Merge branch 'develop' into 'main'

2.9.0

See merge request integrations/sdk/reversinglabs-sdk-py3!24

Author: MislavReversingLabs

CHANGELOG.md

@@ -396,13 +396,33 @@ v2.5.1 (2024-04-02)
 - Added the Spectra Assure badge to the Readme file.
 
 
-### Reversinglabs SDK Cookbook changes
+### ReversingLabs SDK Cookbook changes
 #### Improvements
 - **Scenarios and Workflows** notebooks:
   - Added the `download_advanced_search_matches_a1000.ipynb`, `download_advanced_search_matches_titaniumcloud.ipynb`, `download_yara_retro_matches_a1000.ipynb` and `download_yara_retro_matches_titaniumcloud.ipynb` notebooks.
 
 - **Command line tools and scripts**:
   - Added the `cyber_defense_alliance.py` command line tool.
+
+
+2.9.0 (2025-03-31)
+-------------------
+
+#### Improvements
+- **advanced** module:
+  - Created a new module called `advanced`. This module will hold various actions and scenarios that include multiple platforms and APIs.
+  - The `AdvancedActions` class was moved from the `ticloud` module into `advanced`.
+  - The `SpectraAssureScenarios` and `SpectraAssureClient` enable the user to perform actions that combine the **ReversingLabs Spectra Assure** platform with TitaniumCloud and A1000.
+
+- The user agent string now also carries the class and method name.
+
+### ReversingLabs SDK Cookbook changes
+#### Improvements
+- **TitaniumCloud** notebooks:
+  - The `taxii_ransomware_feed.ipynb` notebook was replaced with `taxii_feed.ipynb`.
+
+- **Scenarios and Workflows** notebooks:
+  - Added the `advanced_search_using_network_indicators.ipynb` notebook.
 
 Starting with ReversingLabs SDK version 2.8.0, the **ReversingLabs SDK Cookbook** project's release cycle and versioning are closely tied to this project.  
 This changelog will also be keeping track of changes made to the ReversingLabs SDK Cookbook project.

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2024 ReversingLabs
+Copyright (c) 2025 ReversingLabs
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

ReversingLabs/SDK/__init__.py

@@ -5,4 +5,4 @@
 A Python SDK for communicating with ReversingLabs services.
 """
 
-__version__ = "2.8.3"
+__version__ = "2.9.0"

ReversingLabs/SDK/a1000.py

@@ -6,6 +6,7 @@
 """
 
 import datetime
+import inspect
 import requests
 import time
 from urllib import parse
@@ -104,7 +105,6 @@ def __init__(self, host, username=None, password=None, token=None, fields_v2=__F
             token = self.__get_token(username, password)
 
         self._headers = {
-            "User-Agent": self._user_agent,
             "Authorization": "Token {token}".format(token=token)
         }
         self._fields_v2 = fields_v2
@@ -291,7 +291,7 @@ def submit_url_for_analysis(self, url_string, crawler=None, archive_password=Non
 
         response = self.__post_request(
             url=url,
-            data=data,
+            data=data
         )
 
         self.__raise_on_error(response)
@@ -489,7 +489,10 @@ def get_summary_report_v2(self, sample_hashes, retry=True, fields=None, include_
             "skip_reanalysis": str(skip_reanalysis).lower()
         }
 
-        response = self.__post_request(url=url, data=data)
+        response = self.__post_request(
+            url=url,
+            data=data
+        )
 
         self.__raise_on_error(response)
 
@@ -628,7 +631,10 @@ def get_detailed_report_v2(self, sample_hashes, retry=False, fields=None, skip_r
 
             data["include_networkthreatintelligence"] = str(include_networkthreatintelligence).lower()
 
-        response = self.__post_request(url=url, data=data)
+        response = self.__post_request(
+            url=url,
+            data=data
+        )
         self.__raise_on_error(response)
 
         return response
@@ -803,7 +809,10 @@ def reanalyze_samples_v2(self, hash_input, titanium_cloud=False, titanium_core=F
             "rl_cloud_sandbox_platform": rl_cloud_sandbox_platform
         }
 
-        response = self.__post_request(url=url, data=data)
+        response = self.__post_request(
+            url=url,
+            data=data
+        )
 
         self.__raise_on_error(response)
 
@@ -976,7 +985,10 @@ def delete_samples(self, hash_input):
 
             data = {"hash_values": hash_input}
 
-            response = self.__post_request(url=url, data=data)
+            response = self.__post_request(
+                url=url,
+                data=data
+            )
 
         else:
             raise WrongInputError("hash_input parameter must be a single hash string or "
@@ -1234,7 +1246,10 @@ def set_classification(self, sample_hash, classification, system, risk_score=Non
 
         url = self._url.format(endpoint=endpoint)
 
-        response = self.__post_request(url=url, data=data)
+        response = self.__post_request(
+            url=url,
+            data=data
+        )
 
         self.__raise_on_error(response)
 
@@ -1812,8 +1827,8 @@ def advanced_search_v3(self, query_string, ticloud=False, start_search_date=None
             Query string example:
             'av-count:5 available:TRUE'
 
-            :param query_string: query string
-            :type query_string: str
+            :param query_string: search query; can be a string or a dict
+            :type query_string: str or dict
             :param ticloud: show only cloud results
             :type ticloud: bool
             :param start_search_date: the starting date for the search; this parameter represents the later
@@ -1834,9 +1849,6 @@ def advanced_search_v3(self, query_string, ticloud=False, start_search_date=None
             :return: response
             :rtype: requests.Response
         """
-        if not isinstance(query_string, str):
-            raise WrongInputError("The search query must be a string.")
-
         if not isinstance(ticloud, bool):
             raise WrongInputError("ticloud parameter must be boolean.")
 
@@ -1888,8 +1900,8 @@ def advanced_search_v3_aggregated(self, query_string, ticloud=False, start_searc
             Query string example:
             'av-count:5 available:TRUE'
 
-            :param query_string: query string
-            :type query_string: str
+            :param query_string: search query; can be a string or a dict
+            :type query_string: str or dict
             :param ticloud: show only cloud results
             :type ticloud: bool
             :param start_search_date: the starting date for the search; this parameter represents the later
@@ -2472,6 +2484,9 @@ def __get_request(self, url, params=None):
             :return: response
             :rtype: requests.Response
         """
+        self._headers["User-Agent"] = (f"{self._user_agent}; {self.__class__.__name__} "
+                                       f"{inspect.currentframe().f_back.f_code.co_name}")
+
         response = requests.get(
             url=url,
             verify=self._verify,
@@ -2494,6 +2509,9 @@ def __post_request(self, url, post_json=None, files=None, data=None, params=None
             :return: response
             :rtype: requests.Response
         """
+        self._headers["User-Agent"] = (f"{self._user_agent}; "
+                                       f"{self.__class__.__name__} {inspect.currentframe().f_back.f_code.co_name}")
+
         response = requests.post(
             url=url,
             json=post_json,
@@ -2514,6 +2532,9 @@ def __delete_request(self, url, post_json=None):
         :return: response
         :rtype: requests.Response
         """
+        self._headers["User-Agent"] = (f"{self._user_agent}; {self.__class__.__name__} "
+                                       f"{inspect.currentframe().f_back.f_code.co_name}")
+
         response = requests.delete(
             url=url,
             json=post_json,