Version 1.4.7 - Correlation Rules, Intelligence Feeds and NG-SIEM

.github/wordlist.txt

@@ -1464,3 +1464,19 @@ logfile
 termcolor
 darkdetect
 Jesko
+DownloadFeedArchive
+ListFeedTypes
+QueryFeedArchives
+NGSIEM
+UploadLookupV
+GetLookupV
+GetLookupFromPackageWithNamespaceV
+GetLookupFromPackageV
+StartSearchV
+GetSearchStatusV
+StopSearchV
+CreateFileV
+UpdateFileV
+roberts
+CertificateBasedExclusions
+cb

.github/workflows/unit_testing_usgov1.yml

@@ -21,7 +21,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: '3.7'
+        python-version: '3.8'
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

CHANGELOG.md

@@ -1,3 +1,69 @@
+# Version 1.4.7
+## Added features and functionality
++ Added: Added new __Intelligence Feeds__ service collection with 3 operations.
+    - _DownloadFeedArchive_
+    - _ListFeedTypes_
+    - _QueryFeedArchives_
+    - `_endpoint/__init__.py`
+    - `_endpoint/_intelligence_feeds.py`
+    - `__init__.py`
+    - `intelligence_feeds.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_intelligence_feeds.py`
+
++ Added: Added new __NGSIEM__ service collection with 9 operations.
+    - _UploadLookupV1_
+    - _GetLookupV1_
+    - _GetLookupFromPackageWithNamespaceV1_
+    - _GetLookupFromPackageV1_
+    - _StartSearchV1_
+    - _GetSearchStatusV1_
+    - _StopSearchV1_
+    - _CreateFileV1_
+    - _UpdateFileV1_
+    - `_endpoint/__init__.py`
+    - `_endpoint/_ngsiem.py`
+    - `_util/_functions.py`
+    - `__init__.py`
+    - `ngsiem.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_ngsiem.py`
+
++ Added: Added new __Correlation Rules__ service collection with 6 operations.
+    - _combined_rules_get_v1_
+    - _entities_rules_get_v1_
+    - _entities_rules_post_v1_
+    - _entities_rules_delete_v1_
+    - _entities_rules_patch_v1_
+    - _queries_rules_get_v1_
+    - `_endpoint/__init__.py`
+    - `_endpoint/_correlation_rules.py`
+    - `_endpoint/deprecated/__init__.py`
+    - `_endpoint/deprecated/_correlation_rules.py`
+    - `_payload/__init__.py`
+    - `_payload/_correlation_rules.py`
+    - `__init__.py`
+    - `correlation_rules.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_correlation_rules.py`
+
+## Issues resolved
++ Resolved: `timezone` argument is not available for the _createScheduledExclusions_ operation within the __FileVantage__ Service Class. Closes #1231.
+    - `_payload/_filevantage.py`
+    - `filevantage.py`
+    - Thanks go out to @security-roberts for identifying and reporting this issue! 🙇
+
++ Resolved: Fixed payload handler issue when providing certificate keys via keywords as opposed to providing the `certificate` keyword when using the _cb_exclusions_create_v1_ operation within the __CertificateBasedExclusions__ service class.
+    - `_payload/_certificate_based_exclusions.py`
+
++ Resolved: Added error handling for when invalid API responses are received from the GraphQL operation within the __Identity Protection__ service collection.
+    - `_util/_functions.py`
+
++ Resolved: Fixed invalid default body payload for _createMLExclusionsV1_ operation in __MLExclusions__ Service Class.
+    - `ml_exclusions.py`
+
+---
+
 # Version 1.4.6
 ## Added features and functionality
 + Added: Added _ExecuteCommandProxy_ operation to the __API Integrations__ service collection.

