v2.0.0

2.0.0 - 2024-05-10

Added

• Support for the Sessions APIs
  • A sessions.v1 client to the SDK with the following methods:
    • client.sessions.v1.get_page() - to query a page of sessions.
    • client.sessions.v1.iter_all() - to lazily iterate through all pages of sessions.
    • client.sessions.v1.get_session_details() - to retrieve the details of a single session specified by ID.
    • client.sessions.v1.get_session_events() - to retrieve the file events associated with a session specified by ID.
    • client.sessions.v1.update_state_by_id() - to update the state of a session specified by ID.
    • client.sessions.v1.update_state_by_criteria() - to update the state of all sessions matching the filter criteria.
    • client.sessions.v1.add_note() - to attach a note to a session specified by ID.
  • A set of sessions CLI commands:
    • incydr sessions search to search sessions by criteria. Includes various filter, output, and checkpointing options.
    • incydr sessions show to show session details.
    • incydr sessions show-events to show file events associated with the session.
    • incydr sessions update to update the state and/or note of a session.
    • incydr sessions bulk-update-state to update the state and attach an optional note to multiple sessions at once
• Support for Actors APIs, including:
  • An actors.v1 client to the SDK with the following methods:
    • client.actors.v1.get_page() - to query a single page of actors.
    • client.actors.v1.iter_all() - to lazily iterate through all pages of actors.
    • client.actors.v1.get_actor_by_id() - to retrieve details of a single actor by ID.
    • client.actors.v1.get_actor_by_name() - to retrieve details of a single actor by name.
    • client.actors.v1.get_family_by_member_id() - to retrieve details of an actor family by a member's ID.
    • client.actors.v1.get_family_by_member_name() - to retrieve details of an actor family by a member's name.
  • A set of actors CLI commands:
    • incydr actors list to list all actors matching search criteria (in table, CSV, or JSON formats).
    • incydr actors show to show details of a given actor by ID or name.
    • incydr actors show-family to show details of an actors family.

Removed

• Breaking Change! Cloud alias risk profile functionality has been removed.
  • The following Python SDK methods have been removed:
    • client.user_risk_profiles.add_cloud_alias() should be replaced by client.actors.create_adoption()
    • client.user_risk_profiles.remove_cloud_alias() should be replaced by client.actors.remove_adoption()
  • The following CLI commands have been removed.
    • incydr risk-profiles add-cloud-alias should be replaced by incydr actors adoption create
    • incydr risk-profiles remove-cloud-alias should be replaced by incydr actors adoption remove
    • incydr risk-profiles bulk-add-cloud-aliases
    • incydr risk-profiles bulk-remove-cloud-aliases

Changed

• Breaking Change! User risk profiles have been renamed as Risk profiles to better fit their additional application to actors.
  • The SDK has been updated to reflect this via the following changes:
    • UserRiskProfile model has been renamed to RiskProfile.
    • UserRiskProfilesPage model has been renamed to RiskProfilesPage.
    • The UserRiskProfiles class has been renamed to RiskProfiles
    • The Incydr client user_risk_profiles property has been renamed to risk_profiles, methods in that client have been renamed similarly.
      • client.user_risk_profiles.v1.get_user_risk_profile() would now be client.risk_profiles.v1.get_risk_profile().
    • The CLI has been updated to reflect this via the following changes:
      • The risk-profiles command group is no longer available under the users command group. It is still accessible as its own incydr command group. ex: incydr risk-profiles list.

Deprecated

• Alerts Python SDK methods and the Alerts CLI commands group have been deprecated. Functionality is replaced by the Sessions SDK client and CLI command group.