chronicle
diff --git a/‎detect/v1alpha/bulk_update_alerts.py‎
Lines changed: 41 additions & 41 deletions b/‎detect/v1alpha/bulk_update_alerts.py‎
Lines changed: 41 additions & 41 deletions
diff --git a/‎detect/v1alpha/create_retrohunt.py‎
Lines changed: 45 additions & 45 deletions b/‎detect/v1alpha/create_retrohunt.py‎
Lines changed: 45 additions & 45 deletions
diff --git a/‎detect/v1alpha/delete_rule.py‎
Lines changed: 38 additions & 38 deletions b/‎detect/v1alpha/delete_rule.py‎
Lines changed: 38 additions & 38 deletions
diff --git a/‎detect/v1alpha/get_alert.py‎
Lines changed: 41 additions & 41 deletions b/‎detect/v1alpha/get_alert.py‎
Lines changed: 41 additions & 41 deletions
@@ -66,49 +66,49 @@
 }
 
 if __name__ == "__main__":
-    parser = update_alert.get_update_parser()
-    # local
-    parser.add_argument("--alert_ids_file",
-                        type=str,
-                        required=True,
-                        help="Path to file containing one alert ID per line")
+  parser = update_alert.get_update_parser()
+  # local
+  parser.add_argument("--alert_ids_file",
+                      type=str,
+                      required=True,
+                      help="Path to file containing one alert ID per line")
 
-    # Set default values from DEFAULT_FEEDBACK
-    parser.set_defaults(
-        comment=DEFAULT_FEEDBACK["comment"],
-        reason=DEFAULT_FEEDBACK["reason"],
-        reputation=DEFAULT_FEEDBACK["reputation"],
-        root_cause=DEFAULT_FEEDBACK["root_cause"],
-        status=DEFAULT_FEEDBACK["status"],
-        verdict=DEFAULT_FEEDBACK["verdict"],
-    )
+  # Set default values from DEFAULT_FEEDBACK
+  parser.set_defaults(
+      comment=DEFAULT_FEEDBACK["comment"],
+      reason=DEFAULT_FEEDBACK["reason"],
+      reputation=DEFAULT_FEEDBACK["reputation"],
+      root_cause=DEFAULT_FEEDBACK["root_cause"],
+      status=DEFAULT_FEEDBACK["status"],
+      verdict=DEFAULT_FEEDBACK["verdict"],
+  )
 
-    args = parser.parse_args()
+  args = parser.parse_args()
 
-    # Validate required arguments
-    update_alert.check_args(parser, args)
+  # Validate required arguments
+  update_alert.check_args(parser, args)
 
-    auth_session = chronicle_auth.initialize_http_session(
-        args.credentials_file, SCOPES)
+  auth_session = chronicle_auth.initialize_http_session(args.credentials_file,
+                                                        SCOPES)
 
-    with open(args.alert_ids_file) as alert_file:
-        for alert_id in alert_file:
-            result = update_alert.update_alert(
-                auth_session,
-                args.project_id,
-                args.project_instance,
-                args.region,
-                alert_id.strip(),
-                args.confidence_score,
-                args.reason,
-                args.reputation,
-                args.priority,
-                args.status,
-                args.verdict,
-                args.risk_score,
-                args.disregarded,
-                args.severity,
-                args.comment,
-                args.root_cause,
-            )
-            print(json.dumps(result, indent=2))
+  with open(args.alert_ids_file) as alert_file:
+    for alert_id in alert_file:
+      result = update_alert.update_alert(
+          auth_session,
+          args.project_id,
+          args.project_instance,
+          args.region,
+          alert_id.strip(),
+          args.confidence_score,
+          args.reason,
+          args.reputation,
+          args.priority,
+          args.status,
+          args.verdict,
+          args.risk_score,
+          args.disregarded,
+          args.severity,
+          args.comment,
+          args.root_cause,
+      )
+      print(json.dumps(result, indent=2))
@@ -59,7 +59,7 @@ def create_retrohunt(
     start_time: datetime.datetime,
     end_time: datetime.datetime,
 ) -> Mapping[str, Any]:
-    """Creates a retrohunt to run a detection rule over historical data.
+  """Creates a retrohunt to run a detection rule over historical data.
 
