prelude-sdk-beta 1435__tar.gz → 1449__tar.gz

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prelude-sdk-beta
-Version: 1435
+Version: 1449
 Summary: For interacting with the Prelude API
 Home-page: https://github.com/preludeorg
 Author: Prelude Research

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/prelude_sdk_beta/controllers/partner_controller.py

@@ -45,7 +45,7 @@ class PartnerController(HttpController):
         res = self.delete(
             f"{self.account.hq}/partner/{partner.name}/{instance_id}",
             headers=self.account.headers,
-            timeout=10,
+            timeout=30,
         )
         return res.json()
 
@@ -104,18 +104,6 @@ class PartnerController(HttpController):
         )
         return res.json()
 
-    @verify_credentials
-    def ioa_stats(self, test_id: str | None = None):
-        """Get IOA stats"""
-        params = dict(test_id=test_id) if test_id else dict()
-        res = self.get(
-            f"{self.account.hq}/partner/ioa_stats",
-            headers=self.account.headers,
-            json=params,
-            timeout=30,
-        )
-        return res.json()
-
     @verify_credentials
     def observed_detected(self, test_id: str | None = None, hours: int | None = None):
         """Get observed_detected stats"""

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/prelude_sdk_beta/controllers/scm_controller.py

@@ -593,3 +593,74 @@ class ScmController(HttpController):
                 ],
             )
         return history
+
+    @verify_credentials
+    def get_report(self, report_id: str):
+        """Get SCM report by ID"""
+        res = self.get(
+            f"{self.account.hq}/scm/reports/{report_id}",
+            headers=self.account.headers,
+            timeout=10,
+        )
+        return res.json()
+
+    @verify_credentials
+    def list_reports(self):
+        """List SCM reports"""
+        res = self.get(
+            f"{self.account.hq}/scm/reports",
+            headers=self.account.headers,
+            timeout=10,
+        )
+        return res.json()
+
+    @verify_credentials
+    def delete_report(self, report_id: str):
+        """Delete SCM report by ID"""
+        res = self.delete(
+            f"{self.account.hq}/scm/reports/{report_id}",
+            headers=self.account.headers,
+            timeout=10,
+        )
+        return res.json()
+
+    @verify_credentials
+    def put_report(self, report_data: dict, report_id: str = None):
+        """Put SCM report by ID"""
+        res = self.put(
+            f"{self.account.hq}/scm/reports",
+            headers=self.account.headers,
+            json=dict(report=report_data, id=report_id),
+            timeout=10,
+        )
+        return res.json()
+
+    @verify_credentials
+    def get_chart_data(
+        self,
+        scm_category: SCMCategory,
+        sort_by: str,
+        group_by: str,
+        group_limit: int,
+        display_overrides: dict = None,
+        odata_filter: str = None,
+        scopes: dict = None,
+    ):
+        """Get SCM chart data"""
+        body = {
+            "category": scm_category.name,
+            "display_overrides": display_overrides,
+            "group_by": group_by,
+            "group_limit": group_limit,
+            "scopes": scopes,
+            "sort_by": sort_by,
+        }
+        if odata_filter:
+            body["$filter"] = odata_filter
+        res = self.post(
+            f"{self.account.hq}/scm/reports/data",
+            headers=self.account.headers,
+            json=body,
+            timeout=30,
+        )
+        return res.json()

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/prelude_sdk_beta/models/codes.py

@@ -206,10 +206,6 @@ class Control(Enum, metaclass=MissingItem):
                 return k
         return SCMCategory.NONE
 
-    @property
-    def policy_types(self):
-        return [k for k, v in PolicyType.control_mapping().items() if self in v]
-
     @property
     def parent(self):
         match self:
@@ -240,6 +236,68 @@ class Control(Enum, metaclass=MissingItem):
             case _:
                 return []
 
