diff --git a/global_helpers/panther_aws_helpers.py b/global_helpers/panther_aws_helpers.py index 5986c9cdd..738db8cb3 100644 --- a/global_helpers/panther_aws_helpers.py +++ b/global_helpers/panther_aws_helpers.py @@ -29,7 +29,7 @@ def aws_strip_role_session_id(user_identity_arn): return user_identity_arn -def aws_rule_context(event: dict): +def aws_rule_context(event): return { "eventName": event.get("eventName", ""), "eventSource": event.get("eventSource", ""), @@ -41,7 +41,7 @@ def aws_rule_context(event: dict): } -def aws_guardduty_context(event: dict): +def aws_guardduty_context(event): return { "description": event.get("description", ""), "severity": event.get("severity", ""), diff --git a/global_helpers/panther_box_helpers.py b/global_helpers/panther_box_helpers.py index cf4259c97..eb65e1dd5 100644 --- a/global_helpers/panther_box_helpers.py +++ b/global_helpers/panther_box_helpers.py @@ -139,7 +139,7 @@ def build_jwt_settings(response: dict) -> dict: # 'additional_details' from box logs varies by event_type. # This helper wraps the process of extracting those details. -def box_parse_additional_details(event: dict): +def box_parse_additional_details(event): additional_details = event.get("additional_details", {}) if isinstance(additional_details, (str, bytes)): try: diff --git a/global_helpers/panther_cloudflare_helpers.py b/global_helpers/panther_cloudflare_helpers.py index 3c2547eee..a0926ae8d 100644 --- a/global_helpers/panther_cloudflare_helpers.py +++ b/global_helpers/panther_cloudflare_helpers.py @@ -38,7 +38,7 @@ def map_source_to_name(event: Any) -> str: ) -def cloudflare_fw_alert_context(event: dict = None): +def cloudflare_fw_alert_context(event=None): keep_keys = [ "Action", "ClientIP", @@ -57,7 +57,7 @@ def cloudflare_fw_alert_context(event: dict = None): return context_dict -def cloudflare_http_alert_context(event: dict = None): +def cloudflare_http_alert_context(event=None): keep_keys = [ "BotScore", "BotScoreSrc", diff --git a/global_helpers/panther_crowdstrike_fdr_helpers.py b/global_helpers/panther_crowdstrike_fdr_helpers.py index 15c28f9db..214b1ffa3 100644 --- a/global_helpers/panther_crowdstrike_fdr_helpers.py +++ b/global_helpers/panther_crowdstrike_fdr_helpers.py @@ -1,4 +1,4 @@ -def crowdstrike_detection_alert_context(event: dict): +def crowdstrike_detection_alert_context(event): """Returns common context for Crowdstrike detections""" return { "aid": get_crowdstrike_field(event, "aid", default=""), @@ -13,7 +13,7 @@ def crowdstrike_detection_alert_context(event: dict): } -def crowdstrike_process_alert_context(event: dict): +def crowdstrike_process_alert_context(event): """Returns common process context for Crowdstrike detections""" return { "aid": get_crowdstrike_field(event, "aid", default=""), @@ -28,7 +28,7 @@ def crowdstrike_process_alert_context(event: dict): } -def crowdstrike_network_detection_alert_context(event: dict): +def crowdstrike_network_detection_alert_context(event): """Returns common network context for Crowdstrike detections""" return { "LocalAddressIP4": get_crowdstrike_field(event, "LocalAddressIP4", default=""), diff --git a/global_helpers/panther_duo_helpers.py b/global_helpers/panther_duo_helpers.py index 6eb00ad58..aea974746 100644 --- a/global_helpers/panther_duo_helpers.py +++ b/global_helpers/panther_duo_helpers.py @@ -2,7 +2,7 @@ from json import JSONDecodeError -def deserialize_administrator_log_event_description(event: dict) -> dict: +def deserialize_administrator_log_event_description(event) -> dict: """Intelligently try and decode a field that is usually stringified json into a python dict. This description field seems to take the form of stringified json, So this function diff --git a/global_helpers/panther_lookuptable_helpers.py b/global_helpers/panther_lookuptable_helpers.py index 295db4a2a..1d059ba14 100644 --- a/global_helpers/panther_lookuptable_helpers.py +++ b/global_helpers/panther_lookuptable_helpers.py @@ -27,7 +27,7 @@ def _lookup(self, match_field: str, *keys) -> list or str: def p_matched(self): return self._p_matched - def p_matches(self, event: dict, p_match: str = "") -> dict: + def p_matches(self, event, p_match: str = "") -> dict: """Collect enrichments by searching for a value match in the p_match field Parameters: diff --git a/global_helpers/panther_okta_helpers.py b/global_helpers/panther_okta_helpers.py index b8cf79cbe..ffbfb8af8 100644 --- a/global_helpers/panther_okta_helpers.py +++ b/global_helpers/panther_okta_helpers.py @@ -1,4 +1,4 @@ -def okta_alert_context(event: dict): +def okta_alert_context(event): """Returns common context for automation of Okta alerts""" return { "event_type": event.get("eventtype", ""),