<string>",
"created_time": 123,
"created_time_dt": "<string>",
"deleted_time": 123,
"deleted_time_dt": "<string>",
"email_addrs": [
"<string>"
],
"employee_uid": "<string>",
"given_name": "<string>",
"hire_time": 123,
"hire_time_dt": "<string>",
"job_title": "<string>",
"labels": [
"<string>"
],
"last_login_time": 123,
"last_login_time_dt": "<string>",
"ldap_cn": "<string>",
"ldap_dn": "<string>",
"leave_time": 123,
"leave_time_dt": "<string>",
"location": {
"city": "<string>",
"continent": "<string>",
"coordinates": [
123
],
"country": "<string>",
"desc": "<string>",
"geohash": "<string>",
"is_on_premises": true,
"isp": "<string>",
"lat": 123,
"long": 123,
"postal_code": "<string>",
"provider": "<string>",
"region": "<string>"
},
"manager": {},
"modified_time": 123,
"modified_time_dt": "<string>",
"office_location": "<string>",
"surname": "<string>"
},
"org": {
"uid": "<string>",
"name": "<string>",
"ou_uid": "<string>",
"ou_name": "<string>"
},
"risk_level": "Info",
"risk_level_id": 0,
"risk_score": 123,
"type": "Unknown",
"uid_alt": "<string>"
},
"app_uid": "<string>",
"app_name": "<string>",
"authorizations": [
{}
],
"idp": {},
"invoked_by": "<string>",
"session": {}
},
"api": {
"operation": "<string>",
"request": {},
"response": {},
"group": {},
"service": {},
"version": "<string>"
},
"connection_info": {
"direction_id": 0,
"protocol_name": "<string>",
"protocol_num": 123,
"protocol_ver_id": 0,
"boundary_id": 0,
"uid": "<string>",
"boundary": "<string>",
"direction": "<string>",
"protocol_ver": "<string>",
"session": {},
"tcp_flags": 123
},
"container": {
"hash": {},
"image": {},
"name": "<string>",
"size": 123,
"uid": "<string>",
"tag": "<string>",
"network_driver": "<string>",
"orchestrator": "<string>",
"pod_uuid": "<string>",
"runtime": "<string>"
},
"database": {
"type_id": 0,
"name": "<string>",
"type": "<string>",
"uid": "<string>",
"created_time": "2023-11-07T05:31:56Z",
"desc": "<string>",
"groups": [
{}
],
"modified_time": "2023-11-07T05:31:56Z",
"size": 123
},
"databucket": {
"type_id": 0,
"uid": "<string>",
"type": "<string>",
"name": "<string>",
"size": 123,
"modified_time": "2023-11-07T05:31:56Z",
"groups": [
{}
],
"file": {},
"desc": "<string>",
"created_time": "2023-11-07T05:31:56Z"
},
"device": {
"type_id": 0,
"uid": "<string>",
"type": "<string>",
"region": "<string>",
"owner": {},
"interface_name": "<string>",
"interface_uid": "<string>",
"instance_uid": "<string>",
"hostname": "<string>",
"vpc_uid": "<string>",
"vlan_uid": "<string>",
"agent_list": [
{}
],
"uid_alt": "<string>",
"autoscale_uid": "<string>",
"boot_time": "2023-11-07T05:31:56Z",
"is_compliant": true,
"created_time": "2023-11-07T05:31:56Z",
"desc": "<string>",
"domain": "<string>",
"first_seen_time": "2023-11-07T05:31:56Z",
"location": {},
"groups": [
{}
],
"hw_info": {},
"hypervisor": "<string>",
"imei": "<string>",
"ip": "<string>",
"image": {},
"last_seen_time": "2023-11-07T05:31:56Z",
"mac": "<string>",
"is_managed": true,
"modified_time": "2023-11-07T05:31:56Z",
"name": "<string>",
"network_interfaces": [
{}
],
"zone": "<string>",
"os": {
"name": "<string>",
"type_id": 0,
"build": "<string>",
"country": "<string>",
"cpe_name": "<string>",
"cpu_bits": 123,
"edition": "<string>",
"lang": "<string>",
"sp_name": "<string>",
"sp_ver": 123,
"type": "<string>",
"version": "<string>"
},
"org": {},
"is_personal": true,
"risk_level": "<string>",
"risk_level_id": 123,
"risk_score": 123,
"subnet": "<string>",
"subnet_uid": "<string>",
"is_trusted": true
},
"dst_endpoint": {
"container": {},
"hostname": "<string>",
"instance_uid": "<string>",
"interface_name": "<string>",
"interface_uid": "<string>",
