Release Notes



  • Updated jobs module to delete by name when using replace for groups.
  • Updated token renewal to log more information on failure.
  • Updated playbooks read binary array to better handle null values.


  • Updated file indicator class for proper handling of attributes, tag, and labels.
  • Updated expand_indicators() method to use a new regex to handle more formats for file hashes and custom indicators.


  • Fixed issue with embedded variable matching during exact variable check.


  • Updated Resource for py2 unicode issue in ipaddress module.


  • Updated Resource module to automatically handle files hashes in format “md5 : sha1 : sha256”.
  • Updated Resource module to reformat ipv6 addresses to same format as TC.


  • Updated template with better logic to detect Python lib directory version.
  • Updates to regex patterns for variable matching in playbook module.
  • Cleanup of playbook module in handling variables.


  • Major update to read_embedded() method to better support embedded variables.
  • Add –report arg to tcrun to output a JSON report of profiles and run data.
  • Added new JSON string comparison operator (jc/json compare) to tcdata to compare two json string (requires deepdiff to be installed locally).


  • Added KeyValueArray operator to tcdata which allow searching for a single key/value entry in array.
  • Update functionality to replace non-quoted embedded variable to handle duplicate variables in KeyValueArray.


  • Added new string comparison operator (sc) to tcdata that strips all white space before eq comparison.
  • Added new functionality to TcExPlaybook to replace non-quoted embedded variables in Read KeyValueArrays.
  • Updated Create KeyValue/KeyValueArray methods to not JSON load when passed a String.
  • Added any_to_datetime() method to return datetime.datetime object.
  • Added timedelta() method to return delta object from two provided datetime expressions.


  • Fixed issue with _newstr_ and dynamic class generation.


  • Updated all TcEx framework CLI commands to use utf-8 encoding by default.
  • Replaced usage of unicode with built-ins str (Python 2/3 compatible.
  • Replaced usage of long with built-ins int (Python 2/3 compatible).
  • Update used of urllib.quote to be Python 2/3 compatible.


  • Updated association_custom() to handle boolean values that are passed as strings.
  • Updated _resource() method to handle boolean returned as strings from the API.
  • Updated tcdata to properly delete indicators when using --clear arg.
  • Update the log module to use tcex instead of tcapp.


  • Added TcExUtils module with date functions to handle common date use cases.
  • Added DeepDiff functionality to tcdata for validating unsorted dictionaries and list.
  • Updated tcdata to pull item from lists by index for easier comparison.
  • Updated read() method to allow disabling of automatically resolving embedded variables.
  • Updated association_custom() method to support file actions.
  • Updated file_action() method as alias to association_custom().


  • Updated tcdata command for issue on sorting list in Python 3.
  • Added update for tcex.json file to allow the App Version to be specified instead of using programVersion from install.json.


  • Added stub support for associatedGroup in Batch Indicator JSON.
  • Updated the TcEx Job module to better handle Document uploads in Python 3.
  • Updated TcEx Resource module to support query parameter list in the add_payload() method.
  • Updated TcEx Request module to support query parameter list in the add_payload() method.
  • Updated tclib to remove the old lib directory before creating the lib directory.


  • Updated the TcEx framework to only build custom indicator classes when working with custom indicators.
  • Updated TcJobs module group add logic to fix issue with skipping existing groups.
  • Updated TcJobs module to handle associatedGroup passed as string or int when using /v2.


Breaking change to any App that uses the Direct Access method with a Custom Indicator type.



  • Fixed issue in tcdata when validating data is a not string type.
  • Updated tcprofile to set type check to binary on Binary data.


  • Updated playbook create_binary and create_binary array for to better support Py3.
  • Update tcdata to support Security Labels in staged data.
  • Update tcdata to support adding Associations.
  • Update tcdata to support variable reference #App:4768:tc.address!TCEntity::value during validation.


  • Updated tcdata to validate String as string_types for “is type” check using six module.
  • Added fix for code font not matching line numbers in the docs.


  • Added CustomMetric module to Resource module.
  • Renamed _args variable in to default_args.
  • Renamed _parser variable in to parser.
  • Code cleanup (removing any Python 2.5 specific code).



  • Replace use of str() in TcEx playbook module.
  • Updated tcrun to pass data_owner for each action on tcdata.
  • Updated tcdata to stage TC data via /v2 instead of batch.
  • Updated tcdata write Entity out as variable.


  • Updated tcprofile to support new parameters.
  • Updated tcdata to properly handle older tcex.json files.
  • Updated read_embedded() method handle unicode error.
  • Added additional logging to TcEx Job for logging API response.


