diff --git a/analyzers/MSEntraID/MSEntraID.py b/analyzers/MSEntraID/MSEntraID.py index 3d5fe615f..b780eff1d 100755 --- a/analyzers/MSEntraID/MSEntraID.py +++ b/analyzers/MSEntraID/MSEntraID.py @@ -204,7 +204,7 @@ def handle_get_signins(self, headers, base_url): self.report(new_json) - except Exception as ex: + except Exception: self.error(traceback.format_exc()) def handle_get_userinfo(self, headers, base_url): @@ -411,7 +411,7 @@ def handle_get_userinfo(self, headers, base_url): self.report(user_details) - except Exception as ex: + except Exception: self.error(traceback.format_exc()) def handle_get_directoryAuditLogs(self, headers, base_url): @@ -548,7 +548,7 @@ def run(self): elif self.service == "getManagedDevicesInfo": self.handle_get_devices(headers, base_url) else: - self.error({"message": "Unidentified service"}) + self.error("Unidentified service") def summary(self, raw): taxonomies = [] diff --git a/responders/IBMQRadar/QRadarAutoClose.py b/responders/IBMQRadar/QRadarAutoClose.py index d5eff57ba..baae1ace2 100755 --- a/responders/IBMQRadar/QRadarAutoClose.py +++ b/responders/IBMQRadar/QRadarAutoClose.py @@ -34,7 +34,7 @@ def run(self): r.status_code == 409: self.report({'message': 'QRadar Offense succesfully closed !'}) else: - self.error({'message': r.status_code}) + self.error(r.status_code) if __name__ == '__main__': diff --git a/responders/MSDefenderEndpoints/MSDefenderEndpoints.py b/responders/MSDefenderEndpoints/MSDefenderEndpoints.py index 9d6154e32..8047e97ec 100755 --- a/responders/MSDefenderEndpoints/MSDefenderEndpoints.py +++ b/responders/MSDefenderEndpoints/MSDefenderEndpoints.py @@ -49,10 +49,10 @@ def run(self): response = urllib.request.urlopen(req) except urllib.error.HTTPError as e: #print("message: HTTP ErrorCode {}. Reason: {}".format(e.code,e.reason)) - self.error({'message': "HTTP ErrorCode {}. Reason: {}".format(e.code,e.reason)}) + self.error("HTTP ErrorCode {}. Reason: {}".format(e.code,e.reason)) except urllib.error.URLError as e: #print("message: URL Error: {}".format(e.reason)) - self.error({'message': "URL Error: {}".format(e.reason)}) + self.error("URL Error: {}".format(e.reason)) jsonResponse = json.loads(response.read()) token = jsonResponse["access_token"] @@ -81,9 +81,9 @@ def getMachineId(id): return jsonResponse["value"][0]["id"] return jsonResponse["value"][0]["aadDeviceId"] else: - self.error({'message': "Can't get hostname from Microsoft API"}) + self.error("Can't get hostname from Microsoft API") except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) def isolateMachine(machineId): ''' @@ -104,9 +104,9 @@ def isolateMachine(machineId): elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"): self.report({'message': "Error isolating machine: ActiveRequestAlreadyExists"}) else: - self.error({'message': "Can't isolate machine"}) + self.error("Can't isolate machine") except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) self.report({'message': "Isolated machine: " + self.observable }) @@ -129,9 +129,9 @@ def runFullVirusScan(machineId): elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"): self.report({'message': "Error full VirusScan on machine: ActiveRequestAlreadyExists"}) else: - self.error({'message': "Error full VirusScan on machine"}) + self.error("Error full VirusScan on machine") except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) def unisolateMachine(machineId): @@ -151,9 +151,9 @@ def unisolateMachine(machineId): elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"): self.report({'message': "Error unisolating machine: ActiveRequestAlreadyExists"}) else: - self.error({'message': "Can't unisolate machine"}) + self.error("Can't unisolate machine") except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) def restrictAppExecution(machineId): @@ -173,9 +173,9 @@ def restrictAppExecution(machineId): elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"): self.report({'message': "Error restricting app execution on machine: ActiveRequestAlreadyExists"}) else: - self.error({'message': "Can't restrict app execution"}) + self.error("Can't restrict app execution") except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) def unrestrictAppExecution(machineId): @@ -195,9 +195,9 @@ def unrestrictAppExecution(machineId): elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"): self.report({'message': "Error removing app execution restriction on machine: ActiveRequestAlreadyExists"}) else: - self.error({'message': "Can't unrestrict app execution"}) + self.error("Can't unrestrict app execution") except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) def startAutoInvestigation(machineId): @@ -218,9 +218,9 @@ def startAutoInvestigation(machineId): elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"): self.report({'message': "Error lauching auto investigation on machine: ActiveRequestAlreadyExists"}) else: - self.error({'message': "Error auto investigation on machine"}) + self.error("Error auto investigation on machine") except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) def pushCustomIocAlert(observable): @@ -241,7 +241,7 @@ def pushCustomIocAlert(observable): else: self.report({'message':"Observable is not a valid hash"}) else: - self.error({'message':"Observable type must be ip, url, domain or hash"}) + self.error("Observable type must be ip, url, domain or hash") url = '{}/indicators'.format(self.msdefenderApiBaseUrl) body = { @@ -259,7 +259,7 @@ def pushCustomIocAlert(observable): if response.status_code == 200: self.report({'message': "Added IOC to Defender with Alert mode: " + self.observable }) except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) def pushCustomIocBlock(observable): @@ -279,7 +279,7 @@ def pushCustomIocBlock(observable): else: self.report({'message':"Observable is not a valid hash"}) else: - self.error({'message':"Observable type must be ip, url, domain or hash"}) + self.error("Observable type must be ip, url, domain or hash") url = '{}/indicators'.format(self.msdefenderApiBaseUrl) body = { @@ -297,7 +297,7 @@ def pushCustomIocBlock(observable): if response.status_code == 200: self.report({'message': "Added IOC to Defender with Alert and Block mode: " + self.observable }) except requests.exceptions.RequestException as e: - self.error({'message': e}) + self.error("Error: {}".format(str(e))) if self.service == "isolateMachine": @@ -317,7 +317,7 @@ def pushCustomIocBlock(observable): elif self.service == "pushIOCAlert": pushCustomIocAlert(self.observable) else: - self.error({'message': "Unidentified service"}) + self.error("Unidentified service") def operations(self, raw): self.build_operation('AddTagToCase', tag='MSDefenderResponder:run') diff --git a/responders/MSEntraID/MSEntraID.py b/responders/MSEntraID/MSEntraID.py index 440b578ee..0a1ed6f4b 100755 --- a/responders/MSEntraID/MSEntraID.py +++ b/responders/MSEntraID/MSEntraID.py @@ -192,7 +192,7 @@ def run(self): self.error('Incorrect dataType. "mail" expected.') else: - self.error({'message': "Unidentified service"}) + self.error("Unidentified service") if __name__ == '__main__': MSEntraID().run() diff --git a/responders/Minemeld/minemeld.py b/responders/Minemeld/minemeld.py index 5d569bc33..ad16aa43c 100755 --- a/responders/Minemeld/minemeld.py +++ b/responders/Minemeld/minemeld.py @@ -36,7 +36,7 @@ def run(self): ipaddress.IPv6Address(self.observable) indicator_type= "IPv6" except ValueError: - self.error({'message': "Not a valid IPv4/IPv6 address!"}) + self.error("Not a valid IPv4/IPv6 address!") elif self.observable_type == "url": indicator_type = "URL" elif self.observable_type == "domain": @@ -63,7 +63,7 @@ def run(self): r = requests.post(str(self.minemeld_url) + '/config/data/' + str(self.minemeld_indicator_list) + '_indicators' + '/append?h=' + str(self.minemeld_indicator_list) + '&t=localdb',data=json.dumps(payload),headers=headers,auth=auth,verify=False) self.report({'message': "Indicator " + self.observable + " submitted to Minemeld." }) except: - self.error({'message': r.text }) + self.error(r.text) def operations(self, raw): return [self.build_operation('AddTagToCase', tag='Minemeld:Indicator Added')] diff --git a/responders/PaloAltoWildFire/PaloAltoWildFire.py b/responders/PaloAltoWildFire/PaloAltoWildFire.py index 5d5c86524..fd7b0e829 100755 --- a/responders/PaloAltoWildFire/PaloAltoWildFire.py +++ b/responders/PaloAltoWildFire/PaloAltoWildFire.py @@ -38,7 +38,7 @@ def run(self): if response.status_code == 200: self.report({'message': 'Observable sent to WildFire. Message: {}'.format(response.text)}) elif response.status_code == 401: - self.error({'message': 'Failed authentication. Check API-Key. Message: {}'.format(response.text)}) + self.error('Failed authentication. Check API-Key. Message: {}'.format(response.text)) else: self.error('Failed to submit request. Error code: {}. Error message: {}' .format(response.status_code, response.text)) diff --git a/responders/Wazuh/wazuh.py b/responders/Wazuh/wazuh.py index b39d23b07..fbb49b413 100755 --- a/responders/Wazuh/wazuh.py +++ b/responders/Wazuh/wazuh.py @@ -24,9 +24,9 @@ def run(self): try: ipaddress.ip_address(self.observable) except ValueError: - self.error({'message': "Not a valid IPv4/IPv6 address!"}) + self.error("Not a valid IPv4/IPv6 address!") else: - self.error({'message': "Not a valid IPv4/IPv6 address!"}) + self.error("Not a valid IPv4/IPv6 address!") payload = '{"command":"firewall-drop.sh", "arguments": ["-", "' + self.observable + '", "' + self.wazuh_alert_id + '", "' + self.wazuh_rule_id + '", "' + self.wazuh_agent_id + '", "var/log/test.log"], "custom": "True"}' r = requests.put(self.wazuh_manager + '/active-response/' + self.wazuh_agent_id, headers=headers, data=payload, verify=False, auth=auth) if r.status_code == 200: