Feature/integ 3159/trust updates

CHANGELOG.md

@@ -16,7 +16,9 @@
 - Added the `GroupingEventQuery` class, used to make these queries.
 - Added the cli command `incydr file-events search-groups` to get approximate aggregate file event counts by a given grouping term.
 - Added the `type` parameter to session search methods and commands, allowing users to filter results to STANDARD or ACCOUNT_TAKE_OVER.
-
+- Added the `is_high_value` option to trusted activity methods in the SDK, and the `--high-value` option to trusted activity methods in the CLI.
+- Added the ability to specify domain trust for browser destinations, allowing users to specify when users should be allowed to use certain destinations when logged-in using a trusted domain.
+- Added the ability to specify trust for file-transfer tools when adding a trusted domain.
 
 ## 2.11.0 - 2026-02-10
 

docs/sdk/enums.md

@@ -604,6 +604,8 @@ Devices has been replaced by [Agents](#agents)
 * **FILE_UPLOAD** = `"FILE_UPLOAD"`
 * **GIT_PUSH** = `"GIT_PUSH"`
 * **GIT_REPOSITORY_URI** = `"GIT_REPOSITORY_URI"`
+* **USER_ACCOUNT_UPLOAD** = `"USER_ACCOUNT_UPLOAD"`
+* **FILE_TRANSFER** = `"FILE_TRANSFER"`
 
 ### Cloud Sync Apps
 
@@ -631,6 +633,30 @@ Devices has been replaced by [Agents](#agents)
 
 * **GMAIL** = `"GMAIL"`
 * **OFFICE_365** = `"OFFICE_365"`
+* **GOOGLE_DRIVE** = `"GOOGLE_DRIVE"`
+
+
+### Browser Destinations
+
+::: incydr.enums.trusted_activities.BrowserDestination
+    :docstring:
+
+* **AIRTABLE** = `"AIRTABLE"`
+* **AMAZON_WEB_SERVICES** = `"AMAZON_WEB_SERVICES"`
+* **BLACKBOX** = `"BLACKBOX"`
+* **BOX** = `"BOX"`
+* **CHATGPT** = `"CHATGPT"`
+* **CLAUDE** = `"CLAUDE"`
+* **CONCUR** = `"CONCUR"`
+* **CURSOR** = `"CURSOR"`
+* **DROPBOX** = `"DROPBOX"`
+* **GOOGLE_WORKSPACE** = `"GOOGLE_WORKSPACE"`
+* **MICROSOFT_365** = `"MICROSOFT_365"`
+* **NOTTA** = `"NOTTA"`
+* **OTTER** = `"OTTER"`
+* **PERPLEXITY** = `"PERPLEXITY"`
+* **SLACK** = `"SLACK"`
+* **YOU_DOT_COM** = `"YOU_DOT_COM"`
 
 ### Principal Types
 

src/_incydr_cli/cmds/trusted_activities.py

@@ -13,10 +13,21 @@
 from _incydr_cli.core import IncydrGroup
 from _incydr_sdk.core.client import Client
 from _incydr_sdk.enums.trusted_activities import ActivityType
+from _incydr_sdk.enums.trusted_activities import BrowserDestination
+from _incydr_sdk.enums.trusted_activities import CloudShareApps
+from _incydr_sdk.enums.trusted_activities import CloudSyncApps
+from _incydr_sdk.enums.trusted_activities import EmailServices
 from _incydr_sdk.trusted_activities.client import MissingActivityActionGroupsError
 from _incydr_sdk.trusted_activities.models import TrustedActivity
 from _incydr_sdk.utils import model_as_card
 
+high_value_option = click.option(
+    "--high-value",
+    is_flag=True,
+    default=False,
+    help="Indicate that this resource is a high-value source.",
+)
+
 
