prelude-sdk-beta 1398__tar.gz → 1400__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of prelude-sdk-beta might be problematic. Click here for more details.

Files changed (34) hide show
  1. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/PKG-INFO +1 -1
  2. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/models/codes.py +57 -11
  3. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta.egg-info/PKG-INFO +1 -1
  4. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/setup.cfg +1 -1
  5. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_build.py +3 -3
  6. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/LICENSE +0 -0
  7. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/README.md +0 -0
  8. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/__init__.py +0 -0
  9. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/__init__.py +0 -0
  10. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/build_controller.py +0 -0
  11. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/detect_controller.py +0 -0
  12. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/export_controller.py +0 -0
  13. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/generate_controller.py +0 -0
  14. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/http_controller.py +0 -0
  15. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/iam_controller.py +0 -0
  16. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/jobs_controller.py +0 -0
  17. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/partner_controller.py +0 -0
  18. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/probe_controller.py +0 -0
  19. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/controllers/scm_controller.py +0 -0
  20. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/models/__init__.py +0 -0
  21. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/models/account.py +0 -0
  22. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta.egg-info/SOURCES.txt +0 -0
  23. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta.egg-info/dependency_links.txt +0 -0
  24. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta.egg-info/requires.txt +0 -0
  25. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta.egg-info/top_level.txt +0 -0
  26. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/pyproject.toml +0 -0
  27. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_detect.py +0 -0
  28. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_generate.py +0 -0
  29. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_iam.py +0 -0
  30. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_partner.py +0 -0
  31. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_probe.py +0 -0
  32. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_scm.py +0 -0
  33. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_scm_build.py +0 -0
  34. {prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/testutils.py +0 -0
{prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: prelude-sdk-beta
3
- Version: 1398
3
+ Version: 1400
4
4
  Summary: For interacting with the Prelude API
5
5
  Home-page: https://github.com/preludeorg
6
6
  Author: Prelude Research
{prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta/models/codes.py RENAMED
@@ -184,6 +184,7 @@ class Control(Enum, metaclass=MissingItem):
184
184
  QUALYS_DISCOVERY = 24
185
185
  RAPID7 = 25
186
186
  RAPID7_DISCOVERY = 26
187
+ INTUNE_HOST_FIREWALL = 27
187
188
 
188
189
  @classmethod
189
190
  def _missing_(cls, value):
@@ -203,6 +204,36 @@ class Control(Enum, metaclass=MissingItem):
203
204
  return k
204
205
  return SCMCategory.NONE
205
206
 
207
+ @property
208
+ def parent(self):
209
+ match self:
210
+ case Control.DEFENDER_DISCOVERY:
211
+ return Control.DEFENDER
212
+ case Control.QUALYS_DISCOVERY:
213
+ return Control.QUALYS
214
+ case Control.RAPID7_DISCOVERY:
215
+ return Control.RAPID7
216
+ case Control.TENABLE_DISCOVERY:
217
+ return Control.TENABLE
218
+ case Control.INTUNE_HOST_FIREWALL:
219
+ return Control.INTUNE
220
+
221
+ @property
222
+ def children(self):
223
+ match self:
224
+ case Control.DEFENDER:
225
+ return [Control.DEFENDER_DISCOVERY]
226
+ case Control.QUALYS:
227
+ return [Control.QUALYS_DISCOVERY]
228
+ case Control.RAPID7:
229
+ return [Control.RAPID7_DISCOVERY]
230
+ case Control.TENABLE:
231
+ return [Control.TENABLE_DISCOVERY]
232
+ case Control.INTUNE:
233
+ return [Control.INTUNE_HOST_FIREWALL]
234
+ case _:
235
+ return []
236
+
206
237
 
207
238
  class ControlCategory(Enum, metaclass=MissingItem):
208
239
  INVALID = -1
@@ -217,6 +248,7 @@ class ControlCategory(Enum, metaclass=MissingItem):
217
248
  VULN_MANAGER = 8
218
249
  SIEM = 9
219
250
  PRIVATE_REPO = 10
251
+ HOST_FIREWALL = 11
220
252
 