+    @property
+    def display_name(self):
+        match self:
+            case Control.CROWDSTRIKE:
+                return "CrowdStrike"
+            case Control.DEFENDER:
+                return "Microsoft Defender"
+            case Control.SPLUNK:
+                return "Splunk"
+            case Control.SENTINELONE:
+                return "SentinelOne"
+            case Control.VECTR:
+                return "VECTR"
+            case Control.S3:
+                return "Amazon S3"
+            case Control.INTUNE:
+                return "Microsoft Intune"
+            case Control.SERVICENOW:
+                return "ServiceNow"
+            case Control.OKTA:
+                return "Okta"
+            case Control.M365:
+                return "Microsoft 365"
+            case Control.ENTRA:
+                return "Microsoft Entra ID"
+            case Control.JAMF:
+                return "Jamf"
+            case Control.GMAIL:
+                return "Gmail"
+            case Control.GOOGLE_IDENTITY:
+                return "Google Cloud Identity Platform"
+            case Control.DEFENDER_DISCOVERY:
+                return "Microsoft Defender Discovery"
+            case Control.TENABLE:
+                return "Tenable"
+            case Control.EC2:
+                return "Amazon EC2"
+            case Control.AWS_SSM:
+                return "Amazon SSM"
+            case Control.AZURE_VM:
+                return "Azure VM"
+            case Control.GITHUB:
+                return "GitHub"
+            case Control.TENABLE_DISCOVERY:
+                return "Tenable Discovery"
+            case Control.QUALYS:
+                return "Qualys"
+            case Control.QUALYS_DISCOVERY:
+                return "Qualys Discovery"
+            case Control.RAPID7:
+                return "Rapid7"
+            case Control.RAPID7_DISCOVERY:
+                return "Rapid7 Discovery"
+            case Control.INTEL_INTUNE:
+                return "Intel"
+            case Control.CISCO_MERAKI:
+                return "Cisco Meraki"
+            case Control.CISCO_MERAKI_IDENTITY:
+                return "Cisco Meraki Identity"
+            case _:
+                return "Unknown Control"
+
 
 class ControlCategory(Enum, metaclass=MissingItem):
     INVALID = -1
@@ -312,6 +370,34 @@ class ControlCategory(Enum, metaclass=MissingItem):
             ],
         }
 
+    @property
+    def display_name(self):
+        match self:
+            case ControlCategory.CLOUD:
+                return "Cloud"
+            case ControlCategory.EMAIL:
+                return "Email"
+            case ControlCategory.IDENTITY:
+                return "Identity Provider"
+            case ControlCategory.NETWORK:
+                return "Network"
+            case ControlCategory.XDR:
+                return "EDR"
+            case ControlCategory.ASSET_MANAGER:
+                return "Endpoint Management"
+            case ControlCategory.DISCOVERED_DEVICES:
+                return "Discovered Devices"
+            case ControlCategory.VULN_MANAGER:
+                return "Vulnerability Management"
+            case ControlCategory.SIEM:
+                return "SIEM"
+            case ControlCategory.PRIVATE_REPO:
+                return "Private Repository"
+            case ControlCategory.HARDWARE:
+                return "Client Hardware Security"
+            case _:
+                return "Unknown Control Category"
+
 
 class SCMCategory(Enum, metaclass=MissingItem):
     INVALID = -1
@@ -523,6 +609,7 @@ class PolicyType(Enum, metaclass=MissingItem):
     def _missing_(cls, value):
         return PolicyType.INVALID
 
+
 class Platform(Enum, metaclass=MissingItem):
     INVALID = 0
     WINDOWS = 1
@@ -553,3 +640,16 @@ class NotationType(Enum, metaclass=MissingItem):
     @classmethod
     def _missing_(cls, value):
         return NotationType.INVALID
+
+
+class ChartType(Enum, metaclass=MissingItem):
+    INVALID = -1
+    NUMBER = 1
+    COLUMN = 2
+    BAR = 3
+    PIE = 4
+    PERCENT = 5
+
+    @classmethod
+    def _missing_(cls, value):
+        return ChartType.INVALID

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/prelude_sdk_beta.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prelude-sdk-beta
-Version: 1435
+Version: 1449
 Summary: For interacting with the Prelude API
 Home-page: https://github.com/preludeorg
 Author: Prelude Research

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = prelude-sdk-beta
-version = 1435
+version = 1449
 author = Prelude Research
 author_email = support@preludesecurity.com
 description = For interacting with the Prelude API

