chore: minor refactoring and formatting

Author: mihirvala08

README.md

@@ -1740,7 +1740,10 @@ chronicle.activate_parser(log_type=log_type, id=parser_id)
 chronicle.deactivate_parser(log_type=log_type, id=parser_id)
 
 # Fetch parser candidates (unactivated prebuilt parsers)
-candidates = chronicle.fetch_parser_candidates(log_type=log_type, parser_action="PARSER_ACTION_OPT_IN_TO_PREVIEW")
+candidates = chronicle.fetch_parser_candidates(
+    log_type=log_type,
+    parser_action="PARSER_ACTION_OPT_IN_TO_PREVIEW"
+)
 
 # Copy an existing parser as a starting point
 copied_parser = chronicle.copy_parser(log_type=log_type, id="pa_existing_parser")

examples/example.py

@@ -78,8 +78,8 @@ def example_udm_search(chronicle):
 
 
 def example_udm_search_view(chronicle):
-    """Example 14: UDM Search View."""
-    print("\n=== Example 14: UDM Search View ===")
+    """Example 15: UDM Search View."""
+    print("\n=== Example 15: UDM Search View ===")
     start_time, end_time = get_time_range()
 
     try:
@@ -1454,7 +1454,7 @@ def example_fetch_parser_candidates(chronicle):
 
 def example_rule_test(chronicle):
     """Example 14: Test a detection rule against historical data."""
-    print("\n=== Example 13: Test a Detection Rule Against Historical Data ===")
+    print("\n=== Example 14: Test a Detection Rule Against Historical Data ===")
 
     # Define time range for testing - use a recent time period (last 7 days)
     end_time = datetime.now(timezone.utc) - timedelta(minutes=15)

src/secops/chronicle/__init__.py

@@ -28,7 +28,7 @@
     merge_cases,
     patch_case,
 )
-from secops.chronicle.models import CaseCloseReason, CasePriority, ParserAction
+from secops.chronicle.models import CaseCloseReason, CasePriority
 from secops.chronicle.client import (
     ChronicleClient,
     ValueType,
@@ -137,6 +137,7 @@
     ListBasis,
     MonthlyScheduleDetails,
     OneTimeScheduleDetails,
+    ParserAction,
     PrevalenceData,
     PythonVersion,
     ScheduleType,

src/secops/chronicle/client.py

@@ -2783,7 +2783,7 @@ def fetch_parser_candidates(
         log_type: str,
         parser_action: ParserAction | str,
     ) -> list[Any]:
-        """Retrieves prebuilt parsers candidates.
+        """Retrieves prebuilt parser candidates.
 
         Args:
             log_type: Log type of the parser

src/secops/chronicle/parser.py

@@ -241,7 +241,7 @@ def fetch_parser_candidates(
     log_type: str,
     parser_action: "ParserAction | str",
 ) -> list[Any]:
-    """Retrieves prebuilt parsers candidates.
+    """Retrieves prebuilt parser candidates.
 
     Args:
         client: ChronicleClient instance
@@ -257,9 +257,11 @@ def fetch_parser_candidates(
         List of candidate parsers
 
     Raises:
-        ValueError: If parser_action is an invalid string value
+        ValueError: If log_type is empty or parser_action is an invalid string
         APIError: If the API request fails
     """
+    if not log_type:
+        raise ValueError("log_type cannot be empty")
     if isinstance(parser_action, str) and not isinstance(
         parser_action, ParserAction
     ):
@@ -275,7 +277,7 @@ def fetch_parser_candidates(
     data = chronicle_request(
         client,
         method="GET",
-        endpoint_path=(f"logTypes/{log_type}/parsers:fetchParserCandidates"),
+        endpoint_path=f"logTypes/{log_type}/parsers:fetchParserCandidates",
         params={"parserAction": parser_action},
         error_message="Failed to fetch parser candidates",
     )

tests/chronicle/test_parser.py

@@ -166,7 +166,9 @@ def test_fetch_parser_candidates_success(chronicle_client, mock_response):
     with patch.object(
         chronicle_client.session, "request", return_value=mock_response
     ) as mock_request:
-        result = fetch_parser_candidates(chronicle_client, log_type, parser_action)
+        result = fetch_parser_candidates(
+            chronicle_client, log_type, parser_action
+        )
 
         expected_url = (
             f"{chronicle_client.base_url}/{chronicle_client.instance_id}"
@@ -192,7 +194,9 @@ def test_fetch_parser_candidates_empty(chronicle_client, mock_response):
     with patch.object(
         chronicle_client.session, "request", return_value=mock_response
     ) as mock_request:
-        result = fetch_parser_candidates(chronicle_client, log_type, parser_action)
+        result = fetch_parser_candidates(
+            chronicle_client, log_type, parser_action
+        )
 
         expected_url = (
             f"{chronicle_client.base_url}/{chronicle_client.instance_id}"
@@ -232,7 +236,9 @@ def test_fetch_parser_candidates_with_enum(chronicle_client, mock_response):
     with patch.object(
         chronicle_client.session, "request", return_value=mock_response
     ) as mock_request:
-        result = fetch_parser_candidates(chronicle_client, log_type, parser_action)
+        result = fetch_parser_candidates(
+            chronicle_client, log_type, parser_action
+        )
 
         expected_url = (
             f"{chronicle_client.base_url}/{chronicle_client.instance_id}"

tests/cli/test_integration.py

@@ -372,7 +372,6 @@ def test_cli_fetch_parser_candidates(cli_env, common_args):
 
     assert result.returncode == 0, f"Command failed: {result.stderr}"
 
-    
     output = json.loads(result.stdout)
     assert isinstance(output, list)
     print(f"\nFetched {len(output)} parser candidate(s) for OKTA")