PyPI - prelude-sdk-beta - Versions diffs - 1398__tar.gz → 1440__tar.gz - Mend

prelude-sdk-beta 1398tar.gz → 1440tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of prelude-sdk-beta might be problematic. Click here for more details.

Files changed (34) hide show

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prelude-sdk-beta
-Version: 1398
+Version: 1440
 Summary: For interacting with the Prelude API
 Home-page: https://github.com/preludeorg
 Author: Prelude Research

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/controllers/build_controller.py RENAMED Viewed

@@ -271,7 +271,10 @@ class BuildController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        threat_hunt = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(threat_hunt, [(Control, "control")])
+        return threat_hunt
     @verify_credentials
     def update_threat_hunt(
@@ -296,7 +299,10 @@ class BuildController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        threat_hunt = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(threat_hunt, [(Control, "control")])
+        return threat_hunt
     @verify_credentials
     def delete_threat_hunt(self, threat_hunt_id: str):

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/controllers/detect_controller.py RENAMED Viewed

@@ -1,5 +1,6 @@
 from prelude_sdk_beta.controllers.http_controller import HttpController
 from prelude_sdk_beta.models.account import verify_credentials
+from prelude_sdk_beta.models.codes import Control, RunCode
 class DetectController(HttpController):
@@ -59,7 +60,10 @@ class DetectController(HttpController):
             params=params,
             timeout=10,
         )
-        return res.json()
+        endpoints = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(endpoints, [(Control, "control")])
+        return endpoints
     @verify_credentials
     def describe_activity(self, filters: dict, view: str = "protected"):
@@ -169,7 +173,10 @@ class DetectController(HttpController):
             params=filters if filters else {},
             timeout=10,
         )
-        return res.json()
+        threat_hunts = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(threat_hunts, [(Control, "control")])
+        return threat_hunts
     @verify_credentials
     def get_threat_hunt(self, threat_hunt_id):
@@ -179,7 +186,10 @@ class DetectController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        threat_hunt = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(threat_hunt, [(Control, "control")])
+        return threat_hunt
     @verify_credentials
     def do_threat_hunt(self, threat_hunt_id):
@@ -214,7 +224,10 @@ class DetectController(HttpController):
             json=dict(items=items),
             timeout=10,
         )
-        return res.json()
+        schedule = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(schedule, [(RunCode, "run_code")])
+        return schedule
     @verify_credentials
     def unschedule(self, items: list):

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/controllers/http_controller.py RENAMED Viewed

@@ -22,6 +22,26 @@ class HttpController(object):
         self._session.mount("http://", HTTPAdapter(max_retries=retry))
         self._session.mount("https://", HTTPAdapter(max_retries=retry))
+    def resolve_enums(self, data, enum_params: list[tuple]):
+        for [enum_class, key] in enum_params:
+            self._resolve_enum(data, enum_class, key)
+    def _resolve_enum(self, data, enum_class, key):
+        if isinstance(data, list):
+            for item in data:
+                if isinstance(item, dict):
+                    self._resolve_enum(item, enum_class, key)
+        elif isinstance(data, dict):
+            for k, v in data.items():
+                if k == key:
+                    if isinstance(v, list):
+                        for i, item in enumerate(v):
+                            v[i] = enum_class[item].name
+                    elif v is not None:
+                        data[k] = enum_class[v].name
+                elif isinstance(v, dict) or isinstance(v, list):
+                    self._resolve_enum(v, enum_class, key)
     def get(self, url, retry=True, **kwargs):
         res = self._session.get(url, **kwargs)
         if res.status_code == 200:

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/controllers/iam_controller.py RENAMED Viewed

@@ -1,6 +1,6 @@
 from prelude_sdk_beta.controllers.http_controller import HttpController
 from prelude_sdk_beta.models.account import verify_credentials
-from prelude_sdk_beta.models.codes import Mode, Permission
+from prelude_sdk_beta.models.codes import Control, Mode, Permission
 class IAMAccountController(HttpController):
@@ -14,7 +14,12 @@ class IAMAccountController(HttpController):
         res = self.get(
             f"{self.account.hq}/iam/account", headers=self.account.headers, timeout=10
         )
-        return res.json()
+        account = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                account, [(Mode, "mode"), (Permission, "permission"), (Control, "id")]
+            )
+        return account
     @verify_credentials
     def purge_account(self):
@@ -100,7 +105,10 @@ class IAMAccountController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        user = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(user, [(Permission, "permission")])
+        return user
     @verify_credentials
     def create_service_user(self, name: str):
@@ -173,7 +181,6 @@ class IAMAccountController(HttpController):
         )
         return res.json()
     def sign_up(self, company, email, name):
         """(NOT AVAIABLE IN PRODUCTION) Create a new user and account"""
         body = dict(company=company, email=email, name=name)

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/controllers/jobs_controller.py RENAMED Viewed

@@ -1,5 +1,8 @@
+from itertools import chain
 from prelude_sdk_beta.controllers.http_controller import HttpController
 from prelude_sdk_beta.models.account import verify_credentials
+from prelude_sdk_beta.models.codes import BackgroundJobTypes, Control
 class JobsController(HttpController):
@@ -13,7 +16,10 @@ class JobsController(HttpController):
         res = self.get(
             f"{self.account.hq}/jobs/statuses", headers=self.account.headers, timeout=30
         )
-        return res.json()
+        jobs = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(jobs, [(Control, "control")])
+        return jobs
     @verify_credentials
     def job_status(self, job_id: str):
@@ -23,4 +29,9 @@ class JobsController(HttpController):
             headers=self.account.headers,
             timeout=30,
         )
-        return res.json()
+        job = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                job, [(Control, "control"), (BackgroundJobTypes, "job_type")]
+            )
+        return job