   Args:
     http_session: Authorized session for HTTP requests.
@@ -80,53 +80,53 @@ def create_retrohunt(
   Requires the following IAM permission on the parent resource:
   chronicle.retrohunts.create
   """
-    base_url_with_region = regions.url_always_prepend_region(
-        CHRONICLE_API_BASE_URL, proj_region)
-    parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
-    url = f"{base_url_with_region}/v1alpha/{parent}/rules/{rule_id}/retrohunts"
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL, proj_region)
+  parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules/{rule_id}/retrohunts"
 
-    body = {
-        "process_interval": {
-            "start_time": datetime_converter.strftime(start_time),
-            "end_time": datetime_converter.strftime(end_time),
-        },
-    }
+  body = {
+      "process_interval": {
+          "start_time": datetime_converter.strftime(start_time),
+          "end_time": datetime_converter.strftime(end_time),
+      },
+  }
 
-    response = http_session.request("POST", url, json=body)
-    if response.status_code >= 400:
-        print(response.text)
-    response.raise_for_status()
+  response = http_session.request("POST", url, json=body)
+  if response.status_code >= 400:
+    print(response.text)
+  response.raise_for_status()
 
-    return response.json()
+  return response.json()
 
 
 if __name__ == "__main__":
-    parser = argparse.ArgumentParser()
-    # common
-    chronicle_auth.add_argument_credentials_file(parser)
-    project_instance.add_argument_project_instance(parser)
-    project_id.add_argument_project_id(parser)
-    regions.add_argument_region(parser)
-    # local
-    parser.add_argument(
-        "--rule_id",
-        type=str,
-        required=True,
-        help='ID of rule to create retrohunt for (format: "ru_<UUID>")')
-    parser.add_argument("--start_time",
-                        type=datetime_converter.iso8601_datetime_utc,
-                        required=True,
-                        help="Start time in UTC (format: yyyy-mm-ddThh:mm:ssZ)")
-    parser.add_argument("--end_time",
-                        type=datetime_converter.iso8601_datetime_utc,
-                        required=True,
-                        help="End time in UTC (format: yyyy-mm-ddThh:mm:ssZ)")
-
-    args = parser.parse_args()
-
-    auth_session = chronicle_auth.initialize_http_session(
-        args.credentials_file, SCOPES)
-    result = create_retrohunt(auth_session, args.project_id,
-                              args.project_instance, args.region, args.rule_id,
-                              args.start_time, args.end_time)
-    print(json.dumps(result, indent=2))
+  parser = argparse.ArgumentParser()
+  # common
+  chronicle_auth.add_argument_credentials_file(parser)
+  project_instance.add_argument_project_instance(parser)
+  project_id.add_argument_project_id(parser)
+  regions.add_argument_region(parser)
+  # local
+  parser.add_argument(
+      "--rule_id",
+      type=str,
+      required=True,
+      help='ID of rule to create retrohunt for (format: "ru_<UUID>")')
+  parser.add_argument("--start_time",
+                      type=datetime_converter.iso8601_datetime_utc,
+                      required=True,
+                      help="Start time in UTC (format: yyyy-mm-ddThh:mm:ssZ)")
+  parser.add_argument("--end_time",
+                      type=datetime_converter.iso8601_datetime_utc,
+                      required=True,
+                      help="End time in UTC (format: yyyy-mm-ddThh:mm:ssZ)")
+
+  args = parser.parse_args()
+
+  auth_session = chronicle_auth.initialize_http_session(args.credentials_file,
+                                                        SCOPES)
+  result = create_retrohunt(auth_session, args.project_id,
+                            args.project_instance, args.region, args.rule_id,
+                            args.start_time, args.end_time)
+  print(json.dumps(result, indent=2))
@@ -49,7 +49,7 @@ def delete_rule(
     proj_instance: str,
     rule_id: str,
 ) -> Mapping[str, Any]:
-    """Deletes a rule.
+  """Deletes a rule.
 
   Args:
     http_session: Authorized session for HTTP requests.
@@ -65,44 +65,44 @@ def delete_rule(
     requests.exceptions.HTTPError: HTTP request resulted in an error
       (response.status_code >= 400).
   """
-    base_url_with_region = regions.url_always_prepend_region(
-        CHRONICLE_API_BASE_URL, args.region)
-    # pylint: disable-next=line-too-long
-    parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
-    url = f"{base_url_with_region}/v1alpha/{parent}/rules/{rule_id}"
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL, args.region)
+  # pylint: disable-next=line-too-long
+  parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules/{rule_id}"
 
