From b2c9b9d8473c8ea5f30e8420de397f9a7699f649 Mon Sep 17 00:00:00 2001
From: Cecilia Stevens <63068179+ceciliastevens@users.noreply.github.com>
Date: Fri, 12 Jun 2026 09:31:23 -0400
Subject: [PATCH] INTEG-3207 - support actorName and ruleName

---
 CHANGELOG.md                                | 5 +++++
 src/_incydr_cli/cmds/sessions.py            | 1 +
 src/_incydr_sdk/sessions/models/models.py   | 1 +
 src/_incydr_sdk/sessions/models/response.py | 2 ++
 tests/test_sessions.py                      | 8 +++++++-
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 955c365..d5b8a76 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,11 @@
  how a consumer would use the library or CLI tool (e.g. adding unit tests, updating documentation, etc) are not captured
  here.
 
+## Unreleased
+
+### Added
+- Support for the `actorName` and `ruleName` fields on the Session response object.
+
 ## 2.12.1 - 2026-06-05
 
 ### Fixed
diff --git a/src/_incydr_cli/cmds/sessions.py b/src/_incydr_cli/cmds/sessions.py
index 5b9712f..9311215 100644
--- a/src/_incydr_cli/cmds/sessions.py
+++ b/src/_incydr_cli/cmds/sessions.py
@@ -196,6 +196,7 @@ def search(
                 "context_summary",
                 "exfiltration_summary",
                 "actor_id",
+                "actor_name",
                 "low_events",
                 "moderate_events",
                 "high_events",
diff --git a/src/_incydr_sdk/sessions/models/models.py b/src/_incydr_sdk/sessions/models/models.py
index 17b4555..4c79482 100644
--- a/src/_incydr_sdk/sessions/models/models.py
+++ b/src/_incydr_sdk/sessions/models/models.py
@@ -65,6 +65,7 @@ class Alert(Model):
     alert_id: Optional[str] = Field(alias="alertId")
     lesson_id: Optional[str] = Field(alias="lessonId")
     rule_id: Optional[str] = Field(alias="ruleId")
+    rule_name: Optional[str] = Field(None, alias="ruleName")
 
 
 class SessionsCriteriaRequest(BaseModel):
diff --git a/src/_incydr_sdk/sessions/models/response.py b/src/_incydr_sdk/sessions/models/response.py
index ec37f73..b8739fc 100644
--- a/src/_incydr_sdk/sessions/models/response.py
+++ b/src/_incydr_sdk/sessions/models/response.py
@@ -20,6 +20,7 @@ class Session(ResponseModel):
     **Fields**:
 
     * **actor_id**: `str` The ID of the actor that generated the session.
+    * **actor_name**: `str` The name of the actor that generated the session.
     * **type**: `str` The type of the session.
     * **begin_time**: `datetime` The date and time when this session began.
     * **content_inspection_results**: `List[ContentInspectionResult]` The results of content inspection.
@@ -43,6 +44,7 @@ class Session(ResponseModel):
     """
 
     actor_id: Optional[str] = Field(None, alias="actorId")
+    actor_name: Optional[str] = Field(None, alias="actorName")
     type: Optional[str] = Field(None)
     begin_time: Optional[int] = Field(None, alias="beginTime")
     content_inspection_results: Optional[ContentInspectionResult] = Field(
diff --git a/tests/test_sessions.py b/tests/test_sessions.py
index 9f8f1eb..dae4c01 100644
--- a/tests/test_sessions.py
+++ b/tests/test_sessions.py
@@ -30,6 +30,7 @@
 
 TEST_SESSION = {
     "actorId": TEST_SESSION_ID,
+    "actorName": "test_actor_name",
     "type": "STANDARD",
     "beginTime": POSIX_TS,
     "contentInspectionResults": {"detectedOnAlerts": ["PII"]},
@@ -66,7 +67,12 @@
     ],
     "tenantId": "string",
     "triggeredAlerts": [
-        {"alertId": "alert-id", "lessonId": "lesson-id", "ruleId": "rule-id"}
+        {
+            "alertId": "alert-id",
+            "lessonId": "lesson-id",
+            "ruleId": "rule-id",
+            "ruleName": "rule name",
+        }
     ],
     "userId": "string",
 }