Getting started with Leen

Let’s introduce you to a few concepts to get you started with Leen.

Leen provides a common data model to represent data from various security products (connections), we provide data models on a per-category basis with support for:

  1. Vulnerability Management Systems (VMS)
  2. Application Security (AppSec)
  3. Endpoint Detection and Response (EDR)
  4. Cloud Security Posture Management (CSPM)

Leen also extracts and tracks certain entities from connections to better organize and give a more holistic view of the data. For example, we extract the Device data from a VMS connection and track it separately. Check out our Entities endpoints for detailed information.

Organizations and Connections

For Leen to correctly connect to an integration source on behalf of your customer we need to store some information about your customer’s organization. We do this by representing your customer as an organization. Before adding a connection, to pull data from, we need to first make sure an organization is added to Leen.

Connections represent an integration from one of the security products we support. A connection must belong to an organization that is owned by you. When you add a new connection to an organization you’ll be given a connection-id that you will use to pull data. Currently, all requests to Leen’s API require a connection-id to be included in your authentication headers since all data is scoped to a given connection.

Connecting to Leen

First, you’ll need an API Key to get started. You should have received one in your email when you signed up. If you haven’t, please contact us at contact@leen.dev.

More details on our authentication can be found here
1

Create an Organization

To provision a new organization, you’ll need to make a POST request to the /provisioning/organizations endpoint. This will create a new organization and return an organization-id that you will use to add connections.

You’ll use the organization’s ID to create a new connection in the next step. We recommend storing this ID alongside your customer’s information in your application. You can also easily find an organization’s ID by identifier or name by making a GET call and doing a 2-hop request.

See the API Reference page for more details.

2

Create a Connection

Now that we have created an organization we will create a connection to pull data from. To do this, we’ll make a POST request to the /provisioning/organizations/{organization_id}/connections endpoint. This will create a new connection and return a connection-id that you will use to pull data.

You will need to specify the vendor and credentials for the connection. The vendor is the name of the product that Leen is connecting to and the credentials object will be specific to the vendor. More information can be found on the API Reference page.

3

Pull Data

Now that we have an organization and connection setup, we can start pulling data. To do this, we’ll make a GET to any relevant data endpoints with your API key and Connection-ID in the headers. For example, to pull Vulnerability Management data you’d send this request.