"ip": "<string>",
"name": "<string>",
"namespace_pid": 123,
"owner": {},
"port": 123,
"svc_name": "<string>",
"type_id": 0,
"uid": "<string>",
"agent_list": [
{}
],
"autonomous_system": {},
"domain": "<string>",
"hw_info": {},
"intermediate_ips": [
"<string>"
],
"location": {},
"mac": "<string>",
"os": {
"name": "<string>",
"type_id": 0,
"build": "<string>",
"country": "<string>",
"cpe_name": "<string>",
"cpu_bits": 123,
"edition": "<string>",
"lang": "<string>",
"sp_name": "<string>",
"sp_ver": 123,
"type": "<string>",
"version": "<string>"
},
"proxy_endpoint": {},
"subnet_uid": "<string>",
"type": "Unknown",
"vlan_uid": "<string>",
"vpc_uid": "<string>",
"zone": "<string>"
},
"email": {
"from": "<string>",
"to": [
"<string>"
],
"message_uid": "<string>",
"reply_to": "<string>",
"size": 123,
"smtp_from": "<string>",
"smtp_to": [
"<string>"
],
"subject": "<string>",
"uid": "<string>",
"cc": [
"<string>"
],
"delivered_to": "<string>",
"raw_header": "<string>",
"x_originating_ip": [
"<string>"
]
},
"file": {},
"job": {},
"process": {},
"query": {},
"reg_key": {},
"reg_value": {},
"src_endpoint": {
"container": {},
"hostname": "<string>",
"instance_uid": "<string>",
"interface_name": "<string>",
"interface_uid": "<string>",
"ip": "<string>",
"name": "<string>",
"namespace_pid": 123,
"owner": {},
"port": 123,
"svc_name": "<string>",
"type_id": 0,
"uid": "<string>",
"agent_list": [
{}
],
"autonomous_system": {},
"domain": "<string>",
"hw_info": {},
"intermediate_ips": [
"<string>"
],
"location": {},
"mac": "<string>",
"os": {
"name": "<string>",
"type_id": 0,
"build": "<string>",
"country": "<string>",
"cpe_name": "<string>",
"cpu_bits": 123,
"edition": "<string>",
"lang": "<string>",
"sp_name": "<string>",
"sp_ver": 123,
"type": "<string>",
"version": "<string>"
},
"proxy_endpoint": {},
"subnet_uid": "<string>",
"type": "Unknown",
"vlan_uid": "<string>",
"vpc_uid": "<string>",
"zone": "<string>"
},
"url": {},
"user": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"account": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"labels": [
"<string>"
],
"type": "<string>"
},
"credential_uid": "<string>",
"domain": "<string>",
"email_addr": "<string>",
"full_name": "<string>",
"groups": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
],
"ldap_person": {
"cost_center": "<string>",
"created_time": 123,
"created_time_dt": "<string>",
"deleted_time": 123,
"deleted_time_dt": "<string>",
"email_addrs": [
"<string>"
],
"employee_uid": "<string>",
"given_name": "<string>",
"hire_time": 123,
"hire_time_dt": "<string>",
"job_title": "<string>",
"labels": [
"<string>"
],
"last_login_time": 123,
"last_login_time_dt": "<string>",
"ldap_cn": "<string>",
"ldap_dn": "<string>",
"leave_time": 123,
"leave_time_dt": "<string>",
"location": {
"city": "<string>",
"continent": "<string>",
"coordinates": [
123
],
"country": "<string>",
"desc": "<string>",
"geohash": "<string>",
"is_on_premises": true,
"isp": "<string>",
"lat": 123,
"long": 123,
"postal_code": "<string>",
"provider": "<string>",
"region": "<string>"
},
"manager": {},
"modified_time": 123,
"modified_time_dt": "<string>",
"office_location": "<string>",
"surname": "<string>"
},
"org": {
"uid": "<string>",
"name": "<string>",
"ou_uid": "<string>",
"ou_name": "<string>"
},
"risk_level": "Info",
"risk_level_id": 0,
"risk_score": 123,
"type": "Unknown",
"uid_alt": "<string>"
},
"win_service": {},
"data": {}
}
],
"finding_info": {
"title": "<string>",
"uid": "<string>",
"analytic": {
"type_id": 0,
"name": "<string>",
"uid": "<string>",
"category": "<string>",
"desc": "<string>",
"type": "<string>",
"version": "<string>"
},
"attacks": [
{}
],
