Use error function properly

analyzers/MSEntraID/MSEntraID.py

@@ -204,7 +204,7 @@ def handle_get_signins(self, headers, base_url):
 
             self.report(new_json)
 
-        except Exception as ex:
+        except Exception:
             self.error(traceback.format_exc())
 
     def handle_get_userinfo(self, headers, base_url):
@@ -411,7 +411,7 @@ def handle_get_userinfo(self, headers, base_url):
 
             self.report(user_details)
 
-        except Exception as ex:
+        except Exception:
             self.error(traceback.format_exc())
 
     def handle_get_directoryAuditLogs(self, headers, base_url):
@@ -548,7 +548,7 @@ def run(self):
         elif self.service == "getManagedDevicesInfo":
             self.handle_get_devices(headers, base_url)
         else:
-            self.error({"message": "Unidentified service"})
+            self.error("Unidentified service")
 
     def summary(self, raw):
         taxonomies = []

responders/IBMQRadar/QRadarAutoClose.py

@@ -34,7 +34,7 @@ def run(self):
                 r.status_code == 409:
             self.report({'message': 'QRadar Offense succesfully closed !'})
         else:
-            self.error({'message': r.status_code})
+            self.error(r.status_code)
 
 
 if __name__ == '__main__':

responders/MSDefenderEndpoints/MSDefenderEndpoints.py

@@ -49,10 +49,10 @@ def run(self):
             response = urllib.request.urlopen(req)
         except urllib.error.HTTPError as e:
             #print("message: HTTP ErrorCode {}. Reason: {}".format(e.code,e.reason))
-            self.error({'message': "HTTP ErrorCode {}. Reason: {}".format(e.code,e.reason)})
+            self.error("HTTP ErrorCode {}. Reason: {}".format(e.code,e.reason))
         except urllib.error.URLError as e:
             #print("message: URL Error: {}".format(e.reason))
-            self.error({'message': "URL Error: {}".format(e.reason)})
+            self.error("URL Error: {}".format(e.reason))
 
         jsonResponse = json.loads(response.read())
         token = jsonResponse["access_token"]
@@ -81,9 +81,9 @@ def getMachineId(id):
                            return jsonResponse["value"][0]["id"]
                         return jsonResponse["value"][0]["aadDeviceId"]
                     else:
-                        self.error({'message': "Can't get hostname from Microsoft API"})
+                        self.error("Can't get hostname from Microsoft API")
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
         def isolateMachine(machineId):
             '''
@@ -104,9 +104,9 @@ def isolateMachine(machineId):
                 elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"):
                     self.report({'message': "Error isolating machine: ActiveRequestAlreadyExists"})
                 else:
-                    self.error({'message': "Can't isolate machine"})
+                    self.error("Can't isolate machine")
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
             self.report({'message': "Isolated machine: " + self.observable })
 
@@ -129,9 +129,9 @@ def runFullVirusScan(machineId):
                 elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"):
                     self.report({'message': "Error full VirusScan on machine: ActiveRequestAlreadyExists"})
                 else:
-                    self.error({'message': "Error full VirusScan on machine"})
+                    self.error("Error full VirusScan on machine")
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
 
         def unisolateMachine(machineId):
@@ -151,9 +151,9 @@ def unisolateMachine(machineId):
                 elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"):
                     self.report({'message': "Error unisolating machine: ActiveRequestAlreadyExists"})
                 else:
-                    self.error({'message': "Can't unisolate machine"})
+                    self.error("Can't unisolate machine")
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
 
         def restrictAppExecution(machineId):
@@ -173,9 +173,9 @@ def restrictAppExecution(machineId):
                 elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"):
                     self.report({'message': "Error restricting app execution on machine: ActiveRequestAlreadyExists"})
                 else:
-                    self.error({'message': "Can't restrict app execution"})
+                    self.error("Can't restrict app execution")
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
 
         def unrestrictAppExecution(machineId):
@@ -195,9 +195,9 @@ def unrestrictAppExecution(machineId):
                 elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"):
                     self.report({'message': "Error removing app execution restriction on machine: ActiveRequestAlreadyExists"})
                 else:
-                    self.error({'message': "Can't unrestrict app execution"})
+                    self.error("Can't unrestrict app execution")
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
 
         def startAutoInvestigation(machineId):
@@ -218,9 +218,9 @@ def startAutoInvestigation(machineId):
                 elif response.status_code == 400 and "ActiveRequestAlreadyExists" in response.content.decode("utf-8"):
                     self.report({'message': "Error lauching auto investigation on machine: ActiveRequestAlreadyExists"})
                 else:
-                    self.error({'message': "Error auto investigation on machine"})
+                    self.error("Error auto investigation on machine")
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
 
         def pushCustomIocAlert(observable):
@@ -241,7 +241,7 @@ def pushCustomIocAlert(observable):
                 else:
                     self.report({'message':"Observable is not a valid hash"})
             else:
-                self.error({'message':"Observable type must be ip, url, domain or hash"})
+                self.error("Observable type must be ip, url, domain or hash")
 
             url = '{}/indicators'.format(self.msdefenderApiBaseUrl)
             body = {
@@ -259,7 +259,7 @@ def pushCustomIocAlert(observable):
                 if response.status_code == 200:
                     self.report({'message': "Added IOC to Defender with Alert mode: " + self.observable })
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
         def pushCustomIocBlock(observable):
 