221
253
  @classmethod
222
254
  def _missing_(cls, value):
@@ -244,6 +276,9 @@ class ControlCategory(Enum, metaclass=MissingItem):
244
276
  Control.GMAIL,
245
277
  Control.M365,
246
278
  ],
279
+ ControlCategory.HOST_FIREWALL: [
280
+ Control.INTUNE_HOST_FIREWALL,
281
+ ],
247
282
  ControlCategory.IDENTITY: [
248
283
  Control.ENTRA,
249
284
  Control.GOOGLE_IDENTITY,
@@ -293,6 +328,7 @@ class SCMCategory(Enum, metaclass=MissingItem):
293
328
  Control.DEFENDER_DISCOVERY,
294
329
  Control.EC2,
295
330
  Control.INTUNE,
331
+ Control.INTUNE_HOST_FIREWALL,
296
332
  Control.JAMF,
297
333
  Control.QUALYS,
298
334
  Control.QUALYS_DISCOVERY,
@@ -320,6 +356,7 @@ class SCMCategory(Enum, metaclass=MissingItem):
320
356
  SCMCategory.ENDPOINT: [
321
357
  ControlCategory.ASSET_MANAGER,
322
358
  ControlCategory.DISCOVERED_DEVICES,
359
+ ControlCategory.HOST_FIREWALL,
323
360
  ControlCategory.VULN_MANAGER,
324
361
  ControlCategory.XDR,
325
362
  ],
@@ -369,6 +406,9 @@ class PartnerEvents(Enum, metaclass=MissingItem):
369
406
  USER_MISSING_EDR = 12
370
407
  USER_MISSING_VULN_MANAGER = 13
371
408
  NO_SERVER_MANAGER = 14
409
+ NO_HOST_FIREWALL = 15
410
+ MISSING_HOST_FIREWALL_POLICY = 16
411
+ USER_MISSING_HOST_FIREWALL = 17
372
412
 
373
413
  @classmethod
374
414
  def _missing_(cls, value):
@@ -377,26 +417,28 @@ class PartnerEvents(Enum, metaclass=MissingItem):
377
417
  @classmethod
378
418
  def control_category_mapping(cls):
379
419
  return {
380
- PartnerEvents.REDUCED_FUNCTIONALITY_MODE: [ControlCategory.XDR],
381
- PartnerEvents.NO_EDR: [
382
- ControlCategory.XDR,
383
- ],
384
- PartnerEvents.MISSING_EDR_POLICY: [ControlCategory.XDR],
385
- PartnerEvents.MISSING_AV_POLICY: [ControlCategory.XDR],
386
- PartnerEvents.MISSING_MFA: [ControlCategory.IDENTITY],
387
- PartnerEvents.NO_ASSET_MANAGER: [ControlCategory.ASSET_MANAGER],
388
420
  PartnerEvents.MISCONFIGURED_POLICY_SETTING: [
389
- ControlCategory.XDR,
390
421
  ControlCategory.EMAIL,
422
+ ControlCategory.HOST_FIREWALL,
391
423
  ControlCategory.IDENTITY,
424
+ ControlCategory.XDR,
392
425
  ],
426
+ PartnerEvents.MISSING_AV_POLICY: [ControlCategory.XDR],
427
+ PartnerEvents.MISSING_EDR_POLICY: [ControlCategory.XDR],
428
+ PartnerEvents.MISSING_HOST_FIREWALL_POLICY: [ControlCategory.HOST_FIREWALL],
429
+ PartnerEvents.MISSING_MFA: [ControlCategory.IDENTITY],
393
430
  PartnerEvents.MISSING_SCAN: [ControlCategory.VULN_MANAGER],
394
- PartnerEvents.OUT_OF_DATE_SCAN: [ControlCategory.VULN_MANAGER],
431
+ PartnerEvents.NO_ASSET_MANAGER: [ControlCategory.ASSET_MANAGER],
432
+ PartnerEvents.NO_EDR: [ControlCategory.XDR],
433
+ PartnerEvents.NO_HOST_FIREWALL: [ControlCategory.HOST_FIREWALL],
434
+ PartnerEvents.NO_SERVER_MANAGER: [ControlCategory.ASSET_MANAGER],
395
435
  PartnerEvents.NO_VULN_MANAGER: [ControlCategory.VULN_MANAGER],
436
+ PartnerEvents.OUT_OF_DATE_SCAN: [ControlCategory.VULN_MANAGER],
437
+ PartnerEvents.REDUCED_FUNCTIONALITY_MODE: [ControlCategory.XDR],
396
438
  PartnerEvents.USER_MISSING_ASSET_MANAGER: [ControlCategory.IDENTITY],
397
439
  PartnerEvents.USER_MISSING_EDR: [ControlCategory.IDENTITY],
440
+ PartnerEvents.USER_MISSING_HOST_FIREWALL: [ControlCategory.HOST_FIREWALL],
398
441
  PartnerEvents.USER_MISSING_VULN_MANAGER: [ControlCategory.IDENTITY],
399
- PartnerEvents.NO_SERVER_MANAGER: [ControlCategory.ASSET_MANAGER],
400
442
  }
401
443
 
