VMS
Identity Provider (IDP)
Provisioning
- POSTCreate Organization
- GETList Organizations
- GETGet Organization by ID
- DELSoft Delete Organization By Id And Environment Id
- POSTCreate Connection
- GETList Connections
- GETGet Connection by ID
- GETList Jobs by Connection ID
- GETTest Connection Credentials by Connection ID
- DELDelete Connection
- PATCHUpdate Connection by ID and Organization ID
Connectors
Enrichments
List Vulnerabilities
List all the vulnerabilities for a given connection.
curl --request GET \
--url https://api.leen.dev/v1/vms/vulnerabilities \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"resource": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"uid": "<string>",
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "wiz_vms"
}
],
"type": "branch",
"groups": [
{
"name": "<string>",
"uid": "<string>"
}
],
"data": {
"hostnames": [
"<string>"
],
"image": "<string>",
"url": "<string>",
"type": "container"
},
"cloud_metadata": {
"account_id": "<string>",
"account_name": "<string>",
"cloud_provider": "<string>",
"image_id": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"region": "<string>",
"subnet_id": "<string>",
"vpc_id": "<string>"
},
"url": "<string>",
"vendor": "<string>",
"vendor_id": "<string>"
},
"name": "<string>",
"description": "<string>",
"scan_output": "<string>",
"cve": [
"<string>"
],
"cvss_version": "<string>",
"cvss_base_score": 123,
"cvss_vector": "<string>",
"cvss_temporal_score": 123,
"cvss_temporal_vector": "<string>",
"cert_id": "<string>",
"port": 123,
"protocol": "<string>",
"service": "<string>",
"severity": "critical",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z",
"state": "open",
"state_updated_at": "2023-11-07T05:31:56Z",
"patchable": true,
"solution": "<string>",
"category": "web",
"vulnerability_url": "<string>",
"vendor": "tenable",
"vendor_id": "<string>",
"vendor_severity": "<string>",
"vendor_scan_id": "<string>",
"vendor_data": {}
}
]
}Query Parameters
Sort by field
Datetime filter, only return vulnerabilites where the state was updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Datetime filter, only return vulnerabilites where the first seen since this datetime. Example format: 2021-01-01T00:00:00+00:00
Datetime filter, only return vulnerabilites where the last seen since this datetime. Example format: 2021-01-01T00:00:00+00:00
Device ID Filter, comma separated
Resource ID Filter, comma separated
Vulnerability severity filter, comma separated
Vulnerability state filter, comma separated
Port number filter, comma separated
Protocol filter, comma separated
Vulnerability category filter, comma separated
CVE ID filter, comma separated
Include device groups in the devices attached to the vulnerability
Device group ID filter, comma separated
Vulnerability ID filter, comma separated. Need to be valid UUIDs. Max 100 IDs
Enable cursor based pagination instead of default offset-based pagination
Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Limit size (page size)
x >= 0Offset index (starting index of page)
x >= 0Skips returning the total rows, total is set to null when true
Response
Number of items return in the response
List of items returned in the response
Leen's UUID for the vulnerability
Name of vulnerability, provided by the upstream vendor
Description of vulnerability, provided by the upstream vendor
Scan output that was provided when detected on the device
List of CVEs associated with the vulnerability
CVSS version
CVSS vector uses cvss3 when available, provided by the upstream vendor
CVSS temporal score
CVSS temporal vector
Corresponds to an identifier in the vulnerability database provided by the US Computer Emergency Readiness Team (US-CERT)
Port number of the vulnerability that was detected
Protocol of the vulnerability that was detected, example: tcp
Service of the vulnerability that was detected, example: http
First detection date
Last detection date
The last time the state was updated
A patch is available
Solution for the vulnerability, provided by upstream vendor
Vulnerability category
web, network, database, application, os, other, general, attack_vector Source vendor
tenable, qualys, snyk, insightvm, crowdstrike_spotlight, sentinelone_vms, MS_DEFENDER_VMS, WIZ_VMS, AWS_INSPECTOR2 Vendor's ID of the vulnerability
Passthrough value of severity
Vendor's ID of the scan that detected the
Device attached to the vulnerability, include device groups with includeDeviceGroups query parameter
active, offline, quarantined, unknown, deleted mac, windows, linux, unknown CloudMetadata, currently only AWS is supported
aws Vendor specific pass through data, values can vary based on vendor
Resource attached to the vulnerability
Leen's UUID for the resource
Resource name
Unique identifier (vendor/system ID) for the resource
Type of the resource
branch, host, container, dependency, repo, image, unknown The source vendor of the resource
The vendor-specific or external ID associated with this resource
Additional data or properties about the resource
List of hostnames for the container
Container image identifier
URL associated with the container
container Cloud metadata for the resource
Cloud account identifier
Cloud account name
Cloud service provider
Cloud image identifier
Cloud instance identifier
Type of cloud instance
Cloud region
Cloud subnet identifier
Cloud VPC identifier
URL associated with the resource
critical, high, medium, low, info, none open, closed, reopened, ignored, deleted URL to the vulnerability details, provided by the upstream vendor
Vendor specific pass through data, values can vary based on vendor
Total number of items that can be returned
curl --request GET \
--url https://api.leen.dev/v1/vms/vulnerabilities \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"resource": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"uid": "<string>",
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "wiz_vms"
}
],
"type": "branch",
"groups": [
{
"name": "<string>",
"uid": "<string>"
}
],
"data": {
"hostnames": [
"<string>"
],
"image": "<string>",
"url": "<string>",
"type": "container"
},
"cloud_metadata": {
"account_id": "<string>",
"account_name": "<string>",
"cloud_provider": "<string>",
"image_id": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"region": "<string>",
"subnet_id": "<string>",
"vpc_id": "<string>"
},
"url": "<string>",
"vendor": "<string>",
"vendor_id": "<string>"
},
"name": "<string>",
"description": "<string>",
"scan_output": "<string>",
"cve": [
"<string>"
],
"cvss_version": "<string>",
"cvss_base_score": 123,
"cvss_vector": "<string>",
"cvss_temporal_score": 123,
"cvss_temporal_vector": "<string>",
"cert_id": "<string>",
"port": 123,
"protocol": "<string>",
"service": "<string>",
"severity": "critical",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z",
"state": "open",
"state_updated_at": "2023-11-07T05:31:56Z",
"patchable": true,
"solution": "<string>",
"category": "web",
"vulnerability_url": "<string>",
"vendor": "tenable",
"vendor_id": "<string>",
"vendor_severity": "<string>",
"vendor_scan_id": "<string>",
"vendor_data": {}
}
]
}