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/controllers/partner_controller.py RENAMED Viewed

@@ -45,7 +45,7 @@ class PartnerController(HttpController):
         res = self.delete(
             f"{self.account.hq}/partner/{partner.name}/{instance_id}",
             headers=self.account.headers,
-            timeout=10,
+            timeout=30,
         )
         return res.json()
@@ -104,18 +104,6 @@ class PartnerController(HttpController):
         )
         return res.json()
-    @verify_credentials
-    def ioa_stats(self, test_id: str | None = None):
-        """Get IOA stats"""
-        params = dict(test_id=test_id) if test_id else dict()
-        res = self.get(
-            f"{self.account.hq}/partner/ioa_stats",
-            headers=self.account.headers,
-            json=params,
-            timeout=30,
-        )
-        return res.json()
     @verify_credentials
     def observed_detected(self, test_id: str | None = None, hours: int | None = None):
         """Get observed_detected stats"""

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/controllers/scm_controller.py RENAMED Viewed

@@ -1,10 +1,18 @@
 from prelude_sdk_beta.controllers.http_controller import HttpController
 from prelude_sdk_beta.models.account import verify_credentials
-from prelude_sdk_beta.models.codes import Control, ControlCategory, PartnerEvents, RunCode
+from prelude_sdk_beta.models.codes import (
+    Control,
+    ControlCategory,
+    PartnerEvents,
+    PolicyType,
+    NotationType,
+    RunCode,
+    SCMCategory,
+)
 class ScmController(HttpController):
-    default = -1
+    default = "-1"
     def __init__(self, account):
         super().__init__(account)
@@ -19,7 +27,18 @@ class ScmController(HttpController):
             params=params,
             timeout=30,
         )
-        return res.json()
+        data = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                data,
+                [
+                    (Control, "controls"),
+                    (Control, "control"),
+                    (ControlCategory, "category"),
+                    (PartnerEvents, "event"),
+                ],
+            )
+        return data
     @verify_credentials
     def inboxes(self, filter: str = None, orderby: str = None, top: int = None):
@@ -31,7 +50,41 @@ class ScmController(HttpController):
             params=params,
             timeout=30,
         )
-        return res.json()
+        data = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                data,
+                [
+                    (Control, "controls"),
+                    (Control, "control"),
+                    (ControlCategory, "category"),
+                    (PartnerEvents, "event"),
+                ],
+            )
+        return data
+    @verify_credentials
+    def network_devices(self, filter: str = None, orderby: str = None, top: int = None):
+        """List network_devices with SCM analysis"""
+        params = {"$filter": filter, "$orderby": orderby, "$top": top}
+        res = self.get(
+            f"{self.account.hq}/scm/network_devices",
+            headers=self.account.headers,
+            params=params,
+            timeout=30,
+        )
+        data = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                data,
+                [
+                    (Control, "controls"),
+                    (Control, "control"),
+                    (ControlCategory, "category"),
+                    (PartnerEvents, "event"),
+                ],
+            )
+        return data
     @verify_credentials
     def users(self, filter: str = None, orderby: str = None, top: int = None):
@@ -43,7 +96,18 @@ class ScmController(HttpController):
             params=params,
             timeout=30,
         )
-        return res.json()
+        data = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                data,
+                [
+                    (Control, "controls"),
+                    (Control, "control"),
+                    (ControlCategory, "category"),
+                    (PartnerEvents, "event"),
+                ],
+            )
+        return data
     @verify_credentials
     def technique_summary(self, techniques: str):
@@ -78,7 +142,12 @@ class ScmController(HttpController):
             headers=self.account.headers,
             timeout=30,
         )
-        return res.json()
+        data = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                data, [(Control, "control"), (ControlCategory, "category")]
+            )
+        return data
     @verify_credentials
     def evaluation(
@@ -86,10 +155,13 @@ class ScmController(HttpController):
         partner: Control,
         instance_id: str,
         filter: str = None,
+        policy_types: str = None,
         techniques: str = None,
     ):
         """Get policy evaluations for given partner"""
         params = {"$filter": filter}
+        if policy_types:
+            params["policy_types"] = policy_types
         if techniques:
             params["techniques"] = techniques
         res = self.get(
@@ -98,7 +170,10 @@ class ScmController(HttpController):
             headers=self.account.headers,
             timeout=30,
         )
-        return res.json()
+        data = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(data, [(PolicyType, "policy_type")])
+        return data
     @verify_credentials
     def update_evaluation(self, partner: Control, instance_id: str):
@@ -120,7 +195,10 @@ class ScmController(HttpController):
             params=params,
             timeout=10,
         )
-        return res.json()
+        groups = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(groups, [(Control, "control")])
+        return groups
     @verify_credentials
     def update_partner_groups(
@@ -144,7 +222,10 @@ class ScmController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        exceptions = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(exceptions, [(ControlCategory, "category")])
+        return exceptions
     @verify_credentials
     def create_object_exception(
@@ -202,13 +283,18 @@ class ScmController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        exceptions = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                exceptions, [(Control, "control"), (ControlCategory, "category")]
+            )
+        return exceptions
     @verify_credentials
-    def put_policy_exceptions(
-        self, partner: Control, expires, instance_id: str, policy_id, setting_names
+    def create_policy_exception(
+        self, partner: Control, instance_id: str, policy_id, setting_names, expires=None
     ):
-        """Put policy exceptions"""
+        """Create policy exceptions"""
         body = dict(
             control=partner.name,
             expires=expires,
@@ -216,6 +302,29 @@ class ScmController(HttpController):
             policy_id=policy_id,
             setting_names=setting_names,
         )
+        res = self.post(
+            f"{self.account.hq}/scm/exceptions/policies",
+            json=body,
+            headers=self.account.headers,
+            timeout=10,
+        )
+        return res.json()
+    @verify_credentials
+    def update_policy_exception(
+        self,
+        partner: Control,
+        instance_id: str,
+        policy_id,
+        expires=default,
+        setting_names=None,
+    ):
+        """Update policy exceptions"""
+        body = dict(control=partner.name, instance_id=instance_id, policy_id=policy_id)
+        if expires != self.default:
+            body["expires"] = expires
+        if setting_names:
+            body["setting_names"] = setting_names
         res = self.put(
             f"{self.account.hq}/scm/exceptions/policies",
             json=body,
@@ -224,6 +333,18 @@ class ScmController(HttpController):
         )
         return res.json()
+    @verify_credentials
+    def delete_policy_exception(self, instance_id: str, policy_id: str):
+        """Delete policy exceptions"""
+        body = dict(instance_id=instance_id, policy_id=policy_id)
+        res = self.delete(
+            f"{self.account.hq}/scm/exceptions/policies",
+            json=body,
+            headers=self.account.headers,
+            timeout=10,
+        )
+        return res.json()
     @verify_credentials
     def list_views(self):
         """List views"""
@@ -232,7 +353,10 @@ class ScmController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        views = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(views, [(ControlCategory, "category")])
+        return views
     @verify_credentials
     def create_view(self, category: ControlCategory, filter: str, name: str):
@@ -371,7 +495,17 @@ class ScmController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        notifications = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                notifications,
+                [
+                    (ControlCategory, "control_category"),
+                    (PartnerEvents, "event"),
+                    (RunCode, "run_code"),
+                ],
+            )
+        return notifications
     @verify_credentials
     def delete_notification(self, notification_id: str):
@@ -431,4 +565,31 @@ class ScmController(HttpController):
             headers=self.account.headers,
             timeout=10,
         )
-        return res.json()
+        notations = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(notations, [(NotationType, "event")])
+        return notations
+    @verify_credentials
+    def list_history(
+        self, start_date: str = None, end_date: str = None, filter: str = None
+    ):
+        """List history"""
+        params = {"start_date": start_date, "end_date": end_date, "$filter": filter}
+        res = self.get(
+            f"{self.account.hq}/scm/history",
+            headers=self.account.headers,
+            params=params,
+            timeout=10,
+        )
+        history = res.json()
+        if self.account.resolve_enums:
+            self.resolve_enums(
+                history,
+                [
+                    (Control, "control"),
+                    (PartnerEvents, "event"),
+                    (SCMCategory, "category"),
+                ],
+            )
+        return history

