Back to Blogs

Announcing the release of v1.5.1 of Carbon Black Cloud Python SDK

Posted on January 30, 2024

---

What’s New?

We’re excited to announce the release of v1.5.1 of the Carbon Black Cloud Python SDK.

There have been some enhancements added to the Alerts v7 functionality that was included in our previous release. These include:

• Search Grouped Alerts, including faceting and retrieval of all alerts for a group
• Get list of watchlists on an alert
• Network threat metadata helper function
• Full update to Alerts guide in documentation

The other major feature added is Asset Groups support, a new way of organizing devices and applying specific policies to them. Features in Asset Groups include:

• Create, delete, and update asset groups (either with manual or dynamic membership)
• Retrieve asset groups by ID
• Search for asset groups, retrieve list of all asset groups
• Add/remove members, get all members in a group
• Get statistics for a group
• Helper functions for Device to retrieve and maintain group membership
• Preview changes to effective policy for device(s) as a result of a number of different potential changes
• Full documentation and new Guide page

The Rest of the Changelog

Here’s a complete changelog for this release of the SDK which includes some less visible changes:

New Features

• Asset Groups - Added management of asset groups:

  • Create, delete, and update asset groups (either with manual or dynamic membership)
  • Retrieve asset groups by ID
  • Search for asset groups, retrieve list of all asset groups
  • Add/remove members, get all members in a group
  • Get statistics for a group
  • Helper functions for Device to retrieve and maintain group membership
  • Preview changes to effective policy for device(s) as a result of a number of different potential changes
  • Full documentation and new Guide page

• Alerts v7 Enhancements - Added additional functionality to Alerts v7 as implemented in version 1.5.0:

  • Search Grouped Alerts, including faceting and retrieval of all alerts for a group
  • Get list of watchlists on an alert
  • Network threat metadata helper function
  • Full update to Alerts guide in documentation

• Command line deobfuscation added to Processes, Alerts, and Observations, allowing visualization of PowerShell command lines that have been deliberately obfuscated by attackers.

• New scroll() method added to Live Query search results.

• New helper methods added to Policy to enable or disable XDR data collection and auth event data collection.

• New export() and scroll() methods added to DeviceSearchQuery.

Updates

• Python 3.7 has been re-added as “unofficially” supported, since certain integrations that use the SDK still use it.
• Added deployment_type as part of the facets available in DeviceSearchQuery.

Bug Fixes

• Search jobs that allow setting a timeout now default that timeout to 5 minutes. The timeout may be lowered from that point, but never raised beyond it. This eliminates a problem of “hung” searches.

Documentation

• ReadTheDocs generation has been improved to show the inherited methods. There are some helper functions on SearchQuery classes such as add_criteria() inherited from CriteriaBuilderSupportMixin and first() inherited from IterableQueryMixin.

Where to find the Carbon Black Cloud SDK and information:

• Pypi
• Github
• Example scripts for Alerts in the GitHub Repo
• Read the Docs

Have questions or feedback?

• Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
• Report bugs and change requests to Carbon Black Support

• Subscribe to the Developer Network Newsletter