Carbon-black-cloud-sdk

**Breaking Changes:**

* `Policy` object has been moved from `cbc_sdk.endpoint_standard` to `cbc_sdk.platform`, as it now uses the new Policy Services API rather than the old APIs through Integration Services.
* **N.B.:** This change means that you must use a custom API key with permissions under `org.policies` to manage policies, rather than an older "API key."
* To enable time to update integration logic, the `cbc_sdk.endpoint_standard Policy` object may still be imported from the old package, and supports operations that are backwards-compatible with the old one.
* When developing a new integration, or updating an existing one `cbc_sdk.platform` should be used. There is a utility class `PolicyBuilder`, and as features are added to the Carbon Black Cloud, they will be added to this module.
* Official support for Python 3.6 has been dropped, since that version is now end-of-life. Added explicit testing support for Python versions 3.9 and 3.10. **N.B.:** End users should update their Python version to 3.7.x or greater.

New Features:

* Credentials handler now supports OAuth tokens.
* Added support for querying a single `Report` from a `Feed`.
* Added support for alert notes (create, delete, get, refresh).

Updates:

* Removed the (unused) revoked property from `Grant` objects.
* Increased the asynchronous query thread pool to 3 threads by default.
* Required version of `lxml` is now 4.9.1.
* Added a user acceptance test script for Alerts.

Bug Fixes:

* Added `max_rows` to USB device query, fixing pagination.
* Fixed an off-by-one error in Alerts Search resulting un duplicate alerts showing up in results.
* Fixed an error in alert faceting operations due to sending excess input to the server.

Documentation:

* Watchlists, Feeds, and Reports guide has been updated with additional clarification and examples.
* Updated description for some `Device` fields that are never populated.
* Additional sensor states added to `Device` documentation.
* Fixed the description of `BaseAlertSearchQuery.set_types` so that it mentions all valid alert types.
* Threat intelligence example has been deprecated.

New Features:

* Support for Device Facet API.
* Dynamic reference of query classes--now you can do ``api.select("Device")`` in addition to ``api.select(Device)``.
* Support for Container Runtime Alerts.
* NSX Remediation functionality - set the NSX remediation state for workloads which support it.

Updates:

* Endpoint Standard specific ``Event``s have been decommissioned and removed.
* SDK now uses Watchlist Manager apis ``v3`` instead of ``v2``. ``v2`` APIs are being decommissioned.

Documentation:

* Added a ``CONTRIBUTING`` link to the ``README.md`` file.
* Change to Watchlist/Report documentation to properly reflect how to update a ``Report`` in a ``Watchlist``.
* Cleaned up formatting.

New Features:

* Added asynchronous query support to Live Query.
* Added the ability to export query results from Live Query, either synchronously or asynchronously (via the ``Job``
object and the Jobs API). Synchronous exports include full-file export, line-by-line export, and ZIP file export.
Asynchronous exports include full-file export and line-by-line export.
* Added a ``CredentialProvider`` that uses AWS Secrets Manager to store credential information.

Updates:

* Added ``WatchlistAlert.get_process()`` method to return the ``Process`` of a ``WatchlistAlert``.
* Added several helpers to Live Query support to make it easier to get runs from a template, or results, device
summaries, or facets from a run.
* Optimized API requests when performing query slicing.
* Updated pretty-printing of objects containing ``dict`` members.
* ``lxml`` dependency updated to version 4.6.5.

Bug Fixes:

* ``User.delete()`` now checks for an outstanding access grant on the user, and deletes it first if it exists.
* Fixed handling of URL when attaching a new IOC to a ``Feed``.
* Getting and setting of ``Report`` ignore status is now supported even if that ``Report`` is part of a ``Feed``.

Documentation:

* Information added about the target audience for the SDK.
* Improper reference to a credential property replaced in the Authentication guide.
* Broken example updated in Authentication guide.
* Added SDK guides for Vulnerabilities and Live Query APIs.
* Updated documentation for ``ProcessFacet`` model to better indicate support for full query string.

New Features:

* New CredentialProvider supporting Keychain storage of credentials (Mac OS only).
* Recommendations API - suggested reputation overrides for policy configuration.

Updates:

* Improved string representation of objects through ``__str__()`` mechanism.

Bug Fixes:

* Ensure proper ``TimeoutError`` is raised in several places where the wrong exception was being raised.
* Fix to allowed categories when performing alert queries.

Documentation Changes:

* Added guide page for alerts.
* Live Response documentation updated to note use of custom API keys.
* Clarified query examples in Concepts.
* Note that vulnerability assessment has been moved from ``workload`` to ``platform.``
* Small typo fixes in watchlists, feeds, UBS, and reports guide.

Bug Fixes:

* Dependency fix on schema library.

New Features:

* Added asynchronous query options to Live Response APIs.
* Added functionality for Watchlists, Reports, and Feeds to simplify developer interaction.

Updates:

* Added documentation on the mapping between permissions and Live Response commands.

Bug Fixes:

* Fixed an error using the STIX/TAXII example with Cabby.
* Fixed a potential infinite loop in getting detailed search results for enriched events and processes.
* Comparison now case-insensitive on UBS download.