  • Added job() association feature to handle group->indicator and group->group associations.
  • Added safe_group_name() method to ensure group meet the required length.
  • Added tcdata initial feature to stage Groups and Indicators in ThreatConnect.
  • Updated tcrun to use new parameter for logging.
  • Updated job() to support upload of file to Document group.


  • Updated token renewal URL.
  • Updated tcprofile to include api_default_org, tc_proxy_external, tc_proxy_host, tc_proxy_port, tcp_proxy_password, tc_proxy_tc, tc_proxy_username.
  • Updated tcprofile changing tc_playbook_db_path and tc_playbook_db_port parameters to environment variables by default.
  • Updated tcprofile changing logging to tc_log_level.
  • Updated tclib to check for requirements.txt.


  • Updates to tcex.playbook, tcrun, and tcdata to support deleting data from Redis from previous runs.


  • Updated tcrun to handle issue where install_json is not defined in the tcex.json file and script name was improperly being set.


  • Updated create_output() method to fix issue when using output variables of the same name and different types.


  • Updated tcrun to not check for the program main file for Java Apps.


  • Initial update to tcrun to support running Java Apps.
  • Added support for install_json profile parameter to tcex.json. This should be included in all tcex.json files going forward.
  • Added support for java_path config parameter to tcex.json for custom java path. Default behavior is to use the default version of java from user path.
  • Added support for class_path profile parameter to tcex.json for custom java paths. By default ./target/ will be used as the class_pass value.
  • Updated tcpackage to grab minor version from programVersion in install.json. If no programVersion found the default version of an App is 1.0.0.
  • Cleanup for PEP8 and more.


  • Updated json() method to use proper entity value.
  • Updated tcprofile to use default env values for API credentials.
  • Adding groups parameter to tcex.json so a profile can be part of multiple groups.


  • Added additional exclude values for IDE directories.
  • Added app_name parameter to tcex.json for App built on system where App directory is not the App name.
  • Updated tcpackage to use new app_name if exists and default back to App directory name.
  • Updated tcprofile to only output redis variable for Playbook Apps.
  • Updated tclib to have default config value for instance where there is not tcex.json file.


  • Update Building Apps section of the Documentation.
  • Updated required module versions (requests, python-dateutil, and redis).
  • Fixed issue with sleep parameter being ignored in tcrun.
  • Updated tclib to automatically read tcex.json.
  • Updated tcpackage to output Apps zip files with .tcx extension.


  • Added support for Binary data type in tcdata for staging.


  • Added platform for docker support.


  • Added platform check for subprocess calls.
  • Added additional error logging for tcrun command.


  • Added better support for build / test commands on Windows platform.


  • Removing pip as a dependency.


  • Updated tcdata to support multiple operators for validation.
  • Added tcprofile command to automatically build testing profiles from install.json.
  • Updated tcrun to create log, out, and temp directories for testing output.
  • Updated tcpackage to exclude .pyc files and __pycache__ directory.


  • Updated tcpackage to append version number to zip_file.
  • Added a bundle_name parameter to tcex.json file for systems where the directory name doesn’t represent the App name.


  • Minor update on tcdata for issue with bytes string in Python 3.


  • Added new tcdata, tclib, tcpackage, and tcrun commands for App testing and packaging ( will be deprecated in the future).
  • Updates to for new lib directory structure create with pip (replaced easy_install).
  • Apps should now be built with requirements.txt instead of


  • Updated association_custom() method to support DELETE/POST Methods.
  • Added _association_types() method to load Custom Association types from API.
  • Added indicator_types_data property with full Indicator Type data.
  • Added indicator_associations_types_data property with full Indicator Association Type data.


  • Update to playbookdb variable name.
  • Updated template for proper exit code.


  • Added support for output variable of the same name, but different types.
  • Support for new TCKeyValueAPI DB types in Playbook Apps. This is a seamless change to the Apps.
  • Updated authorization() method to return properly formatted header when no token_expires is provided.
  • Added automatic Authorization to request_tc() method.
  • Updated documentation for Request module.





  • Added download() method to download signature data.
  • Added urlencoding to proxy user and password.


  • Added job() method to allow multiple jobs to run in an App.
  • Update s() method to fix issues in Python 3.



  • Updated indicator_body() to support missing hashes.
  • Added false_positive() endpoint for indicators.
  • Merged pull requests for better native Python3 support.
  • Added Campaign to group types.
  • Increased request timeout to 300 seconds.


  • Updated read_embedded() method logic for null values and better support of mixed values.


  • Update to TcExJob module for file hashes updates using v2/indicators/files.


  • Update to TcExJob module for file hashes updates using v2/indicators/files.


