Endpoint Detection and Response (EDR)
EDR Integrations
Information about the EDR integrations available in Leen. Find out which fields are supported by each integration and how to configure them.
Supported Fields
| Leen Model | SentinelOne EDR1 | CrowdStrike EDR | Microsoft Defender |
|---|---|---|---|
vendor_id | ✅ | ✅ | ✅ |
title | ✅ | ✅ | ✅ |
description | ✅ | ✅ | |
assigned_user | ✅ | ✅ | |
severity | ✅ | ✅ | ✅ |
vendor_severity | ✅ | ✅ | ✅ |
status | ✅ | ✅ | ✅ |
vendor_status | ✅ | ✅ | ✅ |
first_event_time | ✅ | ✅ | ✅ |
last_event_time | ✅ | ✅ | ✅ |
resolved_time | ✅ | ✅ | |
pid | ✅ | ✅ | ✅ |
process_created_at | ✅ | ||
process_filename | ✅ | ✅ | |
process_command_line | ✅ | ✅ | ✅ |
process_sha1 | ✅ | ✅ | |
process_sha256 | ✅ | ✅ | ✅ |
process_md5 | ✅ | ✅ | |
parent_pid | ✅ | ✅ | ✅ |
user_name | ✅ | ✅ | ✅ |
windows_sid | ✅ | ||
active_directory_username | ✅ | ✅ | |
active_directory_domain | ✅ | ✅ | |
tactic_name | ✅ | ✅ | |
tactic_id | ✅ | ||
tactic_source | ✅ | ||
technique_name | ✅ | ✅ | |
technique_id | ✅ | ||
technique_link | ✅ |