prelude-sdk-beta 1398__tar.gz → 1399__tar.gz

{prelude_sdk_beta-1398 → prelude_sdk_beta-1399}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prelude-sdk-beta
-Version: 1398
+Version: 1399
 Summary: For interacting with the Prelude API
 Home-page: https://github.com/preludeorg
 Author: Prelude Research

{prelude_sdk_beta-1398 → prelude_sdk_beta-1399}/prelude_sdk_beta.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prelude-sdk-beta
-Version: 1398
+Version: 1399
 Summary: For interacting with the Prelude API
 Home-page: https://github.com/preludeorg
 Author: Prelude Research

{prelude_sdk_beta-1398 → prelude_sdk_beta-1399}/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = prelude-sdk-beta
-version = 1398
+version = 1399
 author = Prelude Research
 author_email = support@preludesecurity.com
 description = For interacting with the Prelude API

{prelude_sdk_beta-1398 → prelude_sdk_beta-1399}/tests/test_build.py

@@ -365,7 +365,7 @@ class TestThreatHunt:
             control=Control.CROWDSTRIKE.value,
             id=pytest.crwd_threat_hunt_id,
             name="test CRWD threat hunt",
-            query="""#repo=base_sensor | FilePath = "\\Device\\HarddiskVolume3\\Program Files\\Prelude Security\\Prelude Probe\\.vst\\" | ContextImageFileName = /prelude_dropper.exe/""",
+            query="#repo=base_sensor | ContextImageFileName = /prelude_dropper.exe/",
             test_id=pytest.test_id,
         )
 
@@ -394,13 +394,13 @@ class TestThreatHunt:
         pytest.expected_threat_hunt = unwrap(self.build.update_threat_hunt)(
             self.build,
             name="updated threat hunt",
-            query='#repo=base_sensor | FilePath = "the-file-path"',
+            query="#repo=base_sensor | FilePath = /Prelude Security/ | groupBy([@timestamp, ParentBaseFileName, ImageFileName, aid], limit=20)| sort(@timestamp, limit=20)",
             threat_hunt_id=pytest.crwd_threat_hunt_id,
         )
         assert pytest.expected_threat_hunt["name"] == "updated threat hunt"
         assert (
             pytest.expected_threat_hunt["query"]
-            == '#repo=base_sensor | FilePath = "the-file-path"'
+            == "#repo=base_sensor | FilePath = /Prelude Security/ | groupBy([@timestamp, ParentBaseFileName, ImageFileName, aid], limit=20)| sort(@timestamp, limit=20)"
         )
 
     @pytest.mark.order(-7)