diff --git a/CHANGELOG.md b/CHANGELOG.md
index db49b8e3..ab5bf01d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,8 @@ how a consumer would use the library (e.g. adding unit tests, updating documenta
 
 - A TOTP token is now required on `code42 profile` commands that check for password validity when a user has MFA enabled.
 
+- Updated minimum version of py42 to `1.18.0` to provide access to `FIRST_DESTINATION_USE` and `RARE_DESTINATION_USE` search filters.
+
 ### Fixed
 
 - `code42 profile delete` command now prints a clear error message when deletion target doesn't exist.
diff --git a/setup.py b/setup.py
index db2e7bed..a2d0457b 100644
--- a/setup.py
+++ b/setup.py
@@ -40,7 +40,7 @@
         "keyrings.alt==3.2.0",
         "ipython>=7.16.1",
         "pandas>=1.1.3",
-        "py42>=1.17.0",
+        "py42>=1.18.0",
     ],
     extras_require={
         "dev": [
diff --git a/src/code42cli/cmds/securitydata.py b/src/code42cli/cmds/securitydata.py
index 85662505..e0cd582c 100644
--- a/src/code42cli/cmds/securitydata.py
+++ b/src/code42cli/cmds/securitydata.py
@@ -177,7 +177,7 @@
     "PROTONMAIL": RiskIndicator.EmailServiceUploads.PROTONMAIL,
     "QQMAIL": RiskIndicator.EmailServiceUploads.QQMAIL,
     "SINA_MAIL": RiskIndicator.EmailServiceUploads.SINA_MAIL,
-    "SOHU_MAIl": RiskIndicator.EmailServiceUploads.SOHU_MAIl,
+    "SOHU_MAIL": RiskIndicator.EmailServiceUploads.SOHU_MAIL,
     "YAHOO": RiskIndicator.EmailServiceUploads.YAHOO,
     "ZOHO_MAIL": RiskIndicator.EmailServiceUploads.ZOHO_MAIL,
     "AIRDROP": RiskIndicator.ExternalDevices.AIRDROP,
@@ -207,6 +207,8 @@
     "FILE_MISMATCH": RiskIndicator.UserBehavior.FILE_MISMATCH,
     "OFF_HOURS": RiskIndicator.UserBehavior.OFF_HOURS,
     "REMOTE": RiskIndicator.UserBehavior.REMOTE,
+    "FIRST_DESTINATION_USE": RiskIndicator.UserBehavior.FIRST_DESTINATION_USE,
+    "RARE_DESTINATION_USE": RiskIndicator.UserBehavior.RARE_DESTINATION_USE,
 }
 risk_indicator_map_reversed = {v: k for k, v in risk_indicator_map.items()}
 
diff --git a/tests/cmds/test_securitydata.py b/tests/cmds/test_securitydata.py
index 762b04f9..1e5adf13 100644
--- a/tests/cmds/test_securitydata.py
+++ b/tests/cmds/test_securitydata.py
@@ -854,7 +854,7 @@ def test_search_and_send_to_when_given_risk_indicator_uses_risk_indicator_filter
         ("PROTONMAIL", RiskIndicator.EmailServiceUploads.PROTONMAIL),
         ("QQMAIL", RiskIndicator.EmailServiceUploads.QQMAIL),
         ("SINA_MAIL", RiskIndicator.EmailServiceUploads.SINA_MAIL),
-        ("SOHU_MAIl", RiskIndicator.EmailServiceUploads.SOHU_MAIl),
+        ("SOHU_MAIL", RiskIndicator.EmailServiceUploads.SOHU_MAIL),
         ("YAHOO", RiskIndicator.EmailServiceUploads.YAHOO),
         ("ZOHO_MAIL", RiskIndicator.EmailServiceUploads.ZOHO_MAIL),
         ("AIRDROP", RiskIndicator.ExternalDevices.AIRDROP),
@@ -887,6 +887,8 @@ def test_search_and_send_to_when_given_risk_indicator_uses_risk_indicator_filter
         ("FILE_MISMATCH", RiskIndicator.UserBehavior.FILE_MISMATCH),
         ("OFF_HOURS", RiskIndicator.UserBehavior.OFF_HOURS),
         ("REMOTE", RiskIndicator.UserBehavior.REMOTE),
+        ("FIRST_DESTINATION_USE", RiskIndicator.UserBehavior.FIRST_DESTINATION_USE),
+        ("RARE_DESTINATION_USE", RiskIndicator.UserBehavior.RARE_DESTINATION_USE),
     ],
 )
 def test_all_caps_risk_indicator_choices_convert_to_risk_indicator_string(