Changes:

• For /search and /common/{id} endpoint added new fields in response:
  • alert_rule.id -- mandatory rule ID, example"Af5jrB9"
  • alert_rule.label -- mandatory enum, one of: DataLeakageOnCodeRepository, CompromisedBankCheck, DomainAbuse, GeopoliticsFacility, NovelIdentityExposure, ThirdPartyRisk, CyberVulnerability, MalwareReport, Undefined
  • alert_rule.name -- optional rule name.
• For rest endpoints:
  • alert_rule -- structure itself made mandatory in response.

This release increases support for searching and filtering for assets in projects. The changes aim to increase functionality and support capabilities required for an upcoming UI release, however also add capability from an API centric standpoint as well.

New features

• The _search endpoint filtering capabilities have been increased to support the new fields: name , static_asset, last_scanned_at, and registry
  • The referenced_ip filter has been extended to support contains
• A new POST /filters endpoint has been added, which returns filters in an identical way as the GET endpoint
  • This endpoint adds the ability to add filters the same way as for the _search endpoint. This enables the ability to show accurate filter options and counts when assets are filtered
• The GET and POST /filters endpoints have been extended to support the new fields: name, static_asset, technology_name, last_scanned_at and registry
• A new filter option called quick_search has been added to the _search endpoint, see example below. This fields allows for wildcard searches for assets across the fields name, ip, and technology
  • {"quick_search": {"search": <VALUE>}}

Other updates

• Validation has been added for cursor input for the /rules endpoints

Add Tags to query results for SHA256 aggregations.

/search endpoint:

• • Added offset parameter for improve pagenation support.
  • Added rule_id field.
  • Changed title behavior to keep it in sync with what shown in UI.
• Details endpoints:
  • Added alert_rule.id, alert_rule.label and alert_rule.name fields.
  • Deprecated case_rule_id and case_rule_label fields, use alert_rule instead.

Add file extension tag to query results for SHA256 aggregations.

New version of the Risk API, including Active Risks endpoint.

• Readme docs for the Classic Alert API moved to a separate section

The Playbook Alert API has been updated to v1.1.0, including support for the Payment Card Fraud Playbook Alert.

New version of Malware Intelligence API released.

• Add support for retrying failed Yara and Sigma rule generation jobs

New version of Malware Intelligence API released.

• Add support for editing generated Sigma rules