psengine 2.5.1__tar.gz → 2.6.0__tar.gz

{psengine-2.5.1 → psengine-2.6.0}/PKG-INFO

@@ -1,59 +1,34 @@
 Metadata-Version: 2.4
 Name: psengine
-Version: 2.5.1
+Version: 2.6.0
 Summary: psengine is a simple, yet elegant, library for rapid development of integrations with Recorded Future.
+Keywords: API,Recorded Future,Cyber Security Engineering,Threat Intelligence
+Author: Moise Medici, Patrick Kinsella, Ernest Bartosevic
 Author-email: Moise Medici <moise.medici@recordedfuture.com>, Patrick Kinsella <patrick.kinsella@recordedfuture.com>, Ernest Bartosevic <ernest.bartosevic@recordedfuture.com>
 License-Expression: MIT
-Project-URL: Homepage, https://recordedfuture-professionalservices.github.io/psengine/latest/
-Project-URL: Changelog, https://recordedfuture-professionalservices.github.io/psengine/latest/CHANGELOG/
-Keywords: API,Recorded Future,Cyber Security Engineering,Threat Intelligence
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Programming Language :: Python
 Classifier: Intended Audience :: Developers
 Classifier: Topic :: Security
 Classifier: Topic :: Software Development :: Libraries
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
-Requires-Python: <3.14,>=3.9
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: typing_extensions>=4.8.0
+Classifier: Programming Language :: Python :: 3.14
+Requires-Dist: typing-extensions>=4.8.0
 Requires-Dist: requests>=2.27.1
-Requires-Dist: jsonpath_ng<=1.6.1,>=1.5.3
+Requires-Dist: jsonpath-ng>=1.5.3,<=1.6.1
 Requires-Dist: stix2~=3.0.1
 Requires-Dist: python-dateutil>=2.7.0
-Requires-Dist: more-itertools<=10.2.0,>=9.0.0
-Requires-Dist: pydantic<3.0.0,>=2.7
-Requires-Dist: pydantic-settings[toml]<2.11.0,>=2.5.2
+Requires-Dist: more-itertools>=9.0.0,<=10.2.0
+Requires-Dist: pydantic>=2.7,<3.0.0
+Requires-Dist: pydantic-settings[toml]>=2.12.2,<2.13.1
 Requires-Dist: markdown-strings==3.4.0
-Provides-Extra: dev
-Requires-Dist: pytest==8.3.4; extra == "dev"
-Requires-Dist: pytest-cov==6.0.0; extra == "dev"
-Requires-Dist: pytest-mock==3.14.0; extra == "dev"
-Requires-Dist: pytest-md==0.2.0; extra == "dev"
-Requires-Dist: pytest-random-order==1.1.1; extra == "dev"
-Requires-Dist: pytest-httpdbg==0.9.0; extra == "dev"
-Requires-Dist: ruff~=0.11.0; extra == "dev"
-Requires-Dist: mimesis>=12.1.0; extra == "dev"
-Requires-Dist: build==1.3.0; extra == "dev"
-Requires-Dist: wheel==0.45.1; extra == "dev"
-Requires-Dist: setuptools==80.9.0; extra == "dev"
-Provides-Extra: docs
-Requires-Dist: ruff~=0.11.0; extra == "docs"
-Requires-Dist: mike~=2.1.3; extra == "docs"
-Requires-Dist: mkdocs~=1.6.1; extra == "docs"
-Requires-Dist: mkdocs-material~=9.6.18; extra == "docs"
-Requires-Dist: mkdocstrings[python]>=0.18; extra == "docs"
-Requires-Dist: griffe-typingdoc~=0.2.8; extra == "docs"
-Requires-Dist: mkdocs-codeinclude-plugin~=0.2.1; extra == "docs"
-Requires-Dist: markdown-include~=0.8.1; extra == "docs"
-Requires-Dist: mkdocs-exclude~=1.0.2; extra == "docs"
-Requires-Dist: rich; extra == "docs"
-Requires-Dist: logging-tree; extra == "docs"
-Dynamic: license-file
+Requires-Python: >=3.10, <3.15
+Project-URL: Homepage, https://recordedfuture-professionalservices.github.io/psengine/latest/
+Project-URL: Changelog, https://recordedfuture-professionalservices.github.io/psengine/latest/CHANGELOG/
+Description-Content-Type: text/markdown
 
 **Documentation**: <https://recordedfuture-professionalservices.github.io/psengine/>
 
@@ -67,7 +42,8 @@ PSEngine is a simple, yet elegant, library for rapid development of integrations
 
 PSEngine allows you to interact with the Recorded Future API extremely easily. There’s no need to manually build the URLs and query parameters, just use the modules dedicated to individual API endpoints.
 
