Integ 3042/pydantic upgrade

CHANGELOG.md

@@ -9,6 +9,15 @@
  how a consumer would use the library or CLI tool (e.g. adding unit tests, updating documentation, etc) are not captured
  here.
 
+## 2.8.0 - 2026-01-16
+
+### Added
+- Added the `state_v2` field to session states. Added the new session state `CLOSED_TP_BENIGN`.
+- Added support for the `ON` filter in file event queries.
+
+### Fixed
+- A bug where the SDK's V2 Watchlist methods were returning the wrong models.
+
 ## 2.7.0 - 2025-11-13
 
 ### Updated

docs/sdk/enums.md

@@ -555,6 +555,7 @@ Devices has been replaced by [Agents](#agents)
 * **IN_PROGRESS** = `"IN_PROGRESS"`
 * **CLOSED** = `"CLOSED"`
 * **CLOSED_TP** = `"CLOSED_TP"`
+* **CLOSED_TP_BENIGN** = `"CLOSED_TP_BENIGN"`
 * **CLOSED_FP** = `"CLOSED_FP"`
 * **OPEN_NEW_DATA** = `"OPEN_NEW_DATA"`
 

mkdocs.yml

@@ -91,12 +91,6 @@ nav:
         - Alerts (Deprecated): 'cli/cmds/alerts.md'
         - Devices (Deprecated): 'cli/cmds/devices.md'
         - Risk Profiles (Deprecated): 'cli/cmds/risk_profiles.md'
-  - Guides:
-      - Introduction: 'integration-guides/index.md'
-      - Microsoft Sentinel:
-        - Introduction: 'integration-guides/sentinel/introduction.md'
-        - Data Collector API: 'integration-guides/sentinel/azure-sentinel-data-collector.md'
-        - Log Analytics Agent: 'integration-guides/sentinel/azure-sentinel-log-analytics.md'
 
 markdown_extensions:
   - attr_list

pyproject.toml

@@ -28,7 +28,7 @@ dependencies = [
   "requests",
   "requests-toolbelt",
   "rich",
-  "pydantic>=2.11,<2.12",
+  "pydantic>=2.11",
   "pydantic-settings",
   "isodate",
   "python-dateutil",

src/_incydr_cli/cmds/sessions.py

@@ -322,7 +322,7 @@ def bulk_update_state(
     Bulk update the state of multiple sessions. Optionally attach a note.
 
     NEW_STATE specifies the new state to which sessions will be updated.
-    Must be one of the following: 'OPEN', 'IN_PROGRESS', 'CLOSED', 'CLOSED_TP', 'CLOSED_FP', 'OPEN_NEW_DATA'
+    Must be one of the following: 'OPEN', 'IN_PROGRESS', 'CLOSED', 'CLOSED_TP', 'CLOSED_TP_BENIGN', 'CLOSED_FP', 'OPEN_NEW_DATA'
 
     Takes a single arg `FILE` which specifies the path to the file (use "-" to read from stdin).
     File format can either be CSV or [JSON Lines format](https://jsonlines.org) (Default is CSV).

src/_incydr_cli/cmds/trusted_activities.py

@@ -334,7 +334,7 @@ def _output_trusted_activity(
         t.add_column("Action Groups")
 
         # exclude activity action groups from the info panel
-        include = list(TrustedActivity.__fields__.keys())
+        include = list(TrustedActivity.model_fields.keys())
         include.remove("activity_action_groups")
         t.add_row(
             model_as_card(

src/_incydr_cli/cmds/watchlists.py

@@ -29,9 +29,9 @@
 from _incydr_sdk.utils import model_as_card
 from _incydr_sdk.watchlists.models.responses import IncludedDepartment
 from _incydr_sdk.watchlists.models.responses import IncludedDirectoryGroup
-from _incydr_sdk.watchlists.models.responses import Watchlist
 from _incydr_sdk.watchlists.models.responses import WatchlistActor
 from _incydr_sdk.watchlists.models.responses import WatchlistUser
+from _incydr_sdk.watchlists.models.responses import WatchlistV2
 
 MAX_USER_DISPLAY_COUNT = 25
 
@@ -115,7 +115,7 @@ def list_(
         actor = user
     client = Client()
     watchlists = client.watchlists.v2.iter_all(actor_id=actor)
-    _output_results(watchlists, Watchlist, format_, columns)
+    _output_results(watchlists, WatchlistV2, format_, columns)
 
 
 @watchlists.command(cls=IncydrCommand)

src/_incydr_sdk/__version__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2022-present Code42 Software <integrations@code42.com>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "2.7.0"
+__version__ = "2.8.0"

src/_incydr_sdk/enums/sessions.py

@@ -10,6 +10,7 @@ class SessionStates(_Enum):
     IN_PROGRESS = "IN_PROGRESS"
     CLOSED = "CLOSED"
     CLOSED_TP = "CLOSED_TP"
+    CLOSED_TP_BENIGN = "CLOSED_TP_BENIGN"
     CLOSED_FP = "CLOSED_FP"
     OPEN_NEW_DATA = "OPEN_NEW_DATA"