All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

The intended audience of this file is for incydr SDK and CLI consumers -- as such, changes that don't affect how a consumer would use the library or CLI tool (e.g. adding unit tests, updating documentation, etc) are not captured here.

• Support for Actors APIs, including:
  • An actors.v1 client to the SDK with the following methods:
    • client.actors.v1.get_page() - to query a single page of actors.
    • client.actors.v1.iter_all() - to lazily iterate through all pages of actors.
    • client.actors.v1.get_actor_by_id() - to retrieve details of a single actor by ID.
    • client.actors.v1.get_actor_by_name() - to retrieve details of a single actor by name.
    • client.actors.v1.get_family_by_member_id() - to retrieve details of an actor family by a member's ID.
    • client.actors.v1.get_family_by_member_name() - to retrieve details of an actor family by a member's name.
    • client.actors.v1.create_adoption() - to create child-parent adoptions between actors.
    • client.actors.v1.remove_adoption() - to remove a child actor from its parent.
  • A set of actors CLI commands:
    • incydr actors list to list all actors matching search criteria (in table, CSV, or JSON formats).
    • incydr actors show to show details of a given actor by ID or name.
    • incydr actors show-family to show details of an actors family.
    • incydr actors adoption create to create child-parent adoptions between actors.
    • incydr actors adoption remove to remove a child actor from its parent.

• The following agent health related fields will be present on the response when retrieving agents:
  • serialNumber
  • machineId
  • agentHealthIssueTypes
• Additional optional args in the SDK's agent client for filtering by agent health.
  • client.agents.v1.get_page() and client.agents.v1.get_page() now accept:
    • agent_healthy: bool - Retrieve only healthy agents with True or only unhealthy agents with False. Defaults to returning all agents.
    • agent_health_issue_types: List[str] | str- Retrieve agents with any of the given health issues. Ex: NOT_CONNECTING
• Additional options in the CLI's agent command group for filtering by agent health:
  • incydr agents list now accepts:
    • --healthy - Retrieve only healthy agents.
    • --unhealthy - Retrieve only unhealthy agents.
    • Pass a comma separated list of health issue types to the unhealthy option to filter for agents with any of the given health issues. Ex: --unhealthy NOT_CONNECTING,NOT_SENDING_SECURITY_EVENTS
    • Use incydr agents list --help to see more specifics on the new command options.
• See the SDK documentation and the CLI documentation for more details.

• Saved search filter values can now accept a list of strings. Prior to this fix this was incorrectly resulting in a model validation error.

• Pinned Pydantic version to major version 1.* following the release of Pydantic 2.0.

• Better error messaging when authentication parameters or env vars missing when instantiating the incydr.Client or running CLI commands.
• Missing authentication parameters (url, api_client_id, or api_client_secret) causes client to raise new exception type: AuthMissingError.
• incydr.exceptions module has been added to the public API.
• Support for Agents APIs, including:
  • An agents.v1 client to the SDK with the following methods:
    • client.agents.v1.get_page() to query a single page of agents.
    • client.agents.v1.iter_all() to lazily iterate through all pages of agents.
    • client.agents.v1.get_agent() to retrieve details of a single agent by ID.
    • client.agents.v1.update() to update the name or externalReference field of an agent.
    • client.agents.v1.activate() to activate a list of agents by their IDs.
    • client.agents.v1.deactivate() to deactivate a list of agents by their IDs.
  • A set of agents CLI commands:
    • incydr agents list to list all agents in your environment (in table, CSV, or JSON formats).
    • incydr agents show to show the details of a given agent by ID.
    • incydr agents bulk-activate to activate a set of agents from CSV or JSON-LINES file input.
    • incydr agents bulk-deactivate to deactivate a set of agents from CSV or JSON-LINES file input.
• New search terms on the incydr.enums.file_events.EventSearchTerm enum, enabling full support for querying the latest file event fields.
• New file event field models: AcquiredFromGit, AcquiredFromSourceUser, UntrustedValues.
• Various other additions to existing model fields.

• Bug in the user_risk_profile client, where get_page() was using the incorrect query param for the page number.
• Bug in AuditEventsPage model that prevented some audit log events from being parsed correctly.