Cbapi

----------------------------------------

* Bug fixes
* Adding to authorized error to make it clear that users should check API creds

----------------------------------------

This release introduces support for CB PSC's ThreatHunter APIs

* Process, Tree, and Search are supported with more to come

----------------------------------------

This release has one critical fix:

* Fix a fatal exception when connecting to CB Response 6.1.x servers

---------------------------------------

This release includes bugfixes and contributions from the Carbon Black community.

All products:

* More Python 3 compatibility fixes.
* Fix the ``wait_for_completion`` and ``wait_for_output`` options in the Live Response ``.create_process()`` method.
If ``wait_for_completion`` is True, the call to ``.create_process()`` will block until the remote process
has exited. If ``wait_for_output`` is True, then ``.create_process()`` will additionally wait until the output
of the remote process is ready and return that output to the caller. Setting ``wait_for_output`` to True automatically
sets ``wait_for_completion`` to True as well.
* The ``BaseAPI`` constructor now takes three new optional keyword arguments to control the underlying connection
pool: ``pool_connections``, ``pool_maxsize``, and ``pool_block``. These arguments are sent to the underlying
``HTTPAdapter`` used when connecting to the Carbon Black server. For more information on these parameters, see
the `Python requests module API documentation for HTTPAdapter <http://docs.python-requests.org/en/master/api/#requests.adapters.HTTPAdapter>`_.

CB Defense:

* Date/time stamps in the Device model object are now represented as proper Python datetime objects, rather than
integers.
* The ``policy_operations.py`` example script's "Replace Rule" command is fixed.
* Add the CB Live Response job-based API.
* Add a new example script ``list_devices.py``

CB Response:

* The ``Process`` and ``Binary`` model objects now return None by default when a non-existent attribute is referenced,
rather than throwing an exception.
* Fixes to ``walk_children.py`` example script.
* Fix exceptions in enumerating child processes, retrieving path and MD5sums from processes.
* Multiple ``.where()`` clauses can now be used in the ``Sensor`` model object.
* Workaround implemented for retrieving/managing more than 500 banned hashes.
* Alert bulk operations now work on batches of 500 alerts.
* ``.flush_events()`` method on ``Sensor`` model object no longer throws an exception on CB Response 6.x servers.
* ``.restart_sensor()`` method now available for ``Sensor`` model object.
* Fix ``user_operations.py`` example script to eliminate exception when adding a new user to an existing team.
* Add ``.remove_team()`` method on ``User`` model object.
* Automatically set ``cb.legacy_5x_mode`` query parameter for all Process queries whenever a legacy Solr core (from
CB Response 5.x) is loaded.
* Added ``.use_comprehensive_search()`` method to enable the "comprehensive search" option on a Process query.
See the `CB Developer Network documentation on Comprehensive Search
<https://developer.carbonblack.com/reference/enterprise-response/6.1/process-api-changes/#process-joining-comprehensive-search>`_
for more information on "comprehensive search".
* Add ``.all_childprocs()``, ``.all_modloads()``, ``.all_filemods()``, ``.all_regmods()``, ``.all_crossprocs()``,
and ``.all_netconns()`` methods to retrieve process events from all segments, rather than the current process segment.
You can also use the special segment "0" to retrieve process events across all segments.
* Fix ``cmdline_filters`` in the ``IngressFilter`` model object.

App Control (CB Protection):

* Tamper Protection can now be set and cleared in the ``Computer`` model object.

-----------------------------------------

This release includes a critical security fix and small bugfixes.

Security fix:

* The underlying CbAPI connection class erroneously disabled hostname validation by default. This does *not* affect
code that uses CbAPI through the public interfaces documented here; it only affects code that accesses the new
``CbAPISessionAdapter`` class directly. This class was introduced in version 1.3.3.
Regardless, it is strongly recommended that all users currently using 1.3.3 upgrade to 1.3.4.

Bug fixes:

* Add rule filename parameter to CB Defense ``policy_operations.py`` script's ``add-rule`` command.
* Add support for ``tamperProtectionActive`` attribute to App Control's (CB Protection) ``Computer`` object.
* Work around CB Response issue- the ``/api/v1/sensor`` route incorrectly returns an HTTP 500 if no sensors match the
provided query. CbAPI now catches this exception and will instead return an empty set back to the caller.

----------------------------------------

This release includes security improvements and bugfixes.

Security changes:

* CbAPI enforces the use of HTTPS when connecting to on-premise CB Response servers.
* CbAPI can optionally require TLSv1.2 when connecting to Carbon Black servers.

* Note that some versions of Python and OpenSSL, notably the version of OpenSSL packaged with Mac OS X, do not support
TLSv1.2. This will cause CbAPI to fail to connect to CB Response 6.1+ servers which require TLSv1.2 cipher suites.
* A new command, ``cbapi check-tls``, will report the TLS version supported by your platform.
* To enforce the use of TLSv1.2 when connecting to a server, add ``ssl_force_tls_1_2=True`` to that server's
credential profile.

* Add the ability to "pin" a specific server certificate to a credential profile.

* You can now force TLS certificate verification on self-signed, on-premise installations of EDR (CB Response) or App Control (Protection)
through the ``ssl_cert_file`` option in the credential profile.
* To "pin" a server certificate, save the PEM-formatted server certificate to a file, and put the full path to that
PEM file in the ``ssl_cert_file`` option of that server's credential profile.
* When using this option with on-premise CB Response servers, you may also have to set
``ssl_verify_hostname=False`` as the hostname in the certificate generated at install time is ``localhost`` and
will not match the server's hostname or IP address. This option will still validate that the server's certificate
is valid and matches the copy in the ``ssl_cert_file`` option.

Changes for CB Protection:

* The API now sets the appropriate "GET" query fields when changing fields such as the ``debugFlags`` on the Computer
object.
* The ``.template`` attribute on the Computer model object has been renamed ``.templateComputer``.
* Remove AppCatalog and AppTemplate model objects.

Changes for CB Response:

* Added ``.webui_link`` property to CB Response Query objects.
* Added ``ban_hash.py`` example.

Bug Fixes:

* Error handling is improved on Python 3. Live Response auto-reconnect functionality is now fixed on Python 3 as
a result.
* Workaround implemented for CB Response 6.1 where segment_ids are truncated on Alerts. The ``.process`` attribute on
an Alert now ignores the ``segment_id`` and links to the first Process segment.
* Fixed issue with ``Binary.signed`` and ``CbModLoadEvent.is_signed``.