402
444
 
@@ -417,6 +459,9 @@ class AlertTypes(Enum, metaclass=MissingItem):
417
459
  NEW_USER_MISSING_EDR = 13
418
460
  NEW_USER_MISSING_VULN_MANAGER = 14
419
461
  NEW_NO_SERVER_MANAGER_ENDPOINTS = 15
462
+ NEW_NO_HOST_FIREWALL_ENDPOINTS = 16
463
+ NEW_MISSING_HOST_FIREWALL_POLICY_ENDPOINTS = 17
464
+ NEW_USER_MISSING_HOST_FIREWALL = 18
420
465
 
421
466
  @classmethod
422
467
  def _missing_(cls, value):
@@ -437,6 +482,7 @@ class PolicyType(Enum, metaclass=MissingItem):
437
482
  EMAIL_DKIM = 10
438
483
  DEVICE_COMPLIANCE = 11
439
484
  IDENTITY_MFA = 12
485
+ HOST_FIREWALL = 13
440
486
 
441
487
  @classmethod
442
488
  def _missing_(cls, value):
{prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/prelude_sdk_beta.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: prelude-sdk-beta
3
- Version: 1398
3
+ Version: 1400
4
4
  Summary: For interacting with the Prelude API
5
5
  Home-page: https://github.com/preludeorg
6
6
  Author: Prelude Research
{prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/setup.cfg RENAMED
@@ -1,6 +1,6 @@
1
1
  [metadata]
2
2
  name = prelude-sdk-beta
3
- version = 1398
3
+ version = 1400
4
4
  author = Prelude Research
5
5
  author_email = support@preludesecurity.com
6
6
  description = For interacting with the Prelude API
{prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/tests/test_build.py RENAMED
@@ -365,7 +365,7 @@ class TestThreatHunt:
365
365
  control=Control.CROWDSTRIKE.value,
366
366
  id=pytest.crwd_threat_hunt_id,
367
367
  name="test CRWD threat hunt",
368
- query="""#repo=base_sensor | FilePath = "\\Device\\HarddiskVolume3\\Program Files\\Prelude Security\\Prelude Probe\\.vst\\" | ContextImageFileName = /prelude_dropper.exe/""",
368
+ query="#repo=base_sensor | ContextImageFileName = /prelude_dropper.exe/",
369
369
  test_id=pytest.test_id,
370
370
  )
371
371
 
@@ -394,13 +394,13 @@ class TestThreatHunt:
394
394
  pytest.expected_threat_hunt = unwrap(self.build.update_threat_hunt)(
395
395
  self.build,
396
396
  name="updated threat hunt",
397
- query='#repo=base_sensor | FilePath = "the-file-path"',
397
+ query="#repo=base_sensor | FilePath = /Prelude Security/ | groupBy([@timestamp, ParentBaseFileName, ImageFileName, aid], limit=20)| sort(@timestamp, limit=20)",
398
398
  threat_hunt_id=pytest.crwd_threat_hunt_id,
399
399
  )
400
400
  assert pytest.expected_threat_hunt["name"] == "updated threat hunt"
401
401
  assert (
402
402
  pytest.expected_threat_hunt["query"]
403
- == '#repo=base_sensor | FilePath = "the-file-path"'
403
+ == "#repo=base_sensor | FilePath = /Prelude Security/ | groupBy([@timestamp, ParentBaseFileName, ImageFileName, aid], limit=20)| sort(@timestamp, limit=20)"
404
404
  )
405
405
 
406
406
  @pytest.mark.order(-7)
{prelude_sdk_beta-1398 → prelude_sdk_beta-1400}/LICENSE RENAMED
File without changes