-PSEngine is a Python package solely built and maintained by the Cyber Security Engineering team powering a number of high profile integrations, such as: Elasticsearch, QRadar, Anomali, Jira, TheHive, etc.
+PSEngine is a Python package solely built and maintained by the Recorded Future Cyber Security Engineering team powering a number of high profile integrations, such as: [Banshee](https://recordedfuture-professionalservices.github.io/banshee); [Recorded Future Alerts for QRadar](https://apps.xforce.ibmcloud.com/extension/b36efdf42b7bf5e3759d036dbcdbf606); Anomali ThreatStream: [Alerts](https://support.recordedfuture.com/hc/en-us/articles/29255683708691-Recorded-Future-Alerts-for-Anomali-ThreatStream) and [Analyst Notes](https://support.recordedfuture.com/hc/en-us/articles/12928414947475-Recorded-Future-Analyst-Notes-for-Anomali-ThreatStream) integrations; [Google SecOps](https://app.recordedfuture.com/portal/integration-center/detail/google-chronicle-nbfi?organization=uhash%3A5cJsHMHeSM&filter_tab=all) and many more.
+
 
 ## Installation
 
@@ -77,7 +53,7 @@ PSEngine is a Python package that can be installed using `pip`. To install PSeng
 pip install psengine
 ```
 
-PSEngine officially supports Python >= 3.9, < 3.14.
+PSEngine officially supports Python >= 3.10, < 3.15.
 
 
 ## Supported Features & Best Practices
@@ -94,6 +70,7 @@ It can easily interact with the following Recorded Future datasets:
 - Fusion File management
 - Identity Exposures management
 - List management
+- Malware Intelligence (including Auto Yara and Auto Sigma)
 - Malware Sandbox reports download
 - On demand IOC enrichment
 - Risklists
@@ -108,3 +85,9 @@ And facilitate the development with features like:
 - Markdown creation from certain data types
 - Proxy support
 
+## Previous versions and version documentation
+
+PSEngine has been made public from our internal version 2.0.4. Previous versions, including version 1, are not publicly available.
+
+The documentation arrived at version 2.1.1. Older versions are not explicitly documented and changes can be found in the [Release History](./CHANGELOG.md) section.
+

{psengine-2.5.1 → psengine-2.6.0}/README.md

@@ -10,7 +10,8 @@ PSEngine is a simple, yet elegant, library for rapid development of integrations
 
 PSEngine allows you to interact with the Recorded Future API extremely easily. There’s no need to manually build the URLs and query parameters, just use the modules dedicated to individual API endpoints.
 
-PSEngine is a Python package solely built and maintained by the Cyber Security Engineering team powering a number of high profile integrations, such as: Elasticsearch, QRadar, Anomali, Jira, TheHive, etc.
+PSEngine is a Python package solely built and maintained by the Recorded Future Cyber Security Engineering team powering a number of high profile integrations, such as: [Banshee](https://recordedfuture-professionalservices.github.io/banshee); [Recorded Future Alerts for QRadar](https://apps.xforce.ibmcloud.com/extension/b36efdf42b7bf5e3759d036dbcdbf606); Anomali ThreatStream: [Alerts](https://support.recordedfuture.com/hc/en-us/articles/29255683708691-Recorded-Future-Alerts-for-Anomali-ThreatStream) and [Analyst Notes](https://support.recordedfuture.com/hc/en-us/articles/12928414947475-Recorded-Future-Analyst-Notes-for-Anomali-ThreatStream) integrations; [Google SecOps](https://app.recordedfuture.com/portal/integration-center/detail/google-chronicle-nbfi?organization=uhash%3A5cJsHMHeSM&filter_tab=all) and many more.
+
 
 ## Installation
 
@@ -20,7 +21,7 @@ PSEngine is a Python package that can be installed using `pip`. To install PSeng
 pip install psengine
 ```
 
-PSEngine officially supports Python >= 3.9, < 3.14.
+PSEngine officially supports Python >= 3.10, < 3.15.
 
