v2.2.0

2.2.0 - 2024-11-18

Updated

• Updated the FileEventV2 model to all existing fields at this time. For example, the recently added responseControls response object is now available on the model.
• Updated EventQuery objects to allow filtering by any string by removing the requirement that filter terms and values must match explicitly defined fields. This allows end users to filter by fields recently added to the file event response without requiring an SDK update.
• client.actors.v1.get_actor_by_name now defaults to prefer_parent=True. Previously, it defaulted to False.

v2.1.0

2.1.0 - 2024-09-30

Added

• Support for the API to update actors.
  • client.actors.v1.update_actor - to update an actor's start date, end date, or notes.
• A CLI command to update an actor.
  • incydr actors update - to update an actor's start date, end date, or notes.

Deprecated

• Risk Profiles methods and commands are now deprecated, replaced by the actors command group.

v2.0.0

2.0.0 - 2024-05-10

Added

• Support for the Sessions APIs
  • A sessions.v1 client to the SDK with the following methods:
    • client.sessions.v1.get_page() - to query a page of sessions.
    • client.sessions.v1.iter_all() - to lazily iterate through all pages of sessions.
    • client.sessions.v1.get_session_details() - to retrieve the details of a single session specified by ID.
    • client.sessions.v1.get_session_events() - to retrieve the file events associated with a session specified by ID.
    • client.sessions.v1.update_state_by_id() - to update the state of a session specified by ID.
    • client.sessions.v1.update_state_by_criteria() - to update the state of all sessions matching the filter criteria.
    • client.sessions.v1.add_note() - to attach a note to a session specified by ID.
  • A set of sessions CLI commands:
    • incydr sessions search to search sessions by criteria. Includes various filter, output, and checkpointing options.
    • incydr sessions show to show session details.
    • incydr sessions show-events to show file events associated with the session.
    • incydr sessions update to update the state and/or note of a session.
    • incydr sessions bulk-update-state to update the state and attach an optional note to multiple sessions at once
• Support for Actors APIs, including:
  • An actors.v1 client to the SDK with the following methods:
    • client.actors.v1.get_page() - to query a single page of actors.
    • client.actors.v1.iter_all() - to lazily iterate through all pages of actors.
    • client.actors.v1.get_actor_by_id() - to retrieve details of a single actor by ID.
    • client.actors.v1.get_actor_by_name() - to retrieve details of a single actor by name.
    • client.actors.v1.get_family_by_member_id() - to retrieve details of an actor family by a member's ID.
    • client.actors.v1.get_family_by_member_name() - to retrieve details of an actor family by a member's name.
  • A set of actors CLI commands:
    • incydr actors list to list all actors matching search criteria (in table, CSV, or JSON formats).
    • incydr actors show to show details of a given actor by ID or name.
    • incydr actors show-family to show details of an actors family.

Removed

• Breaking Change! Cloud alias risk profile functionality has been removed.
  • The following Python SDK methods have been removed:
    • client.user_risk_profiles.add_cloud_alias() should be replaced by client.actors.create_adoption()
    • client.user_risk_profiles.remove_cloud_alias() should be replaced by client.actors.remove_adoption()
  • The following CLI commands have been removed.
    • incydr risk-profiles add-cloud-alias should be replaced by incydr actors adoption create
    • incydr risk-profiles remove-cloud-alias should be replaced by incydr actors adoption remove
    • incydr risk-profiles bulk-add-cloud-aliases
    • incydr risk-profiles bulk-remove-cloud-aliases

Changed

• Breaking Change! User risk profiles have been renamed as Risk profiles to better fit their additional application to actors.
  • The SDK has been updated to reflect this via the following changes:
    • UserRiskProfile model has been renamed to RiskProfile.
    • UserRiskProfilesPage model has been renamed to RiskProfilesPage.
    • The UserRiskProfiles class has been renamed to RiskProfiles
    • The Incydr client user_risk_profiles property has been renamed to risk_profiles, methods in that client have been renamed similarly.
      • client.user_risk_profiles.v1.get_user_risk_profile() would now be client.risk_profiles.v1.get_risk_profile().
    • The CLI has been updated to reflect this via the following changes:
      • The risk-profiles command group is no longer available under the users command group. It is still accessible as its own incydr command group. ex: incydr risk-profiles list.

