Fix model for incidents field of reports

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "pyhuntress"
-version = "0.1.1"
+version = "0.2.2"
 authors = [
   { name="Peter Annabel", email="peter.annabel@gmail.com" },
 ]
@@ -27,11 +27,15 @@ keywords = [
 ]
 license = "GPL-3.0-only"
 license-files = ["LICEN[CS]E*"]
+dynamic = ["dependencies"]
 
 [project.urls]
 Homepage = "https://github.com/brygphilomena/pyhuntress"
 Issues = "https://github.com/brygphilomena/pyhuntress/issues"
 
 [build-system]
-requires = ["hatchling >= 1.26"]
+requires = ["hatchling >= 1.26", "hatch-requirements-txt"]
-build-backend = "hatchling.build"
+build-backend = "hatchling.build"
+
+[tool.hatch.metadata.hooks.requirements_txt]
+files = ["requirements.txt"]

requirements.txt

@@ -0,0 +1,3 @@
+requests==2.32.4
+pydantic==2.11.7
+typing_extensions==4.14.1

src/pyhuntress/models/siem/__init__.py

@@ -237,7 +237,7 @@ class SIEMReports(HuntressModel):
     ransomware_note: str | None = Field(default=None, alias="RansomwareNote")
     # Huntress has incident_log listed as "complex" with the note "A JSON representation of any critical
     # or high severity incidents from this report"
-    incident_log: str | None = Field(default=None, alias="IncidentLog")
+    incident_log: list[dict[str, Any]] | None = Field(default=None, alias="IncidentLog")
     total_mav_detection_count: int | None = Field(default=None, alias="TotalMAVDetectionCount")
     blocked_malware_count: int | None = Field(default=None, alias="BlockedMalwareCount")
     investigated_mav_detection_count: int | None = Field(default=None, alias="InvestigatedMAVDetectionCount")