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/models/account.py RENAMED Viewed

@@ -83,7 +83,7 @@ def exchange_token(
 class Account:
     @staticmethod
-    def from_keychain(profile: str = "default"):
+    def from_keychain(profile: str = "default", resolve_enums: bool = False):
         """
         Create an account object from a pre-configured profile in your keychain file
         """
@@ -100,6 +100,7 @@ class Account:
             oidc=profile_items.get("oidc"),
             profile=profile,
             slug=profile_items.get("slug"),
+            resolve_enums=resolve_enums,
         )
     @staticmethod
@@ -111,6 +112,7 @@ class Account:
         hq: str = "https://api.us1.preludesecurity.com",
         oidc: str | None = None,
         slug: str | None = None,
+        resolve_enums: bool = False,
     ):
         """
         Create an account object from an access token or a refresh token
@@ -131,6 +133,7 @@ class Account:
             slug=slug,
             token=token,
             token_location=None,
+            resolve_enums=resolve_enums,
         )
@@ -151,6 +154,7 @@ class _Account:
         token_location: str | None = os.path.join(
             Path.home(), ".prelude", "tokens.json"
         ),
+        resolve_enums: bool = False,
     ):
         if token is None and token_location is None:
             raise ValueError(
@@ -168,6 +172,7 @@ class _Account:
         self.slug = slug
         self.token = token
         self.token_location = token_location
+        self.resolve_enums = resolve_enums
         if self.token_location and not os.path.exists(self.token_location):
             head, _ = os.path.split(Path(self.token_location))
             Path(head).mkdir(parents=True, exist_ok=True)

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta/models/codes.py RENAMED Viewed