src/falconpy/__init__.py

@@ -101,6 +101,7 @@
 from .container_images import ContainerImages
 from .container_packages import ContainerPackages
 from .container_vulnerabilities import ContainerVulnerabilities
+from .correlation_rules import CorrelationRules
 from .cloud_connect_aws import CloudConnectAWS
 from .cspm_registration import CSPMRegistration
 from .custom_ioa import CustomIOA
@@ -131,6 +132,7 @@
 from .incidents import Incidents
 from .installation_tokens import InstallationTokens
 from .intel import Intel
+from .intelligence_feeds import IntelligenceFeeds
 from .ioa_exclusions import IOAExclusions
 from .ioc import IOC
 from .iocs import Iocs
@@ -140,6 +142,7 @@
 from .ml_exclusions import MLExclusions
 from .mobile_enrollment import MobileEnrollment
 from .mssp import FlightControl
+from .ngsiem import NGSIEM
 from .oauth2 import OAuth2
 from .ods import ODS
 from .overwatch_dashboard import OverwatchDashboard
@@ -209,7 +212,8 @@
     "ContainerVulnerabilities", "DriftIndicators", "UnidentifiedContainers",
     "ImageAssessmentPolicies", "APIIntegrations", "ThreatGraph", "ExposureManagement",
     "CertificateBasedExclusions", "ComplianceAssessments", "HostMigration", "QuickScanPro",
-    "DataScanner", "SensorUsage", "Downloads", "DeliverySettings", "ASPM"
+    "DataScanner", "SensorUsage", "Downloads", "DeliverySettings", "ASPM", "IntelligenceFeeds",
+    "NGSIEM", "CorrelationRules"
     ]
 """
 This is free and unencumbered software released into the public domain.

src/falconpy/_endpoint/__init__.py

@@ -20,6 +20,7 @@
                                                         `---' OAuth2 API SDK for Python 3 `---'
 """
 from typing import List, Any
+from .deprecated import _correlation_rules_deprecated
 from .deprecated import _custom_ioa_deprecated
 from .deprecated import _d4c_registration_deprecated
 from .deprecated import _datascanner_deprecated
@@ -55,6 +56,7 @@
 from ._container_images import _container_images_endpoints
 from ._container_packages import _container_packages_endpoints
 from ._container_vulnerabilities import _container_vulnerabilities_endpoints
+from ._correlation_rules import _correlation_rules_endpoints
 from ._cspm_registration import _cspm_registration_endpoints
 from ._custom_ioa import _custom_ioa_endpoints
 from ._custom_storage import _custom_storage_endpoints
@@ -81,6 +83,7 @@
 from ._identity_protection import _identity_protection_endpoints
 from ._image_assessment_policies import _image_assessment_policies_endpoints
 from ._incidents import _incidents_endpoints
+from ._intelligence_feeds import _intelligence_feeds_endpoints
 from ._installation_tokens import _installation_tokens_endpoints
 from ._intel import _intel_endpoints
 from ._ioa_exclusions import _ioa_exclusions_endpoints
@@ -92,6 +95,7 @@
 from ._ml_exclusions import _ml_exclusions_endpoints
 from ._mobile_enrollment import _mobile_enrollment_endpoints
 from ._mssp import _mssp_endpoints
+from ._ngsiem import _ngsiem_endpoints
 from ._oauth2 import _oauth2_endpoints
 from ._ods import _ods_endpoints
 from ._overwatch_dashboard import _overwatch_dashboard_endpoints
@@ -135,6 +139,7 @@
 api_endpoints.extend(_container_images_endpoints)
 api_endpoints.extend(_container_packages_endpoints)
 api_endpoints.extend(_container_vulnerabilities_endpoints)
+api_endpoints.extend(_correlation_rules_endpoints)
 api_endpoints.extend(_cspm_registration_endpoints)
 api_endpoints.extend(_custom_ioa_endpoints)
 api_endpoints.extend(_custom_storage_endpoints)
@@ -162,6 +167,7 @@
 api_endpoints.extend(_image_assessment_policies_endpoints)
 api_endpoints.extend(_incidents_endpoints)
 api_endpoints.extend(_installation_tokens_endpoints)
+api_endpoints.extend(_intelligence_feeds_endpoints)
 api_endpoints.extend(_intel_endpoints)
 api_endpoints.extend(_ioa_exclusions_endpoints)
 api_endpoints.extend(_ioc_endpoints)
@@ -172,6 +178,7 @@
 api_endpoints.extend(_ml_exclusions_endpoints)
 api_endpoints.extend(_mobile_enrollment_endpoints)
 api_endpoints.extend(_mssp_endpoints)
+api_endpoints.extend(_ngsiem_endpoints)
 api_endpoints.extend(_oauth2_endpoints)
 api_endpoints.extend(_ods_endpoints)
 api_endpoints.extend(_overwatch_dashboard_endpoints)
@@ -202,6 +209,7 @@
 
 # Deprecated endpoints
 deprecated_endpoints = []
+deprecated_endpoints.extend(_correlation_rules_deprecated)
 deprecated_endpoints.extend(_certificate_based_exclusions_deprecated)
 deprecated_endpoints.extend(_custom_ioa_deprecated)
 deprecated_endpoints.extend(_d4c_registration_deprecated)