Supported Fields

Information about the EDR integrations available in Leen. Find out which fields are supported by each integration and how to configure them.

EDR Integrations

Leen.dev Unified API for Security

Introduction

Quick Start

OnRamp is Leen's embeddable onboarding component that allows your users to easily create new connections or update existing connections. As an embeddable component, OnRamp is designed to be integrated directly into your application workflow.

Create a connection

Update a connection

Authentication

Due to a limitation in our docs it has become confusing to figure out how to create a new connection. This guide will help you through the process.

Creating a new connection

The Leen API supports cursor-based pagination to help you efficiently navigate through large datasets. Follow these steps to implement pagination using our API.

Cursor Pagination

The Connection Health feature provides a high-level view of connection stability by evaluating the status of the most recent job run. It helps identify unhealthy connections, categorize failure types, and improve error visibility.

Connection Health

Supported AppSec connectors for the AppSec endpoints

AppSec Connectors

List all the issues for a given connection. sort - supports `severity:asc` (eg. lowest to highest criticality) and `severity:desc` if not direction is provided it will default to `asc`

List Issues

Retrieve an issue by its ID (Leen's UUID).

Get Issue by ID

Supported EDR connectors for the EDR endpoints

EDR Connectors

List all the EDR alerts for a given connection.

List Alerts

Retrieve an EDR alert by its ID (Leen's UUID).

Get Alert by ID

List all the device policies for a given connection.

List Policies

Supported VMS connectors for the VMS endpoints

VMS Connectors

List all the vulnerabilities for a given connection.

List Vulnerabilities

Retrieve a vulnerability by its ID (Leen's UUID)

Get Vulnerability by ID

List VMS Scan Configurations

Get VMS Scan Configuration by ID

Supported CSPM connectors for the CSPM endpoints

CSPM Connectors

List Compliance Findings

Supported IDP connectors for the IDP endpoints

IDP Connectors

List all the IDP users for a given connection.

List IDP Users

List all the IDP groups for a given connection.

List IDP Groups

List all the IDP applications for a given connection.

List IDP Applications

List all the IDP alerts for a given connection. sort - supports `severity:asc` (eg. lowest to highest criticality) and `severity:desc`. If no direction is provided it will default to `asc`

List IDP Alerts

Supported Device connectors for the Device endpoints and model properties

Device Connectors

List all the devices for a given connection.

List Devices

Retrieve a device by its ID (Leen's UUID).

Get Device by ID

List all the device groups for a given connection.

List Device Groups

Supported Configuration connectors for the Configuration endpoints

Configuration Connectors

List all users who have access to the connection source (e.g. Tenable, Qualys, etc.)

List Configuration Users

Return a User who has access to a connection source by ID (Leen's UUID).

Get Configuration User by ID

Create an organization for a given Environment.

Create Organization

List all the organizations for a given Environment.

List Organizations

Return an organization by its ID (Leen's UUID).

Get Organization by ID

Soft Delete Organization By Id And Environment Id

Create a connection for a given Organization.

Create Connection

List all the connections for a given Organization.

List Connections

Retrieve a connection by its ID (Leen's UUID).

Get Connection by ID

List all the jobs for a given Connection.

List Jobs by Connection ID

Test the connection credentials for a given Connection.

Test Connection Credentials by Connection ID

Delete a connection by its ID and Organization ID (Leen's UUID).

Delete Connection

Update Connection by ID and Organization ID

Get Integrations

Create a one-time use connection invite token for an Organization.

Create Connection Invite Token

List all the created connection invite tokens for a given Organization.

List Connection Invite Tokens

Get NVD Enrichment Data for CVEs

Supported Connectors

List vulnerability findings with keyset pagination and filtering options.

- **severity**: Filter by severity (comma-separated list, e.g., 'CRITICAL,HIGH')
- **state**: Filter by state (comma-separated list, e.g., 'OPEN,REOPENED')
- **has_fix**: Filter by whether a fix is available
- **first_seen_since**: Filter by findings first seen after this date
- **last_seen_since**: Filter by findings last seen after this date
- **state_updated_since**: Filter by findings with state updated after this date
- **resourceId**: Filter by resource ID (comma-separated list)
- **ids**: Filter by finding IDs (comma-separated list of UUIDs, max 100)

List Vulnerability Findings

Get Vulnerability Finding by ID

List Resources

Return a resource by its ID (Leen's UUID)

Get Resource by ID

API Reference

(BETA) API Reference V2

Support

Information about the VMS integrations available in Leen. Find out which fields are supported by each integration and how to configure them.

VMS Integrations

Information about the AppSec integrations available in Leen. Find out which fields are supported by each integration and how to configure them.

AppSec Integrations

Information about the CSPM integrations available in Leen. Find out which fields are supported by each integration and how to configure them.

CSPM Integrations

Information about the Identity Provider integrations available in Leen. Find out which fields are supported by each integration and how to configure them.

IDP Integrations

For new V2 integrations we are moving away from the concept of product category specific data models. Eg. Gitlab (Application Security) and Upwind (Cloud Security Posture Management) both use the same data model. 

Vulnerability Findings

Instructions on how to onboard a Gitlab Integration

Gitlab

Instructions on how to configure API access for Tanium to fetch endpoints and CVE Vulnerability Findings

Tanium VMS

Instructions on how to onboard an Upwind Integration

Upwind

Instructions on how to onboard a Semgrep Integration

Semgrep

Instructions on how to configure API access for Checkmarx to fetch SAST, SCA, IaC, Container, and API Security Findings.

Checkmarx

Instructions to create a service user and authenticate with Mend API 3.0

Mend

Instructions to create a service user and authenticate with Orca Serving Layer API

Orca Security

Migration guide for AppSec connectors from V1 Issues to V2 Vulnerability Findings and Resources

AppSec V1 to V2

Migration guide for VMS connectors from V1 Devices & Vulnerabilities to V2 Resources & Vulnerability Findings

Leen Model	SentinelOne EDR¹	CrowdStrike EDR	Microsoft Defender
`vendor_id`	✅	✅	✅
`title`	✅	✅	✅
`description`		✅	✅
`assigned_user`		✅	✅
`severity`	✅	✅	✅
`vendor_severity`	✅	✅	✅
`status`	✅	✅	✅
`vendor_status`	✅	✅	✅
`first_event_time`	✅	✅	✅
`last_event_time`	✅	✅	✅
`resolved_time`		✅	✅
`pid`	✅	✅	✅
`process_created_at`			✅
`process_filename`		✅	✅
`process_command_line`	✅	✅	✅
`process_sha1`	✅		✅
`process_sha256`	✅	✅	✅
`process_md5`	✅	✅
`parent_pid`	✅	✅	✅
`user_name`	✅	✅	✅
`windows_sid`			✅
`active_directory_username`	✅		✅
`active_directory_domain`	✅		✅

`tactic_name`	✅	✅
`tactic_id`		✅
`tactic_source`	✅

`technique_name`	✅	✅
`technique_id`		✅
`technique_link`	✅

Get Started

Integrations

OnRamp

​Supported Fields

Supported Fields