@@ -184,6 +184,9 @@ class Control(Enum, metaclass=MissingItem):
     QUALYS_DISCOVERY = 24
     RAPID7 = 25
     RAPID7_DISCOVERY = 26
+    INTEL_INTUNE = 28
+    CISCO_MERAKI = 29
+    CISCO_MERAKI_IDENTITY = 30
     @classmethod
     def _missing_(cls, value):
@@ -203,6 +206,36 @@ class Control(Enum, metaclass=MissingItem):
                 return k
         return SCMCategory.NONE
+    @property
+    def parent(self):
+        match self:
+            case Control.CISCO_MERAKI_IDENTITY:
+                return Control.CISCO_MERAKI
+            case Control.DEFENDER_DISCOVERY:
+                return Control.DEFENDER
+            case Control.QUALYS_DISCOVERY:
+                return Control.QUALYS
+            case Control.RAPID7_DISCOVERY:
+                return Control.RAPID7
+            case Control.TENABLE_DISCOVERY:
+                return Control.TENABLE
+    @property
+    def children(self):
+        match self:
+            case Control.CISCO_MERAKI:
+                return [Control.CISCO_MERAKI_IDENTITY]
+            case Control.DEFENDER:
+                return [Control.DEFENDER_DISCOVERY]
+            case Control.QUALYS:
+                return [Control.QUALYS_DISCOVERY]
+            case Control.RAPID7:
+                return [Control.RAPID7_DISCOVERY]
+            case Control.TENABLE:
+                return [Control.TENABLE_DISCOVERY]
+            case _:
+                return []
 class ControlCategory(Enum, metaclass=MissingItem):
     INVALID = -1
@@ -217,6 +250,7 @@ class ControlCategory(Enum, metaclass=MissingItem):
     VULN_MANAGER = 8
     SIEM = 9
     PRIVATE_REPO = 10
+    HARDWARE = 11
     @classmethod
     def _missing_(cls, value):
@@ -244,12 +278,16 @@ class ControlCategory(Enum, metaclass=MissingItem):
                 Control.GMAIL,
                 Control.M365,
             ],
+            ControlCategory.HARDWARE: [
+                Control.INTEL_INTUNE,
+            ],
             ControlCategory.IDENTITY: [
+                Control.CISCO_MERAKI_IDENTITY,
                 Control.ENTRA,
                 Control.GOOGLE_IDENTITY,
                 Control.OKTA,
             ],
-            ControlCategory.NETWORK: [],
+            ControlCategory.NETWORK: [Control.CISCO_MERAKI],
             ControlCategory.PRIVATE_REPO: [
                 Control.GITHUB,
             ],
@@ -277,6 +315,7 @@ class SCMCategory(Enum, metaclass=MissingItem):
     ENDPOINT = 1
     INBOX = 2
     USER = 3
+    NETWORK_DEVICE = 4
     @classmethod
     def _missing_(cls, value):
@@ -292,6 +331,7 @@ class SCMCategory(Enum, metaclass=MissingItem):
                 Control.DEFENDER,
                 Control.DEFENDER_DISCOVERY,
                 Control.EC2,
+                Control.INTEL_INTUNE,
                 Control.INTUNE,
                 Control.JAMF,
                 Control.QUALYS,
@@ -303,15 +343,19 @@ class SCMCategory(Enum, metaclass=MissingItem):
                 Control.TENABLE,
                 Control.TENABLE_DISCOVERY,
             ],
+            SCMCategory.INBOX: [
+                Control.GMAIL,
+                Control.M365,
+            ],
+            SCMCategory.NETWORK_DEVICE: [
+                Control.CISCO_MERAKI,
+            ],
             SCMCategory.USER: [
+                Control.CISCO_MERAKI_IDENTITY,
                 Control.ENTRA,
                 Control.GOOGLE_IDENTITY,
                 Control.OKTA,
             ],
-            SCMCategory.INBOX: [
-                Control.GMAIL,
-                Control.M365,
-            ],
         }
     @classmethod
@@ -320,11 +364,13 @@ class SCMCategory(Enum, metaclass=MissingItem):
             SCMCategory.ENDPOINT: [
                 ControlCategory.ASSET_MANAGER,
                 ControlCategory.DISCOVERED_DEVICES,
+                ControlCategory.HARDWARE,
                 ControlCategory.VULN_MANAGER,
                 ControlCategory.XDR,
             ],
-            SCMCategory.USER: [ControlCategory.IDENTITY],
             SCMCategory.INBOX: [ControlCategory.EMAIL],
+            SCMCategory.NETWORK_DEVICE: [ControlCategory.NETWORK],
+            SCMCategory.USER: [ControlCategory.IDENTITY],
         }
@@ -356,19 +402,27 @@ class EDRResponse(Enum, metaclass=MissingItem):
 class PartnerEvents(Enum, metaclass=MissingItem):
     INVALID = -1
     REDUCED_FUNCTIONALITY_MODE = 1
-    NO_EDR = 2
-    MISSING_EDR_POLICY = 3
-    MISSING_AV_POLICY = 4
+    MISSING_EDR = 2
+    NO_EDR_POLICY = 3
+    NO_AV_POLICY = 4
     MISSING_MFA = 5
-    NO_ASSET_MANAGER = 6
+    MISSING_ASSET_MANAGER = 6
     MISCONFIGURED_POLICY_SETTING = 7
-    MISSING_SCAN = 8
+    MISSING_VULN_SCAN = 8
     OUT_OF_DATE_SCAN = 9
-    NO_VULN_MANAGER = 10
+    MISSING_VULN_MANAGER = 10
     USER_MISSING_ASSET_MANAGER = 11
     USER_MISSING_EDR = 12
     USER_MISSING_VULN_MANAGER = 13
-    NO_SERVER_MANAGER = 14
+    MISSING_SERVER_MANAGER = 14
