CBC SDK 1.5.10

Bug Fixes

• Removed backports-datetime-fromisoformat C extension dependency. Replaced with a pure-Python fallback for Python < 3.11 that handles the Z UTC timezone designator. This fixes ModuleNotFoundError in embedded/vendored environments (e.g. Splunk) where platform-specific compiled extensions are unavailable.

Full Changelog

See docs/changelog.rst for the complete changelog.

Carbon Black Cloud SDK Release v1.5.9 - Python3.13 compability and Vuln Fixes

CBC SDK 1.5.9 - Released March 20, 2026

Updates

• Added Python 3.13 compatibility.
• Replaced deprecated datetime.utcnow() and datetime.utcfromtimestamp() with timezone-aware equivalents.
• Added __cbc_version__ alias for __version__ in cbc_sdk.__init__.
• Fixed EpochDateTimeFieldDescriptor missing self.epoch initialization.
• Added Python 3.13 CI test job; removed EOL Python 3.7 job.

Security

• Set minimum requests>=2.32.4 (CVE-2024-47081).
• Set minimum validators>=0.21.0 (CVE-2023-45813).
• Set minimum certifi>=2024.7.4 (CVE-2024-39689).
• Set minimum urllib3>=1.26.19 (CVE-2024-37891).
• Upgraded dev dependencies: pytest, coverage, flake8, requests-mock.

Carbon Black Cloud SDK v1.5.8

Bug Fixes:

• Fix event search_validation bug
• Prevent infinite loop when No data available in organization
• Fix broken yaml

Carbon Black Cloud SDK v1.5.7

Bug Fixes:

Update search_validation to new API
Add additional fetch option for process_sha256

Carbon Black Cloud SDK v1.5.6

Bug Fixes:

• Fixed a failure of large file transfers with the Live Response API.

Carbon Black Cloud SDK v1.5.5

Bug Fixes:

• Updated dependencies to ensure backports-datetime-fromisoformat is installed correctly.

Carbon Black Cloud SDK v1.5.4

Bug Fixes:

• Fixed dependency on backports-datetime-fromisoformat for Python 3.11 and later.
• Fixed a bug affecting the ability to access alert attributes with array syntax.

Carbon Black Cloud SDK v1.5.3

New Features:

• Export Alerts in CSV format (Alert.export()).

Documentation:

• Updated code copyright dates and noted the ownership by Broadcom.
• Removed the Threat Intelligence example; it's been superseded by the
  Carbon Black Cloud Threat Intelligence Connector.

Carbon Black Cloud SDK v1.5.2

New Features:

• Enhanced Audit Log support with search and export capabilities

• CIS Benchmarking:

  • Schedule compliance scans
  • Search, create, update, and delete benchmark sets
  • Search and modify benchmark rules within a benchmark set
  • Search and export device summaries for benchmark sets
  • Enable, disable, and trigger reassessment on benchmark sets or individual devices
  • Search benchmark set summaries
  • Search and export device compliance summaries
  • Search and export rule compliance summaries
  • Search rule results for devices
  • Get and acknowledge compliance bundle version updates, show differences, get rule info

Updates:

• Added collapse_field parameter for process searches
• Added an exponential backoff for polling of Job completion status
• Added rule configurations for event reporting and sensor operation exclusions

Bug Fixes:

• Fixed implementation of iterable queries for consistency across the SDK
• Fixed parsing of credential files that are encoded in UTF-16
• Fixed processing of Job so that it doesn't rely on an API call that doesn't give proper answers
• Fixed missing properties in Process

Documentation:

• Fixed documentation for Alert and Process to include links to the Developer Network field descriptions
• New example script for identifying devices that have checked in but have not sent any events
• Added guide page for Devices including searching and actions

Carbon Black Cloud SDK v1.5.1

New Features:

• Asset Groups - Added management of asset groups:

  • Create, delete, and update asset groups (either with manual or dynamic membership)
  • Retrieve asset groups by ID
  • Search for asset groups, retrieve list of all asset groups
  • Add/remove members, get all members in a group
  • Get statistics for a group
  • Helper functions for Device to retrieve and maintain group membership
  • Preview changes to effective policy for device(s) as a result of a number of different potential changes
  • Full documentation and new Guide page

• Alerts v7 Enhancements - Added additional functionality to Alerts v7 as implemented in version 1.5.0:

  • Search Grouped Alerts, including faceting and retrieval of all alerts for a group
  • Get list of watchlists on an alert
  • Network threat metadata helper function
  • Full update to Alerts guide in documentation

• Command line deobfuscation added to Processes, Alerts, and Observations, allowing visualization of PowerShell
  command lines that have been deliberately obfuscated by attackers.

• New scroll() method added to Live Query search results.

• New helper methods added to Policy to enable or disable XDR data collection and auth event data collection.

• New export() and scroll() methods added to DeviceSearchQuery.

Updates:

• Python 3.7 has been re-added as "unofficially" supported, since certain integrations that use the SDK still use it.
• Added deployment_type as part of the facets available in DeviceSearchQuery.

Bug Fixes:

• Search jobs that allow setting a timeout now default that timeout to 5 minutes. The timeout may be lowered
  from that point, but never raised beyond it. This eliminates a problem of "hung" searches.

Documentation:

• ReadTheDocs generation has been improved to show the inherited methods. There are some helper functions on
  SearchQuery classes such as add_criteria() inherited from CriteriaBuilderSupportMixin and first()
  inherited from IterableQueryMixin.