@@ -279,7 +279,7 @@ def pushCustomIocBlock(observable):
                 else:
                     self.report({'message':"Observable is not a valid hash"})
             else:
-                self.error({'message':"Observable type must be ip, url, domain or hash"})
+                self.error("Observable type must be ip, url, domain or hash")
 
             url = '{}/indicators'.format(self.msdefenderApiBaseUrl)
             body = {
@@ -297,7 +297,7 @@ def pushCustomIocBlock(observable):
                 if response.status_code == 200:
                     self.report({'message': "Added IOC to Defender with Alert and Block mode: " + self.observable })
             except requests.exceptions.RequestException as e:
-                self.error({'message': e})
+                self.error("Error: {}".format(str(e)))
 
 
         if self.service == "isolateMachine":
@@ -317,7 +317,7 @@ def pushCustomIocBlock(observable):
         elif self.service == "pushIOCAlert":
             pushCustomIocAlert(self.observable)
         else:
-            self.error({'message': "Unidentified service"})
+            self.error("Unidentified service")
 
     def operations(self, raw):
         self.build_operation('AddTagToCase', tag='MSDefenderResponder:run')

responders/MSEntraID/MSEntraID.py

@@ -192,7 +192,7 @@ def run(self):
                 self.error('Incorrect dataType. "mail" expected.')
 
         else:
-            self.error({'message': "Unidentified service"})
+            self.error("Unidentified service")
 
 if __name__ == '__main__':
     MSEntraID().run()

responders/Minemeld/minemeld.py

@@ -36,7 +36,7 @@ def run(self):
                    ipaddress.IPv6Address(self.observable)
                    indicator_type= "IPv6"
                except ValueError:
-                   self.error({'message': "Not a valid IPv4/IPv6 address!"})
+                   self.error("Not a valid IPv4/IPv6 address!")
        elif self.observable_type == "url":
          indicator_type = "URL"
        elif self.observable_type == "domain":
@@ -63,7 +63,7 @@ def run(self):
            r = requests.post(str(self.minemeld_url) + '/config/data/' + str(self.minemeld_indicator_list) + '_indicators' + '/append?h=' + str(self.minemeld_indicator_list) + '&t=localdb',data=json.dumps(payload),headers=headers,auth=auth,verify=False)
            self.report({'message': "Indicator " + self.observable + " submitted to Minemeld."  })
        except:
-           self.error({'message': r.text })
+           self.error(r.text)
 
    def operations(self, raw):
       return [self.build_operation('AddTagToCase', tag='Minemeld:Indicator Added')] 

responders/PaloAltoWildFire/PaloAltoWildFire.py

@@ -38,7 +38,7 @@ def run(self):
                 if response.status_code == 200:
                     self.report({'message': 'Observable sent to WildFire. Message: {}'.format(response.text)})
                 elif response.status_code == 401:
-                    self.error({'message': 'Failed authentication. Check API-Key. Message: {}'.format(response.text)})
+                    self.error('Failed authentication. Check API-Key. Message: {}'.format(response.text))
                 else:
                     self.error('Failed to submit request. Error code: {}. Error message: {}'
                                .format(response.status_code, response.text))

responders/Wazuh/wazuh.py

@@ -24,9 +24,9 @@ def run(self):
            try:
                ipaddress.ip_address(self.observable)
            except ValueError:
-               self.error({'message': "Not a valid IPv4/IPv6 address!"})
+               self.error("Not a valid IPv4/IPv6 address!")
        else: 
-           self.error({'message': "Not a valid IPv4/IPv6 address!"})
+           self.error("Not a valid IPv4/IPv6 address!")
        payload = '{"command":"firewall-drop.sh", "arguments": ["-", "' +  self.observable + '", "' + self.wazuh_alert_id + '", "' + self.wazuh_rule_id + '", "' + self.wazuh_agent_id + '", "var/log/test.log"], "custom": "True"}'
        r = requests.put(self.wazuh_manager + '/active-response/' + self.wazuh_agent_id, headers=headers, data=payload, verify=False, auth=auth)
        if r.status_code == 200: