From 5538a21b68f3792ff365aaa100d0420d92e03d05 Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Tue, 16 Feb 2021 14:53:45 +0200 Subject: [PATCH 01/13] Add Agent standalone k8s manifest (#23679) --- .../elastic-agent-standalone-kubernetes.yml | 509 ++++++++++++++++++ 1 file changed, 509 insertions(+) create mode 100644 deploy/kubernetes/elastic-agent-standalone-kubernetes.yml diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml new file mode 100644 index 00000000000..f99281b6889 --- /dev/null +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml @@ -0,0 +1,509 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:7.12.0-SNAPSHOT + args: [ + "-c", "/etc/agent.yml", + "-e", "-d", "composable.providers.kubernetes", + ] + env: + - name: ES_USERNAME + value: "elastic" + - name: ES_PASSWORD + value: "" + - name: ES_HOST + value: "" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + runAsUser: 0 + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: datastreams + mountPath: /etc/agent.yml + readOnly: true + subPath: agent.yml + volumes: + - name: datastreams + configMap: + defaultMode: 0640 + name: agent-node-datastreams +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: agent-node-datastreams + namespace: kube-system + labels: + k8s-app: elastic-agent +data: + agent.yml: |- + id: ef9cc740-5bf0-11eb-8b51-39775155c3f5 + revision: 2 + outputs: + default: + type: elasticsearch + hosts: + - >- + ${ES_HOST} + username: ${ES_USERNAME} + password: ${ES_PASSWORD} + agent: + monitoring: + enabled: true + use_output: default + logs: true + metrics: true + providers.kubernetes: + node: ${NODE_NAME} + scope: node + inputs: + - id: 934ef8aa-ed19-405b-8160-ebf62e3d32f8 + name: kubernetes-node-metrics + revision: 1 + type: kubernetes/metrics + use_output: default + meta: + package: + name: kubernetes + version: 0.2.8 + data_stream: + namespace: default + streams: + - id: >- + kubernetes/metrics-kubernetes.controllermanager-3d50c483-2327-40e7-b3e5-d877d4763fe1 + data_stream: + dataset: kubernetes.controllermanager + type: metrics + metricsets: + - controllermanager + hosts: + - '${kubernetes.pod.ip}:10252' + period: 10s + condition: ${kubernetes.pod.labels.component} == 'kube-controller-manager' + - id: >- + kubernetes/metrics-kubernetes.scheduler-3d50c483-2327-40e7-b3e5-d877d4763fe1 + data_stream: + dataset: kubernetes.scheduler + type: metrics + metricsets: + - scheduler + hosts: + - '${kubernetes.pod.ip}:10251' + period: 10s + condition: ${kubernetes.pod.labels.component} == 'kube-scheduler' + - id: >- + kubernetes/metrics-kubernetes.proxy-3d50c483-2327-40e7-b3e5-d877d4763fe1 + data_stream: + dataset: kubernetes.proxy + type: metrics + metricsets: + - proxy + hosts: + - 'localhost:10249' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.container-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.container + type: metrics + metricsets: + - container + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: >- + kubernetes/metrics-kubernetes.node-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.node + type: metrics + metricsets: + - node + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: kubernetes/metrics-kubernetes.pod-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.pod + type: metrics + metricsets: + - pod + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: >- + kubernetes/metrics-kubernetes.system-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.system + type: metrics + metricsets: + - system + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: >- + kubernetes/metrics-kubernetes.volume-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.volume + type: metrics + metricsets: + - volume + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + serviceAccountName: elastic-agent + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:7.12.0-SNAPSHOT + args: [ + "-c", "/etc/agent.yml", + "-e", "-d", "composable.providers.kubernetes", + ] + env: + - name: ES_USERNAME + value: "elastic" + - name: ES_PASSWORD + value: "" + - name: ES_HOST + value: "" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # this is needed because we cannot use hostNetwork + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + runAsUser: 0 + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: datastreams + mountPath: /etc/agent.yml + readOnly: true + subPath: agent.yml + volumes: + - name: datastreams + configMap: + defaultMode: 0640 + name: agent-deployment-datastreams +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: agent-deployment-datastreams + namespace: kube-system + labels: + k8s-app: elastic-agent +data: + # This part requires `kube-state-metrics` up and running under `kube-system` namespace + agent.yml: |- + id: ef9cc740-5bf0-11eb-8b51-39775155c3f5 + revision: 2 + outputs: + default: + type: elasticsearch + hosts: + - >- + ${ES_HOST} + username: ${ES_USERNAME} + password: ${ES_PASSWORD} + agent: + monitoring: + enabled: true + use_output: default + logs: true + metrics: true + inputs: + - id: 934ef8aa-ed19-405b-8160-ebf62e3d32f9 + name: kubernetes-cluster-metrics + revision: 1 + type: kubernetes/metrics + use_output: default + meta: + package: + name: kubernetes + version: 0.2.8 + data_stream: + namespace: default + streams: + - id: >- + kubernetes/metrics-kubernetes.apiserver-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.apiserver + type: metrics + metricsets: + - apiserver + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.KUBERNETES_SERVICE_HOST}:${env.KUBERNETES_SERVICE_PORT}' + period: 30s + ssl.certificate_authorities: + - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - id: >- + kubernetes/metrics-kubernetes.event-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.event + type: metrics + metricsets: + - event + period: 10s + add_metadata: true + - id: >- + kubernetes/metrics-kubernetes.state_container-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_container + type: metrics + metricsets: + - state_container + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_cronjob-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_cronjob + type: metrics + metricsets: + - state_cronjob + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_deployment-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_deployment + type: metrics + metricsets: + - state_deployment + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_node-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_node + type: metrics + metricsets: + - state_node + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_persistentvolume-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_persistentvolume + type: metrics + metricsets: + - state_persistentvolume + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_persistentvolumeclaim-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_persistentvolumeclaim + type: metrics + metricsets: + - state_persistentvolumeclaim + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_pod-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_pod + type: metrics + metricsets: + - state_pod + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_replicaset-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_replicaset + type: metrics + metricsets: + - state_replicaset + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_resourcequota-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_resourcequota + type: metrics + metricsets: + - state_resourcequota + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_service-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_service + type: metrics + metricsets: + - state_service + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_statefulset-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_statefulset + type: metrics + metricsets: + - state_statefulset + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_storageclass-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_storageclass + type: metrics + metricsets: + - state_storageclass + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - secrets + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + # required for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- From 55b1e2aa18c6a23a78b024cfd16652ca8f45e30b Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 16 Feb 2021 15:32:51 +0100 Subject: [PATCH 02/13] [Ingest Management] Fix reloading of log level for services (#24055) [Ingest Management] Fix reloading of log level for services (#24055) --- x-pack/elastic-agent/CHANGELOG.asciidoc | 1 + .../testdata/endpoint_basic-endpoint-security.yml | 1 + .../pkg/agent/program/testdata/endpoint_basic.yml | 1 + x-pack/elastic-agent/pkg/config/config.go | 6 ++++++ x-pack/elastic-agent/pkg/core/server/server.go | 11 +++++++++++ 5 files changed, 20 insertions(+) diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index 58f827aca17..b0b5066d27d 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -34,6 +34,7 @@ - Fixed Monitoring filebeat and metricbeat not connecting to Agent over GRPC {pull}23843[23843] - Fixed make status readable in the log. {pull}23849[23849] - Windows agent doesn't uninstall with a lowercase `c:` drive in the path {pull}23998[23998] +- Fix reloading of log level for services {pull}[24055]24055 ==== New features diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml index b77a83633ae..d81d276f368 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml @@ -2,6 +2,7 @@ revision: 5 fleet: agent: id: fleet-agent-id + logging.level: error host: id: host-agent-id api: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml index 728b4813a4e..1681926c56e 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml @@ -3,6 +3,7 @@ name: Endpoint Host fleet: agent: id: fleet-agent-id + logging.level: error host: id: host-agent-id access_api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw diff --git a/x-pack/elastic-agent/pkg/config/config.go b/x-pack/elastic-agent/pkg/config/config.go index 593631f0050..2de84972a6b 100644 --- a/x-pack/elastic-agent/pkg/config/config.go +++ b/x-pack/elastic-agent/pkg/config/config.go @@ -116,6 +116,12 @@ func NewConfigFrom(from interface{}, opts ...interface{}) (*Config, error) { } if len(skippedKeys) > 0 { err = cfg.Merge(skippedKeys, ucfg.ResolveNOOP) + + // we modified incoming object + // cleanup so skipped keys are not missing + for k, v := range skippedKeys { + data[k] = v + } } return newConfigFrom(cfg), err } diff --git a/x-pack/elastic-agent/pkg/core/server/server.go b/x-pack/elastic-agent/pkg/core/server/server.go index f0b8ac73d8a..97517eb6ce6 100644 --- a/x-pack/elastic-agent/pkg/core/server/server.go +++ b/x-pack/elastic-agent/pkg/core/server/server.go @@ -249,9 +249,13 @@ func (s *Server) Checkin(server proto.ElasticAgent_CheckinServer) error { }() var ok bool + var observedConfigStateIdx uint64 var firstCheckin *proto.StateObserved select { case firstCheckin, ok = <-firstCheckinChan: + if firstCheckin != nil { + observedConfigStateIdx = firstCheckin.ConfigStateIdx + } break case <-time.After(InitialCheckinTimeout): // close connection @@ -281,6 +285,13 @@ func (s *Server) Checkin(server proto.ElasticAgent_CheckinServer) error { s.logger.Debug("check-in stream cannot connect, application is being destroyed; closing connection") return status.Error(codes.Unavailable, "application cannot connect being destroyed") } + + // application is running as a service and counter is already counting + // force config reload + if observedConfigStateIdx > 0 { + appState.expectedConfigIdx = observedConfigStateIdx + 1 + } + checkinDone := make(chan bool) appState.checkinDone = checkinDone appState.checkinLock.Unlock() From 0d4109da65b2db5301055de9fca3e7cc4a4e78f8 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 16 Feb 2021 09:37:28 -0500 Subject: [PATCH 03/13] [Filebeat] Convert logstash logEvent.action objects to strings (#23944) To prevent index failures resulting from indexing a mix of strings and nested objects as logstash.log.log_event.action, this converts any objects to a stringified version of the object using painless toString(). Fixes #20709 --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 7 +++++++ filebeat/module/logstash/fields.go | 2 +- filebeat/module/logstash/log/_meta/fields.yml | 2 ++ .../logstash/log/ingest/pipeline-json.yml | 10 +++++++++ .../logstash/log/test/logstash-json.log | 1 + .../log/test/logstash-json.log-expected.json | 21 +++++++++++++++++++ 7 files changed, 43 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5f353ec1b2c..b570ea92379 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -380,6 +380,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] - Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] - Fix Okta default date formatting. {issue}24018[24018] {pull}24025[24025] +- Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index a8cb2e8d44a..e47e37fc194 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -86605,6 +86605,13 @@ type: object -- +*`logstash.log.log_event.action`*:: ++ +-- +type: keyword + +-- + *`logstash.log.pipeline_id`*:: + -- diff --git a/filebeat/module/logstash/fields.go b/filebeat/module/logstash/fields.go index 2097117ebf7..c65c5f1955d 100644 --- a/filebeat/module/logstash/fields.go +++ b/filebeat/module/logstash/fields.go @@ -32,5 +32,5 @@ func init() { // AssetLogstash returns asset data. // This is the base64 encoded gzipped contents of module/logstash. func AssetLogstash() string { - return "eJzsVU1v2zAMvedXED23+QE+9LKtQIB9ANvuhmLTMhdJFPSRxP9+sB0ntiN3SNsVGDDdLFp875FP1APssMlAsfRB+HoFECgozOBu2LpbAZToC0c2EJsMHlcAcD4BX7iMClcAFaEqfdZFH8AIjZO87QqNxQyk42hPO4nM00yzbOe9C9HPI6Ln2BXQIli/njpIqBxrCDXCkLRTsB79Ouc25qeHUoxXT2WHzYFdOYs9Q6hdP2s85QR2UCjhPRxqdNhRxD2aAOxIkhEB10lKoXYo5rCvoLQxFTst2jCILcfQUXHRGDLyhDbiqFguMQTQUQXKUwWdKMBjuAoOGq6CI6vkXYGS0nn7C4t56A/Kd9iAMCXshYoIJW6jlK1mulQk3QJLFhUZzOmWPuBRaNv6Wwsyt9tm8xG46lowwF/Ipb2L3guZNq9QJPwsYkWol05pkk707IKLmG4Q7lHdiKZYrlPnlvAGLK/4MJsdt86H6xT/B8E/MQiWh8CLZH8XByijtsPtOmlSSZy/qcuqKMnk7cfbqfsqNJ7nRgfwHHYL9IYeb+wMO4ONsTH4e3giFdD5e/gWQ7vT3oIPXGLhF8zOvMvJ5JqUovks6TkqNvI2gp+OWMTO74E0QsVuxBXIQI+GBZtygdepcFY4odO0XlS6H8G1l65/mSYlhIJNRTL24/H97dkrzZPv7eue4ofHqd6JUIgeS9g2o0qkG/IerxAkjGmE4bQBlnG7CbMuF3o5A/8dAAD//7rhE3k=" + return "eJzsVk1v2zAMvedXED23+QE+9LKtQIF9ANvuhmLTMhdJFPSRxP9+sB0ntiN3TdsVGDDdIlp871FPZO5gi00GiqUPwtcrgEBBYQY3w9bNCqBEXziygdhkcL8CgNMJ+MJlVLgCqAhV6bMuegdGaJzkbVdoLGYgHUd73ElknmaaZTvtnYl+HhE9xS6AFsH69dBBQuVYQ6gRhqSdgvXo0zm3MT89lGK8eipbbPbsylnsCULt+lnjMSewg0IJ72Ffo8OOIu7QBGBHkowIuE5SCrVDMYd9BaVHU7HTog2D2HAMHRUXjSEjj2gjjorlEkMAHVWgPFXQiQI8hIvgoOEiOLJK3hUoKZ03v7CYh/6gfIsNCFPCTqiIUOImStlqpnNF0ldworIWRfvVsy9jSGDJoiKDOV1zkXgQ2rYPRAuaYz7Dd48fgavuDgf4s7q0+dF7IdPuF4qEn0WsCPXSKU3SiZ5dcBHTZcUdqivRFMt16twS3oDlFe9nzefaBnOZ4n8n+Sc6yXIXeZHs72IPZdR2eF1HTSqJ8zd1WRUlmbz98XbqvgqNp77RATyF3QK9occbO8PO4NHYGPwtPJAK6PwtfIuh3WlfwQcusfALZmfe5mRyTUrRvJf0HBUbeR3BTwcsYuf3QBqhYjfiCmSgR8OCTbnA61g4K5zQaVovKt2P4NpH14+2SQmhYFORjH17fH979krz5MB+3Sy/u5/qnQiF6LGETTOqxMJwf4cpBAljGmE4bYBl3P5PSLlwlzPw3wEAAP//W7kkpQ==" } diff --git a/filebeat/module/logstash/log/_meta/fields.yml b/filebeat/module/logstash/log/_meta/fields.yml index 6ca12ca11bf..36fa8bfb0cb 100644 --- a/filebeat/module/logstash/log/_meta/fields.yml +++ b/filebeat/module/logstash/log/_meta/fields.yml @@ -19,6 +19,8 @@ type: object description: > key and value debugging information. + - name: log_event.action + type: keyword - name: pipeline_id type: keyword example: main diff --git a/filebeat/module/logstash/log/ingest/pipeline-json.yml b/filebeat/module/logstash/log/ingest/pipeline-json.yml index f14a3be2855..807079ed84e 100644 --- a/filebeat/module/logstash/log/ingest/pipeline-json.yml +++ b/filebeat/module/logstash/log/ingest/pipeline-json.yml @@ -31,6 +31,16 @@ processors: - rename: field: logstash.log.level target_field: log.level +- script: + description: Convert logstash.log.log_event.action elements to string. + if: ctx?.logstash?.log?.log_event?.action instanceof List + lang: painless + source: | + def items = []; + ctx.logstash.log.log_event.action.forEach(v -> { + items.add(v.toString()); + }); + ctx.logstash.log.log_event.action = items; - set: field: event.kind value: event diff --git a/filebeat/module/logstash/log/test/logstash-json.log b/filebeat/module/logstash/log/test/logstash-json.log index bfd931653ab..503d6ce2449 100644 --- a/filebeat/module/logstash/log/test/logstash-json.log +++ b/filebeat/module/logstash/log/test/logstash-json.log @@ -1,3 +1,4 @@ {"level":"INFO","loggerName":"logstash.agent","timeMillis":1546896321871,"thread":"Ruby-0-Thread-1: /Users/mat/work/elastic/releases/6.5.1/logstash/lib/bootstrap/environment.rb:6","logEvent":{"message":"Pipelines running","count":1,"running_pipelines":[{"metaClass":{"metaClass":{"metaClass":{"running_pipelines":"[:main]","non_running_pipelines":[]}}}}]}} {"level":"INFO","loggerName":"logstash.pipeline","timeMillis":1546896322538,"thread":"[main]>worker7","logEvent":{"message":"Pipeline has terminated","pipeline_id":"main","thread":"#"}} {"level":"INFO","loggerName":"logstash.agent","timeMillis":1546896322594,"thread":"Api Webserver","logEvent":{"message":"Successfully started Logstash API endpoint","port":9600}} +{"level":"WARN","loggerName":"logstash.outputs.elasticsearch","timeMillis":1612827484046,"thread":"[foo]>worker1","logEvent":{"message":"Could not index event to Elasticsearch.","status":400,"action":["update",{"_id":"foo-1234abcd-96c6-4828-bcd4-51d33a156431","_index":"filebeat-foo-2021.02","_type":"_doc","retry_on_conflict":1},{"metaClass":{"metaClass":{"metaClass":{"action":"[\"update\", {:_id=>\"foo-1234abcd-96c6-4828-bcd4-51d33a156431\", :_index=>\"filebeat-foo-2021.02\", :routing=>nil, :_type=>\"_doc\", :retry_on_conflict=>1}, #]","response":{"update":{"_index":"filebeat-foo-2021.02","_type":"_doc","_id":"foo-1234abcd-96c6-4828-bcd4-51d33a156431","status":400,"error":{"type":"mapper_parsing_exception","reason":"failed to parse field [bar] of type [long] in document with id 'foo-1234abcd-96c6-4828-bcd4-51d33a156431'. Preview of field's value: 'ABCDEFGHIJ'","caused_by":{"type":"illegal_argument_exception","reason":"For input string: \"ABCDEFGHIJ\""}}}}}}}}]}} diff --git a/filebeat/module/logstash/log/test/logstash-json.log-expected.json b/filebeat/module/logstash/log/test/logstash-json.log-expected.json index 4bbf77ad25f..9cf6c292e39 100644 --- a/filebeat/module/logstash/log/test/logstash-json.log-expected.json +++ b/filebeat/module/logstash/log/test/logstash-json.log-expected.json @@ -59,5 +59,26 @@ "logstash.log.thread": "Api Webserver", "message": "Successfully started Logstash API endpoint", "service.type": "logstash" + }, + { + "@timestamp": "2021-02-08T23:38:04.046Z", + "event.dataset": "logstash.log", + "event.kind": "event", + "event.module": "logstash", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "WARN", + "log.offset": 745, + "logstash.log.log_event.action": [ + "update", + "{_index=filebeat-foo-2021.02, _type=_doc, _id=foo-1234abcd-96c6-4828-bcd4-51d33a156431, retry_on_conflict=1}", + "{metaClass={metaClass={metaClass={response={update={_index=filebeat-foo-2021.02, _type=_doc, _id=foo-1234abcd-96c6-4828-bcd4-51d33a156431, error={reason=failed to parse field [bar] of type [long] in document with id 'foo-1234abcd-96c6-4828-bcd4-51d33a156431'. Preview of field's value: 'ABCDEFGHIJ', caused_by={reason=For input string: \"ABCDEFGHIJ\", type=illegal_argument_exception}, type=mapper_parsing_exception}, status=400}}, action=[\"update\", {:_id=>\"foo-1234abcd-96c6-4828-bcd4-51d33a156431\", :_index=>\"filebeat-foo-2021.02\", :routing=>nil, :_type=>\"_doc\", :retry_on_conflict=>1}, #]}}}}" + ], + "logstash.log.log_event.status": 400, + "logstash.log.module": "logstash.outputs.elasticsearch", + "logstash.log.thread": "[foo]>worker1", + "message": "Could not index event to Elasticsearch.", + "service.type": "logstash" } ] \ No newline at end of file From ae0f29ec06ce2e3b1fa753e7f732ed238fb19b44 Mon Sep 17 00:00:00 2001 From: Blake Rouse Date: Tue, 16 Feb 2021 09:56:48 -0500 Subject: [PATCH 04/13] [Elastic Agent] Enroll with Fleet Server (#23865) * Add test and changelog. * Add ability to enroll through a local Fleet Server started by the running Elastic Agent daemon. * Fix tests. * Fix changelog. * Fixes from code review. * Cleanup from merge into master. --- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + .../pkg/agent/application/application.go | 72 +++++- .../pkg/agent/application/config.go | 23 ++ .../pkg/agent/application/enroll_cmd.go | 215 +++++++++++++++++- .../pkg/agent/application/enroll_cmd_test.go | 11 +- .../pkg/agent/application/fleet_gateway.go | 31 ++- .../agent/application/fleet_gateway_local.go | 109 +++++++++ .../agent/application/fleet_gateway_test.go | 12 +- .../application/fleet_server_bootstrap.go | 213 +++++++++++++++++ .../pkg/agent/application/local_mode.go | 7 +- .../pkg/agent/application/managed_mode.go | 68 ++---- .../application/noop_status_controller.go | 17 +- .../pkg/agent/application/upgrade/upgrade.go | 2 +- x-pack/elastic-agent/pkg/agent/cmd/enroll.go | 124 +++++----- x-pack/elastic-agent/pkg/agent/cmd/install.go | 46 ++-- x-pack/elastic-agent/pkg/agent/cmd/run.go | 8 +- .../pkg/agent/configuration/fleet.go | 6 + .../pkg/agent/configuration/fleet_server.go | 68 ++++++ .../pkg/agent/control/control_test.go | 27 ++- .../pkg/agent/control/server/server.go | 55 +++-- .../elastic-agent/pkg/agent/errors/error.go | 6 + .../pkg/agent/errors/error_test.go | 43 ---- .../pkg/agent/errors/generators.go | 15 -- .../pkg/agent/install/install.go | 16 ++ .../pkg/agent/operation/operator.go | 21 +- .../pkg/agent/operation/operator_test.go | 22 +- .../pkg/agent/program/program.go | 73 +++--- .../pkg/agent/program/supported.go | 2 +- .../pkg/basecmd/version/cmd_test.go | 4 +- .../pkg/capabilities/capabilities.go | 6 +- .../pkg/capabilities/capabilities_test.go | 14 +- .../elastic-agent/pkg/capabilities/input.go | 7 +- .../pkg/capabilities/input_test.go | 7 +- .../elastic-agent/pkg/capabilities/output.go | 7 +- .../elastic-agent/pkg/capabilities/upgrade.go | 7 +- .../elastic-agent/pkg/core/logger/logger.go | 2 +- .../pkg/core/plugin/process/app.go | 54 ++--- .../pkg/core/plugin/process/configure.go | 5 +- .../pkg/core/plugin/process/status.go | 2 +- .../pkg/core/plugin/service/app.go | 60 ++--- x-pack/elastic-agent/pkg/core/state/state.go | 60 +++-- .../elastic-agent/pkg/core/status/reporter.go | 195 +++++++++++----- .../pkg/core/status/reporter_test.go | 83 +++---- x-pack/elastic-agent/pkg/reporter/reporter.go | 2 +- .../pkg/reporter/reporter_test.go | 6 +- x-pack/elastic-agent/spec/fleet-server.yml | 4 + 46 files changed, 1335 insertions(+), 503 deletions(-) create mode 100644 x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go create mode 100644 x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go create mode 100644 x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index cce864723f3..3f0419ca38d 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -69,3 +69,4 @@ - Push log level downstream {pull}22815[22815] - Add metrics collection for Agent {pull}22793[22793] - Add support for Fleet Server {pull}23736[23736] +- Add support for enrollment with local bootstrap of Fleet Server {pull}23865[23865] diff --git a/x-pack/elastic-agent/pkg/agent/application/application.go b/x-pack/elastic-agent/pkg/agent/application/application.go index af50477d5fd..c13157e02f5 100644 --- a/x-pack/elastic-agent/pkg/agent/application/application.go +++ b/x-pack/elastic-agent/pkg/agent/application/application.go @@ -6,6 +6,11 @@ package application import ( "context" + "fmt" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/upgrade" @@ -31,7 +36,7 @@ type upgraderControl interface { } // New creates a new Agent and bootstrap the required subsystem. -func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upgraderControl, agentInfo *info.AgentInfo) (Application, error) { +func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, statusCtrl status.Controller, uc upgraderControl, agentInfo *info.AgentInfo) (Application, error) { // Load configuration from disk to understand in which mode of operation // we must start the elastic-agent, the mode of operation cannot be changed without restarting the // elastic-agent. @@ -44,7 +49,7 @@ func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upg return nil, err } - return createApplication(log, pathConfigFile, rawConfig, reexec, uc, agentInfo) + return createApplication(log, pathConfigFile, rawConfig, reexec, statusCtrl, uc, agentInfo) } func createApplication( @@ -52,6 +57,7 @@ func createApplication( pathConfigFile string, rawConfig *config.Config, reexec reexecManager, + statusCtrl status.Controller, uc upgraderControl, agentInfo *info.AgentInfo, ) (Application, error) { @@ -66,14 +72,72 @@ func createApplication( if IsStandalone(cfg.Fleet) { log.Info("Agent is managed locally") - return newLocal(ctx, log, pathConfigFile, rawConfig, reexec, uc, agentInfo) + return newLocal(ctx, log, pathConfigFile, rawConfig, reexec, statusCtrl, uc, agentInfo) + } + + // not in standalone; both modes require reading the fleet.yml configuration file + var store storage.Store + store, cfg, err = mergeFleetConfig(rawConfig) + + if IsFleetServerBootstrap(cfg.Fleet) { + log.Info("Agent is in Fleet Server bootstrap mode") + return newFleetServerBootstrap(ctx, log, pathConfigFile, rawConfig, statusCtrl, agentInfo) } log.Info("Agent is managed by Fleet") - return newManaged(ctx, log, rawConfig, reexec, agentInfo) + return newManaged(ctx, log, store, cfg, rawConfig, reexec, statusCtrl, agentInfo) } // IsStandalone decides based on missing of fleet.enabled: true or fleet.{access_token,kibana} will place Elastic Agent into standalone mode. func IsStandalone(cfg *configuration.FleetAgentConfig) bool { return cfg == nil || !cfg.Enabled } + +// IsFleetServerBootstrap decides if Elastic Agent is started in bootstrap mode. +func IsFleetServerBootstrap(cfg *configuration.FleetAgentConfig) bool { + return cfg != nil && cfg.Server != nil && cfg.Server.Bootstrap +} + +func mergeFleetConfig(rawConfig *config.Config) (storage.Store, *configuration.Configuration, error) { + path := info.AgentConfigFile() + store := storage.NewDiskStore(path) + reader, err := store.Load() + if err != nil { + return store, nil, errors.New(err, "could not initialize config store", + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + config, err := config.NewConfigFrom(reader) + if err != nil { + return store, nil, errors.New(err, + fmt.Sprintf("fail to read configuration %s for the elastic-agent", path), + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + // merge local configuration and configuration persisted from fleet. + err = rawConfig.Merge(config) + if err != nil { + return store, nil, errors.New(err, + fmt.Sprintf("fail to merge configuration with %s for the elastic-agent", path), + errors.TypeConfig, + errors.M(errors.MetaKeyPath, path)) + } + + cfg, err := configuration.NewFromConfig(rawConfig) + if err != nil { + return store, nil, errors.New(err, + fmt.Sprintf("fail to unpack configuration from %s", path), + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + if err := cfg.Fleet.Valid(); err != nil { + return store, nil, errors.New(err, + "fleet configuration is invalid", + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + return store, cfg, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/config.go b/x-pack/elastic-agent/pkg/agent/application/config.go index 8dfd093e040..d0eb80449a2 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config.go +++ b/x-pack/elastic-agent/pkg/agent/application/config.go @@ -26,3 +26,26 @@ func createFleetConfigFromEnroll(accessAPIKey string, kbn *kibana.Config) (*conf } return cfg, nil } + +func createFleetServerBootstrapConfig(connStr string, policyID string) (*configuration.FleetAgentConfig, error) { + es, err := configuration.ElasticsearchFromConnStr(connStr) + if err != nil { + return nil, err + } + cfg := configuration.DefaultFleetAgentConfig() + cfg.Enabled = true + cfg.Server = &configuration.FleetServerConfig{ + Bootstrap: true, + Output: configuration.FleetServerOutputConfig{ + Elasticsearch: es, + }, + } + if policyID != "" { + cfg.Server.Policy = &configuration.FleetServerPolicyConfig{ID: policyID} + } + + if err := cfg.Valid(); err != nil { + return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig) + } + return cfg, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go index fe4cafa7594..82d996bd620 100644 --- a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go @@ -9,9 +9,15 @@ import ( "context" "fmt" "io" + "math/rand" "net/http" "net/url" "os" + "time" + + "github.com/elastic/beats/v7/libbeat/common/backoff" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/proto" "gopkg.in/yaml.v2" @@ -25,6 +31,16 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) +const ( + waitingForAgent = "waiting for Elastic Agent to start" + waitingForFleetServer = "waiting for Elastic Agent to start Fleet Server" +) + +var ( + enrollDelay = 1 * time.Second // max delay to start enrollment + daemonTimeout = 30 * time.Second // max amount of for communication to running Agent daemon +) + type store interface { Save(io.Reader) error } @@ -66,6 +82,9 @@ type EnrollCmdOption struct { UserProvidedMetadata map[string]interface{} EnrollAPIKey string Staging string + FleetServerConnStr string + FleetServerPolicyID string + NoRestart bool } func (e *EnrollCmdOption) kibanaConfig() (*kibana.Config, error) { @@ -149,7 +168,95 @@ func NewEnrollCmdWithStore( } // Execute tries to enroll the agent into Fleet. -func (c *EnrollCmd) Execute() error { +func (c *EnrollCmd) Execute(ctx context.Context) error { + if c.options.FleetServerConnStr != "" { + err := c.fleetServerBootstrap(ctx) + if err != nil { + return err + } + + // enroll should use localhost as fleet-server is now running + // it must also restart + c.options.URL = "http://localhost:8000" + c.options.NoRestart = false + } + + err := c.enrollWithBackoff(ctx) + if err != nil { + return errors.New(err, "fail to enroll") + } + + if c.options.NoRestart { + return nil + } + + if c.daemonReload(ctx) != nil { + c.log.Info("Elastic Agent might not be running; unable to trigger restart") + } + c.log.Info("Successfully triggered restart on running Elastic Agent.") + return nil +} + +func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { + c.log.Debug("verifying communication with running Elastic Agent daemon") + _, err := getDaemonStatus(ctx) + if err != nil { + return errors.New("failed to communicate with elastic-agent daemon; is elastic-agent running?") + } + + fleetConfig, err := createFleetServerBootstrapConfig(c.options.FleetServerConnStr, c.options.FleetServerPolicyID) + configToStore := map[string]interface{}{ + "fleet": fleetConfig, + } + reader, err := yamlToReader(configToStore) + if err != nil { + return err + } + if err := c.configStore.Save(reader); err != nil { + return errors.New(err, "could not save fleet server bootstrap information", errors.TypeFilesystem) + } + + err = c.daemonReload(ctx) + if err != nil { + return errors.New(err, "failed to trigger elastic-agent daemon reload", errors.TypeApplication) + } + + err = waitForFleetServer(ctx, c.log) + if err != nil { + return errors.New(err, "fleet-server never started by elastic-agent daemon", errors.TypeApplication) + } + return nil +} + +func (c *EnrollCmd) daemonReload(ctx context.Context) error { + daemon := client.New() + err := daemon.Connect(ctx) + if err != nil { + return err + } + defer daemon.Disconnect() + return daemon.Restart(ctx) +} + +func (c *EnrollCmd) enrollWithBackoff(ctx context.Context) error { + delay(ctx, enrollDelay) + + err := c.enroll(ctx) + signal := make(chan struct{}) + backExp := backoff.NewExpBackoff(signal, 60*time.Second, 10*time.Minute) + + for errors.Is(err, fleetapi.ErrTooManyRequests) { + c.log.Warn("Too many requests on the remote server, will retry in a moment.") + backExp.Wait() + c.log.Info("Retrying to enroll...") + err = c.enroll(ctx) + } + + close(signal) + return err +} + +func (c *EnrollCmd) enroll(ctx context.Context) error { cmd := fleetapi.NewEnrollCmd(c.client) metadata, err := metadata() @@ -167,7 +274,7 @@ func (c *EnrollCmd) Execute() error { }, } - resp, err := cmd.Execute(context.Background(), r) + resp, err := cmd.Execute(ctx, r) if err != nil { return errors.New(err, "fail to execute request to Kibana", @@ -184,6 +291,15 @@ func (c *EnrollCmd) Execute() error { "sourceURI": staging, } } + if c.options.FleetServerConnStr != "" { + serverConfig, err := createFleetServerBootstrapConfig(c.options.FleetServerConnStr, c.options.FleetServerPolicyID) + if err != nil { + return err + } + // no longer need bootstrap at this point + serverConfig.Server.Bootstrap = false + fleetConfig.Server = serverConfig.Server + } configToStore := map[string]interface{}{ "fleet": fleetConfig, @@ -225,3 +341,98 @@ func yamlToReader(in interface{}) (io.Reader, error) { } return bytes.NewReader(data), nil } + +func delay(ctx context.Context, d time.Duration) { + t := time.NewTimer(time.Duration(rand.Int63n(int64(d)))) + defer t.Stop() + select { + case <-ctx.Done(): + case <-t.C: + } +} + +func getDaemonStatus(ctx context.Context) (*client.AgentStatus, error) { + ctx, cancel := context.WithTimeout(ctx, daemonTimeout) + defer cancel() + daemon := client.New() + err := daemon.Connect(ctx) + if err != nil { + return nil, err + } + defer daemon.Disconnect() + return daemon.Status(ctx) +} + +type waitResult struct { + err error +} + +func waitForFleetServer(ctx context.Context, log *logger.Logger) error { + ctx, cancel := context.WithTimeout(ctx, 2*time.Minute) + defer cancel() + + resChan := make(chan waitResult) + innerCtx, innerCancel := context.WithCancel(context.Background()) + defer innerCancel() + go func() { + msg := "" + for { + <-time.After(1 * time.Second) + status, err := getDaemonStatus(innerCtx) + if err == context.Canceled { + resChan <- waitResult{err: err} + return + } + if err != nil { + log.Debug(waitingForAgent) + if msg != waitingForAgent { + msg = waitingForAgent + log.Info(waitingForAgent) + } + continue + } + app := getAppFromStatus(status, "fleet-server") + if app == nil { + log.Debug(waitingForFleetServer) + if msg != waitingForFleetServer { + msg = waitingForFleetServer + log.Info(waitingForFleetServer) + } + continue + } + log.Debugf("fleet-server status: %s - %s", app.Status, app.Message) + if app.Status == proto.Status_DEGRADED || app.Status == proto.Status_HEALTHY { + // app has started and is running + resChan <- waitResult{} + break + } + appMsg := fmt.Sprintf("Fleet Server - %s", app.Message) + if msg != appMsg { + msg = appMsg + log.Info(appMsg) + } + } + }() + + var res waitResult + select { + case <-ctx.Done(): + innerCancel() + res = <-resChan + case res = <-resChan: + } + + if res.err != nil { + return res.err + } + return nil +} + +func getAppFromStatus(status *client.AgentStatus, name string) *client.ApplicationStatus { + for _, app := range status.Applications { + if app.Name == name { + return app + } + } + return nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go index 080b5efcb69..fe6786276d2 100644 --- a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go @@ -6,6 +6,7 @@ package application import ( "bytes" + "context" "crypto/tls" "io" "io/ioutil" @@ -94,7 +95,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.Error(t, err) }, )) @@ -147,7 +148,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.NoError(t, err) config, err := readConfig(store.Content) @@ -205,7 +206,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.NoError(t, err) require.True(t, store.Called) @@ -265,7 +266,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.NoError(t, err) require.True(t, store.Called) @@ -310,7 +311,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.Error(t, err) require.False(t, store.Called) }, diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go index 0ec71d7a5fa..225c50e65e6 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go @@ -6,9 +6,12 @@ package application import ( "context" + "fmt" "sync" "time" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/libbeat/common/backoff" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -57,10 +60,18 @@ type fleetAcker interface { Commit(ctx context.Context) error } -// fleetGateway is a gateway between the Agent and the Fleet API, it's take cares of all the +// FleetGateway is a gateway between the Agent and the Fleet API, it's take cares of all the // bidirectional communication requirements. The gateway aggregates events and will periodically // call the API to send the events and will receive actions to be executed locally. // The only supported action for now is a "ActionPolicyChange". +type FleetGateway interface { + // Start starts the gateway. + Start() error + + // Set the client for the gateway. + SetClient(clienter) +} + type