Cbapi

-----------------------------------------

This release includes a critical security fix and small bugfixes.

Security fix:

* The underlying CbAPI connection class erroneously disabled hostname validation by default. This does *not* affect
code that uses CbAPI through the public interfaces documented here; it only affects code that accesses the new
``CbAPISessionAdapter`` class directly. This class was introduced in version 1.3.3.
Regardless, it is strongly recommended that all users currently using 1.3.3 upgrade to 1.3.4.

Bug fixes:

* Add rule filename parameter to CB Defense ``policy_operations.py`` script's ``add-rule`` command.
* Add support for ``tamperProtectionActive`` attribute to App Control's (CB Protection) ``Computer`` object.
* Work around CB Response issue- the ``/api/v1/sensor`` route incorrectly returns an HTTP 500 if no sensors match the
provided query. CbAPI now catches this exception and will instead return an empty set back to the caller.

----------------------------------------

This release includes security improvements and bugfixes.

Security changes:

* CbAPI enforces the use of HTTPS when connecting to on-premise CB Response servers.
* CbAPI can optionally require TLSv1.2 when connecting to Carbon Black servers.

* Note that some versions of Python and OpenSSL, notably the version of OpenSSL packaged with Mac OS X, do not support
TLSv1.2. This will cause CbAPI to fail to connect to CB Response 6.1+ servers which require TLSv1.2 cipher suites.
* A new command, ``cbapi check-tls``, will report the TLS version supported by your platform.
* To enforce the use of TLSv1.2 when connecting to a server, add ``ssl_force_tls_1_2=True`` to that server's
credential profile.

* Add the ability to "pin" a specific server certificate to a credential profile.

* You can now force TLS certificate verification on self-signed, on-premise installations of EDR (CB Response) or App Control (Protection)
through the ``ssl_cert_file`` option in the credential profile.
* To "pin" a server certificate, save the PEM-formatted server certificate to a file, and put the full path to that
PEM file in the ``ssl_cert_file`` option of that server's credential profile.
* When using this option with on-premise CB Response servers, you may also have to set
``ssl_verify_hostname=False`` as the hostname in the certificate generated at install time is ``localhost`` and
will not match the server's hostname or IP address. This option will still validate that the server's certificate
is valid and matches the copy in the ``ssl_cert_file`` option.

Changes for CB Protection:

* The API now sets the appropriate "GET" query fields when changing fields such as the ``debugFlags`` on the Computer
object.
* The ``.template`` attribute on the Computer model object has been renamed ``.templateComputer``.
* Remove AppCatalog and AppTemplate model objects.

Changes for CB Response:

* Added ``.webui_link`` property to CB Response Query objects.
* Added ``ban_hash.py`` example.

Bug Fixes:

* Error handling is improved on Python 3. Live Response auto-reconnect functionality is now fixed on Python 3 as
a result.
* Workaround implemented for CB Response 6.1 where segment_ids are truncated on Alerts. The ``.process`` attribute on
an Alert now ignores the ``segment_id`` and links to the first Process segment.
* Fixed issue with ``Binary.signed`` and ``CbModLoadEvent.is_signed``.

--------------------------------------

This release introduces the Policy API for CB Defense. A sample ``policy_operations.py`` script is now included
in the ``examples`` directory for CB Defense.

Other changes:

* CB Response

* Bugfixes to the ``User`` Model Object.
* New ``user_operations.py`` example script to manage users & teams.
* Additional ``Team`` Model Object to add/remove/modify user teams.
* New ``check_datasharing.py`` example script to check if third party data sharing is enabled for binaries on any sensor groups.
* Documentation fix for the ``User`` Model Object.
* Fix to the ``watchlist_operations.py`` example script.

-------------------------------------

This is a bugfix release with minor changes:

* CB Response

* Add ``partition_operations.py`` script to demonstrate the use of the StoragePartition model object.
* Fix errors when accessing the ``.start`` attribute of child processes.
* Fix errors generated by the ``walk_children.py`` example script. The output has been changed as well to indicate
the process lifetime, console UI link, and command lines.
* Add an ``.end`` attribute to the Process model object. This attribute reports back either ``None`` if the
process is still executing, or the last event time associated with the process if it has exited. See the
``walk_children.py`` script for an example of how to calculate process lifetime.
* Fix errors when using the ``.parents`` attribute of a Process.
* Add ``wait_for_completion`` flag to ``create_process`` Live Response method, and default to ``True``. The
``create_process`` method will now wait for the target process to complete before returning.

* CB Defense

* Add ``wait_for_completion`` flag to ``create_process`` Live Response method, and default to ``True``. The
``create_process`` method will now wait for the target process to complete before returning.

------------------------------------

This release introduces the Live Response API for CB Defense. A sample ``cblr_cli.py`` script is now included in the
``examples`` directory for both CB Response and CB Defense.

Other changes:

* CB Protection

* You can now create new ``FileRule`` and ``Policy`` model objects in cbapi.

* CB Response

* Added ``watchlist_exporter.py`` and ``watchlist_importer.py`` scripts to the CB Response examples directory.
These scripts allow you to export Watchlist data in a human- and machine-readable JSON format and then re-import them into another CB Response server.
* The ``Sensor`` Model Object now uses the non-paginated (v1) API by default. This fixes any issues encountered when
iterating over all the sensors and receiving duplicate and/or missing sensors.
* Fix off-by-one error in ``CbCrossProcess`` object.
* Fix issue iterating through ``Process`` Model Objects when accessing processes generated from a 5.2 server
after upgrading to 6.1.
* Reduce number of API requests required when accessing sibling information (parents, children, and siblings) from the
``Process`` Model Object.
* Retrieve all events for a process when using ``segment`` ID of zero on a CB Response 6.1 server.
* Behavior of ``Process.children`` attribute has changed:

* Only one entry is present per child (before there were up to two; one for the spawn event, one for the
terminate event)
* The timestamp is derived from the start time of the process, not the timestamp from the spawn event.
the two timestamps will be off by a few microseconds.
* The old behavior is still available by using the ``Process.childprocs`` attribute instead. This incurs a
performance penalty as another API call will have to be made to collect the childproc information.

* ``Binary`` Model Object now returns False for ``.is_signed`` attribute if it is set to ``(Unknown)``.

* Moved the ``six`` Python module into cbapi and removed the external dependency.

------------------------------------

This release introduces compatibility with our new product, CB Defense, as well as adding new Model Objects introduced
in the CB Protection 8.0 APIs.

Other changes:

* CB Response

* New method ``synchronize()`` added to the ``Feed`` Model Object

* Bug fixes and documentation improvements