Changelog¶
CBC SDK 1.4.1 - Released October 21, 2022¶
New Features:
- AWS workloads now supported in VM Workloads Search.
- Live Query Differential Analysis functionality.
Updates:
- VM Workloads Search updated to use new v2 APIs
- Added the
alertable
field to feeds. - Devices API now supports faceting on three additional (public cloud related) fields.
- Added a user acceptance test script for the policy function updates.
Documentation:
- Added information on OAuth authentication to docs.
CBC SDK 1.4.0 - Released July 26,2022¶
Breaking Changes:
Policy
object has been moved fromcbc_sdk.endpoint_standard
tocbc_sdk.platform
, as it now uses the new Policy Services API rather than the old APIs through Integration Services.- N.B.: This change means that you must use a custom API key with permissions under
org.policies
to manage policies, rather than an older “API key.” - To enable time to update integration logic, the
cbc_sdk.endpoint_standard Policy
object may still be imported from the old package, and supports operations that are backwards-compatible with the old one. - When developing a new integration, or updating an existing one cbc_sdk.platform should be used. There is a utility
class
PolicyBuilder
, and as features are added to the Carbon Black Cloud, they will be added to this module.
- N.B.: This change means that you must use a custom API key with permissions under
- Official support for Python 3.6 has been dropped, since that version is now end-of-life. Added explicit testing support for Python versions 3.9 and 3.10. N.B.: End users should update their Python version to 3.7.x or greater.
New Features:
- Credentials handler now supports OAuth tokens.
- Added support for querying a single
Report
from aFeed
. - Added support for alert notes (create, delete, get, refresh).
Updates:
- Removed the (unused)
revoked
property fromGrant
objects. - Increased the asynchronous query thread pool to 3 threads by default.
- Required version of
lxml
is now 4.9.1. - Added a user acceptance test script for Alerts.
Bug Fixes:
- Added
max_rows
to USB device query, fixing pagination. - Fixed an off-by-one error in Alerts Search resulting un duplicate alerts showing up in results.
- Fixed an error in alert faceting operations due to sending excess input to the server.
Documentation:
- Watchlists, Feeds, and Reports guide has been updated with additional clarification and examples.
- Updated description for some
Device
fields that are never populated. - Additional sensor states added to
Device
documentation. - Fixed the description of
BaseAlertSearchQuery.set_types
so that it mentions all valid alert types. - Threat intelligence example has been deprecated.
CBC SDK 1.3.6 - Released April 19, 2022¶
New Features:
- Support for Device Facet API.
- Dynamic reference of query classes–now you can do
api.select("Device")
in addition toapi.select(Device)
. - Support for Container Runtime Alerts.
- NSX Remediation functionality - set the NSX remediation state for workloads which support it.
Updates:
- Endpoint Standard specific
Event
s have been decommissioned and removed. - SDK now uses Watchlist Manager apis
v3
instead ofv2
.v2
APIs are being decommissioned.
Documentation:
- Added a
CONTRIBUTING
link to theREADME.md
file. - Change to Watchlist/Report documentation to properly reflect how to update a
Report
in aWatchlist
. - Cleaned up formatting.
CBC SDK 1.3.5 - Released January 26, 2022¶
New Features:
- Added asynchronous query support to Live Query.
- Added the ability to export query results from Live Query, either synchronously or asynchronously (via the
Job
object and the Jobs API). Synchronous exports include full-file export, line-by-line export, and ZIP file export. Asynchronous exports include full-file export and line-by-line export. - Added a
CredentialProvider
that uses AWS Secrets Manager to store credential information.
Updates:
- Added
WatchlistAlert.get_process()
method to return theProcess
of aWatchlistAlert
. - Added several helpers to Live Query support to make it easier to get runs from a template, or results, device summaries, or facets from a run.
- Optimized API requests when performing query slicing.
- Updated pretty-printing of objects containing
dict
members. lxml
dependency updated to version 4.6.5.
Bug Fixes:
User.delete()
now checks for an outstanding access grant on the user, and deletes it first if it exists.- Fixed handling of URL when attaching a new IOC to a
Feed
. - Getting and setting of
Report
ignore status is now supported even if thatReport
is part of aFeed
.
Documentation:
- Information added about the target audience for the SDK.
- Improper reference to a credential property replaced in the Authentication guide.
- Broken example updated in Authentication guide.
- Added SDK guides for Vulnerabilities and Live Query APIs.
- Updated documentation for
ProcessFacet
model to better indicate support for full query string.
CBC SDK 1.3.4 - Released October 12, 2021¶
New Features:
- New CredentialProvider supporting Keychain storage of credentials (Mac OS only).
- Recommendations API - suggested reputation overrides for policy configuration.
Updates:
- Improved string representation of objects through
__str__()
mechanism.
Bug Fixes:
- Ensure proper
TimeoutError
is raised in several places where the wrong exception was being raised. - Fix to allowed categories when performing alert queries.
Documentation Changes:
- Added guide page for alerts.
- Live Response documentation updated to note use of custom API keys.
- Clarified query examples in Concepts.
- Note that vulnerability assessment has been moved from
workload
toplatform.
- Small typo fixes in watchlists, feeds, UBS, and reports guide.
CBC SDK 1.3.2 - Released August 10, 2021¶
New Features:
- Added asynchronous query options to Live Response APIs.