fleetGateway struct { bgContext context.Context log *logger.Logger @@ -90,7 +101,7 @@ func newFleetGateway( acker fleetAcker, statusController status.Controller, stateStore *stateStore, -) (*fleetGateway, error) { +) (FleetGateway, error) { scheduler := scheduler.NewPeriodicJitter(defaultGatewaySettings.Duration, defaultGatewaySettings.Jitter) return newFleetGatewayWithScheduler( @@ -120,7 +131,7 @@ func newFleetGatewayWithScheduler( acker fleetAcker, statusController status.Controller, stateStore *stateStore, -) (*fleetGateway, error) { +) (FleetGateway, error) { // Backoff implementation doesn't support the using context as the shutdown mechanism. // So we keep a done channel that will be closed when the current context is shutdown. @@ -142,7 +153,7 @@ func newFleetGatewayWithScheduler( done: done, reporter: r, acker: acker, - statusReporter: statusController.Register("gateway"), + statusReporter: statusController.RegisterComponent("gateway"), statusController: statusController, stateStore: stateStore, }, nil @@ -160,7 +171,7 @@ func (f *fleetGateway) worker() { resp, err := f.doExecute() if err != nil { f.log.Error(err) - f.statusReporter.Update(status.Failed) + f.statusReporter.Update(state.Failed, err.Error()) continue } @@ -170,12 +181,13 @@ func (f *fleetGateway) worker() { } if err := f.dispatcher.Dispatch(f.acker, actions...); err != nil { - f.log.Errorf("failed to dispatch actions, error: %s", err) - f.statusReporter.Update(status.Degraded) + msg := fmt.Sprintf("failed to dispatch actions, error: %s", err) + f.log.Error(msg) + f.statusReporter.Update(state.Degraded, msg) } f.log.Debugf("FleetGateway is sleeping, next update in %s", f.settings.Duration) - f.statusReporter.Update(status.Healthy) + f.statusReporter.Update(state.Healthy, "") case <-f.bgContext.Done(): f.stop() return @@ -270,7 +282,7 @@ func isUnauth(err error) bool { return errors.Is(err, fleetapi.ErrInvalidAPIKey) } -func (f *fleetGateway) Start() { +func (f *fleetGateway) Start() error { f.wg.Add(1) go func(wg *sync.WaitGroup) { defer f.log.Info("Fleet gateway is stopped") @@ -278,6 +290,7 @@ func (f *fleetGateway) Start() { f.worker() }(&f.wg) + return nil } func (f *fleetGateway) stop() { diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go new file mode 100644 index 00000000000..e25e7792fb1 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go @@ -0,0 +1,109 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package application + +import ( + "context" + "time" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" +) + +const gatewayWait = 2 * time.Second + +var injectFleetServerInput = map[string]interface{}{ + // outputs is replaced by the fleet-server.spec + "outputs": map[string]interface{}{ + "default": map[string]interface{}{ + "type": "elasticsearch", + "hosts": []string{"localhost:9200"}, + }, + }, + "inputs": []interface{}{ + map[string]interface{}{ + "type": "fleet-server", + }, + }, +} + +// fleetServerWrapper wraps the fleetGateway to ensure that a local Fleet Server is running before trying +// to communicate with the gateway, which is local to the Elastic Agent. +type fleetServerWrapper struct { + bgContext context.Context + log *logger.Logger + cfg *configuration.FleetAgentConfig + injectedCfg *config.Config + wrapped FleetGateway + emitter emitterFunc +} + +func wrapLocalFleetServer( + ctx context.Context, + log *logger.Logger, + cfg *configuration.FleetAgentConfig, + rawConfig *config.Config, + wrapped FleetGateway, + emitter emitterFunc) (FleetGateway, error) { + if cfg.Server == nil { + // not running a local Fleet Server + return wrapped, nil + } + injectedCfg, err := injectFleetServer(rawConfig) + if err != nil { + return nil, errors.New(err, "failed to inject fleet-server input to start local Fleet Server", errors.TypeConfig) + } + return &fleetServerWrapper{ + bgContext: ctx, + log: log, + cfg: cfg, + injectedCfg: injectedCfg, + wrapped: wrapped, + emitter: emitter, + }, nil +} + +// Start starts the gateway. +func (w *fleetServerWrapper) Start() error { + err := w.emitter(w.injectedCfg) + if err != nil { + return err + } + sleep(w.bgContext, gatewayWait) + return w.wrapped.Start() +} + +// SetClient sets the client for the wrapped gateway. +func (w *fleetServerWrapper) SetClient(client clienter) { + w.wrapped.SetClient(client) +} + +func injectFleetServer(rawConfig *config.Config) (*config.Config, error) { + cfg := map[string]interface{}{} + err := rawConfig.Unpack(cfg) + if err != nil { + return nil, err + } + cloned, err := config.NewConfigFrom(cfg) + if err != nil { + return nil, err + } + err = cloned.Merge(injectFleetServerInput) + if err != nil { + return nil, err + } + return cloned, nil +} + +func sleep(ctx context.Context, d time.Duration) { + t := time.NewTimer(d) + defer t.Stop() + select { + case <-ctx.Done(): + case <-t.C: + } +} diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go index a31f6a343a2..4af4836936e 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go @@ -105,7 +105,7 @@ func newTestingDispatcher() *testingDispatcher { return &testingDispatcher{received: make(chan struct{}, 1)} } -type withGatewayFunc func(*testing.T, *fleetGateway, *testingClient, *testingDispatcher, *scheduler.Stepper, repo.Backend) +type withGatewayFunc func(*testing.T, FleetGateway, *testingClient, *testingDispatcher, *scheduler.Stepper, repo.Backend) func withGateway(agentInfo agentInfo, settings *fleetGatewaySettings, fn withGatewayFunc) func(t *testing.T) { return func(t *testing.T) { @@ -172,7 +172,7 @@ func TestFleetGateway(t *testing.T) { t.Run("send no event and receive no action", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -197,7 +197,7 @@ func TestFleetGateway(t *testing.T) { t.Run("Successfully connects and receives a series of actions", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -292,7 +292,7 @@ func TestFleetGateway(t *testing.T) { t.Run("send event and receive no action", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -404,7 +404,7 @@ func TestRetriesOnFailures(t *testing.T) { t.Run("When the gateway fails to communicate with the checkin API we will retry", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -460,7 +460,7 @@ func TestRetriesOnFailures(t *testing.T) { Backoff: backoffSettings{Init: 10 * time.Minute, Max: 20 * time.Minute}, }, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go b/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go new file mode 100644 index 00000000000..ebdb65ff706 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go @@ -0,0 +1,213 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package application + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/go-sysinfo" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filters" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + reporting "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter" + logreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/log" +) + +// FleetServerBootstrap application, does just enough to get a Fleet Server up and running so enrollment +// can complete. +type FleetServerBootstrap struct { + bgContext context.Context + cancelCtxFn context.CancelFunc + log *logger.Logger + Config configuration.FleetAgentConfig + agentInfo *info.AgentInfo + router *router + source source + srv *server.Server +} + +func newFleetServerBootstrap( + ctx context.Context, + log *logger.Logger, + pathConfigFile string, + rawConfig *config.Config, + statusCtrl status.Controller, + agentInfo *info.AgentInfo, +) (*FleetServerBootstrap, error) { + cfg, err := configuration.NewFromConfig(rawConfig) + if err != nil { + return nil, err + } + + if log == nil { + log, err = logger.NewFromConfig("", cfg.Settings.LoggingConfig) + if err != nil { + return nil, err + } + } + + logR := logreporter.NewReporter(log) + + sysInfo, err := sysinfo.Host() + if err != nil { + return nil, errors.New(err, + "fail to get system information", + errors.TypeUnexpected) + } + + bootstrapApp := &FleetServerBootstrap{ + log: log, + agentInfo: agentInfo, + } + + bootstrapApp.bgContext, bootstrapApp.cancelCtxFn = context.WithCancel(ctx) + bootstrapApp.srv, err = server.NewFromConfig(log, cfg.Settings.GRPC, &operation.ApplicationStatusHandler{}) + if err != nil { + return nil, errors.New(err, "initialize GRPC listener") + } + + reporter := reporting.NewReporter(bootstrapApp.bgContext, log, bootstrapApp.agentInfo, logR) + + monitor, err := monitoring.NewMonitor(cfg.Settings) + if err != nil { + return nil, errors.New(err, "failed to initialize monitoring") + } + + router, err := newRouter(log, streamFactory(bootstrapApp.bgContext, agentInfo, cfg.Settings, bootstrapApp.srv, reporter, monitor, statusCtrl)) + if err != nil { + return nil, errors.New(err, "fail to initialize pipeline router") + } + bootstrapApp.router = router + + emit, err := bootstrapEmitter( + bootstrapApp.bgContext, + log, + agentInfo, + router, + &configModifiers{ + Filters: []filterFunc{filters.StreamChecker, injectFleet(rawConfig, sysInfo.Info(), agentInfo)}, + }, + ) + if err != nil { + return nil, err + } + + discover := discoverer(pathConfigFile, cfg.Settings.Path) + bootstrapApp.source = newOnce(log, discover, emit) + return bootstrapApp, nil +} + +// Start starts a managed elastic-agent. +func (b *FleetServerBootstrap) Start() error { + b.log.Info("Agent is starting") + defer b.log.Info("Agent is stopped") + + if err := b.srv.Start(); err != nil { + return err + } + if err := b.source.Start(); err != nil { + return err + } + + return nil +} + +// Stop stops a local agent. +func (b *FleetServerBootstrap) Stop() error { + err := b.source.Stop() + b.cancelCtxFn() + b.router.Shutdown() + b.srv.Stop() + return err +} + +// AgentInfo retrieves elastic-agent information. +func (b *FleetServerBootstrap) AgentInfo() *info.AgentInfo { + return b.agentInfo +} + +func bootstrapEmitter(ctx context.Context, log *logger.Logger, agentInfo transpiler.AgentInfo, router programsDispatcher, modifiers *configModifiers) (emitterFunc, error) { + ch := make(chan *config.Config) + + go func() { + for { + var c *config.Config + select { + case <-ctx.Done(): + return + case c = <-ch: + } + + err := emit(log, agentInfo, router, modifiers, c) + if err != nil { + log.Error(err) + } + } + }() + + return func(c *config.Config) error { + ch <- c + return nil + }, nil +} + +func emit(log *logger.Logger, agentInfo transpiler.AgentInfo, router programsDispatcher, modifiers *configModifiers, c *config.Config) error { + if err := InjectAgentConfig(c); err != nil { + return err + } + + // perform and verify ast translation + m, err := c.ToMapStr() + if err != nil { + return errors.New(err, "could not create the AST from the configuration", errors.TypeConfig) + } + ast, err := transpiler.NewAST(m) + if err != nil { + return errors.New(err, "could not create the AST from the configuration", errors.TypeConfig) + } + for _, filter := range modifiers.Filters { + if err := filter(log, ast); err != nil { + return errors.New(err, "failed to filter configuration", errors.TypeConfig) + } + } + + // overwrite the inputs to only have a single fleet-server input + transpiler.Insert(ast, transpiler.NewList([]transpiler.Node{ + transpiler.NewDict([]transpiler.Node{ + transpiler.NewKey("type", transpiler.NewStrVal("fleet-server")), + }), + }), "inputs") + + spec, ok := program.SupportedMap["fleet-server"] + if !ok { + return errors.New("missing required fleet-server program specification") + } + ok, err = program.DetectProgram(spec, agentInfo, ast) + if err != nil { + return errors.New(err, "failed parsing the configuration") + } + if !ok { + return errors.New("bootstrap configuration is incorrect causing fleet-server to not be started") + } + + return router.Dispatch(ast.HashStr(), map[routingKey][]program.Program{ + defautlRK: { + { + Spec: spec, + Config: ast, + }, + }, + }) +} diff --git a/x-pack/elastic-agent/pkg/agent/application/local_mode.go b/x-pack/elastic-agent/pkg/agent/application/local_mode.go index e805c7423aa..2c1b33f83ba 100644 --- a/x-pack/elastic-agent/pkg/agent/application/local_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/local_mode.go @@ -20,6 +20,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/dir" reporting "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter" logreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/log" @@ -63,11 +64,11 @@ func newLocal( pathConfigFile string, rawConfig *config.Config, reexec reexecManager, + statusCtrl status.Controller, uc upgraderControl, agentInfo *info.AgentInfo, ) (*Local, error) { - statusController := &noopController{} - caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusController) + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusCtrl) if err != nil { return nil, err } @@ -104,7 +105,7 @@ func newLocal( return nil, errors.New(err, "failed to initialize monitoring") } - router, err := newRouter(log, streamFactory(localApplication.bgContext, agentInfo, cfg.Settings, localApplication.srv, reporter, monitor, statusController)) + router, err := newRouter(log, streamFactory(localApplication.bgContext, agentInfo, cfg.Settings, localApplication.srv, reporter, monitor, statusCtrl)) if err != nil { return nil, errors.New(err, "fail to initialize pipeline router") } diff --git a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go index c5c6d542d8f..c12c2451e3a 100644 --- a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go @@ -52,7 +52,7 @@ type Managed struct { Config configuration.FleetAgentConfig api apiClient agentInfo *info.AgentInfo - gateway *fleetGateway + gateway FleetGateway router *router srv *server.Server stateStore *stateStore @@ -62,58 +62,18 @@ type Managed struct { func newManaged( ctx context.Context, log *logger.Logger, + store storage.Store, + cfg *configuration.Configuration, rawConfig *config.Config, reexec reexecManager, + statusCtrl status.Controller, agentInfo *info.AgentInfo, ) (*Managed, error) { - statusController := status.NewController(log) - caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusController) + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusCtrl) if err != nil { return nil, err } - path := info.AgentConfigFile() - - store := storage.NewDiskStore(path) - reader, err := store.Load() - if err != nil { - return nil, errors.New(err, "could not initialize config store", - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - config, err := config.NewConfigFrom(reader) - if err != nil { - return nil, errors.New(err, - fmt.Sprintf("fail to read configuration %s for the elastic-agent", path), - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - // merge local configuration and configuration persisted from fleet. - err = rawConfig.Merge(config) - if err != nil { - return nil, errors.New(err, - fmt.Sprintf("fail to merge configuration with %s for the elastic-agent", path), - errors.TypeConfig, - errors.M(errors.MetaKeyPath, path)) - } - - cfg, err := configuration.NewFromConfig(rawConfig) - if err != nil { - return nil, errors.New(err, - fmt.Sprintf("fail to unpack configuration from %s", path), - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - if err := cfg.Fleet.Valid(); err != nil { - return nil, errors.New(err, - "fleet configuration is invalid", - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - client, err := fleetapi.NewAuthWithConfig(log, cfg.Fleet.AccessAPIKey, cfg.Fleet.Kibana) if err != nil { return nil, errors.New(err, @@ -158,7 +118,7 @@ func newManaged( return nil, errors.New(err, "failed to initialize monitoring") } - router, err := newRouter(log, streamFactory(managedApplication.bgContext, agentInfo, cfg.Settings, managedApplication.srv, combinedReporter, monitor, statusController)) + router, err := newRouter(log, streamFactory(managedApplication.bgContext, agentInfo, cfg.Settings, managedApplication.srv, combinedReporter, monitor, statusCtrl)) if err != nil { return nil, errors.New(err, "fail to initialize pipeline router") } @@ -177,7 +137,7 @@ func newManaged( router, &configModifiers{ Decorators: []decoratorFunc{injectMonitoring}, - Filters: []filterFunc{filters.StreamChecker, injectFleet(config, sysInfo.Info(), agentInfo)}, + Filters: []filterFunc{filters.StreamChecker, injectFleet(rawConfig, sysInfo.Info(), agentInfo)}, }, caps, monitor, @@ -287,12 +247,16 @@ func newManaged( actionDispatcher, fleetR, actionAcker, - statusController, + statusCtrl, stateStore, ) if err != nil { return nil, err } + gateway, err = wrapLocalFleetServer(managedApplication.bgContext, log, cfg.Fleet, rawConfig, gateway, emit) + if err != nil { + return nil, err + } // add the gateway to setters, so the gateway can be updated // when the hosts for Kibana are updated by the policy. policyChanger.setters = append(policyChanger.setters, gateway) @@ -309,11 +273,15 @@ func (m *Managed) Start() error { return nil } - if err := m.upgrader.Ack(m.bgContext); err != nil { + err := m.upgrader.Ack(m.bgContext) + if err != nil { m.log.Warnf("failed to ack update %v", err) } - m.gateway.Start() + err = m.gateway.Start() + if err != nil { + return err + } return nil } diff --git a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go b/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go index 1c55fda08e7..b229f3cff08 100644 --- a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go +++ b/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go @@ -5,20 +5,23 @@ package application import ( + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" ) type noopController struct{} -func (*noopController) Register(_ string) status.Reporter { return &noopReporter{} } -func (*noopController) RegisterWithPersistance(_ string, _ bool) status.Reporter { +func (*noopController) RegisterComponent(_ string) status.Reporter { return &noopReporter{} } +func (*noopController) RegisterComponentWithPersistance(_ string, _ bool) status.Reporter { return &noopReporter{} } -func (*noopController) Status() status.AgentStatus { return status.Healthy } -func (*noopController) UpdateStateID(_ string) {} -func (*noopController) StatusString() string { return "online" } +func (*noopController) RegisterApp(_ string, _ string) status.Reporter { return &noopReporter{} } +func (*noopController) Status() status.AgentStatus { return status.AgentStatus{Status: status.Healthy} } +func (*noopController) StatusCode() status.AgentStatusCode { return status.Healthy } +func (*noopController) UpdateStateID(_ string) {} +func (*noopController) StatusString() string { return "online" } type noopReporter struct{} -func (*noopReporter) Update(status.AgentStatus) {} -func (*noopReporter) Unregister() {} +func (*noopReporter) Update(_ state.Status, _ string) {} +func (*noopReporter) Unregister() {} diff --git a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go index 4e75d92fb1d..e23764b9056 100644 --- a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go +++ b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go @@ -220,7 +220,7 @@ func (u *Upgrader) ackAction(ctx context.Context, action fleetapi.Action) error u.reporter.OnStateChange( "", agentName, - state.State{Status: state.Running}, + state.State{Status: state.Healthy}, ) return nil diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go index 282ea2f4645..58c99306e71 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go @@ -7,34 +7,27 @@ package cmd import ( "context" "fmt" - "math/rand" "os" - "time" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "os/signal" + "syscall" "github.com/spf13/cobra" - "github.com/elastic/beats/v7/libbeat/common/backoff" c "github.com/elastic/beats/v7/libbeat/common/cli" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/warn" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) -var defaultDelay = 1 * time.Second - func newEnrollCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ - Use: "enroll ", + Use: "enroll", Short: "Enroll the Agent into Fleet", Long: "This will enroll the Agent into Fleet.", - Args: cobra.ExactArgs(2), Run: func(c *cobra.Command, args []string) { if err := enroll(streams, c, flags, args); err != nil { fmt.Fprintf(streams.Err, "Error: %v\n", err) @@ -55,19 +48,51 @@ func newEnrollCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStr } func addEnrollFlags(cmd *cobra.Command) { + cmd.Flags().StringP("url", "", "", "URL to enroll Agent into Fleet") + cmd.Flags().StringP("kibana-url", "k", "", "URL of Kibana to enroll Agent into Fleet") + cmd.Flags().StringP("enrollment-token", "t", "", "Enrollment token to use to enroll Agent into Fleet") + cmd.Flags().StringP("fleet-server", "", "", "Start and run a Fleet Server along side this Elastic Agent") + cmd.Flags().StringP("fleet-server-policy", "", "", "Start and run a Fleet Server on this specific policy") cmd.Flags().StringP("certificate-authorities", "a", "", "Comma separated list of root certificate for server verifications") cmd.Flags().StringP("ca-sha256", "p", "", "Comma separated list of certificate authorities hash pins used for certificate verifications") cmd.Flags().BoolP("insecure", "i", false, "Allow insecure connection to Kibana") cmd.Flags().StringP("staging", "", "", "Configures agent to download artifacts from a staging build") } -func buildEnrollmentFlags(cmd *cobra.Command) []string { +func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string { + if url == "" { + url, _ = cmd.Flags().GetString("url") + } + if url == "" { + url, _ = cmd.Flags().GetString("kibana-url") + } + if token == "" { + token, _ = cmd.Flags().GetString("enrollment-token") + } + fServer, _ := cmd.Flags().GetString("fleet-server") + fPolicy, _ := cmd.Flags().GetString("fleet-server-policy") ca, _ := cmd.Flags().GetString("certificate-authorities") sha256, _ := cmd.Flags().GetString("ca-sha256") insecure, _ := cmd.Flags().GetBool("insecure") staging, _ := cmd.Flags().GetString("staging") args := []string{} + if url != "" { + args = append(args, "--url") + args = append(args, url) + } + if token != "" { + args = append(args, "--enrollment-token") + args = append(args, token) + } + if fServer != "" { + args = append(args, "--fleet-server") + args = append(args, fServer) + } + if fPolicy != "" { + args = append(args, "--fleet-server-policy") + args = append(args, fPolicy) + } if ca != "" { args = append(args, "--certificate-authorities") args = append(args, ca) @@ -116,9 +141,11 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args } } + noRestart, _ := cmd.Flags().GetBool("no-restart") force, _ := cmd.Flags().GetBool("force") if fromInstall { force = true + noRestart = true } // prompt only when it is not forced and is already enrolled @@ -133,23 +160,26 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args } } - insecure, _ := cmd.Flags().GetBool("insecure") - logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig) if err != nil { return err } - url := args[0] - enrollmentToken := args[1] + insecure, _ := cmd.Flags().GetBool("insecure") + url, _ := cmd.Flags().GetString("url") + if url == "" { + url, _ = cmd.Flags().GetString("kibana-url") + } + enrollmentToken, _ := cmd.Flags().GetString("enrollment-token") + fServer, _ := cmd.Flags().GetString("fleet-server") + fPolicy, _ := cmd.Flags().GetString("fleet-server-policy") caStr, _ := cmd.Flags().GetString("certificate-authorities") CAs := cli.StringToSlice(caStr) - caSHA256str, _ := cmd.Flags().GetString("ca-sha256") caSHA256 := cli.StringToSlice(caSHA256str) - delay(defaultDelay) + ctx := handleSignal(context.Background()) options := application.EnrollCmdOption{ ID: "", // TODO(ph), This should not be an empty string, will clarify in a new PR. @@ -160,6 +190,9 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args Insecure: insecure, UserProvidedMetadata: make(map[string]interface{}), Staging: staging, + FleetServerConnStr: fServer, + FleetServerPolicyID: fPolicy, + NoRestart: noRestart, } c, err := application.NewEnrollCmd( @@ -172,46 +205,29 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args return err } - err = c.Execute() - signal := make(chan struct{}) - - backExp := backoff.NewExpBackoff(signal, 60*time.Second, 10*time.Minute) - - for errors.Is(err, fleetapi.ErrTooManyRequests) { - fmt.Fprintln(streams.Out, "Too many requests on the remote server, will retry in a moment.") - backExp.Wait() - fmt.Fprintln(streams.Out, "Retrying to enroll...") - err = c.Execute() - } - - close(signal) - - if err != nil { - return errors.New(err, "fail to enroll") + err = c.Execute(ctx) + if err == nil { + fmt.Fprintln(streams.Out, "Successfully enrolled the Elastic Agent.") } + return err +} - fmt.Fprintln(streams.Out, "Successfully enrolled the Elastic Agent.") +func handleSignal(ctx context.Context) context.Context { + ctx, cfunc := context.WithCancel(ctx) - // skip restarting - noRestart, _ := cmd.Flags().GetBool("no-restart") - if noRestart || fromInstall { - return nil - } + sigs := make(chan os.Signal, 1) + signal.Notify(sigs, syscall.SIGINT, syscall.SIGKILL, syscall.SIGTERM, syscall.SIGQUIT) - daemon := client.New() - err = daemon.Connect(context.Background()) - if err == nil { - defer daemon.Disconnect() - err = daemon.Restart(context.Background()) - if err == nil { - fmt.Fprintln(streams.Out, "Successfully triggered restart on running Elastic Agent.") - return nil + go func() { + select { + case <-sigs: + cfunc() + case <-ctx.Done(): } - } - fmt.Fprintln(streams.Out, "Elastic Agent might not be running; unable to trigger restart") - return nil -} -func delay(t time.Duration) { - <-time.After(time.Duration(rand.Int63n(int64(t)))) + signal.Stop(sigs) + close(sigs) + }() + + return ctx } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/install.go b/x-pack/elastic-agent/pkg/agent/cmd/install.go index 7fd5b23ea18..d978cd72d78 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/install.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/install.go @@ -37,8 +37,6 @@ would like the Agent to operate. }, } - cmd.Flags().StringP("kibana-url", "k", "", "URL of Kibana to enroll Agent into Fleet") - cmd.Flags().StringP("enrollment-token", "t", "", "Enrollment token to use to enroll Agent into Fleet") cmd.Flags().BoolP("force", "f", false, "Force overwrite the current and do not prompt for confirmation") addEnrollFlags(cmd) @@ -93,9 +91,12 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, enroll := true askEnroll := true - kibana, _ := cmd.Flags().GetString("kibana-url") + url, _ := cmd.Flags().GetString("url") + if url == "" { + url, _ = cmd.Flags().GetString("kibana-url") + } token, _ := cmd.Flags().GetString("enrollment-token") - if kibana != "" && token != "" { + if url != "" && token != "" { askEnroll = false } if force { @@ -111,18 +112,18 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, enroll = false } } - if !askEnroll && (kibana == "" || token == "") { + if !askEnroll && (url == "" || token == "") { // force was performed without required enrollment arguments, all done (standalone mode) enroll = false } if enroll { - if kibana == "" { - kibana, err = c.ReadInput("Kibana URL you want to enroll this Agent into:") + if url == "" { + url, err = c.ReadInput("URL you want to enroll this Agent into:") if err != nil { return fmt.Errorf("problem reading prompt response") } - if kibana == "" { + if url == "" { fmt.Fprintf(streams.Out, "Enrollment cancelled because no URL was provided.\n") return nil } @@ -144,16 +145,33 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, return err } + defer func() { + if err != nil { + install.Uninstall() + } + }() + + err = install.StartService() + if err != nil { + fmt.Fprintf(streams.Out, "Installation failed to start Elastic Agent service.\n") + return err + } + + defer func() { + if err != nil { + install.StopService() + } + }() + if enroll { - enrollArgs := []string{"enroll", kibana, token, "--from-install"} - enrollArgs = append(enrollArgs, buildEnrollmentFlags(cmd)...) + enrollArgs := []string{"enroll", "--from-install"} + enrollArgs = append(enrollArgs, buildEnrollmentFlags(cmd, url, token)...) enrollCmd := exec.Command(install.ExecutablePath(), enrollArgs...) enrollCmd.Stdin = os.Stdin enrollCmd.Stdout = os.Stdout enrollCmd.Stderr = os.Stderr err = enrollCmd.Start() if err != nil { - install.Uninstall() return fmt.Errorf("failed to execute enroll command: %s", err) } err = enrollCmd.Wait() @@ -167,11 +185,5 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, } } - err = install.StartService() - if err != nil { - fmt.Fprintf(streams.Out, "Installation of required system files was successful, but starting of the service failed.\n") - return err - } - fmt.Fprintf(streams.Out, "Installation was successful and Elastic Agent is running.\n") return nil } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/run.go b/x-pack/elastic-agent/pkg/agent/cmd/run.go index ecfac4ff740..8d4157fdadd 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/run.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/run.go @@ -16,6 +16,8 @@ import ( "strings" "syscall" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + "github.com/spf13/cobra" "github.com/elastic/beats/v7/libbeat/api" @@ -129,14 +131,16 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se rexLogger := logger.Named("reexec") rex := reexec.NewManager(rexLogger, execPath) + statusCtrl := status.NewController(logger) + // start the control listener - control := server.New(logger.Named("control"), rex, nil) + control := server.New(logger.Named("control"), rex, statusCtrl, nil) if err := control.Start(); err != nil { return err } defer control.Stop() - app, err := application.New(logger, pathConfigFile, rex, control, agentInfo) + app, err := application.New(logger, pathConfigFile, rex, statusCtrl, control, agentInfo) if err != nil { return err } diff --git a/x-pack/elastic-agent/pkg/agent/configuration/fleet.go b/x-pack/elastic-agent/pkg/agent/configuration/fleet.go index c8315b81cf0..af60651a362 100644 --- a/x-pack/elastic-agent/pkg/agent/configuration/fleet.go +++ b/x-pack/elastic-agent/pkg/agent/configuration/fleet.go @@ -18,11 +18,17 @@ type FleetAgentConfig struct { Kibana *kibana.Config `config:"kibana" yaml:"kibana"` Reporting *fleetreporter.Config `config:"reporting" yaml:"reporting"` Info *AgentInfo `config:"agent" yaml:"agent"` + Server *FleetServerConfig `config:"server" yaml:"server,omitempty"` } // Valid validates the required fields for accessing the API. func (e *FleetAgentConfig) Valid() error { if e.Enabled { + if e.Server != nil && e.Server.Bootstrap { + // bootstrapping Fleet Server, checks below can be ignored + return nil + } + if len(e.AccessAPIKey) == 0 { return errors.New("empty access token", errors.TypeConfig) } diff --git a/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go b/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go new file mode 100644 index 00000000000..3ff7ad91b2e --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go @@ -0,0 +1,68 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package configuration + +import ( + "net/url" + + "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" +) + +// FleetServerConfig is the configuration written so Elastic Agent can run Fleet Server. +type FleetServerConfig struct { + Bootstrap bool `config:"bootstrap" yaml:"bootstrap,omitempty"` + Policy *FleetServerPolicyConfig `config:"policy" yaml:"policy,omitempty"` + Output FleetServerOutputConfig `config:"output" yaml:"output,omitempty"` +} + +// FleetServerPolicyConfig is the configuration for the policy Fleet Server should run on. +type FleetServerPolicyConfig struct { + ID string `config:"id"` +} + +// FleetServerOutputConfig is the connection for Fleet Server to call to Elasticsearch. +type FleetServerOutputConfig struct { + Elasticsearch Elasticsearch `config:"elasticsearch" yaml:"elasticsearch"` +} + +// Elasticsearch is the configuration for elasticsearch. +type Elasticsearch struct { + Protocol string `config:"protocol" yaml:"protocol"` + Hosts []string `config:"hosts" yaml:"hosts"` + Path string `config:"path" yaml:"path,omitempty"` + Username string `config:"username" yaml:"username"` + Password string `config:"password" yaml:"password"` + TLS *tlscommon.Config `config:"ssl" yaml:"ssl,omitempty"` +} + +// ElasticsearchFromConnStr returns an Elasticsearch configuration from the connection string. +func ElasticsearchFromConnStr(conn string) (Elasticsearch, error) { + u, err := url.Parse(conn) + if err != nil { + return Elasticsearch{}, err + } + if u.Scheme != "http" && u.Scheme != "https" { + return Elasticsearch{}, errors.New("invalid connection string: scheme must be http or https") + } + if u.Host == "" { + return Elasticsearch{}, errors.New("invalid connection string: must include a host") + } + if u.User == nil || u.User.Username() == "" { + return Elasticsearch{}, errors.New("invalid connection string: must include a username") + } + password, ok := u.User.Password() + if !ok { + return Elasticsearch{}, errors.New("invalid connection string: must include a password") + } + return Elasticsearch{ + Protocol: u.Scheme, + Hosts: []string{u.Host}, + Path: u.Path, + Username: u.User.Username(), + Password: password, + TLS: nil, + }, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/control/control_test.go b/x-pack/elastic-agent/pkg/agent/control/control_test.go index 5c56aed4691..bcda4a0e4ed 100644 --- a/x-pack/elastic-agent/pkg/agent/control/control_test.go +++ b/x-pack/elastic-agent/pkg/agent/control/control_test.go @@ -8,6 +8,8 @@ import ( "context" "testing" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -20,7 +22,7 @@ import ( ) func TestServerClient_Version(t *testing.T) { - srv := server.New(newErrorLogger(t), nil, nil) + srv := server.New(newErrorLogger(t), nil, nil, nil) err := srv.Start() require.NoError(t, err) defer srv.Stop() @@ -41,6 +43,29 @@ func TestServerClient_Version(t *testing.T) { }, ver) } +func TestServerClient_Status(t *testing.T) { + l := newErrorLogger(t) + statusCtrl := status.NewController(l) + srv := server.New(l, nil, statusCtrl, nil) + err := srv.Start() + require.NoError(t, err) + defer srv.Stop() + + c := client.New() + err = c.Connect(context.Background()) + require.NoError(t, err) + defer c.Disconnect() + + status, err := c.Status(context.Background()) + require.NoError(t, err) + + assert.Equal(t, &client.AgentStatus{ + Status: client.Healthy, + Message: "", + Applications: []*client.ApplicationStatus{}, + }, status) +} + func newErrorLogger(t *testing.T) *logger.Logger { t.Helper() diff --git a/x-pack/elastic-agent/pkg/agent/control/server/server.go b/x-pack/elastic-agent/pkg/agent/control/server/server.go index 0ce970c9256..edd96efdad6 100644 --- a/x-pack/elastic-agent/pkg/agent/control/server/server.go +++ b/x-pack/elastic-agent/pkg/agent/control/server/server.go @@ -17,26 +17,29 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/proto" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) // Server is the daemon side of the control protocol. type Server struct { - logger *logger.Logger - rex reexec.ExecManager - up *upgrade.Upgrader - listener net.Listener - server *grpc.Server - lock sync.RWMutex + logger *logger.Logger + rex reexec.ExecManager + statusCtrl status.Controller + up *upgrade.Upgrader + listener net.Listener + server *grpc.Server + lock sync.RWMutex } // New creates a new control protocol server. -func New(log *logger.Logger, rex reexec.ExecManager, up *upgrade.Upgrader) *Server { +func New(log *logger.Logger, rex reexec.ExecManager, statusCtrl status.Controller, up *upgrade.Upgrader) *Server { return &Server{ - logger: log, - rex: rex, - up: up, + logger: log, + rex: rex, + statusCtrl: statusCtrl, + up: up, } } @@ -95,11 +98,11 @@ func (s *Server) Version(_ context.Context, _ *proto.Empty) (*proto.VersionRespo // Status returns the overall status of the agent. func (s *Server) Status(_ context.Context, _ *proto.Empty) (*proto.StatusResponse, error) { - // not implemented + status := s.statusCtrl.Status() return &proto.StatusResponse{ - Status: proto.Status_HEALTHY, - Message: "not implemented", - Applications: nil, + Status: agentStatusToProto(status.Status), + Message: status.Message, + Applications: agentAppStatusToProto(status.Applications), }, nil } @@ -158,3 +161,27 @@ func (r *upgradeRequest) FleetAction() *fleetapi.ActionUpgrade { // upgrade request not from Fleet return nil } + +func agentStatusToProto(code status.AgentStatusCode) proto.Status { + if code == status.Degraded { + return proto.Status_DEGRADED + } + if code == status.Failed { + return proto.Status_FAILED + } + return proto.Status_HEALTHY +} + +func agentAppStatusToProto(apps []status.AgentApplicationStatus) []*proto.ApplicationStatus { + s := make([]*proto.ApplicationStatus, len(apps)) + for i, a := range apps { + s[i] = &proto.ApplicationStatus{ + Id: a.ID, + Name: a.Name, + Status: proto.Status(a.Status.ToProto()), + Message: a.Message, + Payload: "", + } + } + return s +} diff --git a/x-pack/elastic-agent/pkg/agent/errors/error.go b/x-pack/elastic-agent/pkg/agent/errors/error.go index 7ce5c770349..00c139c93c8 100644 --- a/x-pack/elastic-agent/pkg/agent/errors/error.go +++ b/x-pack/elastic-agent/pkg/agent/errors/error.go @@ -54,6 +54,12 @@ func (e agentError) Unwrap() error { // Error returns a string consisting of a message and originating error. func (e agentError) Error() string { + if e.err == nil { + if e.msg != "" { + return e.msg + } + return "unknown error" + } if e.msg != "" { return errors.Wrap(e.err, e.msg).Error() } diff --git a/x-pack/elastic-agent/pkg/agent/errors/error_test.go b/x-pack/elastic-agent/pkg/agent/errors/error_test.go index faee302b8a0..161120daf4b 100644 --- a/x-pack/elastic-agent/pkg/agent/errors/error_test.go +++ b/x-pack/elastic-agent/pkg/agent/errors/error_test.go @@ -7,7 +7,6 @@ package errors import ( "fmt" "io" - "strings" "testing" "github.com/pkg/errors" @@ -146,48 +145,6 @@ func TestErrors(t *testing.T) { } } -func TestNoErrorNoMsg(t *testing.T) { - actualErr := New() - agentErr, ok := actualErr.