-    # See API reference links at top of this file, for response format.
-    response = http_session.request("DELETE", url)
-    if response.status_code >= 400:
-        print(response.text)
-    response.raise_for_status()
-    return response.json()
+  # See API reference links at top of this file, for response format.
+  response = http_session.request("DELETE", url)
+  if response.status_code >= 400:
+    print(response.text)
+  response.raise_for_status()
+  return response.json()
 
 
 if __name__ == "__main__":
-    parser = argparse.ArgumentParser()
-    chronicle_auth.add_argument_credentials_file(parser)
-    regions.add_argument_region(parser)
-    project_instance.add_argument_project_instance(parser)
-    project_id.add_argument_project_id(parser)
-    parser.add_argument(
-        "-rid",
-        "--rule_id",
-        type=str,
-        required=True,
-        help='ID of rule to be deleted. In the form of "ru_<UUID>"',
-    )
-    args = parser.parse_args()
-    auth_session = chronicle_auth.initialize_http_session(
-        args.credentials_file, SCOPES)
-    print(
-        json.dumps(
-            delete_rule(
-                auth_session,
-                args.region,
-                args.project_id,
-                args.project_instance,
-                args.rule_id,
-            ),
-            indent=2,
-        ))
+  parser = argparse.ArgumentParser()
+  chronicle_auth.add_argument_credentials_file(parser)
+  regions.add_argument_region(parser)
+  project_instance.add_argument_project_instance(parser)
+  project_id.add_argument_project_id(parser)
+  parser.add_argument(
+      "-rid",
+      "--rule_id",
+      type=str,
+      required=True,
+      help='ID of rule to be deleted. In the form of "ru_<UUID>"',
+  )
+  args = parser.parse_args()
+  auth_session = chronicle_auth.initialize_http_session(args.credentials_file,
+                                                        SCOPES)
+  print(
+      json.dumps(
+          delete_rule(
+              auth_session,
+              args.region,
+              args.project_id,
+              args.project_instance,
+              args.rule_id,
+          ),
+          indent=2,
+      ))
@@ -53,7 +53,7 @@ def get_alert(
     alert_id: str,
     include_detections: bool = False,
 ) -> Mapping[str, Any]:
-    """Gets an Alert using the Legacy Get Alert API.
+  """Gets an Alert using the Legacy Get Alert API.
 
   Args:
     http_session: Authorized session for HTTP requests.
@@ -73,49 +73,49 @@ def get_alert(
   Requires the following IAM permission on the parent resource:
   chronicle.alerts.get
   """
-    base_url_with_region = regions.url_always_prepend_region(
-        CHRONICLE_API_BASE_URL, proj_region)
-    parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
-    url = f"{base_url_with_region}/v1alpha/{parent}/legacy:legacyGetAlert"
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL, proj_region)
+  parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
+  url = f"{base_url_with_region}/v1alpha/{parent}/legacy:legacyGetAlert"
 
-    query_params = {"alertId": alert_id}
-    if include_detections:
-        query_params["includeDetections"] = True
+  query_params = {"alertId": alert_id}
+  if include_detections:
+    query_params["includeDetections"] = True
 
-    response = http_session.request("GET", url, params=query_params)
-    if response.status_code >= 400:
-        print(response.text)
-    response.raise_for_status()
+  response = http_session.request("GET", url, params=query_params)
+  if response.status_code >= 400:
+    print(response.text)
+  response.raise_for_status()
 
-    return response.json()
+  return response.json()
 
 
 if __name__ == "__main__":
-    parser = argparse.ArgumentParser()
-    # common
-    chronicle_auth.add_argument_credentials_file(parser)
-    project_instance.add_argument_project_instance(parser)
-    project_id.add_argument_project_id(parser)
-    regions.add_argument_region(parser)
-    # local
-    parser.add_argument("--alert_id",
-                        type=str,
-                        required=True,
-                        help="Identifier for the alert")
-    parser.add_argument("--include-detections",
-                        action="store_true",
-                        help="Include detections in the response")
-
-    args = parser.parse_args()
-
-    auth_session = chronicle_auth.initialize_http_session(
-        args.credentials_file, SCOPES)
-    alert = get_alert(
-        auth_session,
-        args.project_id,
-        args.project_instance,
-        args.region,
-        args.alert_id,
-        args.include_detections,
-    )
-    print(json.dumps(alert, indent=2))
+  parser = argparse.ArgumentParser()
+  # common
+  chronicle_auth.add_argument_credentials_file(parser)
+  project_instance.add_argument_project_instance(parser)
+  project_id.add_argument_project_id(parser)
+  regions.add_argument_region(parser)
+  # local
+  parser.add_argument("--alert_id",
+                      type=str,
+                      required=True,
+                      help="Identifier for the alert")
+  parser.add_argument("--include-detections",
+                      action="store_true",
+                      help="Include detections in the response")
+
+  args = parser.parse_args()
+
+  auth_session = chronicle_auth.initialize_http_session(args.credentials_file,
+                                                        SCOPES)
+  alert = get_alert(
+      auth_session,
+      args.project_id,
+      args.project_instance,
+      args.region,
+      args.alert_id,
+      args.include_detections,
+  )
+  print(json.dumps(alert, indent=2))