 @click.group(cls=IncydrGroup)
 @logging_options
@@ -150,6 +161,12 @@ def add():
     default=False,
     help="Trust file upload events to where the tab URL or title includes this domain.",
 )
+@click.option(
+    "--file-transfer",
+    is_flag=True,
+    default=False,
+    help="Trust file upload events to this domain using file transfer tools.",
+)
 @click.option(
     "--git-push",
     is_flag=True,
@@ -159,37 +176,49 @@ def add():
 @click.option(
     "--cloud-sync",
     "cloud_sync_services",
-    type=click.Choice(["BOX", "GOOGLE_DRIVE", "ICLOUD", "ONE_DRIVE"]),
+    type=click.Choice([x.value for x in CloudSyncApps]),
     default=[],
     help="Specify which cloud sync service(s) to trust.",
     multiple=True,
 )
 @click.option(
     "--cloud-share",
     "cloud_share_services",
-    type=click.Choice(["BOX", "GOOGLE_DRIVE", "ONE_DRIVE"]),
+    type=click.Choice([x.value for x in CloudShareApps]),
     default=[],
     help="Specify which cloud share service(s) to trust.",
     multiple=True,
 )
 @click.option(
     "--email-share",
     "email_share_services",
-    type=click.Choice(["GMAIL", "MICROSOFT_365"]),
+    type=click.Choice([x.value for x in EmailServices]),
     default=[],
     help="Specify which email share service(s) to trust.",
     multiple=True,
 )
+@click.option(
+    "--browser-destination",
+    "browser_destinations",
+    type=click.Choice([x.value for x in BrowserDestination]),
+    default=[],
+    help="Specify which browser destinations to trust when users are logged in with this domain.",
+    multiple=True,
+)
+@high_value_option
 @single_format_option
 @logging_options
 def domain_(
     domain: str,
     description: str = None,
     file_upload: bool = False,
+    file_transfer: bool = False,
     git_push: bool = False,
     cloud_sync_services: str = None,
     cloud_share_services: str = None,
     email_share_services: str = None,
+    browser_destinations: str = None,
+    high_value: bool = None,
     format_: SingleFormat = None,
 ):
     """
@@ -198,19 +227,23 @@ def domain_(
     The following activities can be configured:
 
     * `--file-upload` - Trust file uploads to this domain.  Defaults to false.
+    * `--file-transfer` - Trust file uploads to this domain using file transfer tools.  Defaults to false.
     * `--git-push` - Trust git push events to this domain.  Defaults to false.
-    * `--cloud-sync-services` [`BOX|GOOGLE_DRIVE|ICLOUD|ONE_DRIVE`] - Trust cloud sync activity from the specified service(s) if the username signed into the sync app is on this domain.
+    * `--cloud-sync` [`BOX|GOOGLE_DRIVE|ICLOUD|ONE_DRIVE`] - Trust cloud sync activity from the specified service(s) if the username signed into the sync app is on this domain.
         If you want to only trust activity for a specific corporate account, add a trusted account name instead.
-    * `--cloud-share-services` [`BOX|GOOGLE_DRIVE|ONE_DRIVE`] - Trust cloud share activity from the specified service(s) if the user its shared with is on this domain.
+    * `--cloud-share` [`BOX|GOOGLE_DRIVE|ONE_DRIVE`] - Trust cloud share activity from the specified service(s) if the user its shared with is on this domain.
         You must have a cloud connector configured for your tenant to support this trusted action.
-    * `--email-share-services` [`GMAIL|MICROSOFT_365`] - Trust email share activity from the specified service(s) if the email recipient is on this domain.
+    * `--email-share` [`GMAIL|OFFICE_365|GOOGLE_DRIVE`] - Trust email share activity from the specified service(s) if the email recipient is on this domain.
         You must have an email connector configured for your tenant to support this trusted action.
+    * `--browser-destination` [`AIRTABLE|AMAZON_WEB_SERVICES|BLACKBOX|BOX|CHATGPT|CLAUDE|CONCUR|CURSOR|DROPBOX|GOOGLE_WORKSPACE|MICROSOFT_365|NOTTA|OTTER|PERPLEXITY|SLACK|YOU_DOT_COM`]
+        Trust these destinations when users log in using this configured domain.
+    * `--high-value` - Indicate that this domain is a high value source.
 
-    Multiple options can be supplied to specify cloud-share, cloud-sync, and email-share services.
+    Multiple options can be supplied to specify cloud-share, cloud-sync, email-share services, and browser-destinations.
 
     For example, the following command will create a trusted domain that trusts file-uploads to the domain and cloud sync events from `BOX` and `ICLOUD`.
 
-        trusted-activities add domain --file-upload --cloud-sync-services BOX --cloud-sync-services ICLOUD
+        trusted-activities add domain --file-upload --cloud-sync BOX --cloud-sync ICLOUD
 
     """
     client = Client()
@@ -223,6 +256,9 @@ def domain_(
             cloud_sync_services=cloud_sync_services,
             cloud_share_services=cloud_share_services,
             email_share_services=email_share_services,
+            file_transfer_tools=file_transfer,
+            browser_destinations=browser_destinations,
+            is_high_value=high_value,
         )
     except MissingActivityActionGroupsError:
         raise click.UsageError(
@@ -234,37 +270,43 @@ def domain_(
 @add.command("url-path", cls=IncydrCommand)
 @click.argument("url_path")
 @click.option("--description", default=None, help="Optional description.")
+@high_value_option
 @single_format_option
 @logging_options
 def url_path_(
     url_path: str,
     description: str = None,
+    high_value: bool = False,
     format_: SingleFormat = None,
 ):
     """
     Trust browser uploads to only part of a domain by trusting a specific `URL_PATH` (ex: `my-domain.com/path`).
     """
     client = Client()
-    activity = client.trusted_activities.v2.add_url_path(url_path, description)
+    activity = client.trusted_activities.v2.add_url_path(
+        url_path, description, is_high_value=high_value
+    )
     _output_trusted_activity(activity, format_, client.settings.use_rich)
 
