Endpoint Detection and Response (EDR)
EDR Integrations
Information about the EDR integrations available in Leen. Find out which fields are supported by each integration and how to configure them.
Supported Fields
Leen Model | SentinelOne1 | CrowdStrike | Microsoft Defender |
---|---|---|---|
vendor_id | ✅ | ✅ | ✅ |
title | ✅ | ✅ | ✅ |
description | ✅ | ✅ | |
assigned_user | ✅ | ✅ | |
severity | ✅ | ✅ | ✅ |
vendor_severity | ✅ | ✅ | ✅ |
status | ✅ | ✅ | ✅ |
vendor_status | ✅ | ✅ | ✅ |
first_event_time | ✅ | ✅ | ✅ |
last_event_time | ✅ | ✅ | ✅ |
resolved_time | ✅ | ✅ | |
pid | ✅ | ✅ | ✅ |
process_created_at | ✅ | ||
process_filename | ✅ | ✅ | |
process_command_line | ✅ | ✅ | ✅ |
process_sha1 | ✅ | ✅ | |
process_sha256 | ✅ | ✅ | ✅ |
process_md5 | ✅ | ✅ | |
parent_pid | ✅ | ✅ | ✅ |
user_name | ✅ | ✅ | ✅ |
windows_sid | ✅ | ||
active_directory_username | ✅ | ✅ | |
active_directory_domain | ✅ | ✅ | |
tactic_name | ✅ | ✅ | |
tactic_id | ✅ | ||
tactic_source | ✅ | ||
technique_name | ✅ | ✅ | |
technique_id | ✅ | ||
technique_link | ✅ |
For any additional information about our field mappings or integrations please contact us.
[1] SentinelOne provides limited alert information if the alert is not of type Dynamic