Feature/new risk indicators (#361)

* implementing page token when executing a saved search * adding execute_get_all unit tests * 'execute saved search with page token' unit tests * adding feature comment * improving method names' * cleaned up unit tests * Update CHANGELOG.md * removing search_all_file_events() and adding documentation * documentation * improving docstrings * spelling fix * new risk indicator filter values * styling
code42 · Aug 19, 2021 · de5d221 · de5d221
1 parent da8142c
commit de5d221
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,10 @@ how a consumer would use the library (e.g. adding unit tests, updating documenta
 
 - New alias method `sdk.securitydata.savedsearches.search_file_events()` for existing method `sdk.securitydata.savedsearches.execute()`.
 
+- Two new `riskIndicator.UserBehavior` filter values
+    - `First use of destination`
+    - `Rare use of destination`
+
 ### Changed
 
 - Updated minimum version of `requests` library to 2.4.2

diff --git a/src/py42/sdk/queries/fileevents/filters/risk_filter.py b/src/py42/sdk/queries/fileevents/filters/risk_filter.py
@@ -37,11 +37,11 @@ class RiskIndicator(FileEventFilterStringField):
         - :attr:`RiskIndicator.EmailServiceUploads.PROTONMAIL`
         - :attr:`RiskIndicator.EmailServiceUploads.QQMAIL`
         - :attr:`RiskIndicator.EmailServiceUploads.SINA_MAIL`
-        - :attr:`RiskIndicator.EmailServiceUploads.SOHU_MAIl`
+        - :attr:`RiskIndicator.EmailServiceUploads.SOHU_MAIL`
         - :attr:`RiskIndicator.EmailServiceUploads.YAHOO`
         - :attr:`RiskIndicator.EmailServiceUploads.ZOHO_MAIL`
-        - :attr:`RiskIndicator.RemovableMedia.AIRDROP`
-        - :attr:`RiskIndicator.RemovableMedia.REMOVABLE_MEDIA`
+        - :attr:`RiskIndicator.ExternalDevices.AIRDROP`
+        - :attr:`RiskIndicator.ExternalDevices.REMOVABLE_MEDIA`
         - :attr:`RiskIndicator.FileCategories.AUDIO`
         - :attr:`RiskIndicator.FileCategories.DOCUMENT`
         - :attr:`RiskIndicator.FileCategories.EXECUTABLE`
@@ -67,6 +67,8 @@ class RiskIndicator(FileEventFilterStringField):
         - :attr:`RiskIndicator.UserBehavior.FILE_MISMATCH`
         - :attr:`RiskIndicator.UserBehavior.OFF_HOURS`
         - :attr:`RiskIndicator.UserBehavior.REMOTE`
+        - :attr:`RiskIndicator.UserBehavior.FIRST_DESTINATION_USE`
+        - :attr:`RiskIndicator.UserBehavior.RARE_DESTINATION_USE`
     """
 
     _term = "riskIndicatorNames"
@@ -124,7 +126,7 @@ class EmailServiceUploads(Choices):
         PROTONMAIL = "ProtonMail upload"
         QQMAIL = "QQMail upload"
         SINA_MAIL = "Sina Mail upload"
-        SOHU_MAIl = "Sohu Mail upload"
+        SOHU_MAIL = "Sohu Mail upload"
         YAHOO = "Yahoo upload"
         ZOHO_MAIL = "Zoho Mail upload"
 
@@ -166,6 +168,8 @@ class UserBehavior(Choices):
         FILE_MISMATCH = "File mismatch"
         OFF_HOURS = "Off hours"
         REMOTE = "Remote"
+        FIRST_DESTINATION_USE = "First use of destination"
+        RARE_DESTINATION_USE = "Rare use of destination"
 
 
 class RiskSeverity(FileEventFilterStringField, Choices):