From b58c1d6810391248123bbfa38df613f1862596f9 Mon Sep 17 00:00:00 2001 From: Peter Annabel Date: Mon, 28 Jul 2025 15:00:23 -0500 Subject: [PATCH] Fix model for incidents field of reports --- pyproject.toml | 10 +++++++--- requirements.txt | 3 +++ src/pyhuntress/models/siem/__init__.py | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 requirements.txt diff --git a/pyproject.toml b/pyproject.toml index 8f216fd..28dcf72 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "pyhuntress" -version = "0.1.1" +version = "0.2.2" authors = [ { name="Peter Annabel", email="peter.annabel@gmail.com" }, ] @@ -27,11 +27,15 @@ keywords = [ ] license = "GPL-3.0-only" license-files = ["LICEN[CS]E*"] +dynamic = ["dependencies"] [project.urls] Homepage = "https://github.com/brygphilomena/pyhuntress" Issues = "https://github.com/brygphilomena/pyhuntress/issues" [build-system] -requires = ["hatchling >= 1.26"] -build-backend = "hatchling.build" \ No newline at end of file +requires = ["hatchling >= 1.26", "hatch-requirements-txt"] +build-backend = "hatchling.build" + +[tool.hatch.metadata.hooks.requirements_txt] +files = ["requirements.txt"] \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..04189d9 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,3 @@ +requests==2.32.4 +pydantic==2.11.7 +typing_extensions==4.14.1 diff --git a/src/pyhuntress/models/siem/__init__.py b/src/pyhuntress/models/siem/__init__.py index 3d183ad..6705ed9 100644 --- a/src/pyhuntress/models/siem/__init__.py +++ b/src/pyhuntress/models/siem/__init__.py @@ -237,7 +237,7 @@ class SIEMReports(HuntressModel): ransomware_note: str | None = Field(default=None, alias="RansomwareNote") # Huntress has incident_log listed as "complex" with the note "A JSON representation of any critical # or high severity incidents from this report" - incident_log: str | None = Field(default=None, alias="IncidentLog") + incident_log: list[dict[str, Any]] | None = Field(default=None, alias="IncidentLog") total_mav_detection_count: int | None = Field(default=None, alias="TotalMAVDetectionCount") blocked_malware_count: int | None = Field(default=None, alias="BlockedMalwareCount") investigated_mav_detection_count: int | None = Field(default=None, alias="InvestigatedMAVDetectionCount")