+    NO_HOST_FIREWALL_POLICY = 16
+    OUT_OF_DATE_FIRMWARE = 18
+    NO_DISK_ENCRYPTION_POLICY = 19
+    NO_DISK_ENCRYPTION = 20
+    NO_REGISTERED_DEVICES = 21
+    NO_DEVICE_COMPLIANCE_POLICY = 22
+    NONCOMPLIANT = 23
+    NO_ASR_POLICY = 24
     @classmethod
     def _missing_(cls, value):
@@ -377,46 +431,61 @@ class PartnerEvents(Enum, metaclass=MissingItem):
     @classmethod
     def control_category_mapping(cls):
         return {
-            PartnerEvents.REDUCED_FUNCTIONALITY_MODE: [ControlCategory.XDR],
-            PartnerEvents.NO_EDR: [
-                ControlCategory.XDR,
-            ],
-            PartnerEvents.MISSING_EDR_POLICY: [ControlCategory.XDR],
-            PartnerEvents.MISSING_AV_POLICY: [ControlCategory.XDR],
-            PartnerEvents.MISSING_MFA: [ControlCategory.IDENTITY],
-            PartnerEvents.NO_ASSET_MANAGER: [ControlCategory.ASSET_MANAGER],
             PartnerEvents.MISCONFIGURED_POLICY_SETTING: [
-                ControlCategory.XDR,
+                ControlCategory.ASSET_MANAGER,
                 ControlCategory.EMAIL,
                 ControlCategory.IDENTITY,
+                ControlCategory.XDR,
             ],
-            PartnerEvents.MISSING_SCAN: [ControlCategory.VULN_MANAGER],
+            PartnerEvents.MISSING_ASSET_MANAGER: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.MISSING_EDR: [ControlCategory.XDR],
+            PartnerEvents.MISSING_MFA: [ControlCategory.IDENTITY],
+            PartnerEvents.MISSING_SERVER_MANAGER: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.MISSING_VULN_MANAGER: [ControlCategory.VULN_MANAGER],
+            PartnerEvents.MISSING_VULN_SCAN: [ControlCategory.VULN_MANAGER],
+            PartnerEvents.NO_ASR_POLICY: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.NO_AV_POLICY: [ControlCategory.XDR],
+            PartnerEvents.NO_DEVICE_COMPLIANCE_POLICY: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.NO_DISK_ENCRYPTION: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.NO_DISK_ENCRYPTION_POLICY: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.NO_EDR_POLICY: [ControlCategory.XDR],
+            PartnerEvents.NO_HOST_FIREWALL_POLICY: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.NO_REGISTERED_DEVICES: [ControlCategory.IDENTITY],
+            PartnerEvents.NONCOMPLIANT: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.OUT_OF_DATE_FIRMWARE: [ControlCategory.NETWORK],
             PartnerEvents.OUT_OF_DATE_SCAN: [ControlCategory.VULN_MANAGER],
-            PartnerEvents.NO_VULN_MANAGER: [ControlCategory.VULN_MANAGER],
+            PartnerEvents.REDUCED_FUNCTIONALITY_MODE: [ControlCategory.XDR],
             PartnerEvents.USER_MISSING_ASSET_MANAGER: [ControlCategory.IDENTITY],
             PartnerEvents.USER_MISSING_EDR: [ControlCategory.IDENTITY],
             PartnerEvents.USER_MISSING_VULN_MANAGER: [ControlCategory.IDENTITY],
-            PartnerEvents.NO_SERVER_MANAGER: [ControlCategory.ASSET_MANAGER],
         }
 class AlertTypes(Enum, metaclass=MissingItem):
     INVALID = -1
     NEW_REDUCED_FUNCTIONALITY_MODE_ENDPOINTS = 1
-    NEW_NO_EDR_ENDPOINTS = 2
-    NEW_MISSING_EDR_POLICY_ENDPOINTS = 3
-    NEW_MISSING_AV_POLICY_ENDPOINTS = 4
+    NEW_MISSING_EDR_ENDPOINTS = 2
+    NEW_NO_EDR_POLICY_ENDPOINTS = 3
+    NEW_NO_AV_POLICY_ENDPOINTS = 4
     NEW_MISSING_MFA_USERS = 5
-    NEW_NO_ASSET_MANAGER_ENDPOINTS = 6
+    NEW_MISSING_ASSET_MANAGER_ENDPOINTS = 6
     NEW_POLICY_SETTING_FAILURE = 7
     NEW_POLICY_SETTING_PASS = 8
-    NEW_MISSING_SCAN_ENDPOINTS = 9
-    NEW_NO_VULN_MANAGER_ENDPOINTS = 10
+    NEW_MISSING_VULN_SCAN_ENDPOINTS = 9
+    NEW_MISSING_VULN_MANAGER_ENDPOINTS = 10
     NEW_OUT_OF_DATE_SCAN_ENDPOINTS = 11
-    NEW_USER_MISSING_ASSET_MANAGER = 12
-    NEW_USER_MISSING_EDR = 13
-    NEW_USER_MISSING_VULN_MANAGER = 14
-    NEW_NO_SERVER_MANAGER_ENDPOINTS = 15
+    NEW_MISSING_ASSET_MANAGER_USERS = 12
+    NEW_MISSING_EDR_USERS = 13
+    NEW_MISSING_VULN_MANAGER_USERS = 14
+    NEW_MISSING_SERVER_MANAGER_ENDPOINTS = 15
+    NEW_NO_HOST_FIREWALL_POLICY_ENDPOINTS = 17
+    NEW_OUT_OF_DATE_FIRMWARE_NETWORK_DEVICES = 19
+    NEW_NO_DISK_ENCRYPTION_POLICY_ENDPOINTS = 20
+    NEW_NO_DISK_ENCRYPTION_ENDPOINTS = 21
+    NEW_NO_REGISTERED_DEVICES_USERS = 22
+    NEW_NO_DEVICE_COMPLIANCE_POLICY_ENDPOINTS = 23
+    NEW_NONCOMPLIANT_ENDPOINTS = 24
+    NEW_NO_ASR_POLICY_ENDPOINTS = 25
     @classmethod
     def _missing_(cls, value):
@@ -437,12 +506,19 @@ class PolicyType(Enum, metaclass=MissingItem):
     EMAIL_DKIM = 10
     DEVICE_COMPLIANCE = 11
     IDENTITY_MFA = 12
+    HOST_FIREWALL = 13
+    NETWORK_FIREWALL = 15
+    INTEL_BELOW_OS = 16
+    INTEL_OS = 17
+    INTEL_TDT = 18
+    INTEL_CHIP = 19
+    DISK_ENCRYPTION = 20
+    ASR = 21
     @classmethod
     def _missing_(cls, value):
         return PolicyType.INVALID
 class Platform(Enum, metaclass=MissingItem):
     INVALID = 0
     WINDOWS = 1