 
 ## Supported Features & Best Practices
@@ -37,6 +38,7 @@ It can easily interact with the following Recorded Future datasets:
 - Fusion File management
 - Identity Exposures management
 - List management
+- Malware Intelligence (including Auto Yara and Auto Sigma)
 - Malware Sandbox reports download
 - On demand IOC enrichment
 - Risklists
@@ -51,3 +53,9 @@ And facilitate the development with features like:
 - Markdown creation from certain data types
 - Proxy support
 
+## Previous versions and version documentation
+
+PSEngine has been made public from our internal version 2.0.4. Previous versions, including version 1, are not publicly available.
+
+The documentation arrived at version 2.1.1. Older versions are not explicitly documented and changes can be found in the [Release History](./CHANGELOG.md) section.
+

{psengine-2.5.1 → psengine-2.6.0}/psengine/analyst_notes/helpers.py

@@ -14,7 +14,7 @@
 import json
 import logging
 from pathlib import Path
-from typing import Annotated, Union
+from typing import Annotated
 
 from pydantic import validate_call
 from typing_extensions import Doc
@@ -30,9 +30,9 @@ LOG = logging.getLogger('psengine.analyst_notes.helpers')
 @validate_call
 def save_attachment(
     note_id: Annotated[str, Doc('The ID of the AnalystNote.')],
-    data: Annotated[Union[bytes, str], Doc('The data returned from `fetch_attachment`.')],
+    data: Annotated[bytes | str, Doc('The data returned from `fetch_attachment`.')],
     ext: Annotated[str, Doc('The extension of the attachment, returned by `fetch_attachment`.')],
-    output_directory: Annotated[Union[str, Path], Doc('The directory to save the file into.')],
+    output_directory: Annotated[str | Path, Doc('The directory to save the file into.')],
 ) -> None:
     """Save a YARA, Sigma, Snort, or PDF attachment to a file.
 
@@ -48,7 +48,7 @@ def save_attachment(
 @validate_call
 def save_note(
     note: Annotated[AnalystNote, Doc('The note to save.')],
-    output_directory: Annotated[Union[str, Path], Doc('The directory to save the file into.')],
+    output_directory: Annotated[str | Path, Doc('The directory to save the file into.')],
 ) -> None:
     """Save an `AnalystNote` object to a file named with the note ID."""
     output_directory = (
@@ -62,9 +62,7 @@ def save_note(
     )
 
 
-def _save_attachment(
-    note_id: str, data: Union[bytes, str], ext: str, output_directory: str
-) -> None:
+def _save_attachment(note_id: str, data: bytes | str, ext: str, output_directory: str) -> None:
     """Save attachment from bytes or note itself from json.
 
     Raises:

{psengine-2.5.1 → psengine-2.6.0}/psengine/analyst_notes/models.py

@@ -13,7 +13,7 @@
 
 import logging
 from datetime import datetime
-from typing import Annotated, Any, Optional, Union
+from typing import Annotated, Any
 
 from pydantic import BeforeValidator, Field, ValidationError, field_validator, model_validator
 
@@ -21,18 +21,22 @@ from ..common_models import IdNameType, IdNameTypeDescription, RFBaseModel
 from ..helpers import Validators
 
 
+class NoteEntity(IdNameTypeDescription):
+    is_threat_actor: bool | None = None
+
+
 class DiamondModel(RFBaseModel):
-    start: Optional[datetime] = None
-    stop: Optional[datetime] = None
-    malicious_infrastructure: Optional[list[IdNameTypeDescription]] = []
-    capabilities: Optional[list[IdNameTypeDescription]] = []
-    adversary: Optional[list[IdNameTypeDescription]] = []
-    target: Optional[list[IdNameTypeDescription]] = []
+    start: datetime | None = None
+    stop: datetime | None = None
+    malicious_infrastructure: list[NoteEntity] | None = []
+    capabilities: list[NoteEntity] | None = []
+    adversary: list[NoteEntity] | None = []
+    target: list[NoteEntity] | None = []
 