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/tests/test_partner.py

@@ -100,7 +100,7 @@ class TestPartnerAttach:
             ),
         )
         for c in Control
-        if c.value > 0
+        if c.value > 0 and not c.parent
     ]
 
     def setup_class(self):
@@ -431,11 +431,8 @@ class TestPartner:
         )
         assert 1 == len(res)
         expected = dict(
-            blocked=0,
-            detected=0,
             detection_id=pytest.detection_id,
             group_id=group_id,
-            monitored=0,
             platform=pytest.expected_detection["rule"]["logsource"]["product"],
             test_id=pytest.test_id,
         )
@@ -471,32 +468,6 @@ class TestPartner:
             res[control.name][0]["account_id"] == pytest.expected_account["account_id"]
         )
 
-    def test_ioa_stats(
-        self,
-        unwrap,
-        host,
-        edr_id,
-        control,
-        os,
-        platform,
-        policy,
-        policy_name,
-        webhook_keys,
-        group_id,
-    ):
-        try:
-            if control != Control.CROWDSTRIKE:
-                pytest.skip("IOA stats only supported for CROWDSTRIKE")
-            if not pytest.expected_account["features"]["observed_detected"]:
-                pytest.skip("OBSERVED_DETECTED feature not enabled")
-
-            res = unwrap(self.partner.ioa_stats)(self.partner)
-            assert 0 == len(res)
-        finally:
-            unwrap(self.detect.delete_endpoint)(
-                self.detect, ident=pytest.endpoint["endpoint_id"]
-            )
-
     def test_list_advisories(
         self,
         unwrap,

{prelude_sdk_beta-1435 → prelude_sdk_beta-1449}/tests/test_scm.py

@@ -116,7 +116,7 @@ class TestScmAcrossControls:
         job_id = unwrap(self.export.export_scm)(
             self.export,
             SCMCategory.ENDPOINT,
-            filter="contains(hostname, 'spencer')",
+            filter="contains(hostname, 'i')",
             top=1,
         )["job_id"]
         while (result := unwrap(self.jobs.job_status)(self.jobs, job_id))[
@@ -131,7 +131,8 @@ class TestScmAcrossControls:
 @pytest.mark.order(9)
 @pytest.mark.usefixtures("setup_account")
 @pytest.mark.parametrize(
-    "control", [c for c in Control if c.scm_category != SCMCategory.NONE]
+    "control",
+    [c for c in Control if c.scm_category != SCMCategory.NONE and not c.parent],
 )
 class TestScmPerControl:
     def setup_class(self):