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/prelude_sdk_beta.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prelude-sdk-beta
-Version: 1398
+Version: 1440
 Summary: For interacting with the Prelude API
 Home-page: https://github.com/preludeorg
 Author: Prelude Research

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/setup.cfg RENAMED Viewed

@@ -1,6 +1,6 @@
 [metadata]
 name = prelude-sdk-beta
-version = 1398
+version = 1440
 author = Prelude Research
 author_email = support@preludesecurity.com
 description = For interacting with the Prelude API

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/tests/test_build.py RENAMED Viewed

@@ -365,7 +365,7 @@ class TestThreatHunt:
             control=Control.CROWDSTRIKE.value,
             id=pytest.crwd_threat_hunt_id,
             name="test CRWD threat hunt",
-            query="""#repo=base_sensor | FilePath = "\\Device\\HarddiskVolume3\\Program Files\\Prelude Security\\Prelude Probe\\.vst\\" | ContextImageFileName = /prelude_dropper.exe/""",
+            query="#repo=base_sensor | ContextImageFileName = /prelude_dropper.exe/",
             test_id=pytest.test_id,
         )
@@ -394,13 +394,13 @@ class TestThreatHunt:
         pytest.expected_threat_hunt = unwrap(self.build.update_threat_hunt)(
             self.build,
             name="updated threat hunt",
-            query='#repo=base_sensor | FilePath = "the-file-path"',
+            query="#repo=base_sensor | FilePath = /Prelude Security/ | groupBy([@timestamp, ParentBaseFileName, ImageFileName, aid], limit=20)| sort(@timestamp, limit=20)",
             threat_hunt_id=pytest.crwd_threat_hunt_id,
         )
         assert pytest.expected_threat_hunt["name"] == "updated threat hunt"
         assert (
             pytest.expected_threat_hunt["query"]
-            == '#repo=base_sensor | FilePath = "the-file-path"'
+            == "#repo=base_sensor | FilePath = /Prelude Security/ | groupBy([@timestamp, ParentBaseFileName, ImageFileName, aid], limit=20)| sort(@timestamp, limit=20)"
         )
     @pytest.mark.order(-7)

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/tests/test_iam.py RENAMED Viewed

@@ -74,7 +74,7 @@ class TestIAM:
         unwrap(self.iam_user.update_user)(self.iam_user, name="Robb")
         for user in pytest.expected_account["users"]:
-            if user["handle"] == pytest.account.handle:
+            if user["handle"] == pytest.account.handle and not user["oidc"]:
                 user["name"] = "Robb"
                 break

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/tests/test_partner.py RENAMED Viewed

@@ -100,7 +100,7 @@ class TestPartnerAttach:
             ),
         )
         for c in Control
-        if c.value > 0
+        if c.value > 0 and not c.parent
     ]
     def setup_class(self):
@@ -431,11 +431,8 @@ class TestPartner:
         )
         assert 1 == len(res)
         expected = dict(
-            blocked=0,
-            detected=0,
             detection_id=pytest.detection_id,
             group_id=group_id,
-            monitored=0,
             platform=pytest.expected_detection["rule"]["logsource"]["product"],
             test_id=pytest.test_id,
         )
@@ -471,32 +468,6 @@ class TestPartner:
             res[control.name][0]["account_id"] == pytest.expected_account["account_id"]
         )
-    def test_ioa_stats(
-        self,
-        unwrap,
-        host,
-        edr_id,
-        control,
-        os,
-        platform,
-        policy,
-        policy_name,
-        webhook_keys,
-        group_id,
-    ):
-        try:
-            if control != Control.CROWDSTRIKE:
-                pytest.skip("IOA stats only supported for CROWDSTRIKE")
-            if not pytest.expected_account["features"]["observed_detected"]:
-                pytest.skip("OBSERVED_DETECTED feature not enabled")
-            res = unwrap(self.partner.ioa_stats)(self.partner)
-            assert 0 == len(res)
-        finally:
-            unwrap(self.detect.delete_endpoint)(
-                self.detect, ident=pytest.endpoint["endpoint_id"]
-            )
     def test_list_advisories(
         self,
         unwrap,

