2.12.0

2.12.0 - 2026-05-04

Added

• Added the sdk.file-events.v2.search_groups method to get approximate aggregate file event counts by a given grouping term.
• Added the GroupingEventQuery class, used to make these queries.
• Added the cli command incydr file-events search-groups to get approximate aggregate file event counts by a given grouping term.
• Added the type parameter to session search methods and commands, allowing users to filter results to STANDARD or ACCOUNT_TAKE_OVER.
• Added the is_high_value option to trusted activity methods in the SDK, and the --high-value option to trusted activity methods in the CLI.
• Added the ability to specify domain trust for browser destinations, allowing users to specify when users should be allowed to use certain destinations when logged-in using a trusted domain.
• Added the ability to specify trust for file-transfer tools when adding a trusted domain.
• Added the risk-indicator-categories client to the SDK, allowing the listing of risk indicator categories, subcategories, and risk indicators.
• Added the risk-indicator-categories command to the CLI, allowing the listing of risk indicator categories.

2.11.0

2.11.0 - 2026-02-10

Added

• Added several parameters to the sdk.agents.v1.get_page and sdk.agents.v1.list methods:
  • serial_number - the serial number of the agents to match.
  • agent_os_types - the list of operating systems ("LINUX", "MAC", "WIN") to match.
  • connected_in_last_days - filter to agents that have connected in this number of days.
  • not_connected_in_last_days - filter to agents that have not connected in this number of days.
• Added corresponding options to the incydr agents list command.
  • --serial-number
  • --agent-os-types
  • --connected-in-last-days
  • --not-connected-in-last-days

2.9.0

2.9.0 - 2026-01-22

Added

• The incydr users list-agents command to list all agents associated with a user.

Deprecated

• The incydr users list-devices command is now properly marked as deprecated. Use incydr users list-agents instead.
• The sdk.users.v1.get_devices method is now properly marked as deprecated. Use sdk.agents.v1.iter_all instead.

Fixed

• A bug where sdk.users.v1.get_devices would cause an error.

2.8.1

2.8.1 - 2026-01-21

Added

• A new authorization type to facilitate internal development and testing. No user-facing changes are present in this release.

2.8.0

2.8.0 - 2026-01-16

Added

• Added the state_v2 field to session states. Added the new session state CLOSED_TP_BENIGN.
• Added support for the ON filter in file event queries.

Fixed

• A bug where the SDK's V2 Watchlist methods were returning the wrong models.

2.7.0

2.7.0 - 2025-11-13

Updated

• The Incydr SDK and CLI now rely on Pydantic v2, instead of previously when they used v1. This means that the methods available on the models accepted and returned by many SDK methods have changed in some small ways. For most SDK and CLI workflows, no changes will need to be made to accommodate this upgrade. Details of the transition may be found in Pydantic's documentation.

2.6.0

2.6.0 - 2025-07-23

Added

• Support for subgroups in file event queries and saved searches. See this documentation for more details about this type of query.
• New methods for EventQuery() to enable more flexible filtering:
  • is_any
  • is_none
  • date_range
  • subquery
• New methods to download files by XFC content ID.
  • sdk.files.download_file_by_xfc_content_id and sdk.files.stream_file_by_xfc_content_id
  • incydr files download-by-xfc-id

Fixed

• An issue where in some cases saved searches could not be retrieved.

2.5.0

2.5.0 - 2025-06-06

Added

• The orgs and legal_hold clients to the SDK.
• The orgs and legal-hold command groups to the CLI.

2.4.0

2.4.0 - 2025-05-27

Added

• The files client to the SDK with two methods:
  • sdk.files.v1.download_file_by_sha256 to download a file and save it in the file system.
  • sdk.files.v1.stream_file_by_sha256 to stream a file, allowing more control over how it is downloaded.
• Added the files download command to the CLI to download a file by SHA256 hash.

2.3.1

2.3.1 - 2025-05-13

Fixed

• An issue where Sessions validation would fail due to an updated content inspection schema.

Updated

• CSV and JSON input for the CLI's bulk agent commands will now look for agentGuid as a column header, in addition to agent_id, agentId, and guid.