 
 @add.command(cls=IncydrCommand)
 @click.argument("workspace_name")
 @click.option("--description", default=None, help="Optional description.")
+@high_value_option
 @single_format_option
 @logging_options
 def slack_workspace(
     workspace_name: str,
     description: str = None,
+    high_value: bool = False,
     format_: SingleFormat = None,
 ):
     """
     Trust activity uploaded through a Slack workspace specified by `WORKSPACE_NAME`.
     """
     client = Client()
     activity = client.trusted_activities.v2.add_slack_workspace(
-        workspace_name, description=description
+        workspace_name, description=description, is_high_value=high_value
     )
     _output_trusted_activity(activity, format_, client.settings.use_rich)
 
@@ -284,13 +326,15 @@ def slack_workspace(
     default=False,
     help="Trust OneDrive as a cloud sync service.",
 )
+@high_value_option
 @single_format_option
 @logging_options
 def account(
     account_name: str,
     description: str = None,
     dropbox: bool = False,
     one_drive: bool = False,
+    high_value: bool = False,
     format_: SingleFormat = None,
 ):
     """
@@ -300,27 +344,33 @@ def account(
     """
     client = Client()
     activity = client.trusted_activities.v2.add_account_name(
-        account_name, description=description, dropbox=dropbox, one_drive=one_drive
+        account_name,
+        description=description,
+        dropbox=dropbox,
+        one_drive=one_drive,
+        is_high_value=high_value,
     )
     _output_trusted_activity(activity, format_, client.settings.use_rich)
 
 
 @add.command(cls=IncydrCommand)
 @click.argument("git_uri")
 @click.option("--description", default=None, help="Optional description.")
+@high_value_option
 @single_format_option
 @logging_options
 def git_repo(
     git_uri: str,
     description: str = None,
+    high_value: bool = False,
     format_: SingleFormat = None,
 ):
     """
     Trust file upload activity to a git repository.  Requires a `GIT_URI` path (ex: `bitbucket.org:exampleent/myrepo`).
     """
     client = Client()
     activity = client.trusted_activities.v2.add_git_repository(
-        git_uri, description=description
+        git_uri, description=description, is_high_value=high_value
     )
     _output_trusted_activity(activity, format_, client.settings.use_rich)
 

src/_incydr_sdk/enums/trusted_activities.py

@@ -12,6 +12,8 @@ class ActivityType(_Enum):
     FILE_UPLOAD = "FILE_UPLOAD"
     GIT_PUSH = "GIT_PUSH"
     GIT_REPOSITORY_URI = "GIT_REPOSITORY_URI"
+    USER_ACCOUNT_UPLOAD = "USER_ACCOUNT_UPLOAD"
+    FILE_TRANSFER = "FILE_TRANSFER"
 
 
 class CloudSyncApps(_Enum):
@@ -28,6 +30,7 @@ class CloudShareApps(_Enum):
 
 
 class EmailServices(_Enum):
+    GOOGLE_DRIVE = "GOOGLE_DRIVE"
     GMAIL = "GMAIL"
     OFFICE_365 = "OFFICE_365"
 
@@ -57,3 +60,22 @@ class SortKeys(_Enum):
     UPDATED_BY_PRINCIPAL_NAME = "UPDATED_BY_PRINCIPAL_NAME"
     UPDATE_TIME = "UPDATE_TIME"
     VALUE = "VALUE"
+
+
+class BrowserDestination(_Enum):
+    AIRTABLE = "AIRTABLE"
+    AMAZON_WEB_SERVICES = "AMAZON_WEB_SERVICES"
+    BLACKBOX = "BLACKBOX"
+    BOX = "BOX"
+    CHATGPT = "CHATGPT"
+    CLAUDE = "CLAUDE"
+    CONCUR = "CONCUR"
+    CURSOR = "CURSOR"
+    DROPBOX = "DROPBOX"
+    GOOGLE_WORKSPACE = "GOOGLE_WORKSPACE"
+    MICROSOFT_365 = "MICROSOFT_365"
+    NOTTA = "NOTTA"
+    OTTER = "OTTER"
+    PERPLEXITY = "PERPLEXITY"
+    SLACK = "SLACK"
+    YOU_DOT_COM = "YOU_DOT_COM"