Deprecated

• Alerts Python SDK methods and the Alerts CLI commands group have been deprecated. Functionality is replaced by the Sessions SDK client and CLI command group.

v1.2.0

1.2.0 - 2024-3-18

Added

• The following agent health related fields will be present on the response when retrieving agents:
  • serialNumber
  • machineId
  • agentHealthIssueTypes
• Additional optional args in the SDK's agent client for filtering by agent health.
  • client.agents.v1.get_page() and client.agents.v1.get_page() now accept:
    • agent_healthy: bool - Retrieve only healthy agents with True or only unhealthy agents with False. Defaults to returning all agents.
    • agent_health_issue_types: List[str] | str- Retrieve agents with any of the given health issues. Ex: NOT_CONNECTING
• Additional options in the CLI's agent command group for filtering by agent health:
  • incydr agents list now accepts:
    • --healthy - Retrieve only healthy agents.
    • --unhealthy - Retrieve only unhealthy agents.
    • Pass a comma separated list of health issue types to the unhealthy option to filter for agents with any of the given health issues. Ex: --unhealthy NOT_CONNECTING,NOT_SENDING_SECURITY_EVENTS
    • Use incydr agents list --help to see more specifics on the new command options.
• See the SDK documentation and the CLI documentation for more details.

v1.1.2

1.1.2 - 2023-12-11

Fixed

• Saved search filter values can now accept a list of strings. Prior to this fix this was incorrectly resulting in a model validation error.

v1.1.1

1.1.1 - 2023-10-03

Fixed

• Pinned Pydantic version to major version 1.* following the release of Pydantic 2.0.

v1.1.0

1.1.0 - 2023-05-01

Added

• Better error messaging when authentication parameters or env vars missing when instantiating the incydr.Client or running CLI commands.
• Missing authentication parameters (url, api_client_id, or api_client_secret) causes client to raise new exception type: AuthMissingError.
• incydr.exceptions module has been added to the public API.
• Support for Agents APIs, including:
  • An agents.v1 client to the SDK with the following methods:
    • client.agents.v1.get_page() to query a single page of agents.
    • client.agents.v1.iter_all() to lazily iterate through all pages of agents.
    • client.agents.v1.get_agent() to retrieve details of a single agent by ID.
    • client.agents.v1.update() to update the name or externalReference field of an agent.
    • client.agents.v1.activate() to activate a list of agents by their IDs.
    • client.agents.v1.deactivate() to deactivate a list of agents by their IDs.
  • A set of agents CLI commands:
    • incydr agents list to list all agents in your environment (in table, CSV, or JSON formats).
    • incydr agents show to show the details of a given agent by ID.
    • incydr agents bulk-activate to activate a set of agents from CSV or JSON-LINES file input.
    • incydr agents bulk-deactivate to deactivate a set of agents from CSV or JSON-LINES file input.
• New search terms on the incydr.enums.file_events.EventSearchTerm enum, enabling full support for querying the latest file event fields.
• New file event field models: AcquiredFromGit, AcquiredFromSourceUser, UntrustedValues.
• Various other additions to existing model fields

v1.0.1

1.0.1 - 2023-04-21

Fixed

• Bug in the user_risk_profile client, where get_page() was using the incorrect query param for the page number.
• Bug in AuditEventsPage model that prevented some audit log events from being parsed correctly.

v1.0.0

Initial 1.0.0 release of the Incydr SDK and CLI.

v.0.2.0

v0.2.0

Beta release of incydr CLI. Installable via pip install 'incydr[cli]'.