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/tests/test_scm.py RENAMED Viewed

@@ -33,7 +33,7 @@ class TestScmAcrossControls:
         unwrap(self.scm.upsert_notification)(
             self.scm,
             ControlCategory.XDR,
-            PartnerEvents.NO_EDR,
+            PartnerEvents.MISSING_EDR,
             RunCode.DAILY,
             0,
             ["test@email.com"],
@@ -43,7 +43,7 @@ class TestScmAcrossControls:
         for notification in notifications:
             if notification["id"] == self.notification_id:
                 assert notification["scheduled_hour"] == 0
-                assert notification["event"] == PartnerEvents.NO_EDR.value
+                assert notification["event"] == PartnerEvents.MISSING_EDR.value
     def test_update_notification(self, unwrap):
         unwrap(self.scm.upsert_notification)(
@@ -89,158 +89,13 @@ class TestScmAcrossControls:
                 _compare_keys(nested_expected, nested_actual)
         summary = unwrap(self.scm.evaluation_summary)(self.scm)
-        expected = {
-            "inbox_summary": {
-                "categories": [
-                    {
-                        "category": None,
-                        "inbox_count": None,
-                        "excepted": {
-                            "inbox_count": None,
-                        },
-                        "instances": [
-                            {
-                                "control": None,
-                                "inbox_count": None,
-                                "instance_id": None,
-                                "setting_count": None,
-                                "setting_misconfiguration_count": None,
-                                "excepted": {
-                                    "inbox_count": None,
-                                    "setting_misconfiguration_count": None,
-                                },
-                            }
-                        ],
-                    }
-                ],
-                "inbox_count": None,
-                "excepted": {
-                    "inbox_count": None,
-                },
-            },
-            "user_summary": {
-                "categories": [
-                    {
-                        "category": None,
-                        "control_failure_count": None,
-                        "any_endpoint_failure_count": None,
-                        "all_endpoint_failure_count": None,
-                        "user_count": None,
-                        "excepted": {
-                            "control_failure_count": None,
-                            "any_endpoint_failure_count": None,
-                            "all_endpoint_failure_count": None,
-                            "user_count": None,
-                        },
-                        "instances": [
-                            {
-                                "control": None,
-                                "instance_id": None,
-                                "control_failure_count": None,
-                                "missing_mfa_count": None,
-                                "user_count": None,
-                                "missing_asset_manager_count": None,
-                                "missing_edr_count": None,
-                                "missing_vuln_manager_count": None,
-                                "any_endpoint_failure_count": None,
-                                "all_endpoint_failure_count": None,
-                                "setting_count": None,
-                                "setting_misconfiguration_count": None,
-                                "excepted": {
-                                    "control_failure_count": None,
-                                    "missing_mfa_count": None,
-                                    "user_count": None,
-                                    "missing_asset_manager_count": None,
-                                    "missing_edr_count": None,
-                                    "missing_vuln_manager_count": None,
-                                    "any_endpoint_failure_count": None,
-                                    "all_endpoint_failure_count": None,
-                                    "setting_misconfiguration_count": None,
-                                },
-                            },
-                        ],
-                    }
-                ],
-                "user_count": None,
-                "control_failure_count": None,
-                "any_endpoint_failure_count": None,
-                "all_endpoint_failure_count": None,
-                "excepted": {
-                    "user_count": None,
-                    "control_failure_count": None,
-                    "any_endpoint_failure_count": None,
-                    "all_endpoint_failure_count": None,
-                },
-            },
-            "endpoint_summary": {
-                "categories": [
-                    {
-                        "category": None,
-                        "control_failure_count": None,
-                        "endpoint_count": None,
-                        "missing_asset_manager_count": None,
-                        "missing_server_manager_count": None,
-                        "missing_edr_count": None,
-                        "missing_vuln_manager_count": None,
-                        "missing_vuln_scan_count": None,
-                        "excepted": {
-                            "control_failure_count": None,
-                            "endpoint_count": None,
-                            "missing_asset_manager_count": None,
-                            "missing_server_manager_count": None,
-                            "missing_edr_count": None,
-                            "missing_vuln_manager_count": None,
-                            "missing_vuln_scan_count": None,
-                        },
-                        "instances": [
-                            {
-                                "control": None,
-                                "instance_id": None,
-                                "control_failure_count": None,
-                                "endpoint_count": None,
-                                "no_av_policy": None,
-                                "no_edr_policy": None,
-                                "policy_conflict_count": None,
-                                "reduced_functionality_mode": None,
-                                "missing_agent_count": None,
-                                "missing_scan_count": None,
