Code42cli

Fixed

- Issue where `code42 profile delete` was allowed without giving a `profile_name` even
though deleting the default profile is not allowed.

Added

- `code42 audit-logs` commands:
- `search` to search for audit-logs.
- `send-to` to send audit-logs to server.

Changed

- `profile_name` argument is now required for `code42 profile delete`, as it was meant to be.

- The `--advanced-query` option on `alerts search` and `security-data (search|send-to)` commands has been updated:
- It can now accept the query as a JSON string or as the path to a file containing the JSON query.
- It can be used with the `--use-checkpoint/-c` option.

- Now, when adding a cloud alias to a detection list user, such as during `departing-employee add`, it will remove the existing cloud alias if one exists.
- Before, it would error and the cloud alias would not get added.

Fixed

- Bug where `code42 legal-hold show` would error when terminal was too small.

- Fixed bug in `departing_employee bulk add` command that allowed invalid dates to be passed without validation.

Changed

- The follow commands now print a nicer error message when trying to remove a user who is not on the list:
- `code42 departing-employee remove`
- `code42 high-risk-employee remove`
- `code42 alert-rules remove-user`

- `-i` (`--incremental`) has been removed, use `-c` (`--use-checkpoint`) with a string name for the checkpoint instead.

- The code42cli has been migrated to the [click](https://click.palletsprojects.com) framework. This brings:
- BREAKING CHANGE: Commands that accept multiple values for the same option now must have the option flag provided before each value:
use `--option value1 --option value2` instead of `--option value1 value2` (which was previously possible).
- Cosmetic changes to error messages, progress bars, and help message formatting.

- The `print` command on the `security-data` and `alerts` command groups has been replaced with the `search` command.
This was a name change only, all other functionality remains the same.

- A profile created with the `--disable-ssl-errors` flag will now correctly not verify SSL certs when making requests. A warning message is printed
each time the CLI is run with a profile configured this way, as it is not recommended.

- The `path` positional argument for bulk `generate-template` commands is now an option (`--p/-p`).

- Below `search` subcommands accept argument `--format/-f` to display result in formats `csv`, `table`, `json`, `raw-json`:
- Default output format is changed to `table` format from `raw-json`, returns a paginated response.
All properties would be displayed by default except when using `-f table`.
Pass `--include-all` when using `table` to view all non-nested top-level properties.
- `code42 alerts search`
- `code42 security-data search`
- `code42 security-data saved-search list`
- `code42 legal-hold list`
- `code42 alert-rules list`

Added

- `--or-query` option added to `security-data search` and `alerts search` commands which combines the provided filter arguments into an 'OR' query instead of the default 'AND' query.

- `--password` option added to `profile create` and `profile update` commands, enabling creating profiles while bypassing the interactive password prompt.

- Profiles can now save multiple alert and file event checkpoints. The name of the checkpoint to be used for a given query should be passed to `-c` (`--use-checkpoint`).

- `-y/--assume-yes` option added to `profile delete` and `profile delete-all` commands to not require interactive prompt.

- Below subcommands accept argument `--format/-f` to display result in formats `csv`, `table`, `json`, `formatted-json`:
- `code42 alert-rules list`
- `code42 legal-hold list`
- `code42 legal-hold show`
- `code42 security-data saved-search list`

Removed

- The `write-to` command for `security-data` and `alerts` command groups.

Fixed

- Fixed bug that caused the last few entries in csv files to sometimes not be processed when performing bulk processing actions.

Fixed

- Fixed bug that caused `alert-rules list` to error due to page size restrictions on backing service.

Fixed

- Issue that prevented alerts from being retrieved successfully via `code42 alerts` commands due to a change in its backing API.

Changed

- `code42cli` no longer supports python 2.7.

- `code42 profile create` now uses required `--name`, `--server` and `--username` flags instead of positional arguments.

- `code42 high-risk-employee add-risk-tags` now uses required `--username` and `--tag` flags instead of positional arguments.

- `code42 high-risk-employee remove-risk-tags` now uses required `--username` and `--tag` flags instead of positional arguments.

Added

- Extraction subcommands of `code42 security-data`, `print/write-to/send-to` accepts argument `--saved-search` to
return saved search results.

- `code42 security-data saved-search` commands:
- `list` prints out existing saved searches' id and name
- `show` takes a search id

- `code42 high-risk-employee bulk` supports `add-risk-tags` and `remove-risk-tags`.
- `code42 high-risk-employee bulk generate-template <cmd>` options `add-risk-tags` and `remove-risk-tags`.
- `add-risk-tags` that takes a csv file with username and space separated risk tags.
- `remove-risk-tags` that takes a csv file with username and space separated risk tags.

- Display, `Fuzzy suggestions`, valid keywords matching mistyped commands or arguments.

- `code42 alerts`:
- Ability to search/poll for alerts with checkpointing using one of the following commands:
- `print` to output to stdout.
- `write-to` to output to a file.
- `send-to` to output to server via UDP or TCP.

- `code42 alert-rules` commands:
- `add-user` with parameters `--rule-id` and `--username`.
- `remove-user` that takes a rule ID and optionally `--username`.
- `list`.
- `show` takes a rule ID.
- `bulk` with subcommands:
- `add`: that takes a csv file with rule IDs and usernames.
- `generate-template`: that creates the file template. And parameters:
- `cmd`: with options `add` and `remove`.
- `path`
- `remove`: that takes a csv file with rule IDs and usernames.

- `code42 legal-hold` commands:
- `add-user` with parameters `--matter-id/-m` and `--username/-u`.
- `remove-user` with parameters `--matter-id/-m` and `--username/-u`.
- `list` prints out existing active legal hold matters.
- `show` takes a `matter_id` and prints details of the matter.
- optional argument `--include-inactive` additionally prints matter memberships that are no longer active.
- optional argument `--include-policy` additionally prints out the matter's backup preservation policy in json form.
- `bulk` with subcommands:
- `add-user`: that takes a csv file with matter IDs and usernames.
- `remove-user`: that takes a csv file with matter IDs and usernames.
- `generate-template`: that creates the file templates.
- `cmd`: with options `add` and `remove`.
- `path`

- Success messages for `profile delete` and `profile update`.

- Additional information in the error log file:
- The full command path for the command that errored.
- User-facing error messages you see during adhoc sessions.

- A custom error in the error log when you try adding unknown risk tags to user.

- A custom error in the error log when you try adding a user to a detection list who is already added.
- Graceful handling of keyboard interrupts (ctrl-c) so stack traces aren't printed to console.
- Warning message printed when ctrl-c is encountered in the middle of an operation that could cause incorrect checkpoint
state, a second ctrl-c is required to quit while that operation is ongoing.

- A progress bar that displays during bulk commands.

- Short option `-u` added for `code42 high-risk-employee add-risk-tags` and `remove-risk-tags`.

- Tab completion for bash and zsh for Unix based machines.

Fixed

- Fixed bug in bulk commands where value-less fields in csv files were treated as empty strings instead of None.
- Fixed anomaly where the path to the error log on Windows contained mixed slashes.