 
 class Query(RFBaseModel):
     title: str
-    url: Optional[IdNameTypeDescription] = None
+    url: NoteEntity | None = None
 
 
 class Position(RFBaseModel):
@@ -43,35 +47,35 @@ class Position(RFBaseModel):
 class PositionEvent(RFBaseModel):
     start: datetime
     stop: datetime
-    location: Optional[list[IdNameTypeDescription]] = []
-    event_positions: Optional[list[Position]] = []
+    location: list[NoteEntity] | None = []
+    event_positions: list[Position] | None = []
 
 
 class CyberAttackEvent(RFBaseModel):
     start: datetime
     stop: datetime
-    adversary: Optional[list[IdNameTypeDescription]] = []
-    target: Optional[list[IdNameTypeDescription]] = []
-    capabilities: list[IdNameTypeDescription] = []
-    malicious_infrastructure: Optional[list[IdNameTypeDescription]] = []
-    operation: Optional[list[IdNameTypeDescription]] = []
+    adversary: list[NoteEntity] | None = []
+    target: list[NoteEntity] | None = []
+    capabilities: list[NoteEntity] = []
+    malicious_infrastructure: list[NoteEntity] | None = []
+    operation: list[NoteEntity] | None = []
 
 
 class ArmedConflictEvent(PositionEvent):
-    attacker: Optional[list[IdNameTypeDescription]] = []
-    target: Optional[list[IdNameTypeDescription]] = []
+    attacker: list[NoteEntity] | None = []
+    target: list[NoteEntity] | None = []
 
 
 class ArmsPurchaseSaleEvent(RFBaseModel):
     start: datetime
     stop: datetime
-    arms_seller: Optional[list[IdNameTypeDescription]] = []
-    arms_purchaser: Optional[list[IdNameTypeDescription]] = []
+    arms_seller: list[NoteEntity] | None = []
+    arms_purchaser: list[NoteEntity] | None = []
 
 
 class DiseaseOutbreakEvent(PositionEvent):
-    disease: Optional[list[IdNameTypeDescription]] = []
-    facility: Optional[list[IdNameTypeDescription]] = []
+    disease: list[NoteEntity] | None = []
+    facility: list[NoteEntity] | None = []
 
 
 class EnvironmentalIssueEvent(PositionEvent):
@@ -79,45 +83,45 @@ class EnvironmentalIssueEvent(PositionEvent):
 
 
 class ManMadeDisasterEvent(PositionEvent):
-    facility: list[IdNameTypeDescription]
-    manmade_disaster: Union[list[IdNameTypeDescription], list[str]]
+    facility: list[NoteEntity]
+    manmade_disaster: list[NoteEntity] | list[str]
 
 
 class MilitaryManeuverEvent(PositionEvent):
-    actors: Optional[list[IdNameTypeDescription]] = []
+    actors: list[NoteEntity] | None = []
 
 
 class NaturalDisasterEvent(PositionEvent):
-    natural_disaster: list[IdNameTypeDescription]
+    natural_disaster: list[NoteEntity]
 
 
 class NuclearMaterialTransactionEvent(PositionEvent):
     material: list[str]
-    location_origin: Optional[list[str]] = []
-    location_destination: Optional[list[str]] = []
+    location_origin: list[str] | None = []
+    location_destination: list[str] | None = []
 
 
 class PersonThreatEvent(RFBaseModel):
     start: datetime
     stop: datetime
-    threatened: list[IdNameTypeDescription]
-    actor: Optional[list[IdNameTypeDescription]] = []
+    threatened: list[NoteEntity]
+    actor: list[NoteEntity] | None = []
 
 
 class ProtestEvent(RFBaseModel):
-    protest_target: Optional[list[IdNameTypeDescription]] = []
+    protest_target: list[NoteEntity] | None = []
 
 
 class MalwareAnalysisEvent(RFBaseModel):
     start: datetime
     stop: datetime
-    malware: list[IdNameTypeDescription]
-    attacker: Optional[list[IdNameTypeDescription]] = []
-    malicious_infrastructure: Optional[list[IdNameTypeDescription]] = []
-    ttp: Optional[list[IdNameTypeDescription]] = []
-    target: Optional[list[IdNameTypeDescription]] = []
-    exploit: Optional[list[IdNameTypeDescription]] = []
-    hash_: Optional[list[IdNameTypeDescription]] = Field(alias='hash', default=[])
+    malware: list[NoteEntity]
+    attacker: list[NoteEntity] | None = []
+    malicious_infrastructure: list[NoteEntity] | None = []
+    ttp: list[NoteEntity] | None = []
+    target: list[NoteEntity] | None = []
+    exploit: list[NoteEntity] | None = []
+    hash_: list[NoteEntity] | None = Field(alias='hash', default=[])
 
