VMS
CSPM
Identity Provider (IDP)
TPRM
ITSM
Provisioning
- POSTCreate Organization
- GETList Organizations
- GETGet Organization by ID
- DELSoft Delete Organization By Id And Environment Id
- POSTCreate Connection
- GETList Connections
- GETGet Connection by ID
- GETList Jobs by Connection ID
- GETTest Connection Credentials by Connection ID
- DELDelete Connection
- PATCHUpdate Connection by ID and Organization ID
Connectors
Enrichments
Outbound Jobs
curl --request GET \
--url https://api.leen.dev/v1/vms/vulnerabilities \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"description": "<string>",
"scan_output": "<string>",
"cve": [
"<string>"
],
"cvss_version": "<string>",
"cvss_vector": "<string>",
"cvss_temporal_score": 123,
"cvss_temporal_vector": "<string>",
"cert_id": "<string>",
"port": 123,
"protocol": "<string>",
"service": "<string>",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"state_updated_at": "2023-11-07T05:31:56Z",
"patchable": true,
"solution": "<string>",
"category": "web",
"vendor": "tenable",
"vendor_id": "<string>",
"vendor_severity": "<string>",
"vendor_scan_id": "<string>",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"resource": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"type": "BRANCH",
"state": "ACTIVE",
"vendor": "<string>",
"vendor_attributes": {
"id": "<string>",
"data": {
"vendor": "qualys",
"host_id": "<string>",
"asset_id": "<string>",
"tracking_method": "<string>"
}
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "wiz_vms"
}
],
"groups": [
{
"name": "<string>",
"uid": "<string>"
}
],
"data": {
"hostnames": [
"<string>"
],
"image": "<string>"
},
"cloud_metadata": {
"account_id": "<string>",
"account_name": "<string>",
"cloud_provider": "<string>",
"image_id": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"region": "<string>",
"subnet_id": "<string>",
"vpc_id": "<string>"
},
"url": "<string>",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z"
},
"cvss_base_score": "CVSS base score",
"severity": "none",
"state": "open",
"vulnerability_url": "<string>",
"vendor_data": {}
}
],
"total": 123
}List Vulnerabilities
List all the vulnerabilities for a given connection.
curl --request GET \
--url https://api.leen.dev/v1/vms/vulnerabilities \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"description": "<string>",
"scan_output": "<string>",
"cve": [
"<string>"
],
"cvss_version": "<string>",
"cvss_vector": "<string>",
"cvss_temporal_score": 123,
"cvss_temporal_vector": "<string>",
"cert_id": "<string>",
"port": 123,
"protocol": "<string>",
"service": "<string>",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"state_updated_at": "2023-11-07T05:31:56Z",
"patchable": true,
"solution": "<string>",
"category": "web",
"vendor": "tenable",
"vendor_id": "<string>",
"vendor_severity": "<string>",
"vendor_scan_id": "<string>",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"resource": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "<string>",
"type": "BRANCH",
"state": "ACTIVE",
"vendor": "<string>",
"vendor_attributes": {
"id": "<string>",
"data": {
"vendor": "qualys",
"host_id": "<string>",
"asset_id": "<string>",
"tracking_method": "<string>"
}
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "wiz_vms"
}
],
"groups": [
{
"name": "<string>",
"uid": "<string>"
}
],
"data": {
"hostnames": [
"<string>"
],
"image": "<string>"
},
"cloud_metadata": {
"account_id": "<string>",
"account_name": "<string>",
"cloud_provider": "<string>",
"image_id": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"region": "<string>",
"subnet_id": "<string>",
"vpc_id": "<string>"
},
"url": "<string>",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z"
},
"cvss_base_score": "CVSS base score",
"severity": "none",
"state": "open",
"vulnerability_url": "<string>",
"vendor_data": {}
}
],
"total": 123
}Query Parameters
Sort by field
Datetime filter, only return vulnerabilities where the state was updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Datetime filter, only return vulnerabilities where the first seen since this datetime. Example format: 2021-01-01T00:00:00+00:00