prelude_sdk_beta-1449/tests/test_scm_build.py

@@ -0,0 +1,104 @@
+import pytest
+import uuid
+
+from prelude_sdk_beta.controllers.scm_controller import ScmController
+from prelude_sdk_beta.models.codes import ControlCategory
+
+
+@pytest.mark.order(8)
+@pytest.mark.usefixtures("setup_account")
+class TestScmBuild:
+    def setup_class(self):
+        if not pytest.expected_account["features"]["policy_evaluator"]:
+            pytest.skip("POLICY_EVALUATOR feature not enabled")
+        self.scm = ScmController(pytest.account)
+
+    def test_create_object_exception(self, unwrap):
+        res = unwrap(self.scm.create_object_exception)(
+            self.scm,
+            ControlCategory.ASSET_MANAGER,
+            "hostname eq 'host1'",
+            name="filter me",
+            expires="5555-05-05",
+        )
+        assert res["exception_id"]
+        pytest.exception_id = res["exception_id"]
+
+    def test_update_object_exception(self, unwrap):
+        res = unwrap(self.scm.update_object_exception)(
+            self.scm,
+            pytest.exception_id,
+            filter="hostname eq 'host2'",
+            expires=None,
+        )
+        assert res["status"]
+
+    def test_list_object_exceptions(self, unwrap):
+        res = unwrap(self.scm.list_object_exceptions)(self.scm)
+        exception = [x for x in res if x["id"] == pytest.exception_id]
+        assert len(exception) == 1
+        exception = exception[0]
+        del exception["author"]
+        del exception["created"]
+        assert exception == {
+            "category": ControlCategory.ASSET_MANAGER.value,
+            "expires": None,
+            "filter": "hostname eq 'host2'",
+            "id": pytest.exception_id,
+            "name": "filter me",
+        }
+
+    def test_delete_object_exception(self, unwrap):
+        res = unwrap(self.scm.delete_object_exception)(self.scm, pytest.exception_id)
+        assert res["status"]
+        res = unwrap(self.scm.list_object_exceptions)(self.scm)
+        assert not any(x["id"] == pytest.exception_id for x in res)
+
+    def test_put_report(self, unwrap):
+        report_blob = {
+            "name": "test report",
+            "sections": [
+                {
+                    "name": "test section",
+                    "charts": [
+                        {
+                            "name": "test chart",
+                            "columns": ["platforms"],
+                            "type": "PIE",
+                            "filter": "instances/any(i: i/control eq 1)",
+                            "group_by": "platforms",
+                            "scm_category": "ENDPOINT",
+                        }
+                    ],
+                }
+            ],
+        }
+        res = unwrap(self.scm.put_report)(self.scm, report_data=report_blob)
+        pytest.report_id = res["report_id"]
+        for section in res["report"]["sections"]:
+            assert "id" in section
+        for chart in res["report"]["sections"][0]["charts"]:
+            assert "id" in chart
+            assert "ignore" in chart
+
+    def test_list_reports(self, unwrap):
+        res = unwrap(self.scm.list_reports)(self.scm)
+        report = [r for r in res if r["report_id"] == pytest.report_id]
+        assert len(report) == 1
+        assert report[0]["name"] == "test report"
+        assert "report" not in report[0]
+
+    def test_get_report(self, unwrap):
+        res = unwrap(self.scm.get_report)(self.scm, pytest.report_id)
+        assert res["report_id"] == pytest.report_id
+        for section in res["report"]["sections"]:
+            assert "id" in section
+        for chart in res["report"]["sections"][0]["charts"]:
+            assert "id" in chart
+            assert "ignore" in chart
+
+    def test_delete_report(self, unwrap):
+        res = unwrap(self.scm.delete_report)(self.scm, pytest.report_id)
+        assert res["status"]
+        res = unwrap(self.scm.list_reports)(self.scm)
+        assert not any(r["report_id"] == pytest.report_id for r in res)

prelude_sdk_beta-1435/tests/test_scm_build.py

@@ -1,55 +0,0 @@
-import pytest
-from datetime import datetime, timezone, timedelta
-
-from prelude_sdk_beta.controllers.scm_controller import ScmController
-from prelude_sdk_beta.models.codes import Control, ControlCategory
-
-
-@pytest.mark.order(8)
-@pytest.mark.usefixtures("setup_account")
-class TestScmBuild:
-    def setup_class(self):
-        if not pytest.expected_account["features"]["policy_evaluator"]:
-            pytest.skip("POLICY_EVALUATOR feature not enabled")
-        self.scm = ScmController(pytest.account)
-
-    def test_create_object_exception(self, unwrap):
-        res = unwrap(self.scm.create_object_exception)(
-            self.scm,
-            ControlCategory.ASSET_MANAGER,
-            "hostname eq 'host1'",
-            name="filter me",
-            expires="5555-05-05",
-        )
-        assert res["exception_id"]
-        pytest.exception_id = res["exception_id"]
-
-    def test_update_object_exception(self, unwrap):
-        res = unwrap(self.scm.update_object_exception)(
-            self.scm,
-            pytest.exception_id,
-            filter="hostname eq 'host2'",
-            expires=None,
-        )
-        assert res["status"]
-
-    def test_list_object_exceptions(self, unwrap):
-        res = unwrap(self.scm.list_object_exceptions)(self.scm)
-        exception = [x for x in res if x["id"] == pytest.exception_id]
-        assert len(exception) == 1
-        exception = exception[0]
-        del exception["author"]
-        del exception["created"]
-        assert exception == {
-            "category": ControlCategory.ASSET_MANAGER.value,
-            "expires": None,
-            "filter": "hostname eq 'host2'",
-            "id": pytest.exception_id,
-            "name": "filter me",
-        }
-
-    def test_delete_object_exception(self, unwrap):
-        res = unwrap(self.scm.delete_object_exception)(self.scm, pytest.exception_id)
-        assert res["status"]
-        res = unwrap(self.scm.list_object_exceptions)(self.scm)
-        assert not any(x["id"] == pytest.exception_id for x in res)