- Added functionality for Watchlists, Reports, and Feeds to simplify developer interaction.
Updates:
- Added documentation on the mapping between permissions and Live Response commands.
Bug Fixes:
- Fixed an error using the STIX/TAXII example with Cabby.
- Fixed a potential infinite loop in getting detailed search results for enriched events and processes.
- Comparison now case-insensitive on UBS download.
CBC SDK 1.3.1 - Released June 15, 2021¶
New Features:
- Allow the SDK to accept a pre-configured
Session
object to be used for access, to get around unusual configuration requirements.
Bug Fixes:
- Fix functions in
Grant
object for adding a new access profile to a user access grant.
CBC SDK 1.3.0 - Released June 8, 2021¶
New Features
- Add User Management, Grants, Access Profiles, Permitted Roles
- Move Vulnerability models to Platform package in preparation for supporting Endpoints and Workloads
- Refactor Vulnerability models
VulnerabilitySummary.get_org_vulnerability_summary
static function changed toVulnerability.OrgSummary
model with query classVulnerabilitySummary
model moved insideVulnerability
toVulnerability.AssetView
sub modelOrganizationalVulnerability
andVulnerability
consolidated into a single model to include Carbon Black Cloud context and CVE information togetherVulnerability(cb, CVE_ID)
returns Carbon Black Cloud context and CVE informationDeviceVulnerability.get_vulnerability_summary_per_device
static function moved toget_vulnerability_summary
function onDevice
modelaffected_assets(os_product_id)
function changed toget_affected_assets()
function and no longer requiresos_product_id
- Add dashboard export examples
- Live Response migrated from v3 to v6 (migration guide)
- Live Response uses API Keys of type Custom
- Add function to get Enriched Events for Alert
Bug Fixes
- Fix validate query from dropping sort_by for Query class
- Fix the ability to set expiration for binary download URL
- Fix bug in helpers read_iocs functionality
- Fix install_sensor and bulk_install on ComputeResource to use id instead of uuid
- Fix DeviceSearchQuery from duplicating Device due to base index of 1
CBC SDK 1.2.3 - Released April 19, 2021¶
Bug Fixes
- Prevent alert query from retrieving past 10k limit
CBC SDK 1.2.3 - Released April 19, 2021¶
Bug Fixes
- Prevent alert query from retrieving past 10k limit
CBC SDK 1.2.2 - Released April 5, 2021¶
Bug Fixes
- Add support for full credential property loading through BaseAPI constructor
CBC SDK 1.2.1 - Released March 31, 2021¶
New Features
- Add __str__ functions for Process.Tree and Process.Summary
- Add get_details for Process
- Add set_max_rows to DeviceQuery
Bug Fixes
- Modify base class for EnrichedEventQuery to Query from cbc_sdk.base to support entire feature set for searching
- Document fixes for changelog and Workload
- Fix _spawn_new_workers to correctly find active devices for Carbon Black Cloud
CBC SDK 1.2.0 - Released March 9, 2021¶
New Features
- VMware Carbon Black Cloud Workload support for managing workloads:
- Vulnerability Assessment
- Sensor Lifecycle Management
- VM Workloads Search
- Add tutorial for Reputation Override
Bug Fixes
- Fix to initialization of ReputationOverride objects
CBC SDK 1.1.1 - Released February 2, 2021¶
New Features
- Add easy way to add single approvals and blocks
- Add Device Control Alerts
- Add deployment_type support to the Device model
Bug Fixes
- Fix error when updating iocs in a Report model
- Set max_retries to None to use Connection init logic for retries
CBC SDK 1.1.0 - Released January 27, 2021¶
New Features
- Reputation Overrides for Endpoint Standard with Enterprise EDR support coming soon
- Device Control for Endpoint Standard
- Live Query Templates/Scheduled Runs and Template History
- Add set_time_range for Alert query
Bug Fixes
- Refactored code base to reduce query inheritance complexity
- Limit Live Query results to 10k cap to prevent 400 Bad Request
- Add missing criteria for Live Query RunHistory to search on template ids
- Add missing args.orgkey to get_cb_cloud_object to prevent exception from being thrown
- Refactor add and update criteria to use CriteriaBuilderSupportMixin
CBC SDK 1.0.0 - Released December 16, 2020¶
New Features
- Enriched Event searches for Endpoint Standard
- Aggregation search added for Enriched Event Query
- Add support for fetching additional details for an Enriched Event
- Facet query support for Enriched Events, Processes, and Process Events
- Addition of Python Futures to support asynchronous calls for customers who want to leverage that feature , while continuing to also provide the simplified experience which hides the multiple calls required.
- Added translation support for MISP threat intel to cbc_sdk threat intel example
Updates
- Improved information and extra calls for Audit and Remediation (Live Query)
- Great test coverage – create extensions and submit PRs with confidence
- Process and Process Event searches updated to latest APIs and moved to platform package
- Flake8 formatting applied to all areas of the code
- Converted old docstrings to use google format docstrings
- Migrated STIX/TAXII Threat Intel module from cbapi to cbc_sdk examples
Bug Fixes
- Fixed off by one error for process event pagination
- Added support for default profile using CBCloudAPI()
- Retry limit to Process Event search to prevent infinite loop