Remove type hints from MCP tool docstrings

server/secops/secops_mcp/tools/data_table_management.py

@@ -60,14 +60,14 @@ async def create_data_table(
     - BOOL: Boolean values (true/false)
 
     Args:
-        name (str): Unique name for the data table (used to reference in detection rules).
-        description (str): Description of the data table's purpose and contents.
-        header (Dict[str, str]): Column definitions mapping column names to their data types.
+        name: Unique name for the data table (used to reference in detection rules).
+        description: Description of the data table's purpose and contents.
+        header: Column definitions mapping column names to their data types.
                                 Valid types: "STRING", "CIDR", "INT64", "BOOL".
-        project_id (str): Google Cloud project ID (required).
-        customer_id (str): Chronicle customer ID (required).
-        region (str): Chronicle region (e.g., "us", "europe") (required).
-        rows (Optional[List[List[str]]]): Initial rows to populate the table. Each row should match the header columns.
+        project_id: Google Cloud project ID (required).
+        customer_id: Chronicle customer ID (required).
+        region: Chronicle region (e.g., "us", "europe") (required).
+        rows: Initial rows to populate the table. Each row should match the header columns.
 
     Returns:
         str: Success message with the created data table details.
@@ -196,11 +196,11 @@ async def add_rows_to_data_table(
     - Consider deduplication to avoid redundant entries in the table.
 
     Args:
-        table_name (str): Name of the existing data table to add rows to.
-        rows (List[List[str]]): List of rows to add. Each row should match the table's column schema.
-        project_id (str): Google Cloud project ID (required).
-        customer_id (str): Chronicle customer ID (required).
-        region (str): Chronicle region (e.g., "us", "europe") (required).
+        table_name: Name of the existing data table to add rows to.
+        rows: List of rows to add. Each row should match the table's column schema.
+        project_id: Google Cloud project ID (required).
+        customer_id: Chronicle customer ID (required).
+        region: Chronicle region (e.g., "us", "europe") (required).
 
     Returns:
         str: Success message with details about the added rows.
@@ -300,11 +300,11 @@ async def list_data_table_rows(
     - Generate reports on security context data for compliance or operational reviews.
 
     Args:
-        table_name (str): Name of the data table to list rows from.
-        project_id (str): Google Cloud project ID (required).
-        customer_id (str): Chronicle customer ID (required).
-        region (str): Chronicle region (e.g., "us", "europe") (required).
-        max_rows (int): Maximum number of rows to return. Defaults to 50.
+        table_name: Name of the data table to list rows from.
+        project_id: Google Cloud project ID (required).
+        customer_id: Chronicle customer ID (required).
+        region: Chronicle region (e.g., "us", "europe") (required).
+        max_rows: Maximum number of rows to return. Defaults to 50.
 
     Returns:
         str: Formatted list of table rows with their data values.
@@ -409,11 +409,11 @@ async def delete_data_table_rows(
     - Maintain backups or logs of deleted data for audit purposes.
 
     Args:
-        table_name (str): Name of the data table to delete rows from.
-        row_ids (List[str]): List of row IDs to delete. Use `list_data_table_rows` to get row IDs.
-        project_id (str): Google Cloud project ID (required).
-        customer_id (str): Chronicle customer ID (required).
-        region (str): Chronicle region (e.g., "us", "europe") (required).
+        table_name: Name of the data table to delete rows from.
+        row_ids: List of row IDs to delete. Use `list_data_table_rows` to get row IDs.
+        project_id: Google Cloud project ID (required).
+        customer_id: Chronicle customer ID (required).
+        region: Chronicle region (e.g., "us", "europe") (required).
 
     Returns:
         str: Success message confirming the deletion of specified rows.

server/secops/secops_mcp/tools/entity_lookup.py

@@ -60,11 +60,11 @@ async def lookup_entity(
     - Prevalence information (if available).
 