 
 ATTRIBUTES_MAPPING = {
@@ -143,8 +147,8 @@ ATTRIBUTES_MAPPING = {
 
 
 class NoteEvent(RFBaseModel):
-    type_: Optional[str] = Field(alias='type', default=None)
-    attributes: Optional[Any] = None
+    type_: str | None = Field(alias='type', default=None)
+    attributes: Any | None = None
 
     @model_validator(mode='before')
     @classmethod
@@ -175,17 +179,17 @@ class Attributes(RFBaseModel):
     title: str
     text: str
     published: datetime
-    attachment: Optional[str] = None
-    events: Optional[list[NoteEvent]] = []
-    validated_on: Optional[datetime] = None
-    note_entities: Optional[list[IdNameTypeDescription]] = []
-    context_entities: Optional[list[IdNameTypeDescription]] = []
-    topic: Optional[Union[list[IdNameTypeDescription], IdNameTypeDescription]] = []
-    labels: Optional[list[IdNameTypeDescription]] = []
-    validation_urls: Optional[list[IdNameTypeDescription]] = []
-    diamond_model: Optional[list[DiamondModel]] = []
-    recommended_queries: Optional[list[Query]] = []
-    header_image: Optional[IdNameType] = None
+    attachment: str | None = None
+    events: list[NoteEvent] | None = []
+    validated_on: datetime | None = None
+    note_entities: list[NoteEntity] | None = []
+    context_entities: list[NoteEntity] | None = []
+    topic: list[NoteEntity] | NoteEntity | None = []
+    labels: list[NoteEntity] | None = []
+    validation_urls: list[NoteEntity] | None = []
+    diamond_model: list[DiamondModel] | None = []
+    recommended_queries: list[Query] | None = []
+    header_image: IdNameType | None = None
 
     @field_validator('events', mode='after')
     @classmethod
@@ -197,24 +201,24 @@ class Attributes(RFBaseModel):
 class PreviewAttributesIn(RFBaseModel):
     title: str
     text: str
-    note_entities: Optional[list[str]] = []
-    context_entities: Optional[list[str]] = []
+    note_entities: list[str] | None = []
+    context_entities: list[str] | None = []
     topic: Annotated[
-        Union[list[str], str, None],
+        list[str] | str | None,
         BeforeValidator(Validators.convert_str_to_list),
     ] = []
-    labels: Optional[list[str]] = []
-    validation_urls: Optional[list[str]] = []
+    labels: list[str] | None = []
+    validation_urls: list[str] | None = []
 
 
 class PreviewAttributesOut(RFBaseModel):
     title: str
     text: str
-    note_entities: Optional[list[IdNameTypeDescription]] = []
-    context_entities: Optional[list[IdNameTypeDescription]] = []
-    topic: Optional[list[IdNameTypeDescription]] = []
-    labels: Optional[list[IdNameTypeDescription]] = []
-    validation_urls: Optional[list[IdNameTypeDescription]] = []
+    note_entities: list[NoteEntity] | None = []
+    context_entities: list[NoteEntity] | None = []
+    topic: list[NoteEntity] | None = []
+    labels: list[NoteEntity] | None = []
+    validation_urls: list[NoteEntity] | None = []
 
 
 class RequestAttachment(RFBaseModel):

{psengine-2.5.1 → psengine-2.6.0}/psengine/analyst_notes/note.py

@@ -12,7 +12,7 @@
 ##############################################################################################
 
 from functools import total_ordering
-from typing import Annotated, Optional, Union
+from typing import Annotated
 
 from pydantic import Field
 from typing_extensions import Doc
@@ -57,7 +57,7 @@ class AnalystNote(RFBaseModel):
         criterion.
     """
 
