API Documentation
VMS
Identity Provider (IDP)
Provisioning
Connectors
Enrichments
List Vulnerabilities
List all the vulnerabilities for a given connection.
curl --request GET \
--url https://api.leen.dev/v1/vms/vulnerabilities \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"name": "<string>",
"description": "<string>",
"scan_output": "<string>",
"cve": [
"<string>"
],
"cvss_version": "<string>",
"cvss_base_score": 123,
"cvss_vector": "<string>",
"cvss_temporal_score": 123,
"cvss_temporal_vector": "<string>",
"cert_id": "<string>",
"port": 123,
"protocol": "<string>",
"service": "<string>",
"severity": "critical",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z",
"state": "open",
"state_updated_at": "2023-11-07T05:31:56Z",
"patchable": true,
"solution": "<string>",
"category": "web",
"vulnerability_url": "<string>",
"vendor": "tenable",
"vendor_id": "<string>",
"vendor_severity": "<string>",
"vendor_scan_id": "<string>",
"vendor_data": {},
"affected_packages": [
{
"name": "<string>",
"version": "<string>",
"cpe_name": "<string>",
"fixed_in_version": "<string>"
}
]
}
]
}Query Parameters
Sort by field
Datetime filter, only return vulnerabilites where the state was updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Datetime filter, only return vulnerabilites where the first seen since this datetime. Example format: 2021-01-01T00:00:00+00:00
Datetime filter, only return vulnerabilites where the last seen since this datetime. Example format: 2021-01-01T00:00:00+00:00
Device ID Filter, comma separated
Vulnerability severity filter, comma separated
Port number filter, comma separated
Protocol filter, comma separated
Vulnerability category filter, comma separated
CVE ID filter, comma separated
Include device groups in the devices attached to the vulnerability
Device group ID filter, comma separated
Enable cursor based pagination instead of default offset-based pagination
Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Limit size (page size)
x > 0Offset index (starting index of page)
x > 0Skips returning the total rows, total is set to null when true
Response
Number of items return in the response
List of items returned in the response
Leen's UUID for the vulnerability
Device attached to the vulnerability, include device groups with includeDeviceGroups query parameter
active, offline, quarantined mac, windows, linux, unknown CloudMetadata, currently only AWS is supported
aws Vendor specific pass through data, values can vary based on vendor
Name of vulnerability, provided by the upstream vendor
Description of vulnerability, provided by the upstream vendor
Scan output that was provided when detected on the device
List of CVEs associated with the vulnerability
CVSS version
CVSS vector uses cvss3 when available, provided by the upstream vendor
CVSS temporal score
CVSS temporal vector
Corresponds to an identifier in the vulnerability database provided by the US Computer Emergency Readiness Team (US-CERT)
Port number of the vulnerability that was detected
Protocol of the vulnerability that was detected, example: tcp
Service of the vulnerability that was detected, example: http
First detection date
Last detection date
The last time the state was updated
A patch is available
Solution for the vulnerability, provided by upstream vendor
Vulnerability category
web, network, database, application, os, other, general, attack_vector Source vendor
tenable, qualys, snyk, insightvm, crowdstrike_spotlight, sentinelone_vms, MS_DEFENDER_VMS, WIZ_VMS Vendor's ID of the vulnerability
Passthrough value of severity
Vendor's ID of the scan that detected the
critical, high, medium, low, info, none open, closed, reopened, ignored URL to the vulnerability details, provided by the upstream vendor
Vendor specific pass through data, values can vary based on vendor
List of affected packages for the vulnerability
The software package name (required).
The software package version (required).
The CPE name (Common Platform Enumeration) for the software.
The version in which a reported vulnerability was patched/fixed.
Total number of items that can be returned
curl --request GET \
--url https://api.leen.dev/v1/vms/vulnerabilities \
--header 'X-API-KEY: <api-key>' \
--header 'X-CONNECTION-ID: <api-key>'{
"count": 123,
"total": 123,
"items": [
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"device": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"status": "active",
"platform": "mac",
"hostnames": [
"<string>"
],
"os_version": "<string>",
"os_major_version": "<string>",
"os_minor_version": "<string>",
"fqdns": [
"<string>"
],
"ipv4s": [
"<string>"
],
"ipv6s": [
"<string>"
],
"mac_addresses": [
"<string>"
],
"last_seen": "2023-11-07T05:31:56Z",
"first_seen": "2023-11-07T05:31:56Z",
"source_vendors": [
{
"vendor": "<string>",
"vendor_id": "<string>",
"agent_info": {
"agent_version": "<string>",
"signature_version": "<string>",
"policies": [
{}
]
}
}
],
"installed_software": [
"<string>"
],
"ad_info": {
"org_unit": "<string>",
"site_name": "<string>",
"domain": "<string>",
"device_id": "<string>"
},
"cloud_metadata": {
"cloud_provider": "aws",
"account_id": "<string>",
"region": "<string>",
"availability_zone": "<string>",
"instance_id": "<string>",
"instance_type": "<string>",
"image_id": "<string>",
"kernel_id": "<string>",
"vpc_id": "<string>",
"subnet_id": "<string>"
},
"tags": [
{
"key": "<string>",
"value": "<string>",
"source": "aws"
}
],
"identities": [
{
"username": "<string>",
"user_sid": "<string>"
}
],
"vendor_data": {}
},
"name": "<string>",
"description": "<string>",
"scan_output": "<string>",
"cve": [
"<string>"
],
"cvss_version": "<string>",
"cvss_base_score": 123,
"cvss_vector": "<string>",
"cvss_temporal_score": 123,
"cvss_temporal_vector": "<string>",
"cert_id": "<string>",
"port": 123,
"protocol": "<string>",
"service": "<string>",
"severity": "critical",
"first_seen": "2023-11-07T05:31:56Z",
"last_seen": "2023-11-07T05:31:56Z",
"state": "open",
"state_updated_at": "2023-11-07T05:31:56Z",
"patchable": true,
"solution": "<string>",
"category": "web",
"vulnerability_url": "<string>",
"vendor": "tenable",
"vendor_id": "<string>",
"vendor_severity": "<string>",
"vendor_scan_id": "<string>",
"vendor_data": {},
"affected_packages": [
{
"name": "<string>",
"version": "<string>",
"cpe_name": "<string>",
"fixed_in_version": "<string>"
}
]
}
]
}