     Args:
-        entity_value (str): Value to look up (e.g., IP address, domain name, file hash, username).
-        project_id (Optional[str]): Google Cloud project ID. Defaults to environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to environment configuration.
-        hours_back (int): How many hours of historical data to consider for the summary. Defaults to 24.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe"). Defaults to environment configuration.
+        entity_value: Value to look up (e.g., IP address, domain name, file hash, username).
+        project_id: Google Cloud project ID. Defaults to environment configuration.
+        customer_id: Chronicle customer ID. Defaults to environment configuration.
+        hours_back: How many hours of historical data to consider for the summary. Defaults to 24.
+        region: Chronicle region (e.g., "us", "europe"). Defaults to environment configuration.
 
     Returns:
         str: A formatted string summarizing the entity information found in Chronicle within the specified time window,

server/secops/secops_mcp/tools/feed_management.py

@@ -50,11 +50,11 @@ async def list_feeds(
     - Audit feed configurations as part of security reviews
 
     Args:
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:
@@ -129,12 +129,12 @@ async def get_feed(
     - Review feed metadata and labels
 
     Args:
-        feed_id (str): The ingestion feed identifier to retrieve details for.
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        feed_id: The ingestion feed identifier to retrieve details for.
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:
@@ -191,17 +191,17 @@ async def create_feed(
     - Set up GCP Security Command Center integration
 
     Args:
-        display_name (str): User-friendly name for the feed.
-        feed_details (Dict[str, Any]): Dictionary containing feed configuration
+        display_name: User-friendly name for the feed.
+        feed_details: Dictionary containing feed configuration
             details. Must include:
             - logType (str): The Chronicle log type (e.g., "WINEVTLOG")
             - feedSourceType (str): Type of feed ("HTTP", "S3", "GCS", etc.)
             - Source-specific settings (httpSettings, s3Settings, etc.)
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:
@@ -268,16 +268,16 @@ async def update_feed(
     - Update feed configuration parameters
 
     Args:
-        feed_id (str): The ID of the feed to update.
-        display_name (Optional[str]): New display name for the feed.
+        feed_id: The ID of the feed to update.
+        display_name: New display name for the feed.
             If None, the existing name is retained.
-        feed_details (Optional[Dict[str, Any]]): Dictionary containing updated
+        feed_details: Dictionary containing updated
             feed configuration details. Only specified fields will be updated.
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:
@@ -341,12 +341,12 @@ async def enable_feed(
     - Enable feeds after troubleshooting connectivity issues
 
     Args:
-        feed_id (str): The feed identifier which is to be enabled.
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        feed_id: The feed identifier which is to be enabled.
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:
@@ -406,12 +406,12 @@ async def disable_feed(
     - Stop unused feeds to optimize resource usage
 
     Args:
-        feed_id (str): The ID of the feed to disable.
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        feed_id: The ID of the feed to disable.
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:
@@ -471,12 +471,12 @@ async def delete_feed(
     - Part of environment cleanup during migrations
 
     Args:
-        feed_id (str): The ID of the feed to delete.
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        feed_id: The ID of the feed to delete.
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:
@@ -532,12 +532,12 @@ async def generate_feed_secret(
     - Update credentials during security review processes
 
     Args:
-        feed_id (str): The ID of the feed to generate a secret for.
-        project_id (Optional[str]): Google Cloud project ID. Defaults to
+        feed_id: The ID of the feed to generate a secret for.
+        project_id: Google Cloud project ID. Defaults to
             environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to
+        customer_id: Chronicle customer ID. Defaults to
             environment configuration.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe").
+        region: Chronicle region (e.g., "us", "europe").
             Defaults to environment configuration.
 
     Returns:

server/secops/secops_mcp/tools/ioc_matches.py

@@ -51,11 +51,11 @@ async def get_ioc_matches(
     - Supplement investigations by checking if involved entities match known IoCs curated by threat intelligence sources.
 