-    external_id: Optional[str] = None
+    external_id: str | None = None
     source: IdNameTypeDescription
     attributes: Attributes
     id_: str = Field(alias='id')
@@ -78,7 +78,7 @@ class AnalystNote(RFBaseModel):
         )
 
     @property
-    def detection_rule_type(self) -> Optional[str]:
+    def detection_rule_type(self) -> str | None:
         """Returns the attachment type if present, else None. It checks for specific types like
         `sigma rule`, `yara rule`, and `snort rule` in the topics of the note.
         """
@@ -113,7 +113,7 @@ class AnalystNote(RFBaseModel):
             bool, Doc('Defang URLs or other malicious indicators.')
         ] = False,
         character_limit: Annotated[
-            Optional[int],
+            int | None,
             Doc('Limit the output to a specified number of characters.'),
         ] = None,
     ) -> Annotated[str, Doc('The generated markdown string.')]:
@@ -132,7 +132,7 @@ class AnalystNotePreviewIn(RFBaseModel):
     """Validate data sent to `/preview` endpoint."""
 
     attributes: PreviewAttributesIn
-    source: Optional[str]
+    source: str | None
     tagged_text: bool = False
     serialization: str = 'full'
 
@@ -148,12 +148,12 @@ class AnalystNotePublishIn(AnalystNotePreviewIn):
     """Validate data sent to `/publish` endpoint."""
 
     attributes: PreviewAttributesIn
-    source: Optional[str] = None
+    source: str | None = None
     tagged_text: bool = False
     serialization: str = 'full'
-    note_id: Optional[str] = None
+    note_id: str | None = None
     resolve_entities: bool = True
-    attachment_content_details: Optional[RequestAttachment] = None
+    attachment_content_details: RequestAttachment | None = None
 
 
 class AnalystNotePublishOut(RFBaseModel):
@@ -165,14 +165,14 @@ class AnalystNotePublishOut(RFBaseModel):
 class AnalystNoteSearchIn(RFBaseModel):
     """Validate data sent to `/search` endpoint."""
 
-    published: Optional[str] = None
-    entity: Optional[str] = None
-    author: Optional[str] = None
-    title: Optional[str] = None
-    topic: Union[list[str], str, None] = []
-    label: Optional[str] = None
-    source: Optional[str] = None
+    published: str | None = None
+    entity: str | None = None
+    author: str | None = None
+    title: str | None = None
+    topic: list[str] | str | None = []
+    label: str | None = None
+    source: str | None = None
     serialization: str = None
     tagged_text: bool = None
     limit: int = NOTES_PER_PAGE
-    from_: Optional[str] = Field(alias='from', default=None)
+    from_: str | None = Field(alias='from', default=None)

{psengine-2.5.1 → psengine-2.6.0}/psengine/analyst_notes/note_mgr.py

@@ -14,7 +14,7 @@
 import logging
 import re
 from itertools import chain
-from typing import Annotated, Optional, Union
+from typing import Annotated
 