-                                "out_of_date_scan_count": None,
-                                "setting_count": None,
-                                "setting_misconfiguration_count": None,
-                                "excepted": {
-                                    "control_failure_count": None,
-                                    "endpoint_count": None,
-                                    "no_av_policy": None,
-                                    "no_edr_policy": None,
-                                    "reduced_functionality_mode": None,
-                                    "missing_agent_count": None,
-                                    "missing_scan_count": None,
-                                    "out_of_date_scan_count": None,
-                                    "setting_misconfiguration_count": None,
-                                },
-                            }
-                        ],
-                    },
-                ],
-                "endpoint_count": None,
-                "missing_asset_manager_count": None,
-                "missing_server_manager_count": None,
-                "missing_edr_count": None,
-                "missing_vuln_manager_count": None,
-                "missing_vuln_scan_count": None,
-                "excepted": {
-                    "endpoint_count": None,
-                    "missing_asset_manager_count": None,
-                    "missing_server_manager_count": None,
-                    "missing_edr_count": None,
-                    "missing_vuln_manager_count": None,
-                    "missing_vuln_scan_count": None,
-                },
-            },
+        assert summary.keys() == {
+            "endpoint_summary",
+            "inbox_summary",
+            "network_device_summary",
+            "user_summary",
         }
-        _compare_keys(expected, summary)
     def test_technique_summary(self, unwrap):
         summary = unwrap(self.scm.technique_summary)(self.scm, "T1078,T1027")
         assert len(summary) > 0
@@ -261,7 +116,7 @@ class TestScmAcrossControls:
         job_id = unwrap(self.export.export_scm)(
             self.export,
             SCMCategory.ENDPOINT,
-            filter="contains(normalized_hostname, 'spencer')",
+            filter="contains(hostname, 'spencer')",
             top=1,
         )["job_id"]
         while (result := unwrap(self.jobs.job_status)(self.jobs, job_id))[
@@ -276,7 +131,8 @@ class TestScmAcrossControls:
 @pytest.mark.order(9)
 @pytest.mark.usefixtures("setup_account")
 @pytest.mark.parametrize(
-    "control", [c for c in Control if c.scm_category != SCMCategory.NONE]
+    "control",
+    [c for c in Control if c.scm_category != SCMCategory.NONE and not c.parent],
 )
 class TestScmPerControl:
     def setup_class(self):
@@ -313,15 +169,29 @@ class TestScmPerControl:
                 raise e
     def test_evaluation(self, unwrap, control):
+        def _wait_for_policies(control, instance_id, category):
+            timeout = time.time() + 300
+            while time.time() < timeout:
+                evaluation = unwrap(self.scm.evaluation)(self.scm, control, instance_id)
+                evaluation = evaluation[f"{category}_evaluation"]
+                if len(evaluation["policies"]) > 0:
+                    return evaluation
+                time.sleep(5)
+            assert False, "Timed out waiting for policies to show up in evaluation"
         instance_id = pytest.controls.get(control.value)
         assert instance_id
         evaluation = unwrap(self.scm.evaluation)(self.scm, control, instance_id)
         if "endpoint_evaluation" in evaluation:
             evaluation = evaluation["endpoint_evaluation"]
             assert {"policies"} == evaluation.keys()
-            if control.control_category == ControlCategory.XDR:
-                assert len(evaluation["policies"]) > 0
+            if (
+                control.control_category == ControlCategory.XDR
+                or control == Control.INTUNE
+            ):
+                evaluation = _wait_for_policies(control, instance_id, "endpoint")
                 assert {
+                    "excepted",
                     "id",
                     "name",
                     "platform",
@@ -335,21 +205,17 @@ class TestScmPerControl:
         elif "user_evaluation" in evaluation:
             evaluation = evaluation["user_evaluation"]
             assert {"policies"} == evaluation.keys()
-            assert len(evaluation["policies"]) > 0
-            assert {
-                "id",
-                "name",
-                "noncompliant_hostnames",
-                "settings",
-                "user_count",
-            } == evaluation["policies"][0].keys()
+            evaluation = _wait_for_policies(control, instance_id, "user")
+            assert {"excepted", "id", "name", "settings", "user_count"} == evaluation[
+                "policies"
+            ][0].keys()
         elif "inbox_evaluation" in evaluation:
             evaluation = evaluation["inbox_evaluation"]
             assert {"policies"} == evaluation.keys()
-            assert len(evaluation["policies"]) > 0
-            assert {"id", "name", "settings", "inbox_count"} == evaluation["policies"][
-                0
-            ].keys()
+            evaluation = _wait_for_policies(control, instance_id, "inbox")
+            assert {"excepted", "id", "name", "settings", "inbox_count"} == evaluation[
+                "policies"
+            ][0].keys()
         else:
             assert False, "No evaluation returned"

{prelude_sdk_beta-1398 → prelude_sdk_beta-1440}/tests/test_scm_build.py RENAMED Viewed

@@ -17,7 +17,7 @@ class TestScmBuild:
         res = unwrap(self.scm.create_object_exception)(
             self.scm,
             ControlCategory.ASSET_MANAGER,
-            "normalized_hostname eq 'host1'",
+            "hostname eq 'host1'",
             name="filter me",
             expires="5555-05-05",
         )
@@ -28,7 +28,7 @@ class TestScmBuild:
         res = unwrap(self.scm.update_object_exception)(
             self.scm,
             pytest.exception_id,
-            filter="normalized_hostname eq 'host2'",
+            filter="hostname eq 'host2'",
             expires=None,
         )
         assert res["status"]
@@ -43,7 +43,7 @@ class TestScmBuild:
         assert exception == {
             "category": ControlCategory.ASSET_MANAGER.value,
             "expires": None,
-            "filter": "normalized_hostname eq 'host2'",
+            "filter": "hostname eq 'host2'",
             "id": pytest.exception_id,
             "name": "filter me",
         }