Carbon Black Cloud SDK Release v1.5.9 - Python3.13 compability and Vuln Fixes

CBC SDK 1.5.9 - Released March 20, 2026

Updates

• Added Python 3.13 compatibility.
• Replaced deprecated datetime.utcnow() and datetime.utcfromtimestamp() with timezone-aware equivalents.
• Added __cbc_version__ alias for __version__ in cbc_sdk.__init__.
• Fixed EpochDateTimeFieldDescriptor missing self.epoch initialization.
• Added Python 3.13 CI test job; removed EOL Python 3.7 job.

Security

• Set minimum requests>=2.32.4 (CVE-2024-47081).
• Set minimum validators>=0.21.0 (CVE-2023-45813).
• Set minimum certifi>=2024.7.4 (CVE-2024-39689).
• Set minimum urllib3>=1.26.19 (CVE-2024-37891).
• Upgraded dev dependencies: pytest, coverage, flake8, requests-mock.

Carbon Black Cloud SDK v1.5.8

Bug Fixes:

• Fix event search_validation bug
• Prevent infinite loop when No data available in organization
• Fix broken yaml

Carbon Black Cloud SDK v1.5.7

Bug Fixes:

Update search_validation to new API
Add additional fetch option for process_sha256

Carbon Black Cloud SDK v1.5.6

Bug Fixes:

• Fixed a failure of large file transfers with the Live Response API.

Carbon Black Cloud SDK v1.5.5

Bug Fixes:

• Updated dependencies to ensure backports-datetime-fromisoformat is installed correctly.

Carbon Black Cloud SDK v1.5.4

Bug Fixes:

• Fixed dependency on backports-datetime-fromisoformat for Python 3.11 and later.
• Fixed a bug affecting the ability to access alert attributes with array syntax.

Carbon Black Cloud SDK v1.5.3

New Features:

• Export Alerts in CSV format (Alert.export()).

Documentation:

• Updated code copyright dates and noted the ownership by Broadcom.
• Removed the Threat Intelligence example; it's been superseded by the
  Carbon Black Cloud Threat Intelligence Connector.

Carbon Black Cloud SDK v1.5.2

New Features:

• Enhanced Audit Log support with search and export capabilities

• CIS Benchmarking:

  • Schedule compliance scans
  • Search, create, update, and delete benchmark sets
  • Search and modify benchmark rules within a benchmark set
  • Search and export device summaries for benchmark sets
  • Enable, disable, and trigger reassessment on benchmark sets or individual devices
  • Search benchmark set summaries
  • Search and export device compliance summaries
  • Search and export rule compliance summaries
  • Search rule results for devices
  • Get and acknowledge compliance bundle version updates, show differences, get rule info

Updates:

• Added collapse_field parameter for process searches
• Added an exponential backoff for polling of Job completion status
• Added rule configurations for event reporting and sensor operation exclusions

Bug Fixes:

• Fixed implementation of iterable queries for consistency across the SDK
• Fixed parsing of credential files that are encoded in UTF-16
• Fixed processing of Job so that it doesn't rely on an API call that doesn't give proper answers
• Fixed missing properties in Process

Documentation:

• Fixed documentation for Alert and Process to include links to the Developer Network field descriptions
• New example script for identifying devices that have checked in but have not sent any events
• Added guide page for Devices including searching and actions

Carbon Black Cloud SDK v1.5.1

New Features:

• Asset Groups - Added management of asset groups:

  • Create, delete, and update asset groups (either with manual or dynamic membership)
  • Retrieve asset groups by ID
  • Search for asset groups, retrieve list of all asset groups
  • Add/remove members, get all members in a group
  • Get statistics for a group
  • Helper functions for Device to retrieve and maintain group membership
  • Preview changes to effective policy for device(s) as a result of a number of different potential changes
  • Full documentation and new Guide page

• Alerts v7 Enhancements - Added additional functionality to Alerts v7 as implemented in version 1.5.0:

  • Search Grouped Alerts, including faceting and retrieval of all alerts for a group
  • Get list of watchlists on an alert
  • Network threat metadata helper function
  • Full update to Alerts guide in documentation

• Command line deobfuscation added to Processes, Alerts, and Observations, allowing visualization of PowerShell
  command lines that have been deliberately obfuscated by attackers.

• New scroll() method added to Live Query search results.

• New helper methods added to Policy to enable or disable XDR data collection and auth event data collection.

• New export() and scroll() methods added to DeviceSearchQuery.

Updates:

• Python 3.7 has been re-added as "unofficially" supported, since certain integrations that use the SDK still use it.
• Added deployment_type as part of the facets available in DeviceSearchQuery.

Bug Fixes:

• Search jobs that allow setting a timeout now default that timeout to 5 minutes. The timeout may be lowered
  from that point, but never raised beyond it. This eliminates a problem of "hung" searches.

Documentation:

• ReadTheDocs generation has been improved to show the inherited methods. There are some helper functions on
  SearchQuery classes such as add_criteria() inherited from CriteriaBuilderSupportMixin and first()
  inherited from IterableQueryMixin.

Carbon Black Cloud SDK v1.5.0

Alerts Update to use V7 API

The new Alerts V7 API will improve alert management and allow for easier management, consumption, and triage of alerts in the Carbon Black Cloud. Alerts v7 API extends the capabilities with improved methods of retrieving alerts and added functionality to manage alert workflow.

N.B.: This change involves breaking changes to the SDK involving the core Alerts workflow. Please check your existing code carefully before deploying this SDK upgrade.

Breaking Changes:

• Alerts V7: Certain changes are not compatible with code written to the old V6 API. For details, please see the
  Alert Migration Guide. Breaking changes include:
  • Default Search Time Period is reduced to two weeks.
  • For fields that do not exist in the Alerts V7 API, a FunctionalityDecommissioned exception is raised.
  • get_events() method has been removed.
  • All facet terms match the field names.
  • Workflow has been rebuilt.
  • Create Note returns a single Note instance instead of a list.
• Official support for Python 3.7 has been dropped, since that version is now end-of-life. Added explicit testing support for Python version 3.12. N.B.: End users should update their Python version to 3.8.x or greater.

New Features:

• Alerts V7:
  • Extended alert schema with additional metadata such as process command line and username, parent and child process
    information, netconn data, additional device fields, MITRE categorization when available, and more
  • Ability to mark alerts as “In Progress”
  • Ability to mark alerts as True Positive or False Positive
  • Additional fields available for both searching and faceting
  • Enhanced note management with the ability to add notes to both individual alerts and threats (alerts grouped by threat)
  • Observed Alerts have been removed from the Alerts API as these events are not considered actionable threats. They
    can now be retrieved via the Observations API.
• External Devices: Added External Device Export and External Device Approvals Export.

Updates:

• Audit log requests have moved from CBCloudAPI into their own function entry point in the platform package.
  The old function has been deprecated.
• Process search validation has been changed to use the V2 POST API rather than the old V1 GET API.
• CBCloudAPI.get_notifications() and CBCloudAPI.notification_listener() have been marked as deprecated.

Documentation:

• Added example script to poll for audit logs.
• CBCloudAPI documentation has been pulled out into its own page.
• Authentication, Getting Started, and Guides pages have been updated.
• Concepts page has been removed, and the information it contained has moved to other pages.
• New Searching Guide added.
• Update to left-hand sidebar to allow the Guides sub-listing to be collapsed.
• Porting guide has been updated to reflect the latest APIs.
• Live Response migration guide has been updated with links.
• README.md has been updated with better instructions for generating docs locally.
• CBCloudAPI and Devices documentation have been updated to better conform to new style guide for docstrings.