Leen Changelog
Monthly updates with the latest features added, improvements made and bugs squashed.
November 20, 2024
Product Digest #10
- Released 2 new integrations! Entra ID (IDP), and Arnica (AppSec)
- Released a major private beta feature that allows Leen to send normalized data directly to a customer's S3 bucket so no end customer data is stored on Leen's side. Reach out via contact@leen.dev for more information
- Added support for Snyk's EU instances
- Added support for user_app_last_login_at to the Entra ID integration
- Enabled both OAuth and secret based authentication for Entra ID
- Several infra updates and bug fixes related to SentinelOne, MS Defender for Endpoint, Snyk, AWS Security Hub, and CrowdStrike
October 18, 2024
Product Digest #9
- Released the AWS Security Hub Connector
- Released our first IDP connector- Okta
- Added AWS Inspector2 to our VMS and AppSec models
- Added BYO OAuth app functionality to MS Defender for Cloud so your can use own OAuth app instead of Leen's
- Added
includeDeviceGroups
anddeviceGroupID
filters to all the VMS connectors - Added
updatedSince
,includeCompliances
,complianceStatus
,complianceFindingStatus
,control
,standard
, andstatusUpdatedSince
filters to CSPM model - Added reauth support for Snyk to OnRamp
- Squashed several bugs related to the MS Defender Vulnerability Management, MS Defender for Endpoint, Tenable, CrowdStrike EDR, Rapid7, and CrowdStrike Spotlight connectors
September 17, 2024
Product Digest #8
- Released the Lacework CSPM connector
- Resolved an issue with the state of Snyk issues. Issues can be both
open
andignored
in Snyk. Previously, Leen's state would be returned asopen
in this scenario. However,ignored
has been given higher priority and will be returned instead - Duplicate OAuth connections for Snyk will now be rejected
-
repo_branch_url
,issue_url
, and variousvendor_data
fields were added to the AppSec model - Support for
vulnerability_url
was added to Tenable, Qualys, SentinelOne VMS, and MS Defender VM in the VMS model - OnRamp will now emit an error event when connection creation fails so you can handle it accordingly within your application
August 12, 2024
Product Digest #7
- Released our first CSPM connector- MS Defender for Cloud. Connectors in this category produce 2 types of findings- Alerts and Compliance findings
- Added a check that prevents the same credentials being used for a connection within the same organization
- Added
remediation
andstate_updated_since
to the AppSec model - Added a new endpoint to fetch CVE data from NVD. There's no API key or connection ID required to fetch this data
- NVD data has been added as a permanent enrichment to our SentinelOne VMS connector
- Updated to Semgrep's latest API version to get findings from the new
scan
endpoint since the supply chain vulnerabilities endpoint was deprecated - Updated to Snyk's latest API version
2024-06-21
- Added severity sorting to all VMS and AppSec connectors
July 10, 2024
Product Digest #6
- We're excited to launch our first UI component called OnRamp. OnRamp is an embeddable end-user onboarding component. Implementing OnRamp will save you the hassle of having to create onboarding forms for each connector you activate with Leen
- Released the scans configuration endpoint for VMS connectors. This endpoint provides data on how VMS scans are setup (status, scan targets, is_scheduled, etc.)
- Released the update connection endpoint to allow you to update the
credentials
oridentifier
associated with a connection
- Added automated credential testing for CrowdStrike and Tenable before these connections are set live. This functionality was already in place for all our other connectors
June 20, 2024
Product Digest #5
- Released 3 new connectors with the VMS model! CrowdStrike Falcon Spotlight, SentinelOne VMS, and MS Defender Vulnerability Management are now live.
- CrowdStrike EDR connector improvements- Added host groups, device policies, and login data
- Added the
includeDeviceGroups
parameter to EDR and VMS connectors to include device group data in the /alerts, /vulnerabilities, and /devices endpoints
- Added Oauth redirect override functionality to the /connections endpoint for Snyk, MS Defender for Endpoint, and MS Defender Vulnerability Management connectors
May 1, 2024
Product Digest #4
- Released the Rapid7 integration within the VMS model
- Released the Semgrep integration within the AppSec model
- Added additional fields to the Qualys connector- device tags and CVSS data
- Added an option to override the timestamp for the initial load for the Qualys connector. This feature enables customers to define exactly how much data to pull in from this connector on the initial connection
- Added
vendor_data
to the VMS and device models as a field to passthrough vendor specific values
- Record when the state of a vulnerability changes and enable filtering on
stateUpdatedSince
to help track the state of specific vulnerabilities over time
- Added a provisioning endpoint to test credentials for a given connection to ensure that the provided credentials are valid before setting a connection live
March 25, 2024
Product Digest #3
- Leen's AppSec model is now live with our first integration in this category- Snyk! We support both SAST and SCA issues via this model. We'll be adding a Semgrep integration to this model soon
- Our EDR model is live too! The first integration two integrations we're releasing in this category are with CrowdStrike and SentinelOne. The integration with MS Defender for Endpoint is coming very soon
- Added an
updatedSince
filter on the AppSec, EDR, and VMS models so it's easier to fetch relevant data in smaller batches from customer environments with a lot of data
- Expanded our lab so we can offer more robust sandboxes for each one of our supported connectors. You no longer need to rely on end customer data to test connectors!
- Added monitoring and logging capabilities to detect issues with upstream APIs so we can inform customers when specific vendor APIs are down
January 31, 2024
Product Digest #2
- A new Quick Start guide has been added to our docs to help explain concepts like organization and connection within Leen's platform
- Released endpoints to:
- Poll the status of new data refreshes- Connection Job endpoint. Use this endpoint to ensure the data you're pulling from Leen is as up to date as possible
- Delete organizations and connections. This is our latest management API to help clean up inactive organizations and associated connections
- Added support for pulling user access data per connection. This endpoint can be used to fetch a list of users with access to a given tool and their level of access
- Added docs on how to create credentials and permissions for Tenable and Qualys. This guide ensures that credentials for these tools are setup with the proper permissions for Leen to fetch data
December 27, 2023
Product Digest #1
- Our first unified data model for Vulnerability Management is live!
- The first 2 Vulnerability Management connectors we're supporting are Qualys and Tenable. Both of these connectors are now available and are populated with sandbox data. Reach out to our team to request API keys to access this sample data
- The
devices
endpoint is now available to allow you to pull a list of devices associated with vulnerabilities - Onboard all of your customers and their connections to various security vendors via our provisioning APIs
- Our API now supports filters so you can choose which data points to pull and which ones to ignore. You can filter vulnerabilities by severity, device ID, CVE, protocol, etc and devices by IP, status, hostname, etc.