     Args:
-        project_id (Optional[str]): Google Cloud project ID. Defaults to environment configuration.
-        customer_id (Optional[str]): Chronicle customer ID. Defaults to environment configuration.
-        hours_back (int): How many hours back to look for IoC matches. Defaults to 24.
-        max_matches (int): Maximum number of IoC matches to return. Defaults to 20.
-        region (Optional[str]): Chronicle region (e.g., "us", "europe"). Defaults to environment configuration.
+        project_id: Google Cloud project ID. Defaults to environment configuration.
+        customer_id: Chronicle customer ID. Defaults to environment configuration.
+        hours_back: How many hours back to look for IoC matches. Defaults to 24.
+        max_matches: Maximum number of IoC matches to return. Defaults to 20.
+        region: Chronicle region (e.g., "us", "europe"). Defaults to environment configuration.
 
     Returns:
         str: A formatted string summarizing the IoC matches found, including the IoC type,

server/secops/secops_mcp/tools/log_ingestion.py

@@ -58,17 +58,17 @@ async def ingest_raw_log(
     - Ingest Windows Event logs in XML format for endpoint monitoring.
 
     Args:
-        log_type (str): Chronicle log type identifier (e.g., "OKTA", "WINEVTLOG_XML", "AWS_CLOUDTRAIL").
+        log_type: Chronicle log type identifier (e.g., "OKTA", "WINEVTLOG_XML", "AWS_CLOUDTRAIL").
                        Use get_available_log_types to see supported types.
-        log_message (Union[str, List[str]]): Log content as string or list of strings for batch ingestion.
+        log_message: Log content as string or list of strings for batch ingestion.
                                            For JSON logs, provide as JSON string. For XML/other formats, provide raw content.
-        project_id (str): Google Cloud project ID (required).
-        customer_id (str): Chronicle customer ID (required).
-        region (str): Chronicle region (e.g., "us", "europe") (required).
-        forwarder_id (Optional[str]): Custom forwarder ID for log routing. If not provided, uses default forwarder.
-        labels (Optional[Dict[str, str]]): Custom labels to attach to ingested logs for categorization.
-        log_entry_time (Optional[str]): ISO 8601 timestamp when the log was originally generated.
-        collection_time (Optional[str]): ISO 8601 timestamp when the log was collected.
+        project_id: Google Cloud project ID (required).
+        customer_id: Chronicle customer ID (required).
+        region: Chronicle region (e.g., "us", "europe") (required).
+        forwarder_id: Custom forwarder ID for log routing. If not provided, uses default forwarder.
+        labels: Custom labels to attach to ingested logs for categorization.
+        log_entry_time: ISO 8601 timestamp when the log was originally generated.
+        collection_time: ISO 8601 timestamp when the log was collected.
 
     Returns:
         str: Success message with operation details, including any operation IDs for tracking.
@@ -176,11 +176,11 @@ async def ingest_udm_events(
     - event-specific fields: Varies by event type (principal, target, network, etc.)
 
     Args:
-        udm_events (Union[Dict[str, Any], List[Dict[str, Any]]]): Single UDM event or list of UDM events.
+        udm_events: Single UDM event or list of UDM events.
                                                                Each event must be a properly formatted UDM structure.
-        project_id (str): Google Cloud project ID (required).
-        customer_id (str): Chronicle customer ID (required).
-        region (str): Chronicle region (e.g., "us", "europe") (required).
+        project_id: Google Cloud project ID (required).
+        customer_id: Chronicle customer ID (required).
+        region: Chronicle region (e.g., "us", "europe") (required).
 
     Returns:
         str: Success message with details about the ingested events, including any generated event IDs.
@@ -317,10 +317,10 @@ async def get_available_log_types(
     - Validate log type names before attempting ingestion.
 
     Args:
-        project_id (str): Google Cloud project ID (required).
-        customer_id (str): Chronicle customer ID (required).
-        region (str): Chronicle region (e.g., "us", "europe") (required).
-        search_term (Optional[str]): Filter log types by name or description containing this term.
+        project_id: Google Cloud project ID (required).
+        customer_id: Chronicle customer ID (required).
+        region: Chronicle region (e.g., "us", "europe") (required).
+        search_term: Filter log types by name or description containing this term.
 
     Returns:
         str: Formatted list of available log types with their IDs and descriptions.