(Error) - if !ok { - t.Error("expected Error") - return - } - - e := agentErr.Error() - if !strings.Contains(e, "error_test.go[") { - t.Errorf("Error does not contain source file: %v", e) - } - - if !strings.HasSuffix(e, ": unknown error") { - t.Errorf("Error does not contain default error: %v", e) - } -} - -func TestNoError(t *testing.T) { - // test with message - msg := "msg2" - actualErr := New(msg) - agentErr, ok := actualErr.(Error) - if !ok { - t.Error("expected Error") - return - } - - e := agentErr.Error() - if !strings.Contains(e, "error_test.go[") { - t.Errorf("Error does not contain source file: %v", e) - } - - if !strings.HasSuffix(e, ": unknown error") { - t.Errorf("Error does not contain default error: %v", e) - } - - if !strings.HasPrefix(e, msg) { - t.Errorf("Error does not contain provided message: %v", e) - } -} - func TestMetaFold(t *testing.T) { err1 := fmt.Errorf("level1") err2 := New("level2", err1, M("key1", "level2"), M("key2", "level2")) diff --git a/x-pack/elastic-agent/pkg/agent/errors/generators.go b/x-pack/elastic-agent/pkg/agent/errors/generators.go index 26a067f4ce8..ce9e1961d3b 100644 --- a/x-pack/elastic-agent/pkg/agent/errors/generators.go +++ b/x-pack/elastic-agent/pkg/agent/errors/generators.go @@ -4,13 +4,6 @@ package errors -import ( - "fmt" - "runtime" - - "github.com/pkg/errors" -) - // M creates a meta entry for an error func M(key string, val interface{}) MetaRecord { return MetaRecord{key: key, @@ -43,13 +36,5 @@ func New(args ...interface{}) error { } } - if agentErr.err == nil { - agentErr.err = errors.New("unknown error") - - if _, file, line, ok := runtime.Caller(1); ok { - agentErr.err = errors.Wrapf(agentErr.err, fmt.Sprintf("%s[%d]", file, line)) - } - } - return agentErr } diff --git a/x-pack/elastic-agent/pkg/agent/install/install.go b/x-pack/elastic-agent/pkg/agent/install/install.go index 01b9bd6f616..3e7df33ccd7 100644 --- a/x-pack/elastic-agent/pkg/agent/install/install.go +++ b/x-pack/elastic-agent/pkg/agent/install/install.go @@ -104,6 +104,22 @@ func StartService() error { return nil } +// StopService stops the installed service. +func StopService() error { + svc, err := newService() + if err != nil { + return err + } + err = svc.Stop() + if err != nil { + return errors.New( + err, + fmt.Sprintf("failed to stop service (%s)", ServiceName), + errors.M("service", ServiceName)) + } + return nil +} + // findDirectory returns the directory to copy into the installation location. // // This also verifies that the discovered directory is a valid directory for installation. diff --git a/x-pack/elastic-agent/pkg/agent/operation/operator.go b/x-pack/elastic-agent/pkg/agent/operation/operator.go index 49df45071ce..a95bfe5b165 100644 --- a/x-pack/elastic-agent/pkg/agent/operation/operator.go +++ b/x-pack/elastic-agent/pkg/agent/operation/operator.go @@ -103,7 +103,7 @@ func NewOperator( reporter: reporter, monitor: monitor, statusController: statusController, - statusReporter: statusController.Register("operator-" + pipelineID), + statusReporter: statusController.RegisterComponent("operator-" + pipelineID), } operator.initHandlerMap() @@ -142,7 +142,7 @@ func (o *Operator) Close() error { func (o *Operator) HandleConfig(cfg configrequest.Request) error { _, stateID, steps, ack, err := o.stateResolver.Resolve(cfg) if err != nil { - o.statusReporter.Update(status.Failed) + o.statusReporter.Update(state.Failed, err.Error()) return errors.New(err, errors.TypeConfig, fmt.Sprintf("operator: failed to resolve configuration %s, error: %v", cfg, err)) } o.statusController.UpdateStateID(stateID) @@ -151,8 +151,9 @@ func (o *Operator) HandleConfig(cfg configrequest.Request) error { if strings.ToLower(step.ProgramSpec.Cmd) != strings.ToLower(monitoringName) { if _, isSupported := program.SupportedMap[strings.ToLower(step.ProgramSpec.Cmd)]; !isSupported { // mark failed, new config cannot be run - o.statusReporter.Update(status.Failed) - return errors.New(fmt.Sprintf("program '%s' is not supported", step.ProgramSpec.Cmd), + msg := fmt.Sprintf("program '%s' is not supported", step.ProgramSpec.Cmd) + o.statusReporter.Update(state.Failed, msg) + return errors.New(msg, errors.TypeApplication, errors.M(errors.MetaKeyAppName, step.ProgramSpec.Cmd)) } @@ -160,18 +161,20 @@ func (o *Operator) HandleConfig(cfg configrequest.Request) error { handler, found := o.handlers[step.ID] if !found { - o.statusReporter.Update(status.Failed) - return errors.New(fmt.Sprintf("operator: received unexpected event '%s'", step.ID), errors.TypeConfig) + msg := fmt.Sprintf("operator: received unexpected event '%s'", step.ID) + o.statusReporter.Update(state.Failed, msg) + return errors.New(msg, errors.TypeConfig) } if err := handler(step); err != nil { - o.statusReporter.Update(status.Failed) - return errors.New(err, errors.TypeConfig, fmt.Sprintf("operator: failed to execute step %s, error: %v", step.ID, err)) + msg := fmt.Sprintf("operator: failed to execute step %s, error: %v", step.ID, err) + o.statusReporter.Update(state.Failed, msg) + return errors.New(err, errors.TypeConfig, msg) } } // Ack the resolver should state for next call. - o.statusReporter.Update(status.Healthy) + o.statusReporter.Update(state.Healthy, "") ack() return nil diff --git a/x-pack/elastic-agent/pkg/agent/operation/operator_test.go b/x-pack/elastic-agent/pkg/agent/operation/operator_test.go index a7a3547fa88..8966ca9a516 100644 --- a/x-pack/elastic-agent/pkg/agent/operation/operator_test.go +++ b/x-pack/elastic-agent/pkg/agent/operation/operator_test.go @@ -79,7 +79,7 @@ func TestConfigurableRun(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } return nil @@ -112,7 +112,7 @@ func TestConfigurableRun(t *testing.T) { items := operator.State() item0, ok := items[p.ID()] - if !ok || item0.Status != state.Running { + if !ok || item0.Status != state.Healthy { t.Fatalf("Process no longer running after config %#v", items) } pid := item0.ProcessInfo.PID @@ -154,7 +154,7 @@ func TestConfigurableFailed(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } pid = item.ProcessInfo.PID @@ -194,7 +194,7 @@ func TestConfigurableFailed(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status == state.Running { + if item.Status == state.Healthy { return fmt.Errorf("process never left running") } return nil @@ -229,7 +229,7 @@ func TestConfigurableFailed(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to back to running") } return nil @@ -263,7 +263,7 @@ func TestConfigurableCrash(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } pid = item.ProcessInfo.PID @@ -294,7 +294,7 @@ func TestConfigurableCrash(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status == state.Running { + if item.Status == state.Healthy { return fmt.Errorf("process never left running") } return nil @@ -330,7 +330,7 @@ func TestConfigurableCrash(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to back to running") } return nil @@ -366,7 +366,7 @@ func TestConfigurableStartStop(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } return nil @@ -415,7 +415,7 @@ func TestConfigurableService(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } return nil @@ -448,7 +448,7 @@ func TestConfigurableService(t *testing.T) { items := operator.State() item0, ok := items[p.ID()] - if !ok || item0.Status != state.Running { + if !ok || item0.Status != state.Healthy { t.Fatalf("Process no longer running after config %#v", items) } diff --git a/x-pack/elastic-agent/pkg/agent/program/program.go b/x-pack/elastic-agent/pkg/agent/program/program.go index 87d46bf07a0..7917e1f1053 100644 --- a/x-pack/elastic-agent/pkg/agent/program/program.go +++ b/x-pack/elastic-agent/pkg/agent/program/program.go @@ -55,7 +55,7 @@ func Programs(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) (map groupedPrograms := make(map[string][]Program) for k, config := range grouped { - programs, err := detectPrograms(agentInfo, config) + programs, err := DetectPrograms(agentInfo, config) if err != nil { return nil, errors.New(err, errors.TypeConfig, "fail to generate program configuration") } @@ -65,48 +65,18 @@ func Programs(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) (map return groupedPrograms, nil } -func detectPrograms(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) ([]Program, error) { +// DetectPrograms returns the list of programs detected from the provided configuration. +func DetectPrograms(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) ([]Program, error) { programs := make([]Program, 0) for _, spec := range Supported { specificAST := singleConfig.Clone() - if len(spec.Constraints) > 0 { - constraints, err := eql.New(spec.Constraints) - if err != nil { - return nil, err - } - ok, err := constraints.Eval(specificAST) - if err != nil { - return nil, err - } - - if !ok { - continue - } - } - - err := spec.Rules.Apply(agentInfo, specificAST) - if err != nil { - return nil, err - } - - if len(spec.When) == 0 { - return nil, ErrMissingWhen - } - - expression, err := eql.New(spec.When) + ok, err := DetectProgram(spec, agentInfo, specificAST) if err != nil { return nil, err } - - ok, err := expression.Eval(specificAST) - if err != nil { - return nil, err - } - if !ok { continue } - program := Program{ Spec: spec, Config: specificAST, @@ -114,7 +84,42 @@ func detectPrograms(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST programs = append(programs, program) } return programs, nil +} + +// DetectProgram returns true or false if this program exists in the AST. +// +// Note `ast` is modified to match what the program expects. Should clone the AST before passing to +// this function if you want to still have the original. +func DetectProgram(spec Spec, info transpiler.AgentInfo, ast *transpiler.AST) (bool, error) { + if len(spec.Constraints) > 0 { + constraints, err := eql.New(spec.Constraints) + if err != nil { + return false, err + } + ok, err := constraints.Eval(ast) + if err != nil { + return false, err + } + if !ok { + return false, nil + } + } + + err := spec.Rules.Apply(info, ast) + if err != nil { + return false, err + } + + if len(spec.When) == 0 { + return false, ErrMissingWhen + } + + expression, err := eql.New(spec.When) + if err != nil { + return false, err + } + return expression.Eval(ast) } // KnownProgramNames returns a list of runnable programs by the elastic-agent. diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index 0e6b7d7d028..85522517c16 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -24,7 +24,7 @@ func init() { // spec/heartbeat.yml // spec/metricbeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzMelmXqrq69v33M9btdxqasvbmjLEvxNoE0KKmOIuE3JFEAQ3onmKDZ5z/fkZCI6BWzWaNuc5FDa0Q0rx5m+d54n//sd8t6X9Gu+zf98tvx+W3/ygz/sd//UEyq8Bft/E8ML1Z4HGaY07j3ZrA+bMDrBNZqBeMXA0jZxoiV4kgTkL97rOcXrYxLJ3CXzh7Z+IWIRwlWAsKDEfKLAsOIXT3GM4NZrsqln0e9VWPGLwby4l6CqH3bQbxHsNAcdJT7KSqJT+z3vwHDCwlDIwLs10eQvVyO5/LJrmrEhBc3uJt7EyUONSM0zIwFKIa+wh5StU+jp2JuWMgKN5SMyMg4Gzctivkso0jODox5F8m6bhqB8YBad6RZHgfQU95S80D0YyTeD5bmEWIxs9tX9tMGIifHVDt6dreXVvdNlFimgUF0TFHWsGXX7fT67PqL9KC0VtqJqHmcap7qxCZO9l3/lPjlBiZR5r7O5LRbp/CsV1OoKHhwPiG0ea6n+YPyHHjEDJO8vlUvgPwbmk1Z6I8O3Zh1DbJInhWMHJXLLP2DHb3bV4wPPNQ9490fc/W1TzM5ifc7tHUQnhWMXrtrWu2MBMKlHYtxPY5XV/3TrVgj6GnEN29sfvNvNV4R4b8E0Pzvm2as8zZFsOnZwecOcmYEk3izVLjB2oHCtWVnfPyFL9OzIRk8zgC1mWhBaPpxP8b0QNF9FktTrGrBfsQeUoEvQuGVhlqcT6db//xx79VAbzM2W6b5sUgfH042lBg7Eg+j9+1YM2Qu2P2Zhpq6uYtNTnJ/BPR+IFN1AuGnkozriznu0QcNc6sNXvZxvg6RoFBoE1ymQ52ofb+7LyE+ttLPCXAyJEuXDipTAb8hOZsR9bb2EmN1wi6ZYjc0UxptvF67KztSHU/YeD9KMaZacEB2+YxEiG/2B5EmyPHPO9IHjy9peN0phknNjEsAqwLA3w9Uzrv6J4SIp/PtPMRl0Znj8q/Zploc6bOxNQjONoQnV3EePPLjiLLLInGyhAqsZ/xPUYeRf9szS6+t3Mg63xhwFJwcKZy79b57jyhlvBQK1YRHIn+e/Kync4WJl+CYI00vCPgvXZN8xQifyvW0rU3vZ5ZWvdLaMZat5wtxinLgjKCeOTUbQzwAkNDFWf3ehlPKTAuzBLjeUoIz/u3eFs4IHjC0Fthsc8m7JsUNHHv+8XCqfoBq8R6G1KFM3HbsZ3OumYLVaVA2NPng/YSI+/IkLvG6DXtjPNg3l7/wzLjp3t79dbj0yQ3SxwYKsn4QfgUAafnSarEGCU8VA2RXnhjOwosJXrZxk7W8R3k8VAPygj5rT3rEja9hvs4ZXB0s+fbtbSp+37Kq9tl+uHGIFV9lO5MmWod2x9R8F6fHU6IHfDrOpVu3E6lDTK+ZyAokT7oa3ucgGDNgFG+peaO5KbK7NdpN61iOErC7MxxXfKG6Xm2MBWaB1zuqRlP+px/bO3dTaupSbAYD80PIfTWGHkXpFmnqCoj+yZ1zrJiF2bWIQyU6b0yOcusUzSXMdUpp00s9cs0zYN9pxR8WLo+K5+zhVliqB5ZFqxk326ZqG0WaTwV8OUH5mthU/e87trvavfeHmeLwflNlLgpI911sIxfImgcJvFOj0BweEvNPYajnIF469pFNabdL00EBAes+1tRmhp/XC028Zd0fHKAdcATcxsib4bRRoxRl0TfmE3GOYbnhOr+LtQ9HiJ3HU3obpJ5RxFDNLOEn4g8vFnqrkoEzIDvB9nPVmLnqxK7mlWSr6Hinq4lb5XyJVlGNyVPpDTo8hDNmzInwz7MgoSNd1X6TE3SIsbc48wOTrOM78lixElmpQQEmy9QhInHe+iy6Zv7nCBzL8tMB1HizNpT7T2dTcbp7L36JNA6SPQDgwObjAqi+fwLigsKrHVUqpWpJx+h3g8R8p5oLI/gKJ9lZ86yYP8F+jzMg9zhygCZC5v4l5ksO0GKoaV8mqJSiXj+JdwOafyAQfDUuJ5EWl+3sSh/9CRDcEeynUhZK6r7JYZWgXRRUmUIHVuEdYuKRSrlNPdXIcSKcP8q1GV6E6jpiPVXGRIEWqdh+h6kxpLBcy8N1mg+IeC8YsBYEcAv7KWLdCv03qyZnrqh/BjBN30wStYYmYr0KenOQULQqzz7CM7lZ5s+5Tm7J5oZMuWJUBbnNFjrHeYh1sIVLM+lY9P89Wf3cbV5FmREd+vULUqwjKP6rHBJNOXZATVaPTWl7u/XNr3d87QutSKkRfqXe0CaWLd6eXRuw/VGyOfk6+0+enOeHqb8fvobsCdZpjLrQLWzgJu9FNysq88ghA3UhNpmjyFU7ecjriGc/N61t/QLLBjPsYZYMk767MgU8XpgE+PCgC+hMtX9TQSfBvMEmswDur+mYn3AOz0YR8X2+Nmxgw0d99dSwWr/GGqF2EeMgbGOtKAcjLMnGj3SLNhEyFtR7XxkAkILn5Jtr7f7L43LEnnivWfH9kbincYO31MiGfI40gyV2abaKWGfvtdn9df4ecxma8gEBM2w2vw0y0YJgcFF5GL8A6V9MH+lMiBPlOHpRyz2WsKdm5iqIYCyRCavfXrIXgsHWDot1TUB4qxZwoC3HTy7vF7tnyzzoMQLtfIPkKjhNQ6qMQA+MgET8003Bx0YsHYka/2jcEDtO9f381AfF9QOUqoHVwgPEoXZ5qoLPVvmbPsKBbsL0Z6ubZqVRdo/r1DlGiOFA9Qzs6/vkyxQcHY+suv+jq+XUA2R8M151wc6vqoMYkr8zy+9eWx/Ta++J2Ko7Stg/vL6TFBG4eu/F04DfogyCacFJjhIWJ3h41tq/m1VQd810c3WT3HuHkX+HNRFWRtwBxv9CMS84qftA8VDkf5LBV3J3qdMS7jIZ13I2Jn78CfAx70zYSWG/o6WdC/26GpFgrMicctT7Io8JGUAb+uWm2kLGflyWdwXOv2KjcTvWlAKRj3JvAK/CJPJdsHE6/aK/TrWXjDZ6kgmqoR1t5CrZimoFVC78OQRK6zY2yP3+iSN3GWHd1ysZYnD/f1Z84MWtn66Bglr57VNHrGkOnRaNlOvs1mLgKcCIlyF02sYVgJ0zZQmo1YcbsaaZTfiWoyuImIDLVqX/40CbktHBoLj4xLVOwNrHWrBhapGQgGXfX9unJqF/0Xi8dA3uzTgIfS7Zfw/tmc7uODAuC/sfue678OUXxrjIPMV8k4h9PjPneUQAsn/L/gn99iB6T8lqNf5ZyCcD3PKuK9k/JWqRfyPVoFIltG34o4EsQBBQnO/oth1HYl6bZ0aUssEVAsUhsaHCJ6LzySFpi8DQUGBpDKHFlK8qFkIz5dfv0hTE5JZOYaqoDHd8SU06fcVVIiJ+D4QSVdOBgZByiBN0eA2QcII+/XYs8fgAg5n/Ak1tPLrNl7qg8uaVi31VkzjSmQZJYaML+3xTb0YXAiV4nxQ7o1I7m8xEmf7epyl+++obX9JTezNe/cyLL/Jbzd5sLJdn2Z9L2z7q6Batiy+pfROcH2FgUIzvq71vPpGWuXMdnehVut+t7fOF4x8lU5GOwKUz4Kl6atgqJ4IsBT8mS44CBYCjQ3+qj7NkJmE2r6ok9xHuuB1fOSXDA40RGDkWOMHXI72Uld4UTcYuiouXSaSCQM8CytdRwYULY0CI7+MoFcHmHmkut+7hqo5liwYvWug3tWIesS2LKIHPJFcX8FQOSyh2l57CG4h7I3R/FkkGqL5Mphn2fwouJZIUrOcF2Qy2kTIa3Sw6bU43w/4rp4YwdEGo7jReiRHfkvNZo+XAU9qbvtX1HaPEgBpRhs8RButBMfF2XlXgXR+kABD8Kvcbzluq2/W/lZrTqXwHQLba7uMZkZxqzv5x2ub1/76oFqnmtCXwZXbHS3tHnhsuB7SrD2xHuiE1dzXOTvJ4XbvoyPRx12dhC+Bx6k9l8WpLe6ljItdrV+2vlpp4j09MkXzwVp1/4i0847q8/6VR6Pzdc6oV/B/aB/tGaYYYpnMfrMWeaP5IJ3tGEhWNAtyjJIWsN7ReaqilD59m2l1HtNfNx9eA/7q1eGwEN25PmxI2a/rrMHjIv2R7mq7IsaX0xdj/qUis/9/lu53tzaqC6mY42Ubuz3iK0nKIYQq7+t4ta49IMmNTiLytyDqHS0qibRgFSK3DIdXd7WPtHlC65C/1leaNXu8ezX3uV7Zee9H9NGBvvR7NdUhofh9uuxAT+7VkOoXSLKWZOKMRY0ROULeuXzXfUcfY4h3h77VaG+ki1EE5ritDW2d7MXy+lZD7MZkb9zv1OLu//qot5dD4++/8mukmVzPFeg5E/YthPhbuJDf90RjAntchiRqF9HN8h6LegfWOtICpQf0bAGoCs7AEOjRwq8m+gToiT43fT8EehKllqpVodXvAnq5QMKz93f5+QnQ6/d9CPTYI6AnGRxGD5nUb1ERaX1WjUJzvTQWthpVl8fZ3+8qnH8Sq/k/wV6kY//P//vfAAAA//8YxZul") + unpacked := packer.MustUnpack("eJzMeluXorq69v33M+bttw8cylqLPca6EGsRQIuaYhcJuSOJAhrQ1YKKe+z/vkfCQUCrq7vnHD33RQ2tGHJ48x6e5wn//dvxsKb/GR2yfz+uv57WX/+jyvhv//UbyawCf9nHy8D0FoHHaY45jQ9bApfPDrDOZKVeMXI1jJx5iFwlgjgJ9Ye/5fS6j2HlFP7KOToztwjhJMFaUGA4URZZUIbQPWK4NJjtqlj2+aivesLg3VjP1HMIva8LiI8YBoqTnmMnVS35mQ3mLzGwlDAwrsx2eQjV6/18LpvlrkpAcH2L97EzU+JQM87rwFCIahwj5Cl1+zR2ZuaBgaB4S82MgICzadeukOs+juDkzJB/naXTuh0YJdK8E8nwMYKe8paaJdGMs/h9sTKLEE2fu762mTAQPzug3tOtvb+2pm2mxDQLCqJjjrSCr7/s57ff6r9ICyZvqZmEmsep7m1CZB5k3+VPjVNhZJ5o7h9IRvt9Csd2OYGGhgPjK0a7237aPyDHjUPIOMmXc/kMwIe11Z6J8uzYhdHYJIvgRcHI3bDMOjLY37d5xfDCQ90/0e0jW9fzMJufcbdHUwvhRcXodbCuxcpMKFC6tRDb53R72zvVgiOGnkJ0987ud/PW450Y8s8MLYe2ac8yZ3sMn54dcOEkY0o0i3drjZfUDhSqKwfn5Sl+nZkJyZZxBKzrSgsm85n/N6IHiuizWZ1jVwuOIfKUCHpXDK0q1OJ8vtz/47d/qwN4nbPDPs2LUfj6cLKjwDiQfBm/a8GWIffA7N081NTdW2pykvlnovGSzdQrhp5KM66sl4dEHDXOrC172cf4NkaBQaDNcpkODqH2/uy8hPrbSzwnwMiRLlw4qU0G/ITm7EC2+9hJjdcIulWI3MlCabfxeuqt7UR1P2Hg/STGWWhBiW3zFImQX+1L0ebIMS8HkgdPb+k0XWjGmc0MiwDrygDfLpTeM7qnhMjnC+1ywpXR26Pyr0Um2py5MzP1CE52RGdXMd7yeqDIMiuisSqESuxn/IiRR9E/O7OL790cyLpcGbAUHFyo3Lt1eThPqCU81IpNBCei/5G87OeLlcnXINgiDR8IeG9c0zyHyN+LtfTtTW9nljb9Epqxzi0Xq2nKsqCKIJ44TRsDvMDQUMXZvV6ncwqMK7PEeJ4SwsvxLd4XDgieMPQ2WOyzDfs2Bc3cx36xcup+wKqw3oVU4czcbmynt67FSlUpEPb0+ai9wsg7MeRuMXpNe+N8MO+gf7nO+PnRXr3t9DzLzQoHhkoyXgqfIuD8PEuVGKOEh6oh0gtvbUeBpUQv+9jJer6DPB7qQRUhv7NnU8Lmt3CfpgxO7vZ8v5YudT9OeU27TD/cGKWqb6U7U6Zax/YnFLw3Z4cTYgf8tk6lH7dzaYOMHxkIKqSP+toeJyDYMmBUb6l5ILmpMvt13k+rGE6SMLtw3JS8cXperEyF5gGXe2rHkz7nnzp799NqahIsxkPLMoTeFiPvijTrHNVl5NimzkVWHMLMKsNAmT8qk4vMOkdLGVO9ctrG0rBM0zw49krBN0vXZ+VzsTIrDNUTy4KN7NsvE43NIo2nAr78wHwdbOqf10P73ew+2ONiNTq/mRK3ZaS/DpbxawSNchYf9AgE5VtqHjGc5AzEe9cu6jHtYWkiICix7u9FaWr9cbPaxb+n07MDrBLPzH2IvAVGOzFGUxJ9YzGb5hheEqr7h1D3eIjcbTSjh1nmnUQM0cwSfiLy8G6tuyoRMAO+l7KfrcTOFyV2NasiX0LFPd9K3ibla7KO7kqeSGnQ5SFatmVOhn2YBQmbHur0mZqkQ4y5x5kdnBcZP5LVhJPMSgkIdr9DESYeH6DLtm/uc4LMoywzPUSJM+tItfd0MZumi/f6k0CrlOgHBiWbTQqi+fx3FBcUWNuoUmtTz76Fer+JkI9EY3kEJ/kiu3CWBcffoc/DPMgdroyQubCJf13IshOkGFrKpykqlYjnX8LtkMZLDIKn1vUk0vqyj0X5o2cZggeSHUTK2lDdrzC0CqSLkipD6NQhrHtULFIpp7m/CSFWhPvXoS7Tm0BNJ6y/ypAg0DqP0/coNVYMXgZpsEHzCQGXDQPGhgB+ZS99pFuj93bN9NwP5Y8RfNsHo2SLkalIn5LuHCQEvcqzj+BSfnbpU56ze6aZIVOeCGVxTqO1PmAeYi1cwfJcejbNX392HzebZ0FGdLdJ3aIEyzhqzgpXRFOeHdCg1XNb6v5+a9O7Pc+bUitCWqR/uQekiXWr14/ObbzeCPmcfLnfx2DO84cpf5j+RuxJlqnMKql2EXBzkILbdQ0ZhLCBmlDbHDCEuv1ywg2Ek9/79pZ+gQXjOTUQS8bJkB2ZIl5LNjOuDPgSKlPd30XwaTRPoMk8oPtbKtYHvPMH46jYnj47drCj0+Faaljtn0KtEPuIMTC2kRZUo3GORKMnmgW7CHkbql1OTEBo4VOy7fV+/5VxXSNPPPfs2N5EPNPa4XtKJEMeR5qhMttUeyXs0+eGrP4WPx+z2QYyAUEzrC4/LbJJQmBwFbkY/0BpH81fqwzIE2V4/i0Weyvhzl1MNRBAWSOTNz49Zq+FAyydVuqWAHHWLGHA249+u77e7J+s86DCK7X2D5Co4S0O6jEAPjEBE/NdPweVDFgHknX+UTig8Z3b83moTwtqBynVgxuEB4nCbHPTh54dc7Z9hYLDlWhPtzbNyiLtnzeocouRwgHqhdm350kWKDi7nNhtf6fXa6iGSPjmsu8DPV9VRjEl/ufXwTy2v6U33xMx1PUVMH99+01QRuHrvxZOA15GmYTTAhOUElZn+PSWmn/b1NB3S3Sz81OcuyeRP0d1UdYG3MNGPwIxb/hp/4HioUj/pYKuZO9zpiVc5LM+ZOzNXf4J8PHozFiFoX+gFT2KPbpakeCsSNzqHLsiD0kZwNu71W7eQUa+XhePhU6/ZiPxuxZUglHPMq/AL8Jksl0w8aa9Zr+OdRRMtj6SmSph3T3kalgK6gTUPjz5iBXW7O0j9/okjTxkhw9crGOJ4/39WfODDrZ+ugYJa5eNTT5iSU3odGymWWe7FgFPBUS4Cae3MKwF6IYpzSadONyOtcjuxLUY3UTEFlp0Lt+IlS1D30RwIsLrsYAoYGHrB3njB+nkTLTLIdR3ZQSXj+Zq00b5Ouv6zn+hcNzRoJHQ+XFpHJy9tQ214EpVI6GAy74/N07D/v8i0XocE3368SHkvFcafmzPdnDFgfFYUP7OdT+GR39ojFLmSeSdQ+jxnzvLMfSS/1/xT+6xRw9+Sshv8t5IsB/nsulQQfkr1ZL4H53ykayjr8UD6WMFgoTmfk3tm/oVDdp6tauRJ6gWKAxNywheis+kjLYvA0FBgaRQZQdlXtQshJfrH7/AUxOSWTmGqqBP/fElJBr2FRSMifguiaRJZwODIGWQpmh0iyHhi/16GthjdPGHM/6EWjr7ZR+v9dElUafSehumcSWyjApDxtf29K5OjS6iKnE+KPcmJPf3GImzfT0t0uN31NS/pBYP5n14CZff5be7PFjbbkjvvhcu/lUQMVsXX1P6ILi+wEChGd82OmJzE65yZruHUGv0xvvb7itGvkpnkwMBymfB0vZVMFTPBFgK/kyPHAULgcYOf1GfFshMQu1YNEnuW3rkbXzkVwyOtEtg5FjjJa4mR6lnvKg7DF0VVy4TyYQBnoW1niQDilZGgZFfRdBrAsw80RogdddfDbeTBWNw/TS4klFP2JZFtMQzqTEoGCrlGqrddYvgNMLeGC2fRaIhmi+DeZEtT4LjiSS1yHlBZpNdhLxWf5vfivPjgO/rmBGc7DCKW41JcvO31Gz3eB3xs/Ytgw213ZMEQJrRBQ/RJhvBrXEmwNyyDlYBMASvy/2OW3e6auNvjdZVCd8hsLsuzGhmFPd6l3+6tXndWw/1OtWEvoyu+h5oeI/AY8sxkWYdifWBPlnPfZuzlxzu9z45EX3a12f4Gnic2ktZnLriXsm4ODS6aeertRY/0EFTtBytVfdPSLscqL4cXrW0+mLvjAYF/4f20Z1hiiGWyewXa6B3WhPS2YGBZEOzIMco6QDrA32pLkrp09eF1uQx/XX3zevHP3plOS5ED64tWzL4x/Xd4OMi/S2913ZFjK/nL8by95pE//9Fejzc26gppGKOl33sDgi3JCllCFU+1A8bPX1Ezlt9RuRvBi+8p4ElkRZsQuRW4fjKsPGRLk9oPfLX+Uq7Zo/3rwQ/10l7z/2ILjvStX6tljsmFL9ODx7p2IMaUr/5JGtJJs5Y1BiRI+Rdz3fdswwxhnh27Fut5kf6GEVgjvva0NXJQSxv77XLfkwOxv1ODfDxW0+DvZStv/+Rt6AWcj03oOfM2NcQ4q/hSn4/Eo0J7HEdk6hDRHfrRyzqHVjbSAuUAdCzBaAqOANjoEcLv57oE6An+tz1/SbQkyi1Uq0arX4X0MsFEl68v8vPT4DesO+HQI99BPQkg8PoQyb1S9RL2pxVq9DcLquFrSb1pXX294fK6p/Eav5PsBfp2P/z//43AAD//+9xxHg=") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go b/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go index 81f03c3b009..2694ed1cd3f 100644 --- a/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go +++ b/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go @@ -54,7 +54,7 @@ func TestCmdBinaryOnlyYAML(t *testing.T) { } func TestCmdDaemon(t *testing.T) { - srv := server.New(newErrorLogger(t), nil, nil) + srv := server.New(newErrorLogger(t), nil, nil, nil) require.NoError(t, srv.Start()) defer srv.Stop() @@ -70,7 +70,7 @@ func TestCmdDaemon(t *testing.T) { } func TestCmdDaemonYAML(t *testing.T) { - srv := server.New(newErrorLogger(t), nil, nil) + srv := server.New(newErrorLogger(t), nil, nil, nil) require.NoError(t, srv.Start()) defer srv.Stop() diff --git a/x-pack/elastic-agent/pkg/capabilities/capabilities.go b/x-pack/elastic-agent/pkg/capabilities/capabilities.go index 498e09ac101..b03bef73d8c 100644 --- a/x-pack/elastic-agent/pkg/capabilities/capabilities.go +++ b/x-pack/elastic-agent/pkg/capabilities/capabilities.go @@ -8,6 +8,8 @@ import ( "errors" "os" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "gopkg.in/yaml.v2" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -44,7 +46,7 @@ func Load(capsFile string, log *logger.Logger, sc status.Controller) (Capability cm := &capabilitiesManager{ caps: make([]Capability, 0), - reporter: sc.RegisterWithPersistance("capabilities", true), + reporter: sc.RegisterComponentWithPersistance("capabilities", true), } // load capabilities from file @@ -85,7 +87,7 @@ func Load(capsFile string, log *logger.Logger, sc status.Controller) (Capability func (mgr *capabilitiesManager) Apply(in interface{}) (interface{}, error) { var err error // reset health on start, child caps will update to fail if needed - mgr.reporter.Update(status.Healthy) + mgr.reporter.Update(state.Healthy, "") for _, cap := range mgr.caps { in, err = cap.Apply(in) if err != nil { diff --git a/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go index d59b7c62939..46107463151 100644 --- a/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go @@ -135,7 +135,7 @@ func TestCapabilityManager(t *testing.T) { caps: []Capability{ filterKeywordCap{keyWord: "filter"}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -160,7 +160,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, blockCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -185,7 +185,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, blockCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -210,7 +210,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, keepAsIsCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -235,7 +235,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, keepAsIsCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -260,7 +260,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, filterKeywordCap{keyWord: "key"}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -283,7 +283,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "key"}, filterKeywordCap{keyWord: "filter"}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) diff --git a/x-pack/elastic-agent/pkg/capabilities/input.go b/x-pack/elastic-agent/pkg/capabilities/input.go index 7ddc1a22496..6515bd5b715 100644 --- a/x-pack/elastic-agent/pkg/capabilities/input.go +++ b/x-pack/elastic-agent/pkg/capabilities/input.go @@ -7,6 +7,8 @@ package capabilities import ( "fmt" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -150,8 +152,9 @@ func (c *inputCapability) renderInputs(inputs []map[string]interface{}) ([]map[s input[conditionKey] = isSupported if !isSupported { - c.log.Errorf("input '%s' is left out due to capability restriction '%s'", inputType, c.name()) - c.reporter.Update(status.Degraded) + msg := fmt.Sprintf("input '%s' is left out due to capability restriction '%s'", inputType, c.name()) + c.log.Errorf(msg) + c.reporter.Update(state.Degraded, msg) } newInputs = append(newInputs, input) diff --git a/x-pack/elastic-agent/pkg/capabilities/input_test.go b/x-pack/elastic-agent/pkg/capabilities/input_test.go index 8416a81649b..7a2707d8f83 100644 --- a/x-pack/elastic-agent/pkg/capabilities/input_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/input_test.go @@ -8,11 +8,12 @@ import ( "fmt" "testing" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) @@ -394,5 +395,5 @@ func getInputsMap(tt ...string) map[string]interface{} { type testReporter struct{} -func (*testReporter) Update(status.AgentStatus) {} -func (*testReporter) Unregister() {} +func (*testReporter) Update(state.Status, string) {} +func (*testReporter) Unregister() {} diff --git a/x-pack/elastic-agent/pkg/capabilities/output.go b/x-pack/elastic-agent/pkg/capabilities/output.go index 34a9ca6e055..bf47123f337 100644 --- a/x-pack/elastic-agent/pkg/capabilities/output.go +++ b/x-pack/elastic-agent/pkg/capabilities/output.go @@ -7,6 +7,8 @@ package capabilities import ( "fmt" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" @@ -129,8 +131,9 @@ func (c *outputCapability) renderOutputs(outputs map[string]interface{}) (map[st outputs[outputName] = output if !isSupported { - c.log.Errorf("output '%s' is left out due to capability restriction '%s'", outputName, c.name()) - c.reporter.Update(status.Degraded) + msg := fmt.Sprintf("output '%s' is left out due to capability restriction '%s'", outputName, c.name()) + c.log.Errorf(msg) + c.reporter.Update(state.Degraded, msg) } } diff --git a/x-pack/elastic-agent/pkg/capabilities/upgrade.go b/x-pack/elastic-agent/pkg/capabilities/upgrade.go index 4ca6f9074d4..8712529c841 100644 --- a/x-pack/elastic-agent/pkg/capabilities/upgrade.go +++ b/x-pack/elastic-agent/pkg/capabilities/upgrade.go @@ -8,6 +8,8 @@ import ( "fmt" "strings" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" @@ -125,8 +127,9 @@ func (c *upgradeCapability) Apply(upgradeMap map[string]interface{}) (map[string // if deny switch the logic if c.Type == denyKey { isSupported = !isSupported - c.log.Errorf("upgrade is blocked out due to capability restriction '%s'", c.name()) - c.reporter.Update(status.Degraded) + msg := fmt.Sprintf("upgrade is blocked out due to capability restriction '%s'", c.name()) + c.log.Errorf(msg) + c.reporter.Update(state.Degraded, msg) } if !isSupported { diff --git a/x-pack/elastic-agent/pkg/core/logger/logger.go b/x-pack/elastic-agent/pkg/core/logger/logger.go index 9ae4c78834a..3e70cd88e57 100644 --- a/x-pack/elastic-agent/pkg/core/logger/logger.go +++ b/x-pack/elastic-agent/pkg/core/logger/logger.go @@ -43,7 +43,7 @@ func NewWithLogpLevel(name string, level logp.Level) (*Logger, error) { return new(name, defaultCfg) } -//NewFromConfig takes the user configuration and generate the right logger. +// NewFromConfig takes the user configuration and generate the right logger. // TODO: Finish implementation, need support on the library that we use. func NewFromConfig(name string, cfg *Config) (*Logger, error) { return new(name, cfg) diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/app.go b/x-pack/elastic-agent/pkg/core/plugin/process/app.go index 1de2feb559f..4586505db8d 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/app.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/app.go @@ -85,21 +85,24 @@ func NewApplication( b, _ := tokenbucket.NewTokenBucket(ctx, 3, 3, 1*time.Second) return &Application{ - bgContext: ctx, - id: id, - name: appName, - pipelineID: pipelineID, - logLevel: logLevel, - desc: desc, - srv: srv, - processConfig: cfg.ProcessConfig, - logger: logger, - limiter: b, + bgContext: ctx, + id: id, + name: appName, + pipelineID: pipelineID, + logLevel: logLevel, + desc: desc, + srv: srv, + processConfig: cfg.ProcessConfig, + logger: logger, + limiter: b, + state: state.State{ + Status: state.Stopped, + }, reporter: reporter, monitor: monitor, uid: uid, gid: gid, - statusReporter: statusController.Register(id), + statusReporter: statusController.RegisterApp(id, appName), }, nil } @@ -231,25 +234,6 @@ func (a *Application) waitProc(proc *os.Process) <-chan *os.ProcessState { return resChan } -func (a *Application) setStateFromProto(pstatus proto.StateObserved_Status, msg string, payload map[string]interface{}) { - var status state.Status - switch pstatus { - case proto.StateObserved_STARTING: - status = state.Starting - case proto.StateObserved_CONFIGURING: - status = state.Configuring - case proto.StateObserved_HEALTHY: - status = state.Running - case proto.StateObserved_DEGRADED: - status = state.Degraded - case proto.StateObserved_FAILED: - status = state.Failed - case proto.StateObserved_STOPPING: - status = state.Stopping - } - a.setState(status, msg, payload) -} - func (a *Application) setState(s state.Status, msg string, payload map[string]interface{}) { if a.state.Status != s || a.state.Message != msg || !reflect.DeepEqual(a.state.Payload, payload) { a.state.Status = s @@ -258,15 +242,7 @@ func (a *Application) setState(s state.Status, msg string, payload map[string]in if a.reporter != nil { go a.reporter.OnStateChange(a.id, a.name, a.state) } - - switch s { - case state.Configuring, state.Restarting, state.Starting, state.Stopping, state.Updating: - // no action - case state.Crashed, state.Failed, state.Degraded: - a.statusReporter.Update(status.Degraded) - default: - a.statusReporter.Update(status.Healthy) - } + a.statusReporter.Update(s, msg) } } diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/configure.go b/x-pack/elastic-agent/pkg/core/plugin/process/configure.go index fca2ea0f9c1..23ebdafbf60 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/configure.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/configure.go @@ -11,7 +11,6 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" ) // Configure configures the application with the passed configuration. @@ -20,9 +19,7 @@ func (a *Application) Configure(_ context.Context, config map[string]interface{} if err != nil { // inject App metadata err = errors.New(err, errors.M(errors.MetaKeyAppName, a.name), errors.M(errors.MetaKeyAppName, a.id)) - a.statusReporter.Update(status.Degraded) - } else { - a.statusReporter.Update(status.Healthy) + a.statusReporter.Update(state.Degraded, err.Error()) } }() diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/status.go b/x-pack/elastic-agent/pkg/core/plugin/process/status.go index 473ae9a70c7..21ded667101 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/status.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/status.go @@ -28,7 +28,7 @@ func (a *Application) OnStatusChange(s *server.ApplicationState, status proto.St return } - a.setStateFromProto(status, msg, payload) + a.setState(state.FromProto(status), msg, payload) if status == proto.StateObserved_FAILED { // ignore when expected state is stopping if s.Expected() == proto.StateExpected_STOPPING { diff --git a/x-pack/elastic-agent/pkg/core/plugin/service/app.go b/x-pack/elastic-agent/pkg/core/plugin/service/app.go index 8e336338f8f..97196e0307f 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/service/app.go +++ b/x-pack/elastic-agent/pkg/core/plugin/service/app.go @@ -90,22 +90,25 @@ func NewApplication( b, _ := tokenbucket.NewTokenBucket(ctx, 3, 3, 1*time.Second) return &Application{ - bgContext: ctx, - id: id, - name: appName, - pipelineID: pipelineID, - logLevel: logLevel, - desc: desc, - srv: srv, - processConfig: cfg.ProcessConfig, - logger: logger, - limiter: b, + bgContext: ctx, + id: id, + name: appName, + pipelineID: pipelineID, + logLevel: logLevel, + desc: desc, + srv: srv, + processConfig: cfg.ProcessConfig, + logger: logger, + limiter: b, + state: state.State{ + Status: state.Stopped, + }, reporter: reporter, monitor: monitor, uid: uid, gid: gid, credsPort: credsPort, - statusReporter: statusController.Register(id), + statusReporter: statusController.RegisterApp(id, appName), }, nil } @@ -207,9 +210,7 @@ func (a *Application) Configure(_ context.Context, config map[string]interface{} if err != nil { // inject App metadata err = errors.New(err, errors.M(errors.MetaKeyAppName, a.name), errors.M(errors.MetaKeyAppName, a.id)) - a.statusReporter.Update(status.Degraded) - } else { - a.statusReporter.Update(status.Healthy) + a.statusReporter.Update(state.Degraded, err.Error()) } }() @@ -287,26 +288,7 @@ func (a *Application) OnStatusChange(s *server.ApplicationState, status proto.St return } - a.setStateFromProto(status, msg, payload) -} - -func (a *Application) setStateFromProto(pstatus proto.StateObserved_Status, msg string, payload map[string]interface{}) { - var status state.Status - switch pstatus { - case proto.StateObserved_STARTING: - status = state.Starting - case proto.StateObserved_CONFIGURING: - status = state.Configuring - case proto.StateObserved_HEALTHY: - status = state.Running - case proto.StateObserved_DEGRADED: - status = state.Degraded - case proto.StateObserved_FAILED: - status = state.Failed - case proto.StateObserved_STOPPING: - status = state.Stopping - } - a.setState(status, msg, payload) + a.setState(state.FromProto(status), msg, payload) } func (a *Application) setState(s state.Status, msg string, payload map[string]interface{}) { @@ -317,15 +299,7 @@ func (a *Application) setState(s state.Status, msg string, payload map[string]in if a.reporter != nil { go a.reporter.OnStateChange(a.id, a.name, a.state) } - - switch s { - case state.Configuring, state.Restarting, state.Starting, state.Stopping, state.Updating: - // no action - case state.Crashed, state.Failed, state.Degraded: - a.statusReporter.Update(status.Degraded) - default: - a.statusReporter.Update(status.Healthy) - } + a.statusReporter.Update(s, msg) } } diff --git a/x-pack/elastic-agent/pkg/core/state/state.go b/x-pack/elastic-agent/pkg/core/state/state.go index 670cdc2a2f2..98319ad3315 100644 --- a/x-pack/elastic-agent/pkg/core/state/state.go +++ b/x-pack/elastic-agent/pkg/core/state/state.go @@ -5,6 +5,8 @@ package state import ( + "github.com/elastic/elastic-agent-client/v7/pkg/proto" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/process" ) @@ -13,27 +15,57 @@ type Status int const ( // Stopped is status describing not running application. - Stopped Status = iota + Stopped Status = -4 + // Crashed is status describing application is crashed. + Crashed Status = -3 + // Restarting is status describing application is restarting. + Restarting Status = -2 + // Updating is status describing application is updating. + Updating Status = -1 + // Starting is status describing application is starting. - Starting + Starting = Status(proto.StateObserved_STARTING) // Configuring is status describing application is configuring. - Configuring - // Running is status describing application is running. - Running + Configuring = Status(proto.StateObserved_CONFIGURING) + // Healthy is status describing application is running. + Healthy = Status(proto.StateObserved_HEALTHY) // Degraded is status describing application is degraded. - Degraded + Degraded = Status(proto.StateObserved_DEGRADED) // Failed is status describing application is failed. - Failed + Failed = Status(proto.StateObserved_FAILED) // Stopping is status describing application is stopping. - Stopping - // Crashed is status describing application is crashed. - Crashed - // Restarting is status describing application is restarting. - Restarting - // Updating is status describing application is updating. - Updating + Stopping = Status(proto.StateObserved_STOPPING) ) +// IsInternal returns true if the status is an internal status and not something that should be reported +// over the protocol as an actual status. +func (s Status) IsInternal() bool { + return s < Starting +} + +// ToProto converts the status to status that is compatible with the protocol. +func (s Status) ToProto() proto.StateObserved_Status { + if !s.IsInternal() { + return proto.StateObserved_Status(s) + } + if s == Updating || s == Restarting { + return proto.StateObserved_STARTING + } + if s == Crashed { + return proto.StateObserved_FAILED + } + if s == Stopped { + return proto.StateObserved_STOPPING + } + // fallback to degraded + return proto.StateObserved_DEGRADED +} + +// FromProto converts the status from protocol to status Agent representation. +func FromProto(s proto.StateObserved_Status) Status { + return Status(s) +} + // State wraps the process state and application status. type State struct { ProcessInfo *process.Info diff --git a/x-pack/elastic-agent/pkg/core/status/reporter.go b/x-pack/elastic-agent/pkg/core/status/reporter.go index 2d3517a434f..d4abd96a990 100644 --- a/x-pack/elastic-agent/pkg/core/status/reporter.go +++ b/x-pack/elastic-agent/pkg/core/status/reporter.go @@ -9,55 +9,71 @@ import ( "github.com/google/uuid" + "github.com/elastic/elastic-agent-client/v7/pkg/proto" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" ) -// AgentStatus represents a status of agent. -type AgentStatus int - -// UpdateFunc is used by components to notify reporter about status changes. -type UpdateFunc func(AgentStatus) +// AgentStatusCode is the status code for the Elastic Agent overall. +type AgentStatusCode int const ( // Healthy status means everything is fine. - Healthy AgentStatus = iota + Healthy AgentStatusCode = iota // Degraded status means something minor is preventing agent to work properly. Degraded // Failed status means agent is unable to work properly. Failed ) -var ( - humanReadableStatuses = map[AgentStatus]string{ - Healthy: "online", - Degraded: "degraded", - Failed: "error", - } -) +// String returns the string value for the agent code. +func (s AgentStatusCode) String() string { + return []string{"online", "degraded", "error"}[s] +} + +// AgentApplicationStatus returns the status of specific application. +type AgentApplicationStatus struct { + ID string + Name string + Status state.Status + Message string +} + +// AgentStatus returns the overall status of the Elastic Agent. +type AgentStatus struct { + Status AgentStatusCode + Message string + Applications []AgentApplicationStatus +} // Controller takes track of component statuses. type Controller interface { - Register(string) Reporter - RegisterWithPersistance(string, bool) Reporter + RegisterComponent(string) Reporter + RegisterComponentWithPersistance(string, bool) Reporter + RegisterApp(id string, name string) Reporter Status() AgentStatus + StatusCode() AgentStatusCode StatusString() string UpdateStateID(string) } type controller struct { - lock sync.Mutex - status AgentStatus - reporters map[string]*reporter - log *logger.Logger - stateID string + mx sync.Mutex + status AgentStatusCode + reporters map[string]*reporter + appReporters map[string]*reporter + log *logger.Logger + stateID string } // NewController creates a new reporter. func NewController(log *logger.Logger) Controller { return &controller{ - status: Healthy, - reporters: make(map[string]*reporter), - log: log, + status: Healthy, + reporters: make(map[string]*reporter), + appReporters: make(map[string]*reporter), + log: log, } } @@ -68,82 +84,145 @@ func (r *controller) UpdateStateID(stateID string) { return } - r.lock.Lock() + r.mx.Lock() r.stateID = stateID - // cleanup status + // cleanup status for component reporters + // the status of app reports remain the same for _, rep := range r.reporters { if !rep.isRegistered { continue } - rep.lock.Lock() + rep.mx.Lock() if !rep.isPersistent { - rep.status = Healthy + rep.status = state.Configuring + rep.message = "" } - rep.lock.Unlock() + rep.mx.Unlock() } - r.lock.Unlock() + r.mx.Unlock() r.updateStatus() } // Register registers new component for status updates. -func (r *controller) Register(componentIdentifier string) Reporter { - return r.RegisterWithPersistance(componentIdentifier, false) +func (r *controller) RegisterComponent(componentIdentifier string) Reporter { + return r.RegisterComponentWithPersistance(componentIdentifier, false) } -func (r *controller) RegisterWithPersistance(componentIdentifier string, persistent bool) Reporter { +// Register registers new component for status updates. +func (r *controller) RegisterComponentWithPersistance(componentIdentifier string, persistent bool) Reporter { id := componentIdentifier + "-" + uuid.New().String()[:8] rep := &reporter{ + name: componentIdentifier, isRegistered: true, unregisterFunc: func() { - r.lock.Lock() + r.mx.Lock() delete(r.reporters, id) - r.lock.Unlock() + r.mx.Unlock() }, notifyChangeFunc: r.updateStatus, isPersistent: persistent, } - r.lock.Lock() + r.mx.Lock() r.reporters[id] = rep - r.lock.Unlock() + r.mx.Unlock() + + return rep +} + +// RegisterApp registers new component for status updates. +func (r *controller) RegisterApp(componentIdentifier string, name string) Reporter { + id := componentIdentifier + "-" + uuid.New().String()[:8] + rep := &reporter{ + name: name, + status: state.Stopped, + isRegistered: true, + unregisterFunc: func() { + r.mx.Lock() + delete(r.appReporters, id) + r.mx.Unlock() + }, + notifyChangeFunc: r.updateStatus, + } + + r.mx.Lock() + r.appReporters[id] = rep + r.mx.Unlock() return rep } // Status retrieves current agent status. func (r *controller) Status() AgentStatus { + r.mx.Lock() + defer r.mx.Unlock() + apps := make([]AgentApplicationStatus, 0, len(r.appReporters)) + for key, rep := range r.appReporters { + rep.mx.Lock() + apps = append(apps, AgentApplicationStatus{ + ID: key, + Name: rep.name, + Status: rep.status, + Message: rep.message, + }) + rep.mx.Unlock() + } + return AgentStatus{ + Status: r.status, + Message: "", + Applications: apps, + } +} + +// StatusCode retrieves current agent status code. +func (r *controller) StatusCode() AgentStatusCode { + r.mx.Lock() + defer r.mx.Unlock() return r.status } func (r *controller) updateStatus() { status := Healthy - r.lock.Lock() + r.mx.Lock() for id, rep := range r.reporters { - s := rep.status + s := statusToAgentStatus(rep.status) if s > status { status = s } - r.log.Debugf("'%s' has status '%s'", id, humanReadableStatuses[s]) + r.log.Debugf("'%s' has status '%s'", id, s) if status == Failed { break } } + if status != Failed { + for id, rep := range r.appReporters { + s := statusToAgentStatus(rep.status) + if s > status { + status = s + } + + r.log.Debugf("'%s' has status '%s'", id, s) + if status == Failed { + break + } + } + } if r.status != status { r.logStatus(status) r.status = status } - r.lock.Unlock() + r.mx.Unlock() } -func (r *controller) logStatus(status AgentStatus) { +func (r *controller) logStatus(status AgentStatusCode) { logFn := r.log.Infof if status == Degraded { logFn = r.log.Warnf @@ -151,37 +230,40 @@ func (r *controller) logStatus(status AgentStatus) { logFn = r.log.Errorf } - logFn("Elastic Agent status changed to: '%s'", humanReadableStatuses[status]) + logFn("Elastic Agent status changed to: '%s'", status) } // StatusString retrieves human readable string of current agent status. func (r *controller) StatusString() string { - return humanReadableStatuses[r.Status()] + return r.StatusCode().String() } // Reporter reports status of component type Reporter interface { - Update(AgentStatus) + Update(state.Status, string) Unregister() } type reporter struct { - lock sync.Mutex + name string + mx sync.Mutex isPersistent bool isRegistered bool - status AgentStatus + status state.Status + message string unregisterFunc func() notifyChangeFunc func() } // Update updates the status of a component. -func (r *reporter) Update(s AgentStatus) { - r.lock.Lock() - defer r.lock.Unlock() +func (r *reporter) Update(s state.Status, message string) { + r.mx.Lock() + defer r.mx.Unlock() if !r.isRegistered { return } + r.message = message if r.status != s { r.status = s r.notifyChangeFunc() @@ -191,10 +273,21 @@ func (r *reporter) Update(s AgentStatus) { // Unregister unregister status from reporter. Reporter will no longer be taken into consideration // for overall status computation. func (r *reporter) Unregister() { - r.lock.Lock() - defer r.lock.Unlock() + r.mx.Lock() + defer r.mx.Unlock() r.isRegistered = false r.unregisterFunc() r.notifyChangeFunc() } + +func statusToAgentStatus(status state.Status) AgentStatusCode { + s := status.ToProto() + if s == proto.StateObserved_DEGRADED { + return Degraded + } + if s == proto.StateObserved_FAILED { + return Failed + } + return Healthy +} diff --git a/x-pack/elastic-agent/pkg/core/status/reporter_test.go b/x-pack/elastic-agent/pkg/core/status/reporter_test.go index 5706f42c22a..55fcd3e04fe 100644 --- a/x-pack/elastic-agent/pkg/core/status/reporter_test.go +++ b/x-pack/elastic-agent/pkg/core/status/reporter_test.go @@ -10,85 +10,92 @@ import ( "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" ) func TestReporter(t *testing.T) { l, _ := logger.New("") t.Run("healthy by default", func(t *testing.T) { r := NewController(l) - assert.Equal(t, Healthy, r.Status()) + assert.Equal(t, Healthy, r.StatusCode()) assert.Equal(t, "online", r.StatusString()) }) t.Run("healthy when all healthy", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") - - r1.Update(Healthy) - r2.Update(Healthy) - r3.Update(Healthy) - - assert.Equal(t, Healthy, r.Status()) + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") + a1 := r.RegisterApp("app-1", "app") + a2 := r.RegisterApp("app-2", "app") + a3 := r.RegisterApp("other-1", "other") + + r1.Update(state.Healthy, "") + r2.Update(state.Healthy, "") + r3.Update(state.Healthy, "") + a1.Update(state.Healthy, "") + a2.Update(state.Healthy, "") + a3.Update(state.Healthy, "") + + assert.Equal(t, Healthy, r.StatusCode()) assert.Equal(t, "online", r.StatusString()) }) t.Run("degraded when one degraded", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Degraded) - r3.Update(Healthy) + r1.Update(state.Healthy, "") + r2.Update(state.Degraded, "degraded") + r3.Update(state.Healthy, "") - assert.Equal(t, Degraded, r.Status()) + assert.Equal(t, Degraded, r.StatusCode()) assert.Equal(t, "degraded", r.StatusString()) }) t.Run("failed when one failed", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Failed) - r3.Update(Healthy) + r1.Update(state.Healthy, "") + r2.Update(state.Failed, "failed") + r3.Update(state.Healthy, "") - assert.Equal(t, Failed, r.Status()) + assert.Equal(t, Failed, r.StatusCode()) assert.Equal(t, "error", r.StatusString()) }) t.Run("failed when one failed and one degraded", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Failed) - r3.Update(Degraded) + r1.Update(state.Healthy, "") + r2.Update(state.Failed, "failed") + r3.Update(state.Degraded, "degraded") - assert.Equal(t, Failed, r.Status()) + assert.Equal(t, Failed, r.StatusCode()) assert.Equal(t, "error", r.StatusString()) }) t.Run("degraded when degraded and healthy, failed unregistered", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Failed) - r3.Update(Degraded) + r1.Update(state.Healthy, "") + r2.Update(state.Failed, "failed") + r3.Update(state.Degraded, "degraded") r2.Unregister() - assert.Equal(t, Degraded, r.Status()) + assert.Equal(t, Degraded, r.StatusCode()) assert.Equal(t, "degraded", r.StatusString()) }) } diff --git a/x-pack/elastic-agent/pkg/reporter/reporter.go b/x-pack/elastic-agent/pkg/reporter/reporter.go index 3b128841b2a..b1568e9f3f1 100644 --- a/x-pack/elastic-agent/pkg/reporter/reporter.go +++ b/x-pack/elastic-agent/pkg/reporter/reporter.go @@ -108,7 +108,7 @@ func generateRecord(agentID string, id string, name string, s state.State) event case state.Configuring: subType = EventSubTypeConfig subTypeText = EventSubTypeConfig - case state.Running: + case state.Healthy: subType = EventSubTypeRunning subTypeText = EventSubTypeRunning case state.Degraded: diff --git a/x-pack/elastic-agent/pkg/reporter/reporter_test.go b/x-pack/elastic-agent/pkg/reporter/reporter_test.go index ace35f0550b..8b0c095f654 100644 --- a/x-pack/elastic-agent/pkg/reporter/reporter_test.go +++ b/x-pack/elastic-agent/pkg/reporter/reporter_test.go @@ -62,11 +62,11 @@ func TestTypes(t *testing.T) { EventMessage: "Application: a-configuring[id]: State changed to CONFIG: Configuring", }, { - Status: state.Running, - StatusMessage: "Running", + Status: state.Healthy, + StatusMessage: "Healthy", EventType: EventTypeState, EventSubType: EventSubTypeRunning, - EventMessage: "Application: a-running[id]: State changed to RUNNING: Running", + EventMessage: "Application: a-healthy[id]: State changed to RUNNING: Healthy", }, { Status: state.Degraded, diff --git a/x-pack/elastic-agent/spec/fleet-server.yml b/x-pack/elastic-agent/spec/fleet-server.yml index 1c444f8990e..167bd9f8305 100644 --- a/x-pack/elastic-agent/spec/fleet-server.yml +++ b/x-pack/elastic-agent/spec/fleet-server.yml @@ -24,6 +24,10 @@ rules: selectors: [ fleet.server.output.elasticsearch ] path: output + - select_into: + selectors: [ fleet.server.policy.id ] + path: inputs.0.policy + - map: path: fleet rules: From b8ff64957d1821dfec0b692ffb0ae7cce22e81f3 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 16 Feb 2021 10:02:05 -0500 Subject: [PATCH 05/13] [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (#23773) * Add field definitions for known Netflow/IPFIX vendor fields * Add default_field: false to netflow * Refactor generator to merge all fields to remove duplicates * Remove indent flag from usage Closes #23771 --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 7592 +++++++++++++++-- .../input/netflow/_meta/fields.header.yml | 1 + .../filebeat/input/netflow/_meta/fields.yml | 4060 +++++++-- .../input/netflow/decoder/fields/gen.go | 5 + x-pack/filebeat/input/netflow/doc.go | 3 +- x-pack/filebeat/input/netflow/fields.go | 2 +- x-pack/filebeat/input/netflow/fields_gen.go | 230 +- 8 files changed, 10349 insertions(+), 1545 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index b570ea92379..07f4ab5d862 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -833,6 +833,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d removing unsupported processors. {pull}23763[23763] - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] - Added string splitting for httpjson input {pull}24022[24022] +- Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index e47e37fc194..b94b9e22a0f 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -94953,3125 +94953,9215 @@ type: integer -- -*`netflow.octet_delta_count`*:: +*`netflow.absolute_error`*:: + -- -type: long +type: double -- -*`netflow.packet_delta_count`*:: +*`netflow.address_pool_high_threshold`*:: + -- type: long -- -*`netflow.delta_flow_count`*:: +*`netflow.address_pool_low_threshold`*:: + -- type: long -- -*`netflow.protocol_identifier`*:: +*`netflow.address_port_mapping_high_threshold`*:: + -- -type: short +type: long -- -*`netflow.ip_class_of_service`*:: +*`netflow.address_port_mapping_low_threshold`*:: + -- -type: short +type: long -- -*`netflow.tcp_control_bits`*:: +*`netflow.address_port_mapping_per_user_high_threshold`*:: + -- -type: integer +type: long -- -*`netflow.source_transport_port`*:: +*`netflow.afc_protocol`*:: + -- type: integer -- -*`netflow.source_ipv4_address`*:: +*`netflow.afc_protocol_name`*:: + -- -type: ip +type: keyword -- -*`netflow.source_ipv4_prefix_length`*:: +*`netflow.anonymization_flags`*:: + -- -type: short +type: integer -- -*`netflow.ingress_interface`*:: +*`netflow.anonymization_technique`*:: + -- -type: long +type: integer -- -*`netflow.destination_transport_port`*:: +*`netflow.application_business-relevance`*:: + -- -type: integer +type: long -- -*`netflow.destination_ipv4_address`*:: +*`netflow.application_category_name`*:: + -- -type: ip +type: keyword -- -*`netflow.destination_ipv4_prefix_length`*:: +*`netflow.application_description`*:: + -- -type: short +type: keyword -- -*`netflow.egress_interface`*:: +*`netflow.application_group_name`*:: + -- -type: long +type: keyword -- -*`netflow.ip_next_hop_ipv4_address`*:: +*`netflow.application_http_uri_statistics`*:: + -- -type: ip +type: short -- -*`netflow.bgp_source_as_number`*:: +*`netflow.application_http_user-agent`*:: + -- -type: long +type: short -- -*`netflow.bgp_destination_as_number`*:: +*`netflow.application_id`*:: + -- -type: long +type: short -- -*`netflow.bgp_next_hop_ipv4_address`*:: +*`netflow.application_name`*:: + -- -type: ip +type: keyword -- -*`netflow.post_mcast_packet_delta_count`*:: +*`netflow.application_sub_category_name`*:: + -- -type: long +type: keyword -- -*`netflow.post_mcast_octet_delta_count`*:: +*`netflow.application_traffic-class`*:: + -- type: long -- -*`netflow.flow_end_sys_up_time`*:: +*`netflow.art_client_network_time_maximum`*:: + -- type: long -- -*`netflow.flow_start_sys_up_time`*:: +*`netflow.art_client_network_time_minimum`*:: + -- type: long -- -*`netflow.post_octet_delta_count`*:: +*`netflow.art_client_network_time_sum`*:: + -- type: long -- -*`netflow.post_packet_delta_count`*:: +*`netflow.art_clientpackets`*:: + -- type: long -- -*`netflow.minimum_ip_total_length`*:: +*`netflow.art_count_late_responses`*:: + -- type: long -- -*`netflow.maximum_ip_total_length`*:: +*`netflow.art_count_new_connections`*:: + -- type: long -- -*`netflow.source_ipv6_address`*:: +*`netflow.art_count_responses`*:: + -- -type: ip +type: long -- -*`netflow.destination_ipv6_address`*:: +*`netflow.art_count_responses_histogram_bucket1`*:: + -- -type: ip +type: long -- -*`netflow.source_ipv6_prefix_length`*:: +*`netflow.art_count_responses_histogram_bucket2`*:: + -- -type: short +type: long -- -*`netflow.destination_ipv6_prefix_length`*:: +*`netflow.art_count_responses_histogram_bucket3`*:: + -- -type: short +type: long -- -*`netflow.flow_label_ipv6`*:: +*`netflow.art_count_responses_histogram_bucket4`*:: + -- type: long -- -*`netflow.icmp_type_code_ipv4`*:: +*`netflow.art_count_responses_histogram_bucket5`*:: + -- -type: integer +type: long -- -*`netflow.igmp_type`*:: +*`netflow.art_count_responses_histogram_bucket6`*:: + -- -type: short +type: long -- -*`netflow.sampling_interval`*:: +*`netflow.art_count_responses_histogram_bucket7`*:: + -- type: long -- -*`netflow.sampling_algorithm`*:: +*`netflow.art_count_retransmissions`*:: + -- -type: short +type: long -- -*`netflow.flow_active_timeout`*:: +*`netflow.art_count_transactions`*:: + -- -type: integer +type: long -- -*`netflow.flow_idle_timeout`*:: +*`netflow.art_network_time_maximum`*:: + -- -type: integer +type: long -- -*`netflow.engine_type`*:: +*`netflow.art_network_time_minimum`*:: + -- -type: short +type: long -- -*`netflow.engine_id`*:: +*`netflow.art_network_time_sum`*:: + -- -type: short +type: long -- -*`netflow.exported_octet_total_count`*:: +*`netflow.art_response_time_maximum`*:: + -- type: long -- -*`netflow.exported_message_total_count`*:: +*`netflow.art_response_time_minimum`*:: + -- type: long -- -*`netflow.exported_flow_record_total_count`*:: +*`netflow.art_response_time_sum`*:: + -- type: long -- -*`netflow.ipv4_router_sc`*:: +*`netflow.art_server_network_time_maximum`*:: + -- -type: ip +type: long -- -*`netflow.source_ipv4_prefix`*:: +*`netflow.art_server_network_time_minimum`*:: + -- -type: ip +type: long -- -*`netflow.destination_ipv4_prefix`*:: +*`netflow.art_server_network_time_sum`*:: + -- -type: ip +type: long -- -*`netflow.mpls_top_label_type`*:: +*`netflow.art_server_response_time_maximum`*:: + -- -type: short +type: long -- -*`netflow.mpls_top_label_ipv4_address`*:: +*`netflow.art_server_response_time_minimum`*:: + -- -type: ip +type: long -- -*`netflow.sampler_id`*:: +*`netflow.art_server_response_time_sum`*:: + -- -type: short +type: long -- -*`netflow.sampler_mode`*:: +*`netflow.art_serverpackets`*:: + -- -type: short +type: long -- -*`netflow.sampler_random_interval`*:: +*`netflow.art_total_response_time_maximum`*:: + -- type: long -- -*`netflow.class_id`*:: +*`netflow.art_total_response_time_minimum`*:: + -- type: long -- -*`netflow.minimum_ttl`*:: +*`netflow.art_total_response_time_sum`*:: + -- -type: short +type: long -- -*`netflow.maximum_ttl`*:: +*`netflow.art_total_transaction_time_maximum`*:: + -- -type: short +type: long -- -*`netflow.fragment_identification`*:: +*`netflow.art_total_transaction_time_minimum`*:: + -- type: long -- -*`netflow.post_ip_class_of_service`*:: +*`netflow.art_total_transaction_time_sum`*:: + -- -type: short +type: long -- -*`netflow.source_mac_address`*:: +*`netflow.assembled_fragment_count`*:: + -- -type: keyword +type: long -- -*`netflow.post_destination_mac_address`*:: +*`netflow.audit_counter`*:: + -- -type: keyword +type: long -- -*`netflow.vlan_id`*:: +*`netflow.average_interarrival_time`*:: + -- -type: integer +type: long -- -*`netflow.post_vlan_id`*:: +*`netflow.bgp_destination_as_number`*:: + -- -type: integer +type: long -- -*`netflow.ip_version`*:: +*`netflow.bgp_next_adjacent_as_number`*:: + -- -type: short +type: long -- -*`netflow.flow_direction`*:: +*`netflow.bgp_next_hop_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.ip_next_hop_ipv6_address`*:: +*`netflow.bgp_next_hop_ipv6_address`*:: + -- type: ip -- -*`netflow.bgp_next_hop_ipv6_address`*:: +*`netflow.bgp_prev_adjacent_as_number`*:: + -- -type: ip +type: long -- -*`netflow.ipv6_extension_headers`*:: +*`netflow.bgp_source_as_number`*:: + -- type: long -- -*`netflow.mpls_top_label_stack_section`*:: +*`netflow.bgp_validity_state`*:: + -- type: short -- -*`netflow.mpls_label_stack_section2`*:: +*`netflow.biflow_direction`*:: + -- type: short -- -*`netflow.mpls_label_stack_section3`*:: +*`netflow.bind_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.mpls_label_stack_section4`*:: +*`netflow.bind_transport_port`*:: + -- -type: short +type: integer -- -*`netflow.mpls_label_stack_section5`*:: +*`netflow.class_id`*:: + -- -type: short +type: long -- -*`netflow.mpls_label_stack_section6`*:: +*`netflow.class_name`*:: + -- -type: short +type: keyword -- -*`netflow.mpls_label_stack_section7`*:: +*`netflow.classification_engine_id`*:: + -- type: short -- -*`netflow.mpls_label_stack_section8`*:: +*`netflow.collection_time_milliseconds`*:: + -- -type: short +type: date -- -*`netflow.mpls_label_stack_section9`*:: +*`netflow.collector_certificate`*:: + -- type: short -- -*`netflow.mpls_label_stack_section10`*:: +*`netflow.collector_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.destination_mac_address`*:: +*`netflow.collector_ipv6_address`*:: + -- -type: keyword +type: ip -- -*`netflow.post_source_mac_address`*:: +*`netflow.collector_transport_port`*:: + -- -type: keyword +type: integer -- -*`netflow.interface_name`*:: +*`netflow.common_properties_id`*:: + -- -type: keyword +type: long -- -*`netflow.interface_description`*:: +*`netflow.confidence_level`*:: + -- -type: keyword +type: double -- -*`netflow.sampler_name`*:: +*`netflow.conn_ipv4_address`*:: + -- -type: keyword +type: ip -- -*`netflow.octet_total_count`*:: +*`netflow.conn_transport_port`*:: + -- -type: long +type: integer -- -*`netflow.packet_total_count`*:: +*`netflow.connection_sum_duration_seconds`*:: + -- type: long -- -*`netflow.flags_and_sampler_id`*:: +*`netflow.connection_transaction_id`*:: + -- type: long -- -*`netflow.fragment_offset`*:: +*`netflow.conntrack_id`*:: + -- -type: integer +type: long -- -*`netflow.forwarding_status`*:: +*`netflow.data_byte_count`*:: + -- -type: short +type: long -- -*`netflow.mpls_vpn_route_distinguisher`*:: +*`netflow.data_link_frame_section`*:: + -- type: short -- -*`netflow.mpls_top_label_prefix_length`*:: +*`netflow.data_link_frame_size`*:: + -- -type: short +type: integer -- -*`netflow.src_traffic_index`*:: +*`netflow.data_link_frame_type`*:: + -- -type: long +type: integer -- -*`netflow.dst_traffic_index`*:: +*`netflow.data_records_reliability`*:: + -- -type: long +type: boolean -- -*`netflow.application_description`*:: +*`netflow.delta_flow_count`*:: + -- -type: keyword +type: long -- -*`netflow.application_id`*:: +*`netflow.destination_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.application_name`*:: +*`netflow.destination_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.digest_hash_value`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.dns_authoritative`*:: ++ +-- +type: short + +-- + +*`netflow.dns_cname`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_mx_exchange`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_mx_preference`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_nsd_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_nx_domain`*:: ++ +-- +type: short + +-- + +*`netflow.dns_ptrd_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_qname`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_qr_type`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_query_response`*:: ++ +-- +type: short + +-- + +*`netflow.dns_rr_section`*:: ++ +-- +type: short + +-- + +*`netflow.dns_soa_expire`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_minimum`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_refresh`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_retry`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_serial`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soam_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_soar_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_srv_port`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_srv_priority`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_srv_target`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_srv_weight`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_ttl`*:: ++ +-- +type: long + +-- + +*`netflow.dns_txt_data`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.dot1q_customer_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_customer_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.dot1q_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_service_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.dot1q_service_instance_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_service_instance_tag`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dropped_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dst_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.egress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.egress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.egress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.egress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.encrypted_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.engine_type`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_payload_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_total_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_type`*:: ++ +-- +type: integer + +-- + +*`netflow.expired_fragment_count`*:: ++ +-- +type: long + +-- + +*`netflow.export_interface`*:: ++ +-- +type: long + +-- + +*`netflow.export_protocol_version`*:: ++ +-- +type: short + +-- + +*`netflow.export_sctp_stream_id`*:: ++ +-- +type: integer + +-- + +*`netflow.export_transport_protocol`*:: ++ +-- +type: short + +-- + +*`netflow.exported_flow_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_message_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exporter_certificate`*:: ++ +-- +type: short + +-- + +*`netflow.exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.exporter_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.exporting_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.external_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.firewall_event`*:: ++ +-- +type: short + +-- + +*`netflow.first_eight_non_empty_packet_directions`*:: ++ +-- +type: short + +-- + +*`netflow.first_non_empty_packet_size`*:: ++ +-- +type: integer + +-- + +*`netflow.first_packet_banner`*:: ++ +-- +type: keyword + +-- + +*`netflow.flags_and_sampler_id`*:: ++ +-- +type: long + +-- + +*`netflow.flow_active_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_attributes`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.flow_duration_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_duration_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_reason`*:: ++ +-- +type: short + +-- + +*`netflow.flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.flow_id`*:: ++ +-- +type: long + +-- + +*`netflow.flow_idle_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_key_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.flow_label_ipv6`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_flow_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_start_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.flow_table_flush_event_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_table_peak_count`*:: ++ +-- +type: long + +-- + +*`netflow.forwarding_status`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_flags`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_identification`*:: ++ +-- +type: long + +-- + +*`netflow.fragment_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.fw_blackout_secs`*:: ++ +-- +type: long + +-- + +*`netflow.fw_configured_value`*:: ++ +-- +type: long + +-- + +*`netflow.fw_cts_src_sgt`*:: ++ +-- +type: long + +-- + +*`netflow.fw_event_level`*:: ++ +-- +type: long + +-- + +*`netflow.fw_event_level_id`*:: ++ +-- +type: long + +-- + +*`netflow.fw_ext_event`*:: ++ +-- +type: integer + +-- + +*`netflow.fw_ext_event_alt`*:: ++ +-- +type: long + +-- + +*`netflow.fw_ext_event_desc`*:: ++ +-- +type: keyword + +-- + +*`netflow.fw_half_open_count`*:: ++ +-- +type: long + +-- + +*`netflow.fw_half_open_high`*:: ++ +-- +type: long + +-- + +*`netflow.fw_half_open_rate`*:: ++ +-- +type: long + +-- + +*`netflow.fw_max_sessions`*:: ++ +-- +type: long + +-- + +*`netflow.fw_rule`*:: ++ +-- +type: keyword + +-- + +*`netflow.fw_summary_pkt_count`*:: ++ +-- +type: long + +-- + +*`netflow.fw_zone_pair_id`*:: ++ +-- +type: long + +-- + +*`netflow.fw_zone_pair_name`*:: ++ +-- +type: long + +-- + +*`netflow.global_address_mapping_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.gre_key`*:: ++ +-- +type: long + +-- + +*`netflow.hash_digest_output`*:: ++ +-- +type: boolean + +-- + +*`netflow.hash_flow_domain`*:: ++ +-- +type: integer + +-- + +*`netflow.hash_initialiser_value`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_offset`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_size`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_message_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_reason_phrase`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_host`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_target`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_status_code`*:: ++ +-- +type: integer + +-- + +*`netflow.http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.icmp_code_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_code_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_type_code_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.icmp_type_code_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.icmp_type_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_type_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.igmp_type`*:: ++ +-- +type: short + +-- + +*`netflow.ignored_data_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_data_type`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_id`*:: ++ +-- +type: integer + +-- + +*`netflow.information_element_index`*:: ++ +-- +type: integer + +-- + +*`netflow.information_element_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_range_begin`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_range_end`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_units`*:: ++ +-- +type: integer + +-- + +*`netflow.ingress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_multicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.initial_tcp_flags`*:: ++ +-- +type: short + +-- + +*`netflow.initiator_octets`*:: ++ +-- +type: long + +-- + +*`netflow.initiator_packets`*:: ++ +-- +type: long + +-- + +*`netflow.interface_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.interface_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.intermediate_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.internal_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.ip_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ip_header_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.ip_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ip_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ip_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.ip_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.ip_sec_spi`*:: ++ +-- +type: long + +-- + +*`netflow.ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.ip_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.ip_version`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_ihl`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_options`*:: ++ +-- +type: long + +-- + +*`netflow.ipv4_router_sc`*:: ++ +-- +type: ip + +-- + +*`netflow.ipv6_extension_headers`*:: ++ +-- +type: long + +-- + +*`netflow.is_multicast`*:: ++ +-- +type: short + +-- + +*`netflow.ixia_browser_id`*:: ++ +-- +type: short + +-- + +*`netflow.ixia_browser_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_device_id`*:: ++ +-- +type: short + +-- + +*`netflow.ixia_device_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_answer`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_classes`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_query`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_record_txt`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_as_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_city_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_country_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_country_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_latitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_dst_longitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_dst_region_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_region_node`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_encrypt_cipher`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_encrypt_key_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ixia_encrypt_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_http_host_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_http_uri`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_imsi_subscriber`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_l7_app_id`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_l7_app_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_latency`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_rev_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_rev_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_src_as_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_city_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_country_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_country_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_latitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_src_longitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_src_region_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_region_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_threat_ipv4`*:: ++ +-- +type: ip + +-- + +*`netflow.ixia_threat_ipv6`*:: ++ +-- +type: ip + +-- + +*`netflow.ixia_threat_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.large_packet_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_segment_id`*:: ++ +-- +type: long + +-- + +*`netflow.layer2packet_section_data`*:: ++ +-- +type: short + +-- + +*`netflow.layer2packet_section_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.layer2packet_section_size`*:: ++ +-- +type: integer + +-- + +*`netflow.line_card_id`*:: ++ +-- +type: long + +-- + +*`netflow.log_op`*:: ++ +-- +type: short + +-- + +*`netflow.lower_ci_limit`*:: ++ +-- +type: double + +-- + +*`netflow.mark`*:: ++ +-- +type: long + +-- + +*`netflow.max_bib_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_entries_per_user`*:: ++ +-- +type: long + +-- + +*`netflow.max_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_fragments_pending_reassembly`*:: ++ +-- +type: long + +-- + +*`netflow.max_packet_size`*:: ++ +-- +type: integer + +-- + +*`netflow.max_session_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_subscribers`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mean_flow_rate`*:: ++ +-- +type: long + +-- + +*`netflow.mean_packet_rate`*:: ++ +-- +type: long + +-- + +*`netflow.message_md5_checksum`*:: ++ +-- +type: short + +-- + +*`netflow.message_scope`*:: ++ +-- +type: short + +-- + +*`netflow.metering_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.metro_evc_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.metro_evc_type`*:: ++ +-- +type: short + +-- + +*`netflow.mib_capture_time_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_index_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.mib_module_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_syntax`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_value_bits`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_counter`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_gauge`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_integer`*:: ++ +-- +type: integer + +-- + +*`netflow.mib_object_value_ip_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mib_object_value_octet_string`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_oid`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_time_ticks`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_unsigned`*:: ++ +-- +type: long + +-- + +*`netflow.mib_sub_identifier`*:: ++ +-- +type: long + +-- + +*`netflow.min_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.minimum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mobile_imsi`*:: ++ +-- +type: keyword + +-- + +*`netflow.mobile_msisdn`*:: ++ +-- +type: keyword + +-- + +*`netflow.monitoring_interval_end_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.monitoring_interval_start_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.mpls_label_stack_depth`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_label_stack_length`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section10`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section2`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section3`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section4`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section5`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section6`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section7`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section8`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section9`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mpls_top_label_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mpls_top_label_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_type`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_vpn_route_distinguisher`*:: ++ +-- +type: short + +-- + +*`netflow.mptcp_address_id`*:: ++ +-- +type: short + +-- + +*`netflow.mptcp_flags`*:: ++ +-- +type: short + +-- + +*`netflow.mptcp_initial_data_sequence_number`*:: ++ +-- +type: long + +-- + +*`netflow.mptcp_maximum_segment_size`*:: ++ +-- +type: integer + +-- + +*`netflow.mptcp_receiver_token`*:: ++ +-- +type: long + +-- + +*`netflow.multicast_replication_factor`*:: ++ +-- +type: long + +-- + +*`netflow.nat_event`*:: ++ +-- +type: short + +-- + +*`netflow.nat_inside_svcid`*:: ++ +-- +type: integer + +-- + +*`netflow.nat_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.nat_originating_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.nat_outside_svcid`*:: ++ +-- +type: integer + +-- + +*`netflow.nat_pool_id`*:: ++ +-- +type: long + +-- + +*`netflow.nat_pool_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.nat_quota_exceeded_event`*:: ++ +-- +type: long + +-- + +*`netflow.nat_sub_string`*:: ++ +-- +type: keyword + +-- + +*`netflow.nat_threshold_event`*:: ++ +-- +type: long + +-- + +*`netflow.nat_type`*:: ++ +-- +type: short + +-- + +*`netflow.netscale_ica_client_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_aaa_username`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_app_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_app_name_app_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_app_name_incarnation_number`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_app_template_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_app_unit_name_app_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_application_startup_duration`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_application_startup_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_cache_redir_client_connection_core_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_cache_redir_client_connection_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_client_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_connection_chain_hop_count`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_connection_chain_id`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_connection_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_current_license_consumed`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_clt_host_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_database_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_login_flags`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_protocol_name`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_db_req_string`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_req_type`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_db_resp_length`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_resp_status`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_resp_status_string`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_user_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_flow_flags`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_client_interaction_end_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_client_interaction_start_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_client_render_end_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_client_render_start_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_authorization`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_cookie`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_forw_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_forw_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_host`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_rcv_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_rcv_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_referer`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_url`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_via`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_xforwarded_for`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_res_forw_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_forw_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_location`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_res_rcv_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_rcv_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_set_cookie`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_res_set_cookie2`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_rsp_len`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_rsp_status`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_app_module_path`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_app_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_application_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_application_termination_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_application_termination_type`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_channel_id1`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id1_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id2`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id2_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id3`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id3_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id4`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id4_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id5`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id5_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_client_host_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_client_ip`*:: ++ +-- +type: ip + +-- + +*`netflow.netscaler_ica_client_launcher`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_client_side_rto_count`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_client_side_window_size`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_client_type`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_clientside_delay`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_jitter`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_packets_retransmit`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_clientside_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_rx_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_srtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_tx_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_connection_priority`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_device_serial_no`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_flags`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_host_delay`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_l7_client_latency`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_l7_server_latency`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_launch_mechanism`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_network_update_end_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_network_update_start_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_server_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_server_side_rto_count`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_server_side_window_size`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_serverside_delay`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_serverside_jitter`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_serverside_packets_retransmit`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_serverside_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_serverside_srtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_end_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_guid`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_ica_session_reconnects`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_ica_session_setup_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_update_begin_sec`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_update_end_sec`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_username`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_license_type`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_main_page_core_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_main_page_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_max_license_count`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_msi_client_cookie`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_round_trip_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_server_ttfb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_server_ttlb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_syslog_message`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_syslog_priority`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_syslog_timestamp`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown270`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown271`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown272`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown273`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown274`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown275`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown276`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown277`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown278`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown279`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown280`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown281`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown282`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown283`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown284`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown285`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown286`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown287`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown288`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown289`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown290`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown291`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown292`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown293`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown294`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown295`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown296`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown297`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown298`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown299`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown300`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown301`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown302`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown303`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown304`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown305`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown306`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown307`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown308`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown309`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown310`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown311`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown312`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown313`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown314`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown315`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown316`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown317`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown318`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown319`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown320`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown321`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown322`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown323`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown324`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown325`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown326`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown327`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown328`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown329`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown330`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown331`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown332`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown333`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown334`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown335`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown336`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown337`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown338`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown339`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown340`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown341`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown342`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown343`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown344`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown345`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown346`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown347`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown348`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown349`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown350`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown351`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown352`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown353`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown354`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown355`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown356`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown357`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown363`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown383`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown391`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown398`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown404`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown405`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown427`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown429`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown432`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown433`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown453`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown465`*:: ++ +-- +type: long + +-- + +*`netflow.new_connection_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.next_header_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.non_empty_packet_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.observation_point_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_point_type`*:: ++ +-- +type: short + +-- + +*`netflow.observation_time_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.observed_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.opaque_octets`*:: ++ +-- +type: short + +-- + +*`netflow.original_exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_flows_completed`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_initiated`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_present`*:: ++ +-- +type: long + +-- + +*`netflow.original_observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.os_finger_print`*:: ++ +-- +type: keyword + +-- + +*`netflow.os_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.os_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.p2p_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.padding_octets`*:: ++ +-- +type: short + +-- + +*`netflow.payload`*:: ++ +-- +type: keyword + +-- + +*`netflow.payload_entropy`*:: ++ +-- +type: short + +-- + +*`netflow.payload_length_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.policy_qos_classification_hierarchy`*:: ++ +-- +type: long + +-- + +*`netflow.policy_qos_queue_index`*:: ++ +-- +type: long + +-- + +*`netflow.policy_qos_queuedrops`*:: ++ +-- +type: long + +-- + +*`netflow.policy_qos_queueindex`*:: ++ +-- +type: long + +-- + +*`netflow.port_id`*:: ++ +-- +type: long + +-- + +*`netflow.port_range_end`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_num_ports`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_start`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_step_size`*:: ++ +-- +type: integer + +-- + +*`netflow.post_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.post_ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.post_ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.post_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.post_napt_destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.post_napt_source_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.post_nat_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_source_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_source_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.private_enterprise_number`*:: ++ +-- +type: long + +-- + +*`netflow.procera_apn`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_base_service`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_content_categories`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_device_id`*:: ++ +-- +type: long + +-- + +*`netflow.procera_external_rtt`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_flow_behavior`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_ggsn`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_file_length`*:: ++ +-- +type: long + +-- + +*`netflow.procera_http_language`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_location`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_referer`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_request_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_request_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_response_status`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_http_url`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_imsi`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_octets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_packets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_shaping_drops`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_shaping_latency`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_internal_rtt`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_local_ipv4_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_local_ipv6_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_msisdn`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_octets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_packets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_shaping_drops`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_shaping_latency`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_property`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_qoe_incoming_external`*:: ++ +-- +type: float + +-- + +*`netflow.procera_qoe_incoming_internal`*:: ++ +-- +type: float + +-- + +*`netflow.procera_qoe_outgoing_external`*:: ++ +-- +type: float + +-- + +*`netflow.procera_qoe_outgoing_internal`*:: ++ +-- +type: float + +-- + +*`netflow.procera_rat`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_remote_ipv4_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_remote_ipv6_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_rnc`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_server_hostname`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_service`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_sgsn`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_subscriber_identifier`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_template_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_user_location_information`*:: ++ +-- +type: keyword + +-- + +*`netflow.protocol_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.pseudo_wire_control_word`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.pseudo_wire_id`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_type`*:: ++ +-- +type: integer + +-- + +*`netflow.reason`*:: ++ +-- +type: long + +-- + +*`netflow.reason_text`*:: ++ +-- +type: keyword + +-- + +*`netflow.relative_error`*:: ++ +-- +type: double + +-- + +*`netflow.responder_octets`*:: ++ +-- +type: long + +-- + +*`netflow.responder_packets`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_absolute_error`*:: ++ +-- +type: double + +-- + +*`netflow.reverse_anonymization_flags`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_anonymization_technique`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_application_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_group_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_sub_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_average_interarrival_time`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_destination_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_next_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_bgp_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_bgp_prev_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_source_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_validity_state`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_class_id`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_class_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_classification_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_collection_time_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_collector_certificate`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_confidence_level`*:: ++ +-- +type: double + +-- + +*`netflow.reverse_connection_sum_duration_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_connection_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_data_byte_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_data_link_frame_section`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_data_link_frame_size`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_data_link_frame_type`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_data_records_reliability`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_delta_flow_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_digest_hash_value`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_destination_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_destination_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_destination_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_source_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_source_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_source_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dot1q_customer_dei`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_customer_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_dot1q_customer_priority`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_customer_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_dot1q_dei`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_priority`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_service_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dot1q_service_instance_priority`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_service_instance_tag`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_dropped_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dst_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_encrypted_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_engine_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ethernet_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ethernet_payload_length`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_ethernet_total_length`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_ethernet_type`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_export_sctp_stream_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_exporter_certificate`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_exporting_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_firewall_event`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_first_non_empty_packet_size`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_first_packet_banner`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_flags_and_sampler_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_active_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_attributes`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_delta_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_flow_duration_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_duration_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_nanoseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_reason`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_flow_end_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_idle_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_label_ipv6`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_sampling_time_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selected_flow_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selected_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selected_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_start_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_nanoseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_forwarding_status`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_fragment_flags`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_fragment_identification`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_fragment_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_gre_key`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_digest_output`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_hash_flow_domain`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_hash_initialiser_value`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_ip_payload_offset`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_ip_payload_size`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_output_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_output_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_selected_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_selected_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_icmp_code_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_icmp_code_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_icmp_type_code_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_icmp_type_code_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_icmp_type_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_icmp_type_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_igmp_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ignored_data_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ignored_layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ignored_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_information_element_data_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_information_element_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_information_element_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_information_element_index`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_information_element_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_information_element_range_begin`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_information_element_range_end`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_information_element_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_information_element_units`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_ingress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_multicast_packet_total_count`*:: + -- -type: keyword +type: long -- -*`netflow.post_ip_diff_serv_code_point`*:: +*`netflow.reverse_ingress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_initial_tcp_flags`*:: + -- type: short -- -*`netflow.multicast_replication_factor`*:: +*`netflow.reverse_initiator_octets`*:: + -- type: long -- -*`netflow.class_name`*:: +*`netflow.reverse_initiator_packets`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_interface_description`*:: + -- type: keyword -- -*`netflow.classification_engine_id`*:: +*`netflow.reverse_interface_name`*:: + -- -type: short +type: keyword -- -*`netflow.layer2packet_section_offset`*:: +*`netflow.reverse_intermediate_process_id`*:: + -- -type: integer +type: long -- -*`netflow.layer2packet_section_size`*:: +*`netflow.reverse_ip_class_of_service`*:: + -- -type: integer +type: short -- -*`netflow.layer2packet_section_data`*:: +*`netflow.reverse_ip_diff_serv_code_point`*:: + -- type: short -- -*`netflow.bgp_next_adjacent_as_number`*:: +*`netflow.reverse_ip_header_length`*:: + -- -type: long +type: short -- -*`netflow.bgp_prev_adjacent_as_number`*:: +*`netflow.reverse_ip_header_packet_section`*:: + -- -type: long +type: keyword -- -*`netflow.exporter_ipv4_address`*:: +*`netflow.reverse_ip_next_hop_ipv4_address`*:: + -- type: ip -- -*`netflow.exporter_ipv6_address`*:: +*`netflow.reverse_ip_next_hop_ipv6_address`*:: + -- type: ip -- -*`netflow.dropped_octet_delta_count`*:: +*`netflow.reverse_ip_payload_length`*:: + -- type: long -- -*`netflow.dropped_packet_delta_count`*:: +*`netflow.reverse_ip_payload_packet_section`*:: + -- -type: long +type: keyword -- -*`netflow.dropped_octet_total_count`*:: +*`netflow.reverse_ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ip_sec_spi`*:: + -- type: long -- -*`netflow.dropped_packet_total_count`*:: +*`netflow.reverse_ip_total_length`*:: + -- type: long -- -*`netflow.flow_end_reason`*:: +*`netflow.reverse_ip_ttl`*:: + -- type: short -- -*`netflow.common_properties_id`*:: +*`netflow.reverse_ip_version`*:: + -- -type: long +type: short -- -*`netflow.observation_point_id`*:: +*`netflow.reverse_ipv4_ihl`*:: + -- -type: long +type: short -- -*`netflow.icmp_type_code_ipv6`*:: +*`netflow.reverse_ipv4_options`*:: + -- -type: integer +type: long -- -*`netflow.mpls_top_label_ipv6_address`*:: +*`netflow.reverse_ipv4_router_sc`*:: + -- type: ip -- -*`netflow.line_card_id`*:: +*`netflow.reverse_ipv6_extension_headers`*:: + -- type: long -- -*`netflow.port_id`*:: +*`netflow.reverse_is_multicast`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_large_packet_count`*:: + -- type: long -- -*`netflow.metering_process_id`*:: +*`netflow.reverse_layer2_frame_delta_count`*:: + -- type: long -- -*`netflow.exporting_process_id`*:: +*`netflow.reverse_layer2_frame_total_count`*:: + -- type: long -- -*`netflow.template_id`*:: +*`netflow.reverse_layer2_octet_delta_count`*:: + -- -type: integer +type: long -- -*`netflow.wlan_channel_id`*:: +*`netflow.reverse_layer2_octet_delta_sum_of_squares`*:: + -- -type: short +type: long -- -*`netflow.wlan_ssid`*:: +*`netflow.reverse_layer2_octet_total_count`*:: + -- -type: keyword +type: long -- -*`netflow.flow_id`*:: +*`netflow.reverse_layer2_octet_total_sum_of_squares`*:: + -- type: long -- -*`netflow.observation_domain_id`*:: +*`netflow.reverse_layer2_segment_id`*:: + -- type: long -- -*`netflow.flow_start_seconds`*:: +*`netflow.reverse_layer2packet_section_data`*:: + -- -type: date +type: keyword -- -*`netflow.flow_end_seconds`*:: +*`netflow.reverse_layer2packet_section_offset`*:: + -- -type: date +type: integer -- -*`netflow.flow_start_milliseconds`*:: +*`netflow.reverse_layer2packet_section_size`*:: + -- -type: date +type: integer -- -*`netflow.flow_end_milliseconds`*:: +*`netflow.reverse_line_card_id`*:: + -- -type: date +type: long -- -*`netflow.flow_start_microseconds`*:: +*`netflow.reverse_lower_ci_limit`*:: + -- -type: date +type: double -- -*`netflow.flow_end_microseconds`*:: +*`netflow.reverse_max_export_seconds`*:: + -- -type: date +type: long -- -*`netflow.flow_start_nanoseconds`*:: +*`netflow.reverse_max_flow_end_microseconds`*:: + -- -type: date +type: long -- -*`netflow.flow_end_nanoseconds`*:: +*`netflow.reverse_max_flow_end_milliseconds`*:: + -- -type: date +type: long -- -*`netflow.flow_start_delta_microseconds`*:: +*`netflow.reverse_max_flow_end_nanoseconds`*:: + -- type: long -- -*`netflow.flow_end_delta_microseconds`*:: +*`netflow.reverse_max_flow_end_seconds`*:: + -- type: long -- -*`netflow.system_init_time_milliseconds`*:: +*`netflow.reverse_max_packet_size`*:: + -- -type: date +type: integer -- -*`netflow.flow_duration_milliseconds`*:: +*`netflow.reverse_maximum_ip_total_length`*:: + -- type: long -- -*`netflow.flow_duration_microseconds`*:: +*`netflow.reverse_maximum_layer2_total_length`*:: + -- type: long -- -*`netflow.observed_flow_total_count`*:: +*`netflow.reverse_maximum_ttl`*:: + -- -type: long +type: short -- -*`netflow.ignored_packet_total_count`*:: +*`netflow.reverse_message_md5_checksum`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_message_scope`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_metering_process_id`*:: + -- type: long -- -*`netflow.ignored_octet_total_count`*:: +*`netflow.reverse_metro_evc_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_metro_evc_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_min_export_seconds`*:: + -- type: long -- -*`netflow.not_sent_flow_total_count`*:: +*`netflow.reverse_min_flow_start_microseconds`*:: + -- type: long -- -*`netflow.not_sent_packet_total_count`*:: +*`netflow.reverse_min_flow_start_milliseconds`*:: + -- type: long -- -*`netflow.not_sent_octet_total_count`*:: +*`netflow.reverse_min_flow_start_nanoseconds`*:: + -- type: long -- -*`netflow.destination_ipv6_prefix`*:: +*`netflow.reverse_min_flow_start_seconds`*:: + -- -type: ip +type: long -- -*`netflow.source_ipv6_prefix`*:: +*`netflow.reverse_minimum_ip_total_length`*:: + -- -type: ip +type: long -- -*`netflow.post_octet_total_count`*:: +*`netflow.reverse_minimum_layer2_total_length`*:: + -- type: long -- -*`netflow.post_packet_total_count`*:: +*`netflow.reverse_minimum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_monitoring_interval_end_milli_seconds`*:: + -- type: long -- -*`netflow.flow_key_indicator`*:: +*`netflow.reverse_monitoring_interval_start_milli_seconds`*:: + -- type: long -- -*`netflow.post_mcast_packet_total_count`*:: +*`netflow.reverse_mpls_label_stack_depth`*:: + -- type: long -- -*`netflow.post_mcast_octet_total_count`*:: +*`netflow.reverse_mpls_label_stack_length`*:: + -- type: long -- -*`netflow.icmp_type_ipv4`*:: +*`netflow.reverse_mpls_label_stack_section`*:: + -- -type: short +type: keyword -- -*`netflow.icmp_code_ipv4`*:: +*`netflow.reverse_mpls_label_stack_section10`*:: + -- -type: short +type: keyword -- -*`netflow.icmp_type_ipv6`*:: +*`netflow.reverse_mpls_label_stack_section2`*:: + -- -type: short +type: keyword -- -*`netflow.icmp_code_ipv6`*:: +*`netflow.reverse_mpls_label_stack_section3`*:: + -- -type: short +type: keyword -- -*`netflow.udp_source_port`*:: +*`netflow.reverse_mpls_label_stack_section4`*:: + -- -type: integer +type: keyword -- -*`netflow.udp_destination_port`*:: +*`netflow.reverse_mpls_label_stack_section5`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_source_port`*:: +*`netflow.reverse_mpls_label_stack_section6`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_destination_port`*:: +*`netflow.reverse_mpls_label_stack_section7`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_sequence_number`*:: +*`netflow.reverse_mpls_label_stack_section8`*:: + -- -type: long +type: keyword -- -*`netflow.tcp_acknowledgement_number`*:: +*`netflow.reverse_mpls_label_stack_section9`*:: + -- -type: long +type: keyword -- -*`netflow.tcp_window_size`*:: +*`netflow.reverse_mpls_payload_length`*:: + -- -type: integer +type: long -- -*`netflow.tcp_urgent_pointer`*:: +*`netflow.reverse_mpls_payload_packet_section`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_header_length`*:: +*`netflow.reverse_mpls_top_label_exp`*:: + -- type: short -- -*`netflow.ip_header_length`*:: +*`netflow.reverse_mpls_top_label_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.total_length_ipv4`*:: +*`netflow.reverse_mpls_top_label_ipv6_address`*:: + -- -type: integer +type: ip -- -*`netflow.payload_length_ipv6`*:: +*`netflow.reverse_mpls_top_label_prefix_length`*:: + -- -type: integer +type: short -- -*`netflow.ip_ttl`*:: +*`netflow.reverse_mpls_top_label_stack_section`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_mpls_top_label_ttl`*:: + -- type: short -- -*`netflow.next_header_ipv6`*:: +*`netflow.reverse_mpls_top_label_type`*:: + -- type: short -- -*`netflow.mpls_payload_length`*:: +*`netflow.reverse_mpls_vpn_route_distinguisher`*:: + -- -type: long +type: keyword -- -*`netflow.ip_diff_serv_code_point`*:: +*`netflow.reverse_multicast_replication_factor`*:: + -- -type: short +type: long -- -*`netflow.ip_precedence`*:: +*`netflow.reverse_nat_event`*:: + -- type: short -- -*`netflow.fragment_flags`*:: +*`netflow.reverse_nat_originating_address_realm`*:: + -- type: short -- -*`netflow.octet_delta_sum_of_squares`*:: +*`netflow.reverse_nat_pool_id`*:: + -- type: long -- -*`netflow.octet_total_sum_of_squares`*:: +*`netflow.reverse_nat_pool_name`*:: + -- -type: long +type: keyword -- -*`netflow.mpls_top_label_ttl`*:: +*`netflow.reverse_nat_type`*:: + -- type: short -- -*`netflow.mpls_label_stack_length`*:: +*`netflow.reverse_new_connection_delta_count`*:: + -- type: long -- -*`netflow.mpls_label_stack_depth`*:: +*`netflow.reverse_next_header_ipv6`*:: + -- -type: long +type: short -- -*`netflow.mpls_top_label_exp`*:: +*`netflow.reverse_non_empty_packet_count`*:: + -- -type: short +type: long -- -*`netflow.ip_payload_length`*:: +*`netflow.reverse_not_sent_layer2_octet_total_count`*:: + -- type: long -- -*`netflow.udp_message_length`*:: +*`netflow.reverse_observation_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_observation_point_id`*:: + -- -type: integer +type: long -- -*`netflow.is_multicast`*:: +*`netflow.reverse_observation_point_type`*:: + -- type: short -- -*`netflow.ipv4_ihl`*:: +*`netflow.reverse_observation_time_microseconds`*:: + -- -type: short +type: long -- -*`netflow.ipv4_options`*:: +*`netflow.reverse_observation_time_milliseconds`*:: + -- type: long -- -*`netflow.tcp_options`*:: +*`netflow.reverse_observation_time_nanoseconds`*:: + -- type: long -- -*`netflow.padding_octets`*:: +*`netflow.reverse_observation_time_seconds`*:: + -- -type: short +type: long -- -*`netflow.collector_ipv4_address`*:: +*`netflow.reverse_octet_delta_count`*:: + -- -type: ip +type: long -- -*`netflow.collector_ipv6_address`*:: +*`netflow.reverse_octet_delta_sum_of_squares`*:: + -- -type: ip +type: long -- -*`netflow.export_interface`*:: +*`netflow.reverse_octet_total_count`*:: + -- type: long -- -*`netflow.export_protocol_version`*:: +*`netflow.reverse_octet_total_sum_of_squares`*:: + -- -type: short +type: long -- -*`netflow.export_transport_protocol`*:: +*`netflow.reverse_opaque_octets`*:: + -- -type: short +type: keyword -- -*`netflow.collector_transport_port`*:: +*`netflow.reverse_original_exporter_ipv4_address`*:: + -- -type: integer +type: ip -- -*`netflow.exporter_transport_port`*:: +*`netflow.reverse_original_exporter_ipv6_address`*:: + -- -type: integer +type: ip -- -*`netflow.tcp_syn_total_count`*:: +*`netflow.reverse_original_flows_completed`*:: + -- type: long -- -*`netflow.tcp_fin_total_count`*:: +*`netflow.reverse_original_flows_initiated`*:: + -- type: long -- -*`netflow.tcp_rst_total_count`*:: +*`netflow.reverse_original_flows_present`*:: + -- type: long -- -*`netflow.tcp_psh_total_count`*:: +*`netflow.reverse_original_observation_domain_id`*:: + -- type: long -- -*`netflow.tcp_ack_total_count`*:: +*`netflow.reverse_os_finger_print`*:: + -- -type: long +type: keyword -- -*`netflow.tcp_urg_total_count`*:: +*`netflow.reverse_os_name`*:: + -- -type: long +type: keyword -- -*`netflow.ip_total_length`*:: +*`netflow.reverse_os_version`*:: + -- -type: long +type: keyword -- -*`netflow.post_nat_source_ipv4_address`*:: +*`netflow.reverse_p2p_technology`*:: + -- -type: ip +type: keyword -- -*`netflow.post_nat_destination_ipv4_address`*:: +*`netflow.reverse_packet_delta_count`*:: + -- -type: ip +type: long -- -*`netflow.post_napt_source_transport_port`*:: +*`netflow.reverse_packet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.post_napt_destination_transport_port`*:: +*`netflow.reverse_payload`*:: + -- -type: integer +type: keyword -- -*`netflow.nat_originating_address_realm`*:: +*`netflow.reverse_payload_entropy`*:: + -- type: short -- -*`netflow.nat_event`*:: +*`netflow.reverse_payload_length_ipv6`*:: + -- -type: short +type: integer -- -*`netflow.initiator_octets`*:: +*`netflow.reverse_port_id`*:: + -- type: long -- -*`netflow.responder_octets`*:: +*`netflow.reverse_port_range_end`*:: + -- -type: long +type: integer -- -*`netflow.firewall_event`*:: +*`netflow.reverse_port_range_num_ports`*:: + -- -type: short +type: integer -- -*`netflow.ingress_vrfid`*:: +*`netflow.reverse_port_range_start`*:: + -- -type: long +type: integer -- -*`netflow.egress_vrfid`*:: +*`netflow.reverse_port_range_step_size`*:: + -- -type: long +type: integer -- -*`netflow.vr_fname`*:: +*`netflow.reverse_post_destination_mac_address`*:: + -- type: keyword -- -*`netflow.post_mpls_top_label_exp`*:: +*`netflow.reverse_post_dot1q_customer_vlan_id`*:: + -- -type: short +type: integer -- -*`netflow.tcp_window_scale`*:: +*`netflow.reverse_post_dot1q_vlan_id`*:: + -- type: integer -- -*`netflow.biflow_direction`*:: +*`netflow.reverse_post_ip_class_of_service`*:: + -- type: short -- -*`netflow.ethernet_header_length`*:: +*`netflow.reverse_post_ip_diff_serv_code_point`*:: + -- type: short -- -*`netflow.ethernet_payload_length`*:: +*`netflow.reverse_post_ip_precedence`*:: + -- -type: integer +type: short -- -*`netflow.ethernet_total_length`*:: +*`netflow.reverse_post_layer2_octet_delta_count`*:: + -- -type: integer +type: long -- -*`netflow.dot1q_vlan_id`*:: +*`netflow.reverse_post_layer2_octet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.dot1q_priority`*:: +*`netflow.reverse_post_mcast_layer2_octet_delta_count`*:: + -- -type: short +type: long -- -*`netflow.dot1q_customer_vlan_id`*:: +*`netflow.reverse_post_mcast_layer2_octet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.dot1q_customer_priority`*:: +*`netflow.reverse_post_mcast_octet_delta_count`*:: + -- -type: short +type: long -- -*`netflow.metro_evc_id`*:: +*`netflow.reverse_post_mcast_octet_total_count`*:: + -- -type: keyword +type: long -- -*`netflow.metro_evc_type`*:: +*`netflow.reverse_post_mcast_packet_delta_count`*:: + -- -type: short +type: long -- -*`netflow.pseudo_wire_id`*:: +*`netflow.reverse_post_mcast_packet_total_count`*:: + -- type: long -- -*`netflow.pseudo_wire_type`*:: +*`netflow.reverse_post_mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_post_napt_destination_transport_port`*:: + -- type: integer -- -*`netflow.pseudo_wire_control_word`*:: +*`netflow.reverse_post_napt_source_transport_port`*:: + -- -type: long +type: integer -- -*`netflow.ingress_physical_interface`*:: +*`netflow.reverse_post_nat_destination_ipv4_address`*:: + -- -type: long +type: ip -- -*`netflow.egress_physical_interface`*:: +*`netflow.reverse_post_nat_destination_ipv6_address`*:: + -- -type: long +type: ip -- -*`netflow.post_dot1q_vlan_id`*:: +*`netflow.reverse_post_nat_source_ipv4_address`*:: + -- -type: integer +type: ip -- -*`netflow.post_dot1q_customer_vlan_id`*:: +*`netflow.reverse_post_nat_source_ipv6_address`*:: + -- -type: integer +type: ip -- -*`netflow.ethernet_type`*:: +*`netflow.reverse_post_octet_delta_count`*:: + -- -type: integer +type: long -- -*`netflow.post_ip_precedence`*:: +*`netflow.reverse_post_octet_total_count`*:: + -- -type: short +type: long -- -*`netflow.collection_time_milliseconds`*:: +*`netflow.reverse_post_packet_delta_count`*:: + -- -type: date +type: long -- -*`netflow.export_sctp_stream_id`*:: +*`netflow.reverse_post_packet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.max_export_seconds`*:: +*`netflow.reverse_post_source_mac_address`*:: + -- -type: date +type: keyword -- -*`netflow.max_flow_end_seconds`*:: +*`netflow.reverse_post_vlan_id`*:: + -- -type: date +type: integer -- -*`netflow.message_md5_checksum`*:: +*`netflow.reverse_private_enterprise_number`*:: + -- -type: short +type: long -- -*`netflow.message_scope`*:: +*`netflow.reverse_protocol_identifier`*:: + -- type: short -- -*`netflow.min_export_seconds`*:: +*`netflow.reverse_pseudo_wire_control_word`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_seconds`*:: +*`netflow.reverse_pseudo_wire_destination_ipv4_address`*:: + -- -type: date +type: ip -- -*`netflow.opaque_octets`*:: +*`netflow.reverse_pseudo_wire_id`*:: + -- -type: short +type: long -- -*`netflow.session_scope`*:: +*`netflow.reverse_pseudo_wire_type`*:: + -- -type: short +type: integer -- -*`netflow.max_flow_end_microseconds`*:: +*`netflow.reverse_relative_error`*:: + -- -type: date +type: double -- -*`netflow.max_flow_end_milliseconds`*:: +*`netflow.reverse_responder_octets`*:: + -- -type: date +type: long -- -*`netflow.max_flow_end_nanoseconds`*:: +*`netflow.reverse_responder_packets`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_microseconds`*:: +*`netflow.reverse_rfc3550_jitter_microseconds`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_milliseconds`*:: +*`netflow.reverse_rfc3550_jitter_milliseconds`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_nanoseconds`*:: +*`netflow.reverse_rfc3550_jitter_nanoseconds`*:: + -- -type: date +type: long -- -*`netflow.collector_certificate`*:: +*`netflow.reverse_rtp_payload_type`*:: + -- type: short -- -*`netflow.exporter_certificate`*:: +*`netflow.reverse_rtp_sequence_number`*:: + -- -type: short +type: integer -- -*`netflow.data_records_reliability`*:: +*`netflow.reverse_sampler_id`*:: + -- -type: boolean +type: short -- -*`netflow.observation_point_type`*:: +*`netflow.reverse_sampler_mode`*:: + -- type: short -- -*`netflow.new_connection_delta_count`*:: +*`netflow.reverse_sampler_name`*:: + -- -type: long +type: keyword -- -*`netflow.connection_sum_duration_seconds`*:: +*`netflow.reverse_sampler_random_interval`*:: + -- type: long -- -*`netflow.connection_transaction_id`*:: +*`netflow.reverse_sampling_algorithm`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_sampling_flow_interval`*:: + -- type: long -- -*`netflow.post_nat_source_ipv6_address`*:: +*`netflow.reverse_sampling_flow_spacing`*:: + -- -type: ip +type: long -- -*`netflow.post_nat_destination_ipv6_address`*:: +*`netflow.reverse_sampling_interval`*:: + -- -type: ip +type: long -- -*`netflow.nat_pool_id`*:: +*`netflow.reverse_sampling_packet_interval`*:: + -- type: long -- -*`netflow.nat_pool_name`*:: +*`netflow.reverse_sampling_packet_space`*:: + -- -type: keyword +type: long -- -*`netflow.anonymization_flags`*:: +*`netflow.reverse_sampling_population`*:: + -- -type: integer +type: long -- -*`netflow.anonymization_technique`*:: +*`netflow.reverse_sampling_probability`*:: + -- -type: integer +type: double -- -*`netflow.information_element_index`*:: +*`netflow.reverse_sampling_size`*:: + -- -type: integer +type: long -- -*`netflow.p2p_technology`*:: +*`netflow.reverse_sampling_time_interval`*:: + -- -type: keyword +type: long -- -*`netflow.tunnel_technology`*:: +*`netflow.reverse_sampling_time_space`*:: + -- -type: keyword +type: long -- -*`netflow.encrypted_technology`*:: +*`netflow.reverse_second_packet_banner`*:: + -- type: keyword -- -*`netflow.bgp_validity_state`*:: +*`netflow.reverse_section_exported_octets`*:: + -- -type: short +type: integer -- -*`netflow.ip_sec_spi`*:: +*`netflow.reverse_section_offset`*:: + -- -type: long +type: integer -- -*`netflow.gre_key`*:: +*`netflow.reverse_selection_sequence_id`*:: + -- type: long -- -*`netflow.nat_type`*:: +*`netflow.reverse_selector_algorithm`*:: + -- -type: short +type: integer -- -*`netflow.initiator_packets`*:: +*`netflow.reverse_selector_id`*:: + -- type: long -- -*`netflow.responder_packets`*:: +*`netflow.reverse_selector_id_total_flows_observed`*:: + -- type: long -- -*`netflow.observation_domain_name`*:: +*`netflow.reverse_selector_id_total_flows_selected`*:: + -- -type: keyword +type: long -- -*`netflow.selection_sequence_id`*:: +*`netflow.reverse_selector_id_total_pkts_observed`*:: + -- type: long -- -*`netflow.selector_id`*:: +*`netflow.reverse_selector_id_total_pkts_selected`*:: + -- type: long -- -*`netflow.information_element_id`*:: +*`netflow.reverse_selector_name`*:: + -- -type: integer +type: keyword -- -*`netflow.selector_algorithm`*:: +*`netflow.reverse_session_scope`*:: + -- -type: integer +type: short -- -*`netflow.sampling_packet_interval`*:: +*`netflow.reverse_small_packet_count`*:: + -- type: long -- -*`netflow.sampling_packet_space`*:: +*`netflow.reverse_source_ipv4_address`*:: + -- -type: long +type: ip + +-- + +*`netflow.reverse_source_ipv4_prefix`*:: ++ +-- +type: ip -- -*`netflow.sampling_time_interval`*:: +*`netflow.reverse_source_ipv4_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.sampling_time_space`*:: +*`netflow.reverse_source_ipv6_address`*:: + -- -type: long +type: ip -- -*`netflow.sampling_size`*:: +*`netflow.reverse_source_ipv6_prefix`*:: + -- -type: long +type: ip -- -*`netflow.sampling_population`*:: +*`netflow.reverse_source_ipv6_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.sampling_probability`*:: +*`netflow.reverse_source_mac_address`*:: + -- -type: double +type: keyword -- -*`netflow.data_link_frame_size`*:: +*`netflow.reverse_source_transport_port`*:: + -- type: integer -- -*`netflow.ip_header_packet_section`*:: +*`netflow.reverse_src_traffic_index`*:: + -- -type: short +type: long -- -*`netflow.ip_payload_packet_section`*:: +*`netflow.reverse_sta_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.data_link_frame_section`*:: +*`netflow.reverse_sta_mac_address`*:: + -- -type: short +type: keyword -- -*`netflow.mpls_label_stack_section`*:: +*`netflow.reverse_standard_deviation_interarrival_time`*:: + -- -type: short +type: long -- -*`netflow.mpls_payload_packet_section`*:: +*`netflow.reverse_standard_deviation_payload_length`*:: + -- -type: short +type: integer -- -*`netflow.selector_id_total_pkts_observed`*:: +*`netflow.reverse_system_init_time_milliseconds`*:: + -- type: long -- -*`netflow.selector_id_total_pkts_selected`*:: +*`netflow.reverse_tcp_ack_total_count`*:: + -- type: long -- -*`netflow.absolute_error`*:: +*`netflow.reverse_tcp_acknowledgement_number`*:: + -- -type: double +type: long -- -*`netflow.relative_error`*:: +*`netflow.reverse_tcp_control_bits`*:: + -- -type: double +type: integer -- -*`netflow.observation_time_seconds`*:: +*`netflow.reverse_tcp_destination_port`*:: + -- -type: date +type: integer -- -*`netflow.observation_time_milliseconds`*:: +*`netflow.reverse_tcp_fin_total_count`*:: + -- -type: date +type: long -- -*`netflow.observation_time_microseconds`*:: +*`netflow.reverse_tcp_header_length`*:: + -- -type: date +type: short -- -*`netflow.observation_time_nanoseconds`*:: +*`netflow.reverse_tcp_options`*:: + -- -type: date +type: long -- -*`netflow.digest_hash_value`*:: +*`netflow.reverse_tcp_psh_total_count`*:: + -- type: long -- -*`netflow.hash_ip_payload_offset`*:: +*`netflow.reverse_tcp_rst_total_count`*:: + -- type: long -- -*`netflow.hash_ip_payload_size`*:: +*`netflow.reverse_tcp_sequence_number`*:: + -- type: long -- -*`netflow.hash_output_range_min`*:: +*`netflow.reverse_tcp_source_port`*:: + -- -type: long +type: integer -- -*`netflow.hash_output_range_max`*:: +*`netflow.reverse_tcp_syn_total_count`*:: + -- type: long -- -*`netflow.hash_selected_range_min`*:: +*`netflow.reverse_tcp_urg_total_count`*:: + -- type: long -- -*`netflow.hash_selected_range_max`*:: +*`netflow.reverse_tcp_urgent_pointer`*:: + -- -type: long +type: integer -- -*`netflow.hash_digest_output`*:: +*`netflow.reverse_tcp_window_scale`*:: + -- -type: boolean +type: integer -- -*`netflow.hash_initialiser_value`*:: +*`netflow.reverse_tcp_window_size`*:: + -- -type: long +type: integer -- -*`netflow.selector_name`*:: +*`netflow.reverse_total_length_ipv4`*:: + -- -type: keyword +type: integer -- -*`netflow.upper_ci_limit`*:: +*`netflow.reverse_transport_octet_delta_count`*:: + -- -type: double +type: long -- -*`netflow.lower_ci_limit`*:: +*`netflow.reverse_transport_packet_delta_count`*:: + -- -type: double +type: long -- -*`netflow.confidence_level`*:: +*`netflow.reverse_tunnel_technology`*:: + -- -type: double +type: keyword -- -*`netflow.information_element_data_type`*:: +*`netflow.reverse_udp_destination_port`*:: + -- -type: short +type: integer -- -*`netflow.information_element_description`*:: +*`netflow.reverse_udp_message_length`*:: + -- -type: keyword +type: integer -- -*`netflow.information_element_name`*:: +*`netflow.reverse_udp_source_port`*:: + -- -type: keyword +type: integer -- -*`netflow.information_element_range_begin`*:: +*`netflow.reverse_union_tcp_flags`*:: + -- -type: long +type: short -- -*`netflow.information_element_range_end`*:: +*`netflow.reverse_upper_ci_limit`*:: + -- -type: long +type: double -- -*`netflow.information_element_semantics`*:: +*`netflow.reverse_user_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_value_distribution_method`*:: + -- type: short -- -*`netflow.information_element_units`*:: +*`netflow.reverse_virtual_station_interface_id`*:: + -- -type: integer +type: keyword -- -*`netflow.private_enterprise_number`*:: +*`netflow.reverse_virtual_station_interface_name`*:: + -- -type: long +type: keyword -- -*`netflow.virtual_station_interface_id`*:: +*`netflow.reverse_virtual_station_name`*:: + -- -type: short +type: keyword -- -*`netflow.virtual_station_interface_name`*:: +*`netflow.reverse_virtual_station_uuid`*:: + -- type: keyword -- -*`netflow.virtual_station_uuid`*:: +*`netflow.reverse_vlan_id`*:: + -- -type: short +type: integer -- -*`netflow.virtual_station_name`*:: +*`netflow.reverse_vr_fname`*:: + -- type: keyword -- -*`netflow.layer2_segment_id`*:: +*`netflow.reverse_wlan_channel_id`*:: + -- -type: long +type: short -- -*`netflow.layer2_octet_delta_count`*:: +*`netflow.reverse_wlan_ssid`*:: + -- -type: long +type: keyword -- -*`netflow.layer2_octet_total_count`*:: +*`netflow.reverse_wtp_mac_address`*:: + -- -type: long +type: keyword -- -*`netflow.ingress_unicast_packet_total_count`*:: +*`netflow.rfc3550_jitter_microseconds`*:: + -- type: long -- -*`netflow.ingress_multicast_packet_total_count`*:: +*`netflow.rfc3550_jitter_milliseconds`*:: + -- type: long -- -*`netflow.ingress_broadcast_packet_total_count`*:: +*`netflow.rfc3550_jitter_nanoseconds`*:: + -- type: long -- -*`netflow.egress_unicast_packet_total_count`*:: +*`netflow.rtp_payload_type`*:: + -- -type: long +type: short -- -*`netflow.egress_broadcast_packet_total_count`*:: +*`netflow.rtp_sequence_number`*:: + -- -type: long +type: integer -- -*`netflow.monitoring_interval_start_milli_seconds`*:: +*`netflow.sampler_id`*:: + -- -type: date +type: short -- -*`netflow.monitoring_interval_end_milli_seconds`*:: +*`netflow.sampler_mode`*:: + -- -type: date +type: short -- -*`netflow.port_range_start`*:: +*`netflow.sampler_name`*:: + -- -type: integer +type: keyword -- -*`netflow.port_range_end`*:: +*`netflow.sampler_random_interval`*:: + -- -type: integer +type: long -- -*`netflow.port_range_step_size`*:: +*`netflow.sampling_algorithm`*:: + -- -type: integer +type: short -- -*`netflow.port_range_num_ports`*:: +*`netflow.sampling_flow_interval`*:: + -- -type: integer +type: long -- -*`netflow.sta_mac_address`*:: +*`netflow.sampling_flow_spacing`*:: + -- -type: keyword +type: long -- -*`netflow.sta_ipv4_address`*:: +*`netflow.sampling_interval`*:: + -- -type: ip +type: long -- -*`netflow.wtp_mac_address`*:: +*`netflow.sampling_packet_interval`*:: + -- -type: keyword +type: long -- -*`netflow.ingress_interface_type`*:: +*`netflow.sampling_packet_space`*:: + -- type: long -- -*`netflow.egress_interface_type`*:: +*`netflow.sampling_population`*:: + -- type: long -- -*`netflow.rtp_sequence_number`*:: +*`netflow.sampling_probability`*:: + -- -type: integer +type: double -- -*`netflow.user_name`*:: +*`netflow.sampling_size`*:: + -- -type: keyword +type: long -- -*`netflow.application_category_name`*:: +*`netflow.sampling_time_interval`*:: + -- -type: keyword +type: long -- -*`netflow.application_sub_category_name`*:: +*`netflow.sampling_time_space`*:: + -- -type: keyword +type: long -- -*`netflow.application_group_name`*:: +*`netflow.second_packet_banner`*:: + -- type: keyword -- -*`netflow.original_flows_present`*:: +*`netflow.section_exported_octets`*:: + -- -type: long +type: integer -- -*`netflow.original_flows_initiated`*:: +*`netflow.section_offset`*:: + -- -type: long +type: integer -- -*`netflow.original_flows_completed`*:: +*`netflow.selection_sequence_id`*:: + -- type: long -- -*`netflow.distinct_count_of_source_ip_address`*:: +*`netflow.selector_algorithm`*:: + -- -type: long +type: integer -- -*`netflow.distinct_count_of_destination_ip_address`*:: +*`netflow.selector_id`*:: + -- type: long -- -*`netflow.distinct_count_of_source_ipv4_address`*:: +*`netflow.selector_id_total_flows_observed`*:: + -- type: long -- -*`netflow.distinct_count_of_destination_ipv4_address`*:: +*`netflow.selector_id_total_flows_selected`*:: + -- type: long -- -*`netflow.distinct_count_of_source_ipv6_address`*:: +*`netflow.selector_id_total_pkts_observed`*:: + -- type: long -- -*`netflow.distinct_count_of_destination_ipv6_address`*:: +*`netflow.selector_id_total_pkts_selected`*:: + -- type: long -- -*`netflow.value_distribution_method`*:: +*`netflow.selector_name`*:: + -- -type: short +type: keyword -- -*`netflow.rfc3550_jitter_milliseconds`*:: +*`netflow.service_name`*:: + -- -type: long +type: keyword -- -*`netflow.rfc3550_jitter_microseconds`*:: +*`netflow.session_scope`*:: + -- -type: long +type: short -- -*`netflow.rfc3550_jitter_nanoseconds`*:: +*`netflow.silk_app_label`*:: + -- -type: long +type: integer -- -*`netflow.dot1q_dei`*:: +*`netflow.small_packet_count`*:: + -- -type: boolean +type: long -- -*`netflow.dot1q_customer_dei`*:: +*`netflow.source_ipv4_address`*:: + -- -type: boolean +type: ip -- -*`netflow.flow_selector_algorithm`*:: +*`netflow.source_ipv4_prefix`*:: + -- -type: integer +type: ip -- -*`netflow.flow_selected_octet_delta_count`*:: +*`netflow.source_ipv4_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.flow_selected_packet_delta_count`*:: +*`netflow.source_ipv6_address`*:: + -- -type: long +type: ip -- -*`netflow.flow_selected_flow_delta_count`*:: +*`netflow.source_ipv6_prefix`*:: + -- -type: long +type: ip -- -*`netflow.selector_id_total_flows_observed`*:: +*`netflow.source_ipv6_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.selector_id_total_flows_selected`*:: +*`netflow.source_mac_address`*:: + -- -type: long +type: keyword -- -*`netflow.sampling_flow_interval`*:: +*`netflow.source_transport_port`*:: + -- -type: long +type: integer -- -*`netflow.sampling_flow_spacing`*:: +*`netflow.source_transport_ports_limit`*:: + -- -type: long +type: integer -- -*`netflow.flow_sampling_time_interval`*:: +*`netflow.src_traffic_index`*:: + -- type: long -- -*`netflow.flow_sampling_time_spacing`*:: +*`netflow.ssl_cert_serial_number`*:: + -- -type: long +type: keyword -- -*`netflow.hash_flow_domain`*:: +*`netflow.ssl_cert_signature`*:: + -- -type: integer +type: keyword -- -*`netflow.transport_octet_delta_count`*:: +*`netflow.ssl_cert_validity_not_after`*:: + -- -type: long +type: keyword -- -*`netflow.transport_packet_delta_count`*:: +*`netflow.ssl_cert_validity_not_before`*:: + -- -type: long +type: keyword -- -*`netflow.original_exporter_ipv4_address`*:: +*`netflow.ssl_cert_version`*:: + -- -type: ip +type: short -- -*`netflow.original_exporter_ipv6_address`*:: +*`netflow.ssl_certificate_hash`*:: + -- -type: ip +type: keyword -- -*`netflow.original_observation_domain_id`*:: +*`netflow.ssl_cipher`*:: + -- -type: long +type: keyword -- -*`netflow.intermediate_process_id`*:: +*`netflow.ssl_client_version`*:: + -- -type: long +type: short -- -*`netflow.ignored_data_record_total_count`*:: +*`netflow.ssl_compression_method`*:: + -- -type: long +type: short -- -*`netflow.data_link_frame_type`*:: +*`netflow.ssl_object_type`*:: + -- -type: integer +type: keyword -- -*`netflow.section_offset`*:: +*`netflow.ssl_object_value`*:: + -- -type: integer +type: keyword -- -*`netflow.section_exported_octets`*:: +*`netflow.ssl_public_key_algorithm`*:: + -- -type: integer +type: keyword -- -*`netflow.dot1q_service_instance_tag`*:: +*`netflow.ssl_public_key_length`*:: + -- -type: short +type: keyword -- -*`netflow.dot1q_service_instance_id`*:: +*`netflow.ssl_server_cipher`*:: + -- type: long -- -*`netflow.dot1q_service_instance_priority`*:: +*`netflow.ssl_server_name`*:: + -- -type: short +type: keyword -- -*`netflow.dot1q_customer_source_mac_address`*:: +*`netflow.sta_ipv4_address`*:: + -- -type: keyword +type: ip -- -*`netflow.dot1q_customer_destination_mac_address`*:: +*`netflow.sta_mac_address`*:: + -- type: keyword -- -*`netflow.post_layer2_octet_delta_count`*:: +*`netflow.standard_deviation_interarrival_time`*:: + -- type: long -- -*`netflow.post_mcast_layer2_octet_delta_count`*:: +*`netflow.standard_deviation_payload_length`*:: + -- -type: long +type: short -- -*`netflow.post_layer2_octet_total_count`*:: +*`netflow.system_init_time_milliseconds`*:: + -- -type: long +type: date -- -*`netflow.post_mcast_layer2_octet_total_count`*:: +*`netflow.tcp_ack_total_count`*:: + -- type: long -- -*`netflow.minimum_layer2_total_length`*:: +*`netflow.tcp_acknowledgement_number`*:: + -- type: long -- -*`netflow.maximum_layer2_total_length`*:: +*`netflow.tcp_control_bits`*:: + -- -type: long +type: integer -- -*`netflow.dropped_layer2_octet_delta_count`*:: +*`netflow.tcp_destination_port`*:: + -- -type: long +type: integer -- -*`netflow.dropped_layer2_octet_total_count`*:: +*`netflow.tcp_fin_total_count`*:: + -- type: long -- -*`netflow.ignored_layer2_octet_total_count`*:: +*`netflow.tcp_header_length`*:: + -- -type: long +type: short -- -*`netflow.not_sent_layer2_octet_total_count`*:: +*`netflow.tcp_options`*:: + -- type: long -- -*`netflow.layer2_octet_delta_sum_of_squares`*:: +*`netflow.tcp_psh_total_count`*:: + -- type: long -- -*`netflow.layer2_octet_total_sum_of_squares`*:: +*`netflow.tcp_rst_total_count`*:: + -- type: long -- -*`netflow.layer2_frame_delta_count`*:: +*`netflow.tcp_sequence_number`*:: + -- type: long -- -*`netflow.layer2_frame_total_count`*:: +*`netflow.tcp_source_port`*:: + -- -type: long +type: integer -- -*`netflow.pseudo_wire_destination_ipv4_address`*:: +*`netflow.tcp_syn_total_count`*:: + -- -type: ip +type: long -- -*`netflow.ignored_layer2_frame_total_count`*:: +*`netflow.tcp_urg_total_count`*:: + -- type: long -- -*`netflow.mib_object_value_integer`*:: +*`netflow.tcp_urgent_pointer`*:: + -- type: integer -- -*`netflow.mib_object_value_octet_string`*:: +*`netflow.tcp_window_scale`*:: + -- -type: short +type: integer -- -*`netflow.mib_object_value_oid`*:: +*`netflow.tcp_window_size`*:: + -- -type: short +type: integer -- -*`netflow.mib_object_value_bits`*:: +*`netflow.template_id`*:: + -- -type: short +type: integer -- -*`netflow.mib_object_value_ip_address`*:: +*`netflow.tftp_filename`*:: + -- -type: ip +type: keyword -- -*`netflow.mib_object_value_counter`*:: +*`netflow.tftp_mode`*:: + -- -type: long +type: keyword -- -*`netflow.mib_object_value_gauge`*:: +*`netflow.timestamp`*:: + -- type: long -- -*`netflow.mib_object_value_time_ticks`*:: +*`netflow.timestamp_absolute_monitoring-interval`*:: + -- type: long -- -*`netflow.mib_object_value_unsigned`*:: +*`netflow.total_length_ipv4`*:: + -- -type: long +type: integer -- -*`netflow.mib_object_identifier`*:: +*`netflow.traffic_type`*:: + -- type: short -- -*`netflow.mib_sub_identifier`*:: +*`netflow.transport_octet_delta_count`*:: + -- type: long -- -*`netflow.mib_index_indicator`*:: +*`netflow.transport_packet_delta_count`*:: + -- type: long -- -*`netflow.mib_capture_time_semantics`*:: +*`netflow.tunnel_technology`*:: + -- -type: short +type: keyword -- -*`netflow.mib_context_engine_id`*:: +*`netflow.udp_destination_port`*:: + -- -type: short +type: integer -- -*`netflow.mib_context_name`*:: +*`netflow.udp_message_length`*:: + -- -type: keyword +type: integer -- -*`netflow.mib_object_name`*:: +*`netflow.udp_source_port`*:: + -- -type: keyword +type: integer -- -*`netflow.mib_object_description`*:: +*`netflow.union_tcp_flags`*:: + -- -type: keyword +type: short -- -*`netflow.mib_object_syntax`*:: +*`netflow.upper_ci_limit`*:: + -- -type: keyword +type: double -- -*`netflow.mib_module_name`*:: +*`netflow.user_name`*:: + -- type: keyword -- -*`netflow.mobile_imsi`*:: +*`netflow.username`*:: + -- type: keyword -- -*`netflow.mobile_msisdn`*:: +*`netflow.value_distribution_method`*:: + -- -type: keyword +type: short -- -*`netflow.http_status_code`*:: +*`netflow.viptela_vpn_id`*:: + -- -type: integer +type: long -- -*`netflow.source_transport_ports_limit`*:: +*`netflow.virtual_station_interface_id`*:: + -- -type: integer +type: short -- -*`netflow.http_request_method`*:: +*`netflow.virtual_station_interface_name`*:: + -- type: keyword -- -*`netflow.http_request_host`*:: +*`netflow.virtual_station_name`*:: + -- type: keyword -- -*`netflow.http_request_target`*:: +*`netflow.virtual_station_uuid`*:: + -- -type: keyword +type: short -- -*`netflow.http_message_version`*:: +*`netflow.vlan_id`*:: + -- -type: keyword +type: integer -- -*`netflow.nat_instance_id`*:: +*`netflow.vmware_egress_interface_attr`*:: + -- -type: long +type: integer -- -*`netflow.internal_address_realm`*:: +*`netflow.vmware_ingress_interface_attr`*:: + -- -type: short +type: integer -- -*`netflow.external_address_realm`*:: +*`netflow.vmware_tenant_dest_ipv4`*:: + -- -type: short +type: ip -- -*`netflow.nat_quota_exceeded_event`*:: +*`netflow.vmware_tenant_dest_ipv6`*:: + -- -type: long +type: ip -- -*`netflow.nat_threshold_event`*:: +*`netflow.vmware_tenant_dest_port`*:: + -- -type: long +type: integer -- -*`netflow.http_user_agent`*:: +*`netflow.vmware_tenant_protocol`*:: + -- -type: keyword +type: short -- -*`netflow.http_content_type`*:: +*`netflow.vmware_tenant_source_ipv4`*:: + -- -type: keyword +type: ip -- -*`netflow.http_reason_phrase`*:: +*`netflow.vmware_tenant_source_ipv6`*:: + -- -type: keyword +type: ip -- -*`netflow.max_session_entries`*:: +*`netflow.vmware_tenant_source_port`*:: + -- -type: long +type: integer -- -*`netflow.max_bib_entries`*:: +*`netflow.vmware_vxlan_export_role`*:: + -- -type: long +type: short -- -*`netflow.max_entries_per_user`*:: +*`netflow.vpn_identifier`*:: + -- -type: long +type: short -- -*`netflow.max_subscribers`*:: +*`netflow.vr_fname`*:: + -- -type: long +type: keyword -- -*`netflow.max_fragments_pending_reassembly`*:: +*`netflow.waasoptimization_segment`*:: + -- -type: long +type: short -- -*`netflow.address_pool_high_threshold`*:: +*`netflow.wlan_channel_id`*:: + -- -type: long +type: short -- -*`netflow.address_pool_low_threshold`*:: +*`netflow.wlan_ssid`*:: + -- -type: long +type: keyword -- -*`netflow.address_port_mapping_high_threshold`*:: +*`netflow.wtp_mac_address`*:: + -- -type: long +type: keyword -- -*`netflow.address_port_mapping_low_threshold`*:: +*`netflow.xlate_destination_address_ip_v4`*:: + -- -type: long +type: ip -- -*`netflow.address_port_mapping_per_user_high_threshold`*:: +*`netflow.xlate_destination_port`*:: + -- -type: long +type: integer -- -*`netflow.global_address_mapping_high_threshold`*:: +*`netflow.xlate_source_address_ip_v4`*:: + -- -type: long +type: ip -- -*`netflow.vpn_identifier`*:: +*`netflow.xlate_source_port`*:: + -- -type: short +type: integer -- diff --git a/x-pack/filebeat/input/netflow/_meta/fields.header.yml b/x-pack/filebeat/input/netflow/_meta/fields.header.yml index 60e585ec2df..2b1b2aa6b8c 100644 --- a/x-pack/filebeat/input/netflow/_meta/fields.header.yml +++ b/x-pack/filebeat/input/netflow/_meta/fields.header.yml @@ -5,6 +5,7 @@ fields: - name: netflow type: group + default_field: false description: > Fields from NetFlow and IPFIX. fields: diff --git a/x-pack/filebeat/input/netflow/_meta/fields.yml b/x-pack/filebeat/input/netflow/_meta/fields.yml index f5a4c0823d5..e9e0755d375 100644 --- a/x-pack/filebeat/input/netflow/_meta/fields.yml +++ b/x-pack/filebeat/input/netflow/_meta/fields.yml @@ -1,3 +1,6 @@ +######################################## +# This file is generated. Do not modify. +######################################## - key: netflow title: "NetFlow" description: > @@ -5,6 +8,7 @@ fields: - name: netflow type: group + default_field: false description: > Fields from NetFlow and IPFIX. fields: @@ -43,1341 +47,3951 @@ description: > NetFlow version used. - - name: octet_delta_count + - name: absolute_error + type: double + + - name: address_pool_high_threshold type: long - - name: packet_delta_count + - name: address_pool_low_threshold type: long - - name: delta_flow_count + - name: address_port_mapping_high_threshold type: long - - name: protocol_identifier - type: short + - name: address_port_mapping_low_threshold + type: long - - name: ip_class_of_service - type: short + - name: address_port_mapping_per_user_high_threshold + type: long - - name: tcp_control_bits + - name: afc_protocol type: integer - - name: source_transport_port - type: integer + - name: afc_protocol_name + type: keyword - - name: source_ipv4_address - type: ip + - name: anonymization_flags + type: integer - - name: source_ipv4_prefix_length - type: short + - name: anonymization_technique + type: integer - - name: ingress_interface + - name: application_business-relevance type: long - - name: destination_transport_port - type: integer + - name: application_category_name + type: keyword - - name: destination_ipv4_address - type: ip + - name: application_description + type: keyword - - name: destination_ipv4_prefix_length - type: short + - name: application_group_name + type: keyword - - name: egress_interface - type: long + - name: application_http_uri_statistics + type: short - - name: ip_next_hop_ipv4_address - type: ip + - name: application_http_user-agent + type: short - - name: bgp_source_as_number - type: long + - name: application_id + type: short - - name: bgp_destination_as_number - type: long + - name: application_name + type: keyword - - name: bgp_next_hop_ipv4_address - type: ip + - name: application_sub_category_name + type: keyword - - name: post_mcast_packet_delta_count + - name: application_traffic-class type: long - - name: post_mcast_octet_delta_count + - name: art_client_network_time_maximum type: long - - name: flow_end_sys_up_time + - name: art_client_network_time_minimum type: long - - name: flow_start_sys_up_time + - name: art_client_network_time_sum type: long - - name: post_octet_delta_count + - name: art_clientpackets type: long - - name: post_packet_delta_count + - name: art_count_late_responses type: long - - name: minimum_ip_total_length + - name: art_count_new_connections type: long - - name: maximum_ip_total_length + - name: art_count_responses type: long - - name: source_ipv6_address - type: ip - - - name: destination_ipv6_address - type: ip - - - name: source_ipv6_prefix_length - type: short + - name: art_count_responses_histogram_bucket1 + type: long - - name: destination_ipv6_prefix_length - type: short + - name: art_count_responses_histogram_bucket2 + type: long - - name: flow_label_ipv6 + - name: art_count_responses_histogram_bucket3 type: long - - name: icmp_type_code_ipv4 - type: integer + - name: art_count_responses_histogram_bucket4 + type: long - - name: igmp_type - type: short + - name: art_count_responses_histogram_bucket5 + type: long - - name: sampling_interval + - name: art_count_responses_histogram_bucket6 type: long - - name: sampling_algorithm - type: short + - name: art_count_responses_histogram_bucket7 + type: long - - name: flow_active_timeout - type: integer + - name: art_count_retransmissions + type: long - - name: flow_idle_timeout - type: integer + - name: art_count_transactions + type: long - - name: engine_type - type: short + - name: art_network_time_maximum + type: long - - name: engine_id - type: short + - name: art_network_time_minimum + type: long - - name: exported_octet_total_count + - name: art_network_time_sum type: long - - name: exported_message_total_count + - name: art_response_time_maximum type: long - - name: exported_flow_record_total_count + - name: art_response_time_minimum type: long - - name: ipv4_router_sc - type: ip + - name: art_response_time_sum + type: long - - name: source_ipv4_prefix - type: ip + - name: art_server_network_time_maximum + type: long - - name: destination_ipv4_prefix - type: ip + - name: art_server_network_time_minimum + type: long - - name: mpls_top_label_type - type: short + - name: art_server_network_time_sum + type: long - - name: mpls_top_label_ipv4_address - type: ip + - name: art_server_response_time_maximum + type: long - - name: sampler_id - type: short + - name: art_server_response_time_minimum + type: long - - name: sampler_mode - type: short + - name: art_server_response_time_sum + type: long - - name: sampler_random_interval + - name: art_serverpackets type: long - - name: class_id + - name: art_total_response_time_maximum type: long - - name: minimum_ttl - type: short + - name: art_total_response_time_minimum + type: long - - name: maximum_ttl - type: short + - name: art_total_response_time_sum + type: long - - name: fragment_identification + - name: art_total_transaction_time_maximum type: long - - name: post_ip_class_of_service - type: short + - name: art_total_transaction_time_minimum + type: long - - name: source_mac_address - type: keyword + - name: art_total_transaction_time_sum + type: long - - name: post_destination_mac_address - type: keyword + - name: assembled_fragment_count + type: long - - name: vlan_id - type: integer + - name: audit_counter + type: long - - name: post_vlan_id - type: integer + - name: average_interarrival_time + type: long - - name: ip_version - type: short + - name: bgp_destination_as_number + type: long - - name: flow_direction - type: short + - name: bgp_next_adjacent_as_number + type: long - - name: ip_next_hop_ipv6_address + - name: bgp_next_hop_ipv4_address type: ip - name: bgp_next_hop_ipv6_address type: ip - - name: ipv6_extension_headers + - name: bgp_prev_adjacent_as_number type: long - - name: mpls_top_label_stack_section - type: short + - name: bgp_source_as_number + type: long - - name: mpls_label_stack_section2 + - name: bgp_validity_state type: short - - name: mpls_label_stack_section3 + - name: biflow_direction type: short - - name: mpls_label_stack_section4 - type: short + - name: bind_ipv4_address + type: ip - - name: mpls_label_stack_section5 - type: short + - name: bind_transport_port + type: integer - - name: mpls_label_stack_section6 - type: short + - name: class_id + type: long - - name: mpls_label_stack_section7 - type: short + - name: class_name + type: keyword - - name: mpls_label_stack_section8 + - name: classification_engine_id type: short - - name: mpls_label_stack_section9 - type: short + - name: collection_time_milliseconds + type: date - - name: mpls_label_stack_section10 + - name: collector_certificate type: short - - name: destination_mac_address - type: keyword + - name: collector_ipv4_address + type: ip - - name: post_source_mac_address - type: keyword + - name: collector_ipv6_address + type: ip - - name: interface_name - type: keyword + - name: collector_transport_port + type: integer - - name: interface_description - type: keyword + - name: common_properties_id + type: long - - name: sampler_name - type: keyword + - name: confidence_level + type: double - - name: octet_total_count + - name: conn_ipv4_address + type: ip + + - name: conn_transport_port + type: integer + + - name: connection_sum_duration_seconds type: long - - name: packet_total_count + - name: connection_transaction_id type: long - - name: flags_and_sampler_id + - name: conntrack_id type: long - - name: fragment_offset - type: integer + - name: data_byte_count + type: long - - name: forwarding_status + - name: data_link_frame_section type: short - - name: mpls_vpn_route_distinguisher - type: short + - name: data_link_frame_size + type: integer - - name: mpls_top_label_prefix_length - type: short + - name: data_link_frame_type + type: integer - - name: src_traffic_index - type: long + - name: data_records_reliability + type: boolean - - name: dst_traffic_index + - name: delta_flow_count type: long - - name: application_description - type: keyword - - - name: application_id - type: short + - name: destination_ipv4_address + type: ip - - name: application_name - type: keyword + - name: destination_ipv4_prefix + type: ip - - name: post_ip_diff_serv_code_point + - name: destination_ipv4_prefix_length type: short - - name: multicast_replication_factor - type: long + - name: destination_ipv6_address + type: ip - - name: class_name - type: keyword + - name: destination_ipv6_prefix + type: ip - - name: classification_engine_id + - name: destination_ipv6_prefix_length type: short - - name: layer2packet_section_offset - type: integer + - name: destination_mac_address + type: keyword - - name: layer2packet_section_size + - name: destination_transport_port type: integer - - name: layer2packet_section_data - type: short - - - name: bgp_next_adjacent_as_number + - name: digest_hash_value type: long - - name: bgp_prev_adjacent_as_number + - name: distinct_count_of_destination_ip_address type: long - - name: exporter_ipv4_address - type: ip - - - name: exporter_ipv6_address - type: ip + - name: distinct_count_of_destination_ipv4_address + type: long - - name: dropped_octet_delta_count + - name: distinct_count_of_destination_ipv6_address type: long - - name: dropped_packet_delta_count + - name: distinct_count_of_source_ip_address type: long - - name: dropped_octet_total_count + - name: distinct_count_of_source_ipv4_address type: long - - name: dropped_packet_total_count + - name: distinct_count_of_source_ipv6_address type: long - - name: flow_end_reason + - name: dns_authoritative type: short - - name: common_properties_id - type: long + - name: dns_cname + type: keyword - - name: observation_point_id - type: long + - name: dns_id + type: integer - - name: icmp_type_code_ipv6 + - name: dns_mx_exchange + type: keyword + + - name: dns_mx_preference type: integer - - name: mpls_top_label_ipv6_address - type: ip + - name: dns_nsd_name + type: keyword - - name: line_card_id + - name: dns_nx_domain + type: short + + - name: dns_ptrd_name + type: keyword + + - name: dns_qname + type: keyword + + - name: dns_qr_type + type: integer + + - name: dns_query_response + type: short + + - name: dns_rr_section + type: short + + - name: dns_soa_expire type: long - - name: port_id + - name: dns_soa_minimum type: long - - name: metering_process_id + - name: dns_soa_refresh type: long - - name: exporting_process_id + - name: dns_soa_retry type: long - - name: template_id - type: integer + - name: dns_soa_serial + type: long - - name: wlan_channel_id - type: short + - name: dns_soam_name + type: keyword - - name: wlan_ssid + - name: dns_soar_name type: keyword - - name: flow_id - type: long + - name: dns_srv_port + type: integer - - name: observation_domain_id + - name: dns_srv_priority + type: integer + + - name: dns_srv_target + type: integer + + - name: dns_srv_weight + type: integer + + - name: dns_ttl type: long - - name: flow_start_seconds - type: date + - name: dns_txt_data + type: keyword - - name: flow_end_seconds - type: date + - name: dot1q_customer_dei + type: boolean - - name: flow_start_milliseconds - type: date + - name: dot1q_customer_destination_mac_address + type: keyword - - name: flow_end_milliseconds - type: date + - name: dot1q_customer_priority + type: short - - name: flow_start_microseconds - type: date + - name: dot1q_customer_source_mac_address + type: keyword - - name: flow_end_microseconds - type: date + - name: dot1q_customer_vlan_id + type: integer - - name: flow_start_nanoseconds - type: date + - name: dot1q_dei + type: boolean - - name: flow_end_nanoseconds - type: date + - name: dot1q_priority + type: short - - name: flow_start_delta_microseconds + - name: dot1q_service_instance_id type: long - - name: flow_end_delta_microseconds - type: long + - name: dot1q_service_instance_priority + type: short - - name: system_init_time_milliseconds - type: date + - name: dot1q_service_instance_tag + type: short - - name: flow_duration_milliseconds - type: long + - name: dot1q_vlan_id + type: integer - - name: flow_duration_microseconds + - name: dropped_layer2_octet_delta_count type: long - - name: observed_flow_total_count + - name: dropped_layer2_octet_total_count type: long - - name: ignored_packet_total_count + - name: dropped_octet_delta_count type: long - - name: ignored_octet_total_count + - name: dropped_octet_total_count type: long - - name: not_sent_flow_total_count + - name: dropped_packet_delta_count type: long - - name: not_sent_packet_total_count + - name: dropped_packet_total_count type: long - - name: not_sent_octet_total_count + - name: dst_traffic_index type: long - - name: destination_ipv6_prefix - type: ip - - - name: source_ipv6_prefix - type: ip + - name: egress_broadcast_packet_total_count + type: long - - name: post_octet_total_count + - name: egress_interface type: long - - name: post_packet_total_count + - name: egress_interface_type type: long - - name: flow_key_indicator + - name: egress_physical_interface type: long - - name: post_mcast_packet_total_count + - name: egress_unicast_packet_total_count type: long - - name: post_mcast_octet_total_count + - name: egress_vrfid type: long - - name: icmp_type_ipv4 - type: short + - name: encrypted_technology + type: keyword - - name: icmp_code_ipv4 + - name: engine_id type: short - - name: icmp_type_ipv6 + - name: engine_type type: short - - name: icmp_code_ipv6 + - name: ethernet_header_length type: short - - name: udp_source_port - type: integer - - - name: udp_destination_port + - name: ethernet_payload_length type: integer - - name: tcp_source_port + - name: ethernet_total_length type: integer - - name: tcp_destination_port + - name: ethernet_type type: integer - - name: tcp_sequence_number + - name: expired_fragment_count type: long - - name: tcp_acknowledgement_number + - name: export_interface type: long - - name: tcp_window_size - type: integer + - name: export_protocol_version + type: short - - name: tcp_urgent_pointer + - name: export_sctp_stream_id type: integer - - name: tcp_header_length + - name: export_transport_protocol type: short - - name: ip_header_length - type: short + - name: exported_flow_record_total_count + type: long - - name: total_length_ipv4 - type: integer + - name: exported_message_total_count + type: long - - name: payload_length_ipv6 - type: integer + - name: exported_octet_total_count + type: long - - name: ip_ttl + - name: exporter_certificate type: short - - name: next_header_ipv6 - type: short + - name: exporter_ipv4_address + type: ip - - name: mpls_payload_length + - name: exporter_ipv6_address + type: ip + + - name: exporter_transport_port + type: integer + + - name: exporting_process_id type: long - - name: ip_diff_serv_code_point + - name: external_address_realm type: short - - name: ip_precedence + - name: firewall_event type: short - - name: fragment_flags + - name: first_eight_non_empty_packet_directions type: short - - name: octet_delta_sum_of_squares - type: long - - - name: octet_total_sum_of_squares - type: long - - - name: mpls_top_label_ttl - type: short + - name: first_non_empty_packet_size + type: integer - - name: mpls_label_stack_length - type: long + - name: first_packet_banner + type: keyword - - name: mpls_label_stack_depth + - name: flags_and_sampler_id type: long - - name: mpls_top_label_exp - type: short - - - name: ip_payload_length - type: long + - name: flow_active_timeout + type: integer - - name: udp_message_length + - name: flow_attributes type: integer - - name: is_multicast + - name: flow_direction type: short - - name: ipv4_ihl - type: short + - name: flow_duration_microseconds + type: long - - name: ipv4_options + - name: flow_duration_milliseconds type: long - - name: tcp_options + - name: flow_end_delta_microseconds type: long - - name: padding_octets - type: short + - name: flow_end_microseconds + type: date - - name: collector_ipv4_address - type: ip - - - name: collector_ipv6_address - type: ip + - name: flow_end_milliseconds + type: date - - name: export_interface - type: long + - name: flow_end_nanoseconds + type: date - - name: export_protocol_version + - name: flow_end_reason type: short - - name: export_transport_protocol - type: short + - name: flow_end_seconds + type: date - - name: collector_transport_port - type: integer + - name: flow_end_sys_up_time + type: long - - name: exporter_transport_port + - name: flow_id + type: long + + - name: flow_idle_timeout type: integer - - name: tcp_syn_total_count + - name: flow_key_indicator type: long - - name: tcp_fin_total_count + - name: flow_label_ipv6 type: long - - name: tcp_rst_total_count + - name: flow_sampling_time_interval type: long - - name: tcp_psh_total_count + - name: flow_sampling_time_spacing type: long - - name: tcp_ack_total_count + - name: flow_selected_flow_delta_count type: long - - name: tcp_urg_total_count + - name: flow_selected_octet_delta_count type: long - - name: ip_total_length + - name: flow_selected_packet_delta_count type: long - - name: post_nat_source_ipv4_address - type: ip + - name: flow_selector_algorithm + type: integer - - name: post_nat_destination_ipv4_address - type: ip + - name: flow_start_delta_microseconds + type: long - - name: post_napt_source_transport_port - type: integer + - name: flow_start_microseconds + type: date - - name: post_napt_destination_transport_port - type: integer + - name: flow_start_milliseconds + type: date - - name: nat_originating_address_realm - type: short + - name: flow_start_nanoseconds + type: date - - name: nat_event - type: short + - name: flow_start_seconds + type: date - - name: initiator_octets + - name: flow_start_sys_up_time type: long - - name: responder_octets + - name: flow_table_flush_event_count type: long - - name: firewall_event + - name: flow_table_peak_count + type: long + + - name: forwarding_status type: short - - name: ingress_vrfid - type: long + - name: fragment_flags + type: short - - name: egress_vrfid + - name: fragment_identification type: long - - name: vr_fname - type: keyword + - name: fragment_offset + type: integer - - name: post_mpls_top_label_exp - type: short + - name: fw_blackout_secs + type: long - - name: tcp_window_scale - type: integer + - name: fw_configured_value + type: long - - name: biflow_direction - type: short + - name: fw_cts_src_sgt + type: long - - name: ethernet_header_length - type: short + - name: fw_event_level + type: long - - name: ethernet_payload_length - type: integer + - name: fw_event_level_id + type: long - - name: ethernet_total_length + - name: fw_ext_event type: integer - - name: dot1q_vlan_id - type: integer + - name: fw_ext_event_alt + type: long - - name: dot1q_priority - type: short + - name: fw_ext_event_desc + type: keyword - - name: dot1q_customer_vlan_id - type: integer + - name: fw_half_open_count + type: long - - name: dot1q_customer_priority - type: short + - name: fw_half_open_high + type: long - - name: metro_evc_id - type: keyword + - name: fw_half_open_rate + type: long - - name: metro_evc_type - type: short + - name: fw_max_sessions + type: long - - name: pseudo_wire_id + - name: fw_rule + type: keyword + + - name: fw_summary_pkt_count type: long - - name: pseudo_wire_type - type: integer + - name: fw_zone_pair_id + type: long - - name: pseudo_wire_control_word + - name: fw_zone_pair_name type: long - - name: ingress_physical_interface + - name: global_address_mapping_high_threshold type: long - - name: egress_physical_interface + - name: gre_key type: long - - name: post_dot1q_vlan_id - type: integer + - name: hash_digest_output + type: boolean - - name: post_dot1q_customer_vlan_id + - name: hash_flow_domain type: integer - - name: ethernet_type - type: integer + - name: hash_initialiser_value + type: long - - name: post_ip_precedence - type: short + - name: hash_ip_payload_offset + type: long - - name: collection_time_milliseconds - type: date + - name: hash_ip_payload_size + type: long - - name: export_sctp_stream_id - type: integer + - name: hash_output_range_max + type: long - - name: max_export_seconds - type: date + - name: hash_output_range_min + type: long - - name: max_flow_end_seconds - type: date + - name: hash_selected_range_max + type: long - - name: message_md5_checksum - type: short + - name: hash_selected_range_min + type: long - - name: message_scope - type: short + - name: http_content_type + type: keyword - - name: min_export_seconds - type: date + - name: http_message_version + type: keyword - - name: min_flow_start_seconds - type: date + - name: http_reason_phrase + type: keyword - - name: opaque_octets - type: short + - name: http_request_host + type: keyword - - name: session_scope - type: short + - name: http_request_method + type: keyword - - name: max_flow_end_microseconds - type: date + - name: http_request_target + type: keyword - - name: max_flow_end_milliseconds - type: date + - name: http_status_code + type: integer - - name: max_flow_end_nanoseconds - type: date + - name: http_user_agent + type: keyword - - name: min_flow_start_microseconds - type: date + - name: icmp_code_ipv4 + type: short - - name: min_flow_start_milliseconds - type: date + - name: icmp_code_ipv6 + type: short - - name: min_flow_start_nanoseconds - type: date + - name: icmp_type_code_ipv4 + type: integer - - name: collector_certificate - type: short + - name: icmp_type_code_ipv6 + type: integer - - name: exporter_certificate + - name: icmp_type_ipv4 type: short - - name: data_records_reliability - type: boolean + - name: icmp_type_ipv6 + type: short - - name: observation_point_type + - name: igmp_type type: short - - name: new_connection_delta_count + - name: ignored_data_record_total_count type: long - - name: connection_sum_duration_seconds + - name: ignored_layer2_frame_total_count type: long - - name: connection_transaction_id + - name: ignored_layer2_octet_total_count type: long - - name: post_nat_source_ipv6_address - type: ip - - - name: post_nat_destination_ipv6_address - type: ip + - name: ignored_octet_total_count + type: long - - name: nat_pool_id + - name: ignored_packet_total_count type: long - - name: nat_pool_name - type: keyword + - name: information_element_data_type + type: short - - name: anonymization_flags - type: integer + - name: information_element_description + type: keyword - - name: anonymization_technique + - name: information_element_id type: integer - name: information_element_index type: integer - - name: p2p_technology + - name: information_element_name type: keyword - - name: tunnel_technology - type: keyword + - name: information_element_range_begin + type: long - - name: encrypted_technology - type: keyword + - name: information_element_range_end + type: long - - name: bgp_validity_state + - name: information_element_semantics type: short - - name: ip_sec_spi - type: long + - name: information_element_units + type: integer - - name: gre_key + - name: ingress_broadcast_packet_total_count type: long - - name: nat_type - type: short - - - name: initiator_packets + - name: ingress_interface type: long - - name: responder_packets + - name: ingress_interface_type type: long - - name: observation_domain_name - type: keyword - - - name: selection_sequence_id + - name: ingress_multicast_packet_total_count type: long - - name: selector_id + - name: ingress_physical_interface type: long - - name: information_element_id - type: integer - - - name: selector_algorithm - type: integer - - - name: sampling_packet_interval + - name: ingress_unicast_packet_total_count type: long - - name: sampling_packet_space + - name: ingress_vrfid type: long - - name: sampling_time_interval - type: long + - name: initial_tcp_flags + type: short - - name: sampling_time_space + - name: initiator_octets type: long - - name: sampling_size + - name: initiator_packets type: long - - name: sampling_population - type: long + - name: interface_description + type: keyword - - name: sampling_probability - type: double + - name: interface_name + type: keyword - - name: data_link_frame_size - type: integer + - name: intermediate_process_id + type: long - - name: ip_header_packet_section + - name: internal_address_realm type: short - - name: ip_payload_packet_section + - name: ip_class_of_service type: short - - name: data_link_frame_section + - name: ip_diff_serv_code_point type: short - - name: mpls_label_stack_section + - name: ip_header_length type: short - - name: mpls_payload_packet_section + - name: ip_header_packet_section type: short - - name: selector_id_total_pkts_observed - type: long + - name: ip_next_hop_ipv4_address + type: ip - - name: selector_id_total_pkts_selected - type: long + - name: ip_next_hop_ipv6_address + type: ip - - name: absolute_error - type: double + - name: ip_payload_length + type: long - - name: relative_error - type: double + - name: ip_payload_packet_section + type: short - - name: observation_time_seconds - type: date + - name: ip_precedence + type: short - - name: observation_time_milliseconds - type: date + - name: ip_sec_spi + type: long - - name: observation_time_microseconds - type: date + - name: ip_total_length + type: long - - name: observation_time_nanoseconds - type: date + - name: ip_ttl + type: short - - name: digest_hash_value - type: long + - name: ip_version + type: short - - name: hash_ip_payload_offset - type: long + - name: ipv4_ihl + type: short - - name: hash_ip_payload_size + - name: ipv4_options type: long - - name: hash_output_range_min - type: long + - name: ipv4_router_sc + type: ip - - name: hash_output_range_max + - name: ipv6_extension_headers type: long - - name: hash_selected_range_min - type: long + - name: is_multicast + type: short - - name: hash_selected_range_max - type: long + - name: ixia_browser_id + type: short - - name: hash_digest_output - type: boolean + - name: ixia_browser_name + type: keyword - - name: hash_initialiser_value - type: long + - name: ixia_device_id + type: short - - name: selector_name + - name: ixia_device_name type: keyword - - name: upper_ci_limit - type: double + - name: ixia_dns_answer + type: keyword - - name: lower_ci_limit - type: double + - name: ixia_dns_classes + type: keyword - - name: confidence_level - type: double + - name: ixia_dns_query + type: keyword - - name: information_element_data_type - type: short + - name: ixia_dns_record_txt + type: keyword - - name: information_element_description + - name: ixia_dst_as_name type: keyword - - name: information_element_name + - name: ixia_dst_city_name type: keyword - - name: information_element_range_begin - type: long + - name: ixia_dst_country_code + type: keyword - - name: information_element_range_end - type: long + - name: ixia_dst_country_name + type: keyword - - name: information_element_semantics - type: short + - name: ixia_dst_latitude + type: float - - name: information_element_units - type: integer + - name: ixia_dst_longitude + type: float - - name: private_enterprise_number - type: long + - name: ixia_dst_region_code + type: keyword - - name: virtual_station_interface_id - type: short + - name: ixia_dst_region_node + type: keyword - - name: virtual_station_interface_name + - name: ixia_encrypt_cipher type: keyword - - name: virtual_station_uuid - type: short + - name: ixia_encrypt_key_length + type: integer - - name: virtual_station_name + - name: ixia_encrypt_type type: keyword - - name: layer2_segment_id - type: long + - name: ixia_http_host_name + type: keyword - - name: layer2_octet_delta_count - type: long + - name: ixia_http_uri + type: keyword - - name: layer2_octet_total_count - type: long + - name: ixia_http_user_agent + type: keyword - - name: ingress_unicast_packet_total_count - type: long + - name: ixia_imsi_subscriber + type: keyword - - name: ingress_multicast_packet_total_count + - name: ixia_l7_app_id type: long - - name: ingress_broadcast_packet_total_count - type: long + - name: ixia_l7_app_name + type: keyword - - name: egress_unicast_packet_total_count + - name: ixia_latency type: long - - name: egress_broadcast_packet_total_count + - name: ixia_rev_octet_delta_count type: long - - name: monitoring_interval_start_milli_seconds - type: date - - - name: monitoring_interval_end_milli_seconds - type: date - - - name: port_range_start - type: integer - - - name: port_range_end - type: integer - - - name: port_range_step_size - type: integer - - - name: port_range_num_ports - type: integer + - name: ixia_rev_packet_delta_count + type: long - - name: sta_mac_address + - name: ixia_src_as_name type: keyword - - name: sta_ipv4_address - type: ip + - name: ixia_src_city_name + type: keyword - - name: wtp_mac_address + - name: ixia_src_country_code type: keyword - - name: ingress_interface_type - type: long + - name: ixia_src_country_name + type: keyword - - name: egress_interface_type - type: long + - name: ixia_src_latitude + type: float - - name: rtp_sequence_number - type: integer + - name: ixia_src_longitude + type: float - - name: user_name + - name: ixia_src_region_code type: keyword - - name: application_category_name + - name: ixia_src_region_name type: keyword - - name: application_sub_category_name - type: keyword + - name: ixia_threat_ipv4 + type: ip - - name: application_group_name - type: keyword + - name: ixia_threat_ipv6 + type: ip - - name: original_flows_present - type: long + - name: ixia_threat_type + type: keyword - - name: original_flows_initiated + - name: large_packet_count type: long - - name: original_flows_completed + - name: layer2_frame_delta_count type: long - - name: distinct_count_of_source_ip_address + - name: layer2_frame_total_count type: long - - name: distinct_count_of_destination_ip_address + - name: layer2_octet_delta_count type: long - - name: distinct_count_of_source_ipv4_address + - name: layer2_octet_delta_sum_of_squares type: long - - name: distinct_count_of_destination_ipv4_address + - name: layer2_octet_total_count type: long - - name: distinct_count_of_source_ipv6_address + - name: layer2_octet_total_sum_of_squares type: long - - name: distinct_count_of_destination_ipv6_address + - name: layer2_segment_id type: long - - name: value_distribution_method + - name: layer2packet_section_data type: short - - name: rfc3550_jitter_milliseconds - type: long + - name: layer2packet_section_offset + type: integer - - name: rfc3550_jitter_microseconds - type: long + - name: layer2packet_section_size + type: integer - - name: rfc3550_jitter_nanoseconds + - name: line_card_id type: long - - name: dot1q_dei - type: boolean - - - name: dot1q_customer_dei - type: boolean - - - name: flow_selector_algorithm - type: integer + - name: log_op + type: short - - name: flow_selected_octet_delta_count - type: long + - name: lower_ci_limit + type: double - - name: flow_selected_packet_delta_count + - name: mark type: long - - name: flow_selected_flow_delta_count + - name: max_bib_entries type: long - - name: selector_id_total_flows_observed + - name: max_entries_per_user type: long - - name: selector_id_total_flows_selected + - name: max_export_seconds + type: date + + - name: max_flow_end_microseconds + type: date + + - name: max_flow_end_milliseconds + type: date + + - name: max_flow_end_nanoseconds + type: date + + - name: max_flow_end_seconds + type: date + + - name: max_fragments_pending_reassembly + type: long + + - name: max_packet_size + type: integer + + - name: max_session_entries + type: long + + - name: max_subscribers + type: long + + - name: maximum_ip_total_length + type: long + + - name: maximum_layer2_total_length + type: long + + - name: maximum_ttl + type: short + + - name: mean_flow_rate + type: long + + - name: mean_packet_rate + type: long + + - name: message_md5_checksum + type: short + + - name: message_scope + type: short + + - name: metering_process_id + type: long + + - name: metro_evc_id + type: keyword + + - name: metro_evc_type + type: short + + - name: mib_capture_time_semantics + type: short + + - name: mib_context_engine_id + type: short + + - name: mib_context_name + type: keyword + + - name: mib_index_indicator + type: long + + - name: mib_module_name + type: keyword + + - name: mib_object_description + type: keyword + + - name: mib_object_identifier + type: short + + - name: mib_object_name + type: keyword + + - name: mib_object_syntax + type: keyword + + - name: mib_object_value_bits + type: short + + - name: mib_object_value_counter + type: long + + - name: mib_object_value_gauge + type: long + + - name: mib_object_value_integer + type: integer + + - name: mib_object_value_ip_address + type: ip + + - name: mib_object_value_octet_string + type: short + + - name: mib_object_value_oid + type: short + + - name: mib_object_value_time_ticks + type: long + + - name: mib_object_value_unsigned + type: long + + - name: mib_sub_identifier + type: long + + - name: min_export_seconds + type: date + + - name: min_flow_start_microseconds + type: date + + - name: min_flow_start_milliseconds + type: date + + - name: min_flow_start_nanoseconds + type: date + + - name: min_flow_start_seconds + type: date + + - name: minimum_ip_total_length + type: long + + - name: minimum_layer2_total_length + type: long + + - name: minimum_ttl + type: short + + - name: mobile_imsi + type: keyword + + - name: mobile_msisdn + type: keyword + + - name: monitoring_interval_end_milli_seconds + type: date + + - name: monitoring_interval_start_milli_seconds + type: date + + - name: mpls_label_stack_depth + type: long + + - name: mpls_label_stack_length + type: long + + - name: mpls_label_stack_section + type: short + + - name: mpls_label_stack_section10 + type: short + + - name: mpls_label_stack_section2 + type: short + + - name: mpls_label_stack_section3 + type: short + + - name: mpls_label_stack_section4 + type: short + + - name: mpls_label_stack_section5 + type: short + + - name: mpls_label_stack_section6 + type: short + + - name: mpls_label_stack_section7 + type: short + + - name: mpls_label_stack_section8 + type: short + + - name: mpls_label_stack_section9 + type: short + + - name: mpls_payload_length + type: long + + - name: mpls_payload_packet_section + type: short + + - name: mpls_top_label_exp + type: short + + - name: mpls_top_label_ipv4_address + type: ip + + - name: mpls_top_label_ipv6_address + type: ip + + - name: mpls_top_label_prefix_length + type: short + + - name: mpls_top_label_stack_section + type: short + + - name: mpls_top_label_ttl + type: short + + - name: mpls_top_label_type + type: short + + - name: mpls_vpn_route_distinguisher + type: short + + - name: mptcp_address_id + type: short + + - name: mptcp_flags + type: short + + - name: mptcp_initial_data_sequence_number + type: long + + - name: mptcp_maximum_segment_size + type: integer + + - name: mptcp_receiver_token + type: long + + - name: multicast_replication_factor + type: long + + - name: nat_event + type: short + + - name: nat_inside_svcid + type: integer + + - name: nat_instance_id + type: long + + - name: nat_originating_address_realm + type: short + + - name: nat_outside_svcid + type: integer + + - name: nat_pool_id + type: long + + - name: nat_pool_name + type: keyword + + - name: nat_quota_exceeded_event + type: long + + - name: nat_sub_string + type: keyword + + - name: nat_threshold_event + type: long + + - name: nat_type + type: short + + - name: netscale_ica_client_version + type: keyword + + - name: netscaler_aaa_username + type: keyword + + - name: netscaler_app_name + type: keyword + + - name: netscaler_app_name_app_id + type: long + + - name: netscaler_app_name_incarnation_number + type: long + + - name: netscaler_app_template_name + type: keyword + + - name: netscaler_app_unit_name_app_id + type: long + + - name: netscaler_application_startup_duration + type: long + + - name: netscaler_application_startup_time + type: long + + - name: netscaler_cache_redir_client_connection_core_id + type: long + + - name: netscaler_cache_redir_client_connection_transaction_id + type: long + + - name: netscaler_client_rtt + type: long + + - name: netscaler_connection_chain_hop_count + type: long + + - name: netscaler_connection_chain_id + type: short + + - name: netscaler_connection_id + type: long + + - name: netscaler_current_license_consumed + type: long + + - name: netscaler_db_clt_host_name + type: keyword + + - name: netscaler_db_database_name + type: keyword + + - name: netscaler_db_login_flags + type: long + + - name: netscaler_db_protocol_name + type: short + + - name: netscaler_db_req_string + type: keyword + + - name: netscaler_db_req_type + type: short + + - name: netscaler_db_resp_length + type: long + + - name: netscaler_db_resp_status + type: long + + - name: netscaler_db_resp_status_string + type: keyword + + - name: netscaler_db_user_name + type: keyword + + - name: netscaler_flow_flags + type: long + + - name: netscaler_http_client_interaction_end_time + type: keyword + + - name: netscaler_http_client_interaction_start_time + type: keyword + + - name: netscaler_http_client_render_end_time + type: keyword + + - name: netscaler_http_client_render_start_time + type: keyword + + - name: netscaler_http_content_type + type: keyword + + - name: netscaler_http_domain_name + type: keyword + + - name: netscaler_http_req_authorization + type: keyword + + - name: netscaler_http_req_cookie + type: keyword + + - name: netscaler_http_req_forw_fb + type: long + + - name: netscaler_http_req_forw_lb + type: long + + - name: netscaler_http_req_host + type: keyword + + - name: netscaler_http_req_method + type: keyword + + - name: netscaler_http_req_rcv_fb + type: long + + - name: netscaler_http_req_rcv_lb + type: long + + - name: netscaler_http_req_referer + type: keyword + + - name: netscaler_http_req_url + type: keyword + + - name: netscaler_http_req_user_agent + type: keyword + + - name: netscaler_http_req_via + type: keyword + + - name: netscaler_http_req_xforwarded_for + type: keyword + + - name: netscaler_http_res_forw_fb + type: long + + - name: netscaler_http_res_forw_lb + type: long + + - name: netscaler_http_res_location + type: keyword + + - name: netscaler_http_res_rcv_fb + type: long + + - name: netscaler_http_res_rcv_lb + type: long + + - name: netscaler_http_res_set_cookie + type: keyword + + - name: netscaler_http_res_set_cookie2 + type: keyword + + - name: netscaler_http_rsp_len + type: long + + - name: netscaler_http_rsp_status + type: integer + + - name: netscaler_ica_app_module_path + type: keyword + + - name: netscaler_ica_app_process_id + type: long + + - name: netscaler_ica_application_name + type: keyword + + - name: netscaler_ica_application_termination_time + type: long + + - name: netscaler_ica_application_termination_type + type: integer + + - name: netscaler_ica_channel_id1 + type: long + + - name: netscaler_ica_channel_id1_bytes + type: long + + - name: netscaler_ica_channel_id2 + type: long + + - name: netscaler_ica_channel_id2_bytes + type: long + + - name: netscaler_ica_channel_id3 + type: long + + - name: netscaler_ica_channel_id3_bytes + type: long + + - name: netscaler_ica_channel_id4 + type: long + + - name: netscaler_ica_channel_id4_bytes + type: long + + - name: netscaler_ica_channel_id5 + type: long + + - name: netscaler_ica_channel_id5_bytes + type: long + + - name: netscaler_ica_client_host_name + type: keyword + + - name: netscaler_ica_client_ip + type: ip + + - name: netscaler_ica_client_launcher + type: integer + + - name: netscaler_ica_client_side_rto_count + type: integer + + - name: netscaler_ica_client_side_window_size + type: integer + + - name: netscaler_ica_client_type + type: integer + + - name: netscaler_ica_clientside_delay + type: long + + - name: netscaler_ica_clientside_jitter + type: long + + - name: netscaler_ica_clientside_packets_retransmit + type: integer + + - name: netscaler_ica_clientside_rtt + type: long + + - name: netscaler_ica_clientside_rx_bytes + type: long + + - name: netscaler_ica_clientside_srtt + type: long + + - name: netscaler_ica_clientside_tx_bytes + type: long + + - name: netscaler_ica_connection_priority + type: integer + + - name: netscaler_ica_device_serial_no + type: long + + - name: netscaler_ica_domain_name + type: keyword + + - name: netscaler_ica_flags + type: long + + - name: netscaler_ica_host_delay + type: long + + - name: netscaler_ica_l7_client_latency + type: long + + - name: netscaler_ica_l7_server_latency + type: long + + - name: netscaler_ica_launch_mechanism + type: integer + + - name: netscaler_ica_network_update_end_time + type: long + + - name: netscaler_ica_network_update_start_time + type: long + + - name: netscaler_ica_rtt + type: long + + - name: netscaler_ica_server_name + type: keyword + + - name: netscaler_ica_server_side_rto_count + type: integer + + - name: netscaler_ica_server_side_window_size + type: integer + + - name: netscaler_ica_serverside_delay + type: long + + - name: netscaler_ica_serverside_jitter + type: long + + - name: netscaler_ica_serverside_packets_retransmit + type: integer + + - name: netscaler_ica_serverside_rtt + type: long + + - name: netscaler_ica_serverside_srtt + type: long + + - name: netscaler_ica_session_end_time + type: long + + - name: netscaler_ica_session_guid + type: short + + - name: netscaler_ica_session_reconnects + type: short + + - name: netscaler_ica_session_setup_time + type: long + + - name: netscaler_ica_session_update_begin_sec + type: long + + - name: netscaler_ica_session_update_end_sec + type: long + + - name: netscaler_ica_username + type: keyword + + - name: netscaler_license_type + type: short + + - name: netscaler_main_page_core_id + type: long + + - name: netscaler_main_page_id + type: long + + - name: netscaler_max_license_count + type: long + + - name: netscaler_msi_client_cookie + type: short + + - name: netscaler_round_trip_time + type: long + + - name: netscaler_server_ttfb + type: long + + - name: netscaler_server_ttlb + type: long + + - name: netscaler_syslog_message + type: keyword + + - name: netscaler_syslog_priority + type: short + + - name: netscaler_syslog_timestamp + type: long + + - name: netscaler_transaction_id + type: long + + - name: netscaler_unknown270 + type: long + + - name: netscaler_unknown271 + type: long + + - name: netscaler_unknown272 + type: long + + - name: netscaler_unknown273 + type: long + + - name: netscaler_unknown274 + type: long + + - name: netscaler_unknown275 + type: long + + - name: netscaler_unknown276 + type: long + + - name: netscaler_unknown277 + type: long + + - name: netscaler_unknown278 + type: long + + - name: netscaler_unknown279 + type: long + + - name: netscaler_unknown280 + type: long + + - name: netscaler_unknown281 + type: long + + - name: netscaler_unknown282 + type: long + + - name: netscaler_unknown283 + type: long + + - name: netscaler_unknown284 + type: long + + - name: netscaler_unknown285 + type: long + + - name: netscaler_unknown286 + type: long + + - name: netscaler_unknown287 + type: long + + - name: netscaler_unknown288 + type: long + + - name: netscaler_unknown289 + type: long + + - name: netscaler_unknown290 + type: long + + - name: netscaler_unknown291 + type: long + + - name: netscaler_unknown292 + type: long + + - name: netscaler_unknown293 + type: long + + - name: netscaler_unknown294 + type: long + + - name: netscaler_unknown295 + type: long + + - name: netscaler_unknown296 + type: long + + - name: netscaler_unknown297 + type: long + + - name: netscaler_unknown298 + type: long + + - name: netscaler_unknown299 + type: long + + - name: netscaler_unknown300 + type: long + + - name: netscaler_unknown301 + type: long + + - name: netscaler_unknown302 + type: long + + - name: netscaler_unknown303 + type: long + + - name: netscaler_unknown304 + type: long + + - name: netscaler_unknown305 + type: long + + - name: netscaler_unknown306 + type: long + + - name: netscaler_unknown307 + type: long + + - name: netscaler_unknown308 + type: long + + - name: netscaler_unknown309 + type: long + + - name: netscaler_unknown310 + type: long + + - name: netscaler_unknown311 + type: long + + - name: netscaler_unknown312 + type: long + + - name: netscaler_unknown313 + type: long + + - name: netscaler_unknown314 + type: long + + - name: netscaler_unknown315 + type: long + + - name: netscaler_unknown316 + type: keyword + + - name: netscaler_unknown317 + type: long + + - name: netscaler_unknown318 + type: long + + - name: netscaler_unknown319 + type: keyword + + - name: netscaler_unknown320 + type: integer + + - name: netscaler_unknown321 + type: long + + - name: netscaler_unknown322 + type: long + + - name: netscaler_unknown323 + type: integer + + - name: netscaler_unknown324 + type: integer + + - name: netscaler_unknown325 + type: integer + + - name: netscaler_unknown326 + type: integer + + - name: netscaler_unknown327 + type: long + + - name: netscaler_unknown328 + type: integer + + - name: netscaler_unknown329 + type: integer + + - name: netscaler_unknown330 + type: integer + + - name: netscaler_unknown331 + type: integer + + - name: netscaler_unknown332 + type: long + + - name: netscaler_unknown333 + type: keyword + + - name: netscaler_unknown334 + type: keyword + + - name: netscaler_unknown335 + type: long + + - name: netscaler_unknown336 + type: long + + - name: netscaler_unknown337 + type: long + + - name: netscaler_unknown338 + type: long + + - name: netscaler_unknown339 + type: long + + - name: netscaler_unknown340 + type: long + + - name: netscaler_unknown341 + type: long + + - name: netscaler_unknown342 + type: long + + - name: netscaler_unknown343 + type: long + + - name: netscaler_unknown344 + type: long + + - name: netscaler_unknown345 + type: long + + - name: netscaler_unknown346 + type: long + + - name: netscaler_unknown347 + type: long + + - name: netscaler_unknown348 + type: integer + + - name: netscaler_unknown349 + type: keyword + + - name: netscaler_unknown350 + type: keyword + + - name: netscaler_unknown351 + type: keyword + + - name: netscaler_unknown352 + type: integer + + - name: netscaler_unknown353 + type: long + + - name: netscaler_unknown354 + type: long + + - name: netscaler_unknown355 + type: long + + - name: netscaler_unknown356 + type: long + + - name: netscaler_unknown357 + type: long + + - name: netscaler_unknown363 + type: short + + - name: netscaler_unknown383 + type: short + + - name: netscaler_unknown391 + type: long + + - name: netscaler_unknown398 + type: long + + - name: netscaler_unknown404 + type: long + + - name: netscaler_unknown405 + type: long + + - name: netscaler_unknown427 + type: long + + - name: netscaler_unknown429 + type: short + + - name: netscaler_unknown432 + type: short + + - name: netscaler_unknown433 + type: short + + - name: netscaler_unknown453 + type: long + + - name: netscaler_unknown465 + type: long + + - name: new_connection_delta_count + type: long + + - name: next_header_ipv6 + type: short + + - name: non_empty_packet_count + type: long + + - name: not_sent_flow_total_count + type: long + + - name: not_sent_layer2_octet_total_count + type: long + + - name: not_sent_octet_total_count + type: long + + - name: not_sent_packet_total_count + type: long + + - name: observation_domain_id + type: long + + - name: observation_domain_name + type: keyword + + - name: observation_point_id + type: long + + - name: observation_point_type + type: short + + - name: observation_time_microseconds + type: date + + - name: observation_time_milliseconds + type: date + + - name: observation_time_nanoseconds + type: date + + - name: observation_time_seconds + type: date + + - name: observed_flow_total_count + type: long + + - name: octet_delta_count + type: long + + - name: octet_delta_sum_of_squares + type: long + + - name: octet_total_count + type: long + + - name: octet_total_sum_of_squares + type: long + + - name: opaque_octets + type: short + + - name: original_exporter_ipv4_address + type: ip + + - name: original_exporter_ipv6_address + type: ip + + - name: original_flows_completed + type: long + + - name: original_flows_initiated + type: long + + - name: original_flows_present + type: long + + - name: original_observation_domain_id + type: long + + - name: os_finger_print + type: keyword + + - name: os_name + type: keyword + + - name: os_version + type: keyword + + - name: p2p_technology + type: keyword + + - name: packet_delta_count + type: long + + - name: packet_total_count + type: long + + - name: padding_octets + type: short + + - name: payload + type: keyword + + - name: payload_entropy + type: short + + - name: payload_length_ipv6 + type: integer + + - name: policy_qos_classification_hierarchy + type: long + + - name: policy_qos_queue_index + type: long + + - name: policy_qos_queuedrops + type: long + + - name: policy_qos_queueindex + type: long + + - name: port_id + type: long + + - name: port_range_end + type: integer + + - name: port_range_num_ports + type: integer + + - name: port_range_start + type: integer + + - name: port_range_step_size + type: integer + + - name: post_destination_mac_address + type: keyword + + - name: post_dot1q_customer_vlan_id + type: integer + + - name: post_dot1q_vlan_id + type: integer + + - name: post_ip_class_of_service + type: short + + - name: post_ip_diff_serv_code_point + type: short + + - name: post_ip_precedence + type: short + + - name: post_layer2_octet_delta_count + type: long + + - name: post_layer2_octet_total_count + type: long + + - name: post_mcast_layer2_octet_delta_count + type: long + + - name: post_mcast_layer2_octet_total_count + type: long + + - name: post_mcast_octet_delta_count + type: long + + - name: post_mcast_octet_total_count + type: long + + - name: post_mcast_packet_delta_count + type: long + + - name: post_mcast_packet_total_count + type: long + + - name: post_mpls_top_label_exp + type: short + + - name: post_napt_destination_transport_port + type: integer + + - name: post_napt_source_transport_port + type: integer + + - name: post_nat_destination_ipv4_address + type: ip + + - name: post_nat_destination_ipv6_address + type: ip + + - name: post_nat_source_ipv4_address + type: ip + + - name: post_nat_source_ipv6_address + type: ip + + - name: post_octet_delta_count + type: long + + - name: post_octet_total_count + type: long + + - name: post_packet_delta_count + type: long + + - name: post_packet_total_count + type: long + + - name: post_source_mac_address + type: keyword + + - name: post_vlan_id + type: integer + + - name: private_enterprise_number + type: long + + - name: procera_apn + type: keyword + + - name: procera_base_service + type: keyword + + - name: procera_content_categories + type: keyword + + - name: procera_device_id + type: long + + - name: procera_external_rtt + type: integer + + - name: procera_flow_behavior + type: keyword + + - name: procera_ggsn + type: keyword + + - name: procera_http_content_type + type: keyword + + - name: procera_http_file_length + type: long + + - name: procera_http_language + type: keyword + + - name: procera_http_location + type: keyword + + - name: procera_http_referer + type: keyword + + - name: procera_http_request_method + type: keyword + + - name: procera_http_request_version + type: keyword + + - name: procera_http_response_status + type: integer + + - name: procera_http_url + type: keyword + + - name: procera_http_user_agent + type: keyword + + - name: procera_imsi + type: long + + - name: procera_incoming_octets + type: long + + - name: procera_incoming_packets + type: long + + - name: procera_incoming_shaping_drops + type: long + + - name: procera_incoming_shaping_latency + type: integer + + - name: procera_internal_rtt + type: integer + + - name: procera_local_ipv4_host + type: ip + + - name: procera_local_ipv6_host + type: ip + + - name: procera_msisdn + type: long + + - name: procera_outgoing_octets + type: long + + - name: procera_outgoing_packets + type: long + + - name: procera_outgoing_shaping_drops + type: long + + - name: procera_outgoing_shaping_latency + type: integer + + - name: procera_property + type: keyword + + - name: procera_qoe_incoming_external + type: float + + - name: procera_qoe_incoming_internal + type: float + + - name: procera_qoe_outgoing_external + type: float + + - name: procera_qoe_outgoing_internal + type: float + + - name: procera_rat + type: keyword + + - name: procera_remote_ipv4_host + type: ip + + - name: procera_remote_ipv6_host + type: ip + + - name: procera_rnc + type: integer + + - name: procera_server_hostname + type: keyword + + - name: procera_service + type: keyword + + - name: procera_sgsn + type: keyword + + - name: procera_subscriber_identifier + type: keyword + + - name: procera_template_name + type: keyword + + - name: procera_user_location_information + type: keyword + + - name: protocol_identifier + type: short + + - name: pseudo_wire_control_word + type: long + + - name: pseudo_wire_destination_ipv4_address + type: ip + + - name: pseudo_wire_id + type: long + + - name: pseudo_wire_type + type: integer + + - name: reason + type: long + + - name: reason_text + type: keyword + + - name: relative_error + type: double + + - name: responder_octets + type: long + + - name: responder_packets + type: long + + - name: reverse_absolute_error + type: double + + - name: reverse_anonymization_flags + type: integer + + - name: reverse_anonymization_technique + type: integer + + - name: reverse_application_category_name + type: keyword + + - name: reverse_application_description + type: keyword + + - name: reverse_application_group_name + type: keyword + + - name: reverse_application_id + type: keyword + + - name: reverse_application_name + type: keyword + + - name: reverse_application_sub_category_name + type: keyword + + - name: reverse_average_interarrival_time + type: long + + - name: reverse_bgp_destination_as_number + type: long + + - name: reverse_bgp_next_adjacent_as_number + type: long + + - name: reverse_bgp_next_hop_ipv4_address + type: ip + + - name: reverse_bgp_next_hop_ipv6_address + type: ip + + - name: reverse_bgp_prev_adjacent_as_number + type: long + + - name: reverse_bgp_source_as_number + type: long + + - name: reverse_bgp_validity_state + type: short + + - name: reverse_class_id + type: short + + - name: reverse_class_name + type: keyword + + - name: reverse_classification_engine_id + type: short + + - name: reverse_collection_time_milliseconds + type: long + + - name: reverse_collector_certificate + type: keyword + + - name: reverse_confidence_level + type: double + + - name: reverse_connection_sum_duration_seconds + type: long + + - name: reverse_connection_transaction_id + type: long + + - name: reverse_data_byte_count + type: long + + - name: reverse_data_link_frame_section + type: keyword + + - name: reverse_data_link_frame_size + type: integer + + - name: reverse_data_link_frame_type + type: integer + + - name: reverse_data_records_reliability + type: short + + - name: reverse_delta_flow_count + type: long + + - name: reverse_destination_ipv4_address + type: ip + + - name: reverse_destination_ipv4_prefix + type: ip + + - name: reverse_destination_ipv4_prefix_length + type: short + + - name: reverse_destination_ipv6_address + type: ip + + - name: reverse_destination_ipv6_prefix + type: ip + + - name: reverse_destination_ipv6_prefix_length + type: short + + - name: reverse_destination_mac_address + type: keyword + + - name: reverse_destination_transport_port + type: integer + + - name: reverse_digest_hash_value + type: long + + - name: reverse_distinct_count_of_destination_ip_address + type: long + + - name: reverse_distinct_count_of_destination_ipv4_address + type: long + + - name: reverse_distinct_count_of_destination_ipv6_address + type: long + + - name: reverse_distinct_count_of_source_ip_address + type: long + + - name: reverse_distinct_count_of_source_ipv4_address + type: long + + - name: reverse_distinct_count_of_source_ipv6_address + type: long + + - name: reverse_dot1q_customer_dei + type: short + + - name: reverse_dot1q_customer_destination_mac_address + type: keyword + + - name: reverse_dot1q_customer_priority + type: short + + - name: reverse_dot1q_customer_source_mac_address + type: keyword + + - name: reverse_dot1q_customer_vlan_id + type: integer + + - name: reverse_dot1q_dei + type: short + + - name: reverse_dot1q_priority + type: short + + - name: reverse_dot1q_service_instance_id + type: long + + - name: reverse_dot1q_service_instance_priority + type: short + + - name: reverse_dot1q_service_instance_tag + type: keyword + + - name: reverse_dot1q_vlan_id + type: integer + + - name: reverse_dropped_layer2_octet_delta_count + type: long + + - name: reverse_dropped_layer2_octet_total_count + type: long + + - name: reverse_dropped_octet_delta_count + type: long + + - name: reverse_dropped_octet_total_count + type: long + + - name: reverse_dropped_packet_delta_count + type: long + + - name: reverse_dropped_packet_total_count + type: long + + - name: reverse_dst_traffic_index + type: long + + - name: reverse_egress_broadcast_packet_total_count + type: long + + - name: reverse_egress_interface + type: long + + - name: reverse_egress_interface_type + type: long + + - name: reverse_egress_physical_interface + type: long + + - name: reverse_egress_unicast_packet_total_count + type: long + + - name: reverse_egress_vrfid + type: long + + - name: reverse_encrypted_technology + type: keyword + + - name: reverse_engine_id + type: short + + - name: reverse_engine_type + type: short + + - name: reverse_ethernet_header_length + type: short + + - name: reverse_ethernet_payload_length + type: integer + + - name: reverse_ethernet_total_length + type: integer + + - name: reverse_ethernet_type + type: integer + + - name: reverse_export_sctp_stream_id + type: integer + + - name: reverse_exporter_certificate + type: keyword + + - name: reverse_exporting_process_id + type: long + + - name: reverse_firewall_event + type: short + + - name: reverse_first_non_empty_packet_size + type: integer + + - name: reverse_first_packet_banner + type: keyword + + - name: reverse_flags_and_sampler_id + type: long + + - name: reverse_flow_active_timeout + type: integer + + - name: reverse_flow_attributes + type: integer + + - name: reverse_flow_delta_milliseconds + type: long + + - name: reverse_flow_direction + type: short + + - name: reverse_flow_duration_microseconds + type: long + + - name: reverse_flow_duration_milliseconds + type: long + + - name: reverse_flow_end_delta_microseconds + type: long + + - name: reverse_flow_end_microseconds + type: long + + - name: reverse_flow_end_milliseconds + type: long + + - name: reverse_flow_end_nanoseconds + type: long + + - name: reverse_flow_end_reason + type: short + + - name: reverse_flow_end_seconds + type: long + + - name: reverse_flow_end_sys_up_time + type: long + + - name: reverse_flow_idle_timeout + type: integer + + - name: reverse_flow_label_ipv6 + type: long + + - name: reverse_flow_sampling_time_interval + type: long + + - name: reverse_flow_sampling_time_spacing + type: long + + - name: reverse_flow_selected_flow_delta_count + type: long + + - name: reverse_flow_selected_octet_delta_count + type: long + + - name: reverse_flow_selected_packet_delta_count + type: long + + - name: reverse_flow_selector_algorithm + type: integer + + - name: reverse_flow_start_delta_microseconds + type: long + + - name: reverse_flow_start_microseconds + type: long + + - name: reverse_flow_start_milliseconds + type: long + + - name: reverse_flow_start_nanoseconds + type: long + + - name: reverse_flow_start_seconds + type: long + + - name: reverse_flow_start_sys_up_time + type: long + + - name: reverse_forwarding_status + type: long + + - name: reverse_fragment_flags + type: short + + - name: reverse_fragment_identification + type: long + + - name: reverse_fragment_offset + type: integer + + - name: reverse_gre_key + type: long + + - name: reverse_hash_digest_output + type: short + + - name: reverse_hash_flow_domain + type: integer + + - name: reverse_hash_initialiser_value + type: long + + - name: reverse_hash_ip_payload_offset + type: long + + - name: reverse_hash_ip_payload_size + type: long + + - name: reverse_hash_output_range_max + type: long + + - name: reverse_hash_output_range_min + type: long + + - name: reverse_hash_selected_range_max + type: long + + - name: reverse_hash_selected_range_min + type: long + + - name: reverse_icmp_code_ipv4 + type: short + + - name: reverse_icmp_code_ipv6 + type: short + + - name: reverse_icmp_type_code_ipv4 + type: integer + + - name: reverse_icmp_type_code_ipv6 + type: integer + + - name: reverse_icmp_type_ipv4 + type: short + + - name: reverse_icmp_type_ipv6 + type: short + + - name: reverse_igmp_type + type: short + + - name: reverse_ignored_data_record_total_count + type: long + + - name: reverse_ignored_layer2_frame_total_count + type: long + + - name: reverse_ignored_layer2_octet_total_count + type: long + + - name: reverse_information_element_data_type + type: short + + - name: reverse_information_element_description + type: keyword + + - name: reverse_information_element_id + type: integer + + - name: reverse_information_element_index + type: integer + + - name: reverse_information_element_name + type: keyword + + - name: reverse_information_element_range_begin + type: long + + - name: reverse_information_element_range_end + type: long + + - name: reverse_information_element_semantics + type: short + + - name: reverse_information_element_units + type: integer + + - name: reverse_ingress_broadcast_packet_total_count + type: long + + - name: reverse_ingress_interface + type: long + + - name: reverse_ingress_interface_type + type: long + + - name: reverse_ingress_multicast_packet_total_count + type: long + + - name: reverse_ingress_physical_interface + type: long + + - name: reverse_ingress_unicast_packet_total_count + type: long + + - name: reverse_ingress_vrfid + type: long + + - name: reverse_initial_tcp_flags + type: short + + - name: reverse_initiator_octets + type: long + + - name: reverse_initiator_packets + type: long + + - name: reverse_interface_description + type: keyword + + - name: reverse_interface_name + type: keyword + + - name: reverse_intermediate_process_id + type: long + + - name: reverse_ip_class_of_service + type: short + + - name: reverse_ip_diff_serv_code_point + type: short + + - name: reverse_ip_header_length + type: short + + - name: reverse_ip_header_packet_section + type: keyword + + - name: reverse_ip_next_hop_ipv4_address + type: ip + + - name: reverse_ip_next_hop_ipv6_address + type: ip + + - name: reverse_ip_payload_length + type: long + + - name: reverse_ip_payload_packet_section + type: keyword + + - name: reverse_ip_precedence + type: short + + - name: reverse_ip_sec_spi + type: long + + - name: reverse_ip_total_length + type: long + + - name: reverse_ip_ttl + type: short + + - name: reverse_ip_version + type: short + + - name: reverse_ipv4_ihl + type: short + + - name: reverse_ipv4_options + type: long + + - name: reverse_ipv4_router_sc + type: ip + + - name: reverse_ipv6_extension_headers + type: long + + - name: reverse_is_multicast + type: short + + - name: reverse_large_packet_count + type: long + + - name: reverse_layer2_frame_delta_count + type: long + + - name: reverse_layer2_frame_total_count + type: long + + - name: reverse_layer2_octet_delta_count + type: long + + - name: reverse_layer2_octet_delta_sum_of_squares + type: long + + - name: reverse_layer2_octet_total_count + type: long + + - name: reverse_layer2_octet_total_sum_of_squares + type: long + + - name: reverse_layer2_segment_id + type: long + + - name: reverse_layer2packet_section_data + type: keyword + + - name: reverse_layer2packet_section_offset + type: integer + + - name: reverse_layer2packet_section_size + type: integer + + - name: reverse_line_card_id + type: long + + - name: reverse_lower_ci_limit + type: double + + - name: reverse_max_export_seconds + type: long + + - name: reverse_max_flow_end_microseconds + type: long + + - name: reverse_max_flow_end_milliseconds + type: long + + - name: reverse_max_flow_end_nanoseconds + type: long + + - name: reverse_max_flow_end_seconds + type: long + + - name: reverse_max_packet_size + type: integer + + - name: reverse_maximum_ip_total_length + type: long + + - name: reverse_maximum_layer2_total_length + type: long + + - name: reverse_maximum_ttl + type: short + + - name: reverse_message_md5_checksum + type: keyword + + - name: reverse_message_scope + type: short + + - name: reverse_metering_process_id + type: long + + - name: reverse_metro_evc_id + type: keyword + + - name: reverse_metro_evc_type + type: short + + - name: reverse_min_export_seconds + type: long + + - name: reverse_min_flow_start_microseconds + type: long + + - name: reverse_min_flow_start_milliseconds + type: long + + - name: reverse_min_flow_start_nanoseconds + type: long + + - name: reverse_min_flow_start_seconds + type: long + + - name: reverse_minimum_ip_total_length + type: long + + - name: reverse_minimum_layer2_total_length + type: long + + - name: reverse_minimum_ttl + type: short + + - name: reverse_monitoring_interval_end_milli_seconds + type: long + + - name: reverse_monitoring_interval_start_milli_seconds + type: long + + - name: reverse_mpls_label_stack_depth + type: long + + - name: reverse_mpls_label_stack_length + type: long + + - name: reverse_mpls_label_stack_section + type: keyword + + - name: reverse_mpls_label_stack_section10 + type: keyword + + - name: reverse_mpls_label_stack_section2 + type: keyword + + - name: reverse_mpls_label_stack_section3 + type: keyword + + - name: reverse_mpls_label_stack_section4 + type: keyword + + - name: reverse_mpls_label_stack_section5 + type: keyword + + - name: reverse_mpls_label_stack_section6 + type: keyword + + - name: reverse_mpls_label_stack_section7 + type: keyword + + - name: reverse_mpls_label_stack_section8 + type: keyword + + - name: reverse_mpls_label_stack_section9 + type: keyword + + - name: reverse_mpls_payload_length + type: long + + - name: reverse_mpls_payload_packet_section + type: keyword + + - name: reverse_mpls_top_label_exp + type: short + + - name: reverse_mpls_top_label_ipv4_address + type: ip + + - name: reverse_mpls_top_label_ipv6_address + type: ip + + - name: reverse_mpls_top_label_prefix_length + type: short + + - name: reverse_mpls_top_label_stack_section + type: keyword + + - name: reverse_mpls_top_label_ttl + type: short + + - name: reverse_mpls_top_label_type + type: short + + - name: reverse_mpls_vpn_route_distinguisher + type: keyword + + - name: reverse_multicast_replication_factor + type: long + + - name: reverse_nat_event + type: short + + - name: reverse_nat_originating_address_realm + type: short + + - name: reverse_nat_pool_id + type: long + + - name: reverse_nat_pool_name + type: keyword + + - name: reverse_nat_type + type: short + + - name: reverse_new_connection_delta_count + type: long + + - name: reverse_next_header_ipv6 + type: short + + - name: reverse_non_empty_packet_count + type: long + + - name: reverse_not_sent_layer2_octet_total_count + type: long + + - name: reverse_observation_domain_name + type: keyword + + - name: reverse_observation_point_id + type: long + + - name: reverse_observation_point_type + type: short + + - name: reverse_observation_time_microseconds + type: long + + - name: reverse_observation_time_milliseconds + type: long + + - name: reverse_observation_time_nanoseconds + type: long + + - name: reverse_observation_time_seconds + type: long + + - name: reverse_octet_delta_count + type: long + + - name: reverse_octet_delta_sum_of_squares + type: long + + - name: reverse_octet_total_count + type: long + + - name: reverse_octet_total_sum_of_squares + type: long + + - name: reverse_opaque_octets + type: keyword + + - name: reverse_original_exporter_ipv4_address + type: ip + + - name: reverse_original_exporter_ipv6_address + type: ip + + - name: reverse_original_flows_completed + type: long + + - name: reverse_original_flows_initiated + type: long + + - name: reverse_original_flows_present + type: long + + - name: reverse_original_observation_domain_id + type: long + + - name: reverse_os_finger_print + type: keyword + + - name: reverse_os_name + type: keyword + + - name: reverse_os_version + type: keyword + + - name: reverse_p2p_technology + type: keyword + + - name: reverse_packet_delta_count + type: long + + - name: reverse_packet_total_count + type: long + + - name: reverse_payload + type: keyword + + - name: reverse_payload_entropy + type: short + + - name: reverse_payload_length_ipv6 + type: integer + + - name: reverse_port_id + type: long + + - name: reverse_port_range_end + type: integer + + - name: reverse_port_range_num_ports + type: integer + + - name: reverse_port_range_start + type: integer + + - name: reverse_port_range_step_size + type: integer + + - name: reverse_post_destination_mac_address + type: keyword + + - name: reverse_post_dot1q_customer_vlan_id + type: integer + + - name: reverse_post_dot1q_vlan_id + type: integer + + - name: reverse_post_ip_class_of_service + type: short + + - name: reverse_post_ip_diff_serv_code_point + type: short + + - name: reverse_post_ip_precedence + type: short + + - name: reverse_post_layer2_octet_delta_count + type: long + + - name: reverse_post_layer2_octet_total_count + type: long + + - name: reverse_post_mcast_layer2_octet_delta_count + type: long + + - name: reverse_post_mcast_layer2_octet_total_count + type: long + + - name: reverse_post_mcast_octet_delta_count + type: long + + - name: reverse_post_mcast_octet_total_count + type: long + + - name: reverse_post_mcast_packet_delta_count + type: long + + - name: reverse_post_mcast_packet_total_count + type: long + + - name: reverse_post_mpls_top_label_exp + type: short + + - name: reverse_post_napt_destination_transport_port + type: integer + + - name: reverse_post_napt_source_transport_port + type: integer + + - name: reverse_post_nat_destination_ipv4_address + type: ip + + - name: reverse_post_nat_destination_ipv6_address + type: ip + + - name: reverse_post_nat_source_ipv4_address + type: ip + + - name: reverse_post_nat_source_ipv6_address + type: ip + + - name: reverse_post_octet_delta_count + type: long + + - name: reverse_post_octet_total_count + type: long + + - name: reverse_post_packet_delta_count + type: long + + - name: reverse_post_packet_total_count + type: long + + - name: reverse_post_source_mac_address + type: keyword + + - name: reverse_post_vlan_id + type: integer + + - name: reverse_private_enterprise_number + type: long + + - name: reverse_protocol_identifier + type: short + + - name: reverse_pseudo_wire_control_word + type: long + + - name: reverse_pseudo_wire_destination_ipv4_address + type: ip + + - name: reverse_pseudo_wire_id + type: long + + - name: reverse_pseudo_wire_type + type: integer + + - name: reverse_relative_error + type: double + + - name: reverse_responder_octets + type: long + + - name: reverse_responder_packets + type: long + + - name: reverse_rfc3550_jitter_microseconds + type: long + + - name: reverse_rfc3550_jitter_milliseconds + type: long + + - name: reverse_rfc3550_jitter_nanoseconds + type: long + + - name: reverse_rtp_payload_type + type: short + + - name: reverse_rtp_sequence_number + type: integer + + - name: reverse_sampler_id + type: short + + - name: reverse_sampler_mode + type: short + + - name: reverse_sampler_name + type: keyword + + - name: reverse_sampler_random_interval + type: long + + - name: reverse_sampling_algorithm + type: short + + - name: reverse_sampling_flow_interval + type: long + + - name: reverse_sampling_flow_spacing + type: long + + - name: reverse_sampling_interval + type: long + + - name: reverse_sampling_packet_interval + type: long + + - name: reverse_sampling_packet_space + type: long + + - name: reverse_sampling_population + type: long + + - name: reverse_sampling_probability + type: double + + - name: reverse_sampling_size + type: long + + - name: reverse_sampling_time_interval + type: long + + - name: reverse_sampling_time_space + type: long + + - name: reverse_second_packet_banner + type: keyword + + - name: reverse_section_exported_octets + type: integer + + - name: reverse_section_offset + type: integer + + - name: reverse_selection_sequence_id + type: long + + - name: reverse_selector_algorithm + type: integer + + - name: reverse_selector_id + type: long + + - name: reverse_selector_id_total_flows_observed + type: long + + - name: reverse_selector_id_total_flows_selected + type: long + + - name: reverse_selector_id_total_pkts_observed + type: long + + - name: reverse_selector_id_total_pkts_selected + type: long + + - name: reverse_selector_name + type: keyword + + - name: reverse_session_scope + type: short + + - name: reverse_small_packet_count + type: long + + - name: reverse_source_ipv4_address + type: ip + + - name: reverse_source_ipv4_prefix + type: ip + + - name: reverse_source_ipv4_prefix_length + type: short + + - name: reverse_source_ipv6_address + type: ip + + - name: reverse_source_ipv6_prefix + type: ip + + - name: reverse_source_ipv6_prefix_length + type: short + + - name: reverse_source_mac_address + type: keyword + + - name: reverse_source_transport_port + type: integer + + - name: reverse_src_traffic_index + type: long + + - name: reverse_sta_ipv4_address + type: ip + + - name: reverse_sta_mac_address + type: keyword + + - name: reverse_standard_deviation_interarrival_time + type: long + + - name: reverse_standard_deviation_payload_length + type: integer + + - name: reverse_system_init_time_milliseconds + type: long + + - name: reverse_tcp_ack_total_count + type: long + + - name: reverse_tcp_acknowledgement_number + type: long + + - name: reverse_tcp_control_bits + type: integer + + - name: reverse_tcp_destination_port + type: integer + + - name: reverse_tcp_fin_total_count + type: long + + - name: reverse_tcp_header_length + type: short + + - name: reverse_tcp_options + type: long + + - name: reverse_tcp_psh_total_count + type: long + + - name: reverse_tcp_rst_total_count + type: long + + - name: reverse_tcp_sequence_number + type: long + + - name: reverse_tcp_source_port + type: integer + + - name: reverse_tcp_syn_total_count + type: long + + - name: reverse_tcp_urg_total_count + type: long + + - name: reverse_tcp_urgent_pointer + type: integer + + - name: reverse_tcp_window_scale + type: integer + + - name: reverse_tcp_window_size + type: integer + + - name: reverse_total_length_ipv4 + type: integer + + - name: reverse_transport_octet_delta_count + type: long + + - name: reverse_transport_packet_delta_count + type: long + + - name: reverse_tunnel_technology + type: keyword + + - name: reverse_udp_destination_port + type: integer + + - name: reverse_udp_message_length + type: integer + + - name: reverse_udp_source_port + type: integer + + - name: reverse_union_tcp_flags + type: short + + - name: reverse_upper_ci_limit + type: double + + - name: reverse_user_name + type: keyword + + - name: reverse_value_distribution_method + type: short + + - name: reverse_virtual_station_interface_id + type: keyword + + - name: reverse_virtual_station_interface_name + type: keyword + + - name: reverse_virtual_station_name + type: keyword + + - name: reverse_virtual_station_uuid + type: keyword + + - name: reverse_vlan_id + type: integer + + - name: reverse_vr_fname + type: keyword + + - name: reverse_wlan_channel_id + type: short + + - name: reverse_wlan_ssid + type: keyword + + - name: reverse_wtp_mac_address + type: keyword + + - name: rfc3550_jitter_microseconds + type: long + + - name: rfc3550_jitter_milliseconds + type: long + + - name: rfc3550_jitter_nanoseconds + type: long + + - name: rtp_payload_type + type: short + + - name: rtp_sequence_number + type: integer + + - name: sampler_id + type: short + + - name: sampler_mode + type: short + + - name: sampler_name + type: keyword + + - name: sampler_random_interval type: long + - name: sampling_algorithm + type: short + - name: sampling_flow_interval type: long - name: sampling_flow_spacing type: long - - name: flow_sampling_time_interval + - name: sampling_interval type: long - - name: flow_sampling_time_spacing + - name: sampling_packet_interval + type: long + + - name: sampling_packet_space + type: long + + - name: sampling_population + type: long + + - name: sampling_probability + type: double + + - name: sampling_size + type: long + + - name: sampling_time_interval + type: long + + - name: sampling_time_space + type: long + + - name: second_packet_banner + type: keyword + + - name: section_exported_octets + type: integer + + - name: section_offset + type: integer + + - name: selection_sequence_id + type: long + + - name: selector_algorithm + type: integer + + - name: selector_id + type: long + + - name: selector_id_total_flows_observed + type: long + + - name: selector_id_total_flows_selected + type: long + + - name: selector_id_total_pkts_observed type: long - - name: hash_flow_domain + - name: selector_id_total_pkts_selected + type: long + + - name: selector_name + type: keyword + + - name: service_name + type: keyword + + - name: session_scope + type: short + + - name: silk_app_label type: integer - - name: transport_octet_delta_count + - name: small_packet_count type: long - - name: transport_packet_delta_count - type: long + - name: source_