Datetime filter, only return vulnerabilities where the last seen since this datetime. Example format: 2021-01-01T00:00:00+00:00
Device ID Filter, comma separated
Resource ID Filter, comma separated
Vulnerability severity filter, comma separated
Vulnerability state filter, comma separated
Port number filter, comma separated
Protocol filter, comma separated
Vulnerability category filter, comma separated
CVE ID filter, comma separated
Include device groups in the devices attached to the vulnerability
Device group ID filter, comma separated
Vulnerability ID filter, comma separated. Need to be valid UUIDs. Max 100 IDs
Enable cursor based pagination instead of default offset-based pagination
Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Limit size (page size)
x >= 0Offset index (starting index of page)
x >= 0Skips returning the total rows, total is set to null when true
Skip token to continue from the last item in the previous page
Response
Successful Response
- OffsetPaginatedResponse[VulnerabilityRespModel]
- KeySetPaginatedResponse[VulnerabilityRespModel]
Number of items return in the response
List of items returned in the response
Show child attributes
Show child attributes
Leen's UUID for the vulnerability
Name of vulnerability, provided by the upstream vendor
Description of vulnerability, provided by the upstream vendor
Scan output that was provided when detected on the device
List of CVEs associated with the vulnerability
CVSS version
CVSS vector uses cvss3 when available, provided by the upstream vendor
CVSS temporal score
CVSS temporal vector
Corresponds to an identifier in the vulnerability database provided by the US Computer Emergency Readiness Team (US-CERT)
Port number of the vulnerability that was detected
Protocol of the vulnerability that was detected, example: tcp
Service of the vulnerability that was detected, example: http
First detection date
Last detection date
The last time the vulnerability was updated
The last time the state was updated
A patch is available
Solution for the vulnerability, provided by upstream vendor
Vulnerability category
web, network, database, application, os, other, general, attack_vector Source vendor
tenable, qualys, snyk, insightvm, crowdstrike_spotlight, sentinelone_vms, MS_DEFENDER_VMS, WIZ_VMS, AWS_INSPECTOR2 Vendor's ID of the vulnerability
Passthrough value of severity
Vendor's ID of the scan that detected the
Device attached to the vulnerability, include device groups with includeDeviceGroups query parameter
- Device
- DeviceWithGroups
Show child attributes
Show child attributes
active, offline, quarantined, unknown, deleted Show child attributes
Show child attributes
mac, windows, linux, unknown CloudMetadata, currently only AWS is supported
Show child attributes
Show child attributes
aws "aws"Vendor specific pass through data, values can vary based on vendor
Resource attached to the vulnerability
Show child attributes
Show child attributes
Leen's UUID for the resource
Resource name
Type of the resource
BRANCH, HOST, CONTAINER, DEPENDENCY, IMAGE, REPOSITORY, VENDOR, UNKNOWN State of the resource
ACTIVE, IGNORED, DELETED, INACTIVE, QUARANTINED, UNKNOWN The source vendor of the resource
Vendor-specific attributes like IDs
Show child attributes
Show child attributes
Vendor specific ID
Vendor specific data
- QualysDeviceVendorData
- TenableDeviceVendorData
- OrcaResourceVendorAttributesData
Show child attributes
Show child attributes
qualys "qualys"Cloud metadata for the resource
Show child attributes
Show child attributes
Cloud account identifier
Cloud account name
Cloud service provider
Cloud image identifier
Cloud instance identifier
Type of cloud instance
Cloud region
Cloud subnet identifier
Cloud VPC identifier
URL associated with the resource
Timestamp when the resource was first seen
Timestamp when the resource was last seen
critical, high, medium, low, info, none open, closed, reopened, ignored, deleted URL to the vulnerability details, provided by the upstream vendor
Vendor specific pass through data, values can vary based on vendor
Total number of items that can be returned