 from pydantic import Field, validate_call
 from typing_extensions import Doc
@@ -66,23 +66,23 @@ class AnalystNoteMgr:
     @validate_call
     def search(
         self,
-        published: Annotated[Optional[str], Doc('Notes published after a date.')] = None,
-        entity: Annotated[Optional[str], Doc('An entity the note refers to, RF ID.')] = None,
-        author: Annotated[Optional[str], Doc('An author of the note, RF ID.')] = None,
-        title: Annotated[Optional[str], Doc('A title of the note.')] = None,
-        topic: Annotated[Optional[Union[str, list]], Doc('A topic of the note, RF ID.')] = None,
-        label: Annotated[Optional[str], Doc('A label of the note, by name.')] = None,
-        source: Annotated[Optional[str], Doc('The source of the note.')] = None,
+        published: Annotated[str | None, Doc('Notes published after a date.')] = None,
+        entity: Annotated[str | None, Doc('An entity the note refers to, RF ID.')] = None,
+        author: Annotated[str | None, Doc('An author of the note, RF ID.')] = None,
+        title: Annotated[str | None, Doc('A title of the note.')] = None,
+        topic: Annotated[str | list | None, Doc('A topic of the note, RF ID.')] = None,
+        label: Annotated[str | None, Doc('A label of the note, by name.')] = None,
+        source: Annotated[str | None, Doc('The source of the note.')] = None,
         serialization: Annotated[
-            Optional[str], Doc('An entity serializer (id, min, full, raw).')
+            str | None, Doc('An entity serializer (id, min, full, raw).')
         ] = None,
-        tagged_text: Annotated[Optional[bool], Doc('Should the text contain tags.')] = None,
+        tagged_text: Annotated[bool | None, Doc('Should the text contain tags.')] = None,
         max_results: Annotated[
-            Optional[int],
+            int | None,
             Doc('The maximum number of references (not notes), max 1000.'),
         ] = Field(ge=1, le=1000, default=DEFAULT_LIMIT),
         notes_per_page: Annotated[
-            Optional[int], Doc('The number of notes for each paged request.')
+            int | None, Doc('The number of notes for each paged request.')
         ] = Field(ge=1, le=1000, default=NOTES_PER_PAGE),
     ) -> Annotated[list[AnalystNote], Doc('A list of deduplicated AnalystNote objects.')]:
         """Execute a search for the analyst notes based on the parameters provided.
@@ -189,16 +189,16 @@ class AnalystNoteMgr:
         self,
         title: Annotated[str, Doc('The title of the note.')],
         text: Annotated[str, Doc('The text of the note.')],
-        published: Annotated[Optional[str], Doc('The date when the note was published.')] = None,
-        topic: Annotated[Union[str, list[str], None], Doc('The topic of the note.')] = None,
+        published: Annotated[str | None, Doc('The date when the note was published.')] = None,
+        topic: Annotated[str | list[str] | None, Doc('The topic of the note.')] = None,
         context_entities: Annotated[
-            Optional[list[str]], Doc('The context entities of the note.')
+            list[str] | None, Doc('The context entities of the note.')
         ] = None,
-        note_entities: Annotated[Optional[list[str]], Doc('The note entities of the note.')] = None,
+        note_entities: Annotated[list[str] | None, Doc('The note entities of the note.')] = None,
         validation_urls: Annotated[
-            Optional[list[str]], Doc('The validation URLs of the note.')
+            list[str] | None, Doc('The validation URLs of the note.')
         ] = None,
-        source: Annotated[Optional[str], Doc('The source of the note.')] = None,
+        source: Annotated[str | None, Doc('The source of the note.')] = None,
     ) -> Annotated[AnalystNotePreviewOut, Doc('The note that will be created.')]:
         """Preview of the AnalystNote. It does not create a note; it just returns how the note
         will look.
@@ -236,18 +236,18 @@ class AnalystNoteMgr:
         self,
         title: Annotated[str, Doc('The title of the note.')],
         text: Annotated[str, Doc('The text of the note.')],
-        published: Annotated[Optional[str], Doc('The date when the note was published.')] = None,
-        topic: Annotated[Union[str, list[str], None], Doc('The topic of the note.')] = None,
+        published: Annotated[str | None, Doc('The date when the note was published.')] = None,
+        topic: Annotated[str | list[str] | None, Doc('The topic of the note.')] = None,
         context_entities: Annotated[
-            Optional[list[str]], Doc('The context entities of the note.')
+            list[str] | None, Doc('The context entities of the note.')
         ] = None,
-        note_entities: Annotated[Optional[list[str]], Doc('The note entities of the note.')] = None,
+        note_entities: Annotated[list[str] | None, Doc('The note entities of the note.')] = None,
         validation_urls: Annotated[
-            Optional[list[str]], Doc('The validation URLs of the note.')
+            list[str] | None, Doc('The validation URLs of the note.')
         ] = None,
-        source: Annotated[Optional[str], Doc('The source of the note.')] = None,
+        source: Annotated[str | None, Doc('The source of the note.')] = None,
         note_id: Annotated[
-            Optional[str], Doc('The ID of the note. Use if you want to modify an existing note.')
+            str | None, Doc('The ID of the note. Use if you want to modify an existing note.')
         ] = None,
     ) -> Annotated[AnalystNotePublishOut, Doc('The published note.')]:
         """Publish data. This method creates a note and returns its ID.