dfir-iris · meck-gd · Apr 23, 2026
diff --git a/dfir_iris_client/admin.py b/dfir_iris_client/admin.py
@@ -135,7 +135,7 @@ def add_user(self, login: str, name: str, password: str, email: str, is_service_
 
         return self._s.pi_post(f'manage/users/add', data=body)
 
-    def deactivate_user(self, user: [int, str] = None) -> ApiResponse:
+    def deactivate_user(self, user: int | str) -> ApiResponse:
         """
         Deactivate a user from its user ID or login. Disabled users can't log in interactively nor user their API keys.
         They do not appear in proposed user lists.
@@ -165,10 +165,10 @@ def deactivate_user(self, user: [int, str] = None) -> ApiResponse:
 
     def update_user(self,
                     user: Union[int, str],
-                    login: str = None,
-                    name: str = None,
-                    password: str = None,
-                    email: str = None,
+                    login: str | None = None,
+                    name: str | None = None,
+                    password: str | None = None,
+                    email: str | None = None,
                     **kwargs) -> ApiResponse:
         """
         Updates a user. The user can be updated if :
@@ -219,7 +219,7 @@ def update_user(self,
 
         return self._s.pi_post(f'manage/users/update/{user.get("user_id")}', data=body)
 
-    def delete_user(self, user: [int, str], **kwargs) -> ApiResponse:
+    def delete_user(self, user: int | str, **kwargs) -> ApiResponse:
         """
         Deletes a user based on its login. A user can only be deleted if it does not have any
         activities in IRIS. This is to maintain coherence in the database. The user needs to be
@@ -361,7 +361,7 @@ def recompute_all_users_cases_access(self) -> ApiResponse:
         """
         return self._s.pi_get(f'manage/access-control/recompute-effective-users-ac')
 
-    def add_ioc_type(self, name: str, description: str, taxonomy: str = None) -> ApiResponse:
+    def add_ioc_type(self, name: str, description: str, taxonomy: str | None = None) -> ApiResponse:
         """
         Add a new IOC Type.
 
@@ -397,8 +397,8 @@ def delete_ioc_type(self, ioc_type_id: int) -> ApiResponse:
         """
         return self._s.pi_post(f'manage/ioc-types/delete/{ioc_type_id}', cid=1)
 
-    def update_ioc_type(self, ioc_type_id: int, name: str = None,
-                        description: str = None, taxonomy: str = None) -> ApiResponse:
+    def update_ioc_type(self, ioc_type_id: int, name: str | None = None,
+                        description: str | None = None, taxonomy: str | None = None) -> ApiResponse:
         """
         Updates an IOC type. `ioc_type_id` needs to be a valid existing IocType ID.
 
@@ -486,8 +486,8 @@ def delete_case_classification(self, case_classification_id: int) -> ApiResponse
         """
         return self._s.pi_post(f'manage/case-classifications/delete/{case_classification_id}', cid=1)
 
-    def update_case_classification(self, classification_id: int, name: str = None,
-                                   name_expanded: str = None, description: str = None) -> ApiResponse:
+    def update_case_classification(self, classification_id: int, name: str | None = None,
+                                   name_expanded: str | None = None, description: str | None = None) -> ApiResponse:
         """ Updates a Case Classification. `case_classification_id` needs to be a valid existing CaseClassification ID.
 
 
@@ -534,8 +534,8 @@ def delete_asset_type(self, asset_type_id: int) -> ApiResponse:
         return self._s.pi_post(f'manage/asset-type/delete/{asset_type_id}', cid=1)
 
     @deprecated(reason='This method is deprecated in IRIS > v1.4.3', action="error", version="2.0.0")
-    def update_asset_type(self, asset_type_id: int, name: str = None,
-                          description: str = None) -> ApiResponse:
+    def update_asset_type(self, asset_type_id: int, name: str | None = None,
+                          description: str | None = None) -> ApiResponse:
         """
         Updates an Asset type. `asset_type_id` needs to be a valid existing AssetType ID.
 
@@ -565,8 +565,8 @@ def update_asset_type(self, asset_type_id: int, name: str = None,
         }
         return self._s.pi_post(f'manage/asset-type/update/{asset_type_id}', data=body)
 
-    def add_customer(self, customer_name: str, customer_description: str = None,
-                     customer_sla: str = None, custom_attributes: dict = {}) -> ApiResponse:
+    def add_customer(self, customer_name: str, customer_description: str | None = None,
+                     customer_sla: str | None = None, custom_attributes: dict = {}) -> ApiResponse:
         """
         Creates a new customer. A new customer can be added if:
 
@@ -691,8 +691,8 @@ def get_group(self, group: Union[str, int]) -> ApiResponse:
 
         return self._s.pi_get(f'manage/groups/{group}', cid=1)
 
-    def update_group(self, group: Union[str, int], group_name: str = None, group_description: str = None,
-                     group_permissions: List[Permissions] = None) -> ApiResponse:
+    def update_group(self, group: Union[str, int], group_name: str | None = None, group_description: str | None = None,
+                     group_permissions: List[Permissions] | None = None) -> ApiResponse:
         """
         Update a group. Cases access and members can be with
         `set_group_access` and `set_group_members` methods. Permissions must be a list of known

diff --git a/dfir_iris_client/alert.py b/dfir_iris_client/alert.py
@@ -96,7 +96,7 @@ def delete_alert(self, alert_id: int) -> ApiResponse:
         return self._s.pi_post(f"alerts/delete/{alert_id}")
 
     def escalate_alert(self, alert_id: int, iocs_import_list: List[str], assets_import_list: List[str],
-                       escalation_note: str, case_title:str, case_tags: str, case_template_id: int = None,
+                       escalation_note: str, case_title: str, case_tags: str, case_template_id: int | None = None,
                        import_as_event: bool = False) -> ApiResponse:
         """Escalate an alert
 
@@ -166,11 +166,13 @@ def unmerge_alert(self, alert_id: int, target_case_id: int) -> ApiResponse:
 
         return self._s.pi_post(f"alerts/unmerge/{alert_id}", data=payload)
 
-    def filter_alerts(self, alert_title: str = None, alert_description: str = None, alert_source: str = None,
-                      alert_tags: str = None, alert_status_id: int = None, alert_severity_id: int = None,
-                      alert_classification_id: int = None, alert_customer_id: int = None, alert_start_date: str = None,
-                      alert_end_date: str = None, alert_assets: str = None, alert_iocs: str = None, alert_ids: str = None,
-                      case_id: int = None, alert_owner_id: int = None,
+    def filter_alerts(self, alert_title: str | None = None, alert_description: str | None = None,
+                      alert_source: str | None = None, alert_tags: str | None = None,
+                      alert_status_id: int | None = None, alert_severity_id: int | None = None,
+                      alert_classification_id: int | None = None, alert_customer_id: int | None = None,
+                      alert_start_date: str | None = None, alert_end_date: str | None = None,
+                      alert_assets: str | None = None, alert_iocs: str | None = None, alert_ids: str | None = None,
+                      case_id: int | None = None, alert_owner_id: int | None = None,
                       page: int = 1, per_page: int = 20, sort: str = 'desc') -> ApiResponse:
         """ Filter alerts