  • Updated read_embedded() method to support different formatting dependent on the parent variable type.
  • Updated Resource module for an issue where copying the instance causing errors with request instance in Python3.
  • Updated TcExLocal run() method to better format error output.


  • Adding add_payload() method to DataStore class.
  • Fixed issue with TcExJob module where batch indicator POST with chunking would fail after first chunk.
  • Added safe_indicator() method to urlencode and cleanup indicator before associations, etc.
  • Updated expand_indicators() method to use a regex instead of split for better support of custom indicators.
  • Updated _process_indicators_v2 to better handle custom indicator types.
  • Updated read_embedded() method to strip off double quote from JSON string on mixed types and to decode escaped strings.
  • Updated Resource module so that all indicator are URL encoded before adding to the URI.
  • Updated indicator_body() method to only include items in the JSON body if not None.
  • Updated indicators() method to handle extra white spaces on the boundary.
  • Added additional standard args of api_default_org and tc_in_path.


  • Breaking change to Resource module. All _pivot() and associations() methods now take a instance of Resource and return a copy of the current Resource instance. Other methods such as security_label() and tags() now return a copy of the current Resource instance.
  • Added Tag Resource class.
  • Added resource() method to get instance of Resource instance.
  • Added DataStore Resource class to the Resource module.
  • Updated TcExJob module for changes in the Resource module.



  • Added logic around retrieving Batch Errors to handle 404.
  • Added new exit() method for playbook apps (exit code of 3 to 1 for partial success).



  • Updated TcExJob module to allow indicators to be added via /v2/indicators/<type>.
  • Updated structure for attributes/tags adds on groups to use singular version (attribute/tag) in Jobs modules to match format used for Indicators.
  • Added custom, case_preference and parsable properties to Resource module.
  • Added logic to cleanup temporary JSON bulk file. When logging is “debug” a compressed copy of the file will remain.


  • Fixed issue in tcex_resources module with pagination stopping before all results are retrieved.


  • Added s() method to replace the to_string() method (handle bad unicode in Python2 and still support Python3).
  • Updated read_embedded() method to better handle embedded Vars.


  • Added indicators() method to allow iteration over indicator values in Indicator response JSON.







  • Fixed issue with boolean parameters having an extra space at the end.


  • Updated _parameters() method to build a list for subprocess.popen instead of a string.
  • Updated install.json schema to support note field.


  • Remove hiredis as a dependency.
  • Added hvac as a dependency for vault credential storage.
  • Added ability to use Vault as a credential store for local testing.
  • Fix to Args wrapper for Windows (‘ to “).


  • Added sleep option for test profiles that take time to complete.


  • Update to tcex_local module to change tc.json profiles to list instead of dictionary to maintain order of profiles.
  • Added feature to tcex_local to read environment variables for value in tc.json (e.g. $evn.my_api_key).


  • Handle None type returned by Redis module.


  • Added to_string() method to replace old uni() method (handle Python 2/3 encoding for apps).


  • Update for string, unicode, bytes issue between Python 2/3


  • Update of tcex_local module for Python 2/3 support.
  • Update binary methods in tcex_playbook module for Python 2/3 support.


  • Rework of tcex_local run() logic to support updated tc.json schema.
  • Changed –test arg to –profile in _required_arguments().
  • Added script field to tc.json that matches –script arg to support predefined script names.
  • Added group field to tc.json that matches –group arg in _required_arguments() to support running multiple profiles.
  • Added inflect requirement version 0.2.5.
  • Changed python-dateutil requirement to version 2.6.10.
  • Changed requests requirement to version 2.13.0.



  • Added accepted status code of 201 for Custom Indicator POST on dynamic class creation.





  • Updated tcex_local for additional parameter support during build process.


  • Update tcex_local for exit code when is called (maven build issue).
  • Added new log event for proxy settings.




  • Documentation updates.
  • Changes to tcex_resources to allow iteration over the instance to retrieve paginated results.
  • Updates to support persistent args when running app locally.
  • Updated playbook module for Python 3.
  • Added logging of platform for debugging purposes.
  • Cleanup and Pep 8 changes.





  • Change logging level logic to use logging over tc_logging_level if it exist.
  • Added App version logging attempt.


  • Updated _resources() method to handle TC version without custom indicators.
  • Updated logging to better debug API request failures.
  • Updated package command to create lib directory with python version (e.g. lib_3.6.0)
  • Logging the Logging Level, Python and TcEx version for additional debugging.


  • Updated open call for bytes issue on Python 3


  • Updated to for Python 3 support



  • Added Campaign() Class.
  • Multiple updates to documentation


  • Updates to for build


  • Initial Public Release