"created_time": "2023-11-07T05:31:56Z",
"data_sources": [
"<string>"
],
"desc": "<string>",
"first_seen_time": "2023-11-07T05:31:56Z",
"kill_chain": [
{}
],
"last_seen_time": "2023-11-07T05:31:56Z",
"modified_time": "2023-11-07T05:31:56Z",
"product_uid": "<string>",
"related_analytics": [
{
"type_id": 0,
"name": "<string>",
"uid": "<string>",
"category": "<string>",
"desc": "<string>",
"type": "<string>",
"version": "<string>"
}
],
"related_events": [
{}
],
"src_url": "<string>",
"types": [
"<string>"
]
},
"metadata": {
"product": {
"vendor_name": "<string>",
"name": "<string>",
"uid": "<string>",
"version": "<string>",
"cpe_name": "<string>",
"feature": {},
"lang": "<string>",
"path": "<string>",
"url_string": "<string>"
},
"version": "<string>",
"log_name": "<string>",
"log_provider": "<string>",
"original_time": "<string>",
"tenant_uid": "<string>",
"correlation_uid": "<string>",
"event_code": "<string>",
"uid": "<string>",
"labels": [
"<string>"
],
"log_level": "<string>",
"log_version": "<string>",
"logged_time": "2023-11-07T05:31:56Z",
"loggers": [
{}
],
"modified_time": "2023-11-07T05:31:56Z",
"processed_time": "2023-11-07T05:31:56Z",
"profiles": [
"<string>"
],
"extensions": [
{}
],
"sequence": 123
},
"message": "<string>",
"severity": "UNKNOWN",
"severity_id": 0,
"type_uid": 200400,
"type_name": "Detection Finding: Unknown",
"time": "2023-11-07T05:31:56Z",
"end_time": "2023-11-07T05:31:56Z",
"status": "Unknown",
"status_id": 0,
"risk_level": "Unknown",
"risk_level_id": 0,
"risk_details": "<string>",
"resources": [
{
"uid": "<string>",
"name": "<string>",
"type": "<string>",
"version": "<string>",
"namespace": "<string>",
"criticality": "<string>",
"owner": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"account": {
"name": "<string>",
"type_id": 0,
"uid": "<string>",
"labels": [
"<string>"
],
"type": "<string>"
},
"credential_uid": "<string>",
"domain": "<string>",
"email_addr": "<string>",
"full_name": "<string>",
"groups": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
],
"ldap_person": {
"cost_center": "<string>",
"created_time": 123,
"created_time_dt": "<string>",
"deleted_time": 123,
"deleted_time_dt": "<string>",
"email_addrs": [
"<string>"
],
"employee_uid": "<string>",
"given_name": "<string>",
"hire_time": 123,
"hire_time_dt": "<string>",
"job_title": "<string>",
"labels": [
"<string>"
],
"last_login_time": 123,
"last_login_time_dt": "<string>",
"ldap_cn": "<string>",
"ldap_dn": "<string>",
"leave_time": 123,
"leave_time_dt": "<string>",
"location": {
"city": "<string>",
"continent": "<string>",
"coordinates": [
123
],
"country": "<string>",
"desc": "<string>",
"geohash": "<string>",
"is_on_premises": true,
"isp": "<string>",
"lat": 123,
"long": 123,
"postal_code": "<string>",
"provider": "<string>",
"region": "<string>"
},
"manager": {},
"modified_time": 123,
"modified_time_dt": "<string>",
"office_location": "<string>",
"surname": "<string>"
},
"org": {
"uid": "<string>",
"name": "<string>",
"ou_uid": "<string>",
"ou_name": "<string>"
},
"risk_level": "Info",
"risk_level_id": 0,
"risk_score": 123,
"type": "Unknown",
"uid_alt": "<string>"
},
"group": {
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
},
"agent_list": [
{
"uid": "<string>",
"uid_alt": "<string>",
"name": "<string>",
"type": "<string>",
"type_id": "0",
"vendor_name": "<string>",
"version": "<string>",
"policies": [
{
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"version": "<string>",
"is_applied": true,
"group": {
"uid": "<string>",
"name": "<string>",
"desc": "<string>",
"type": "<string>",
"domain": "<string>",
"privileges": [
"<string>"
]
}
}
]
}
],
"labels": [
"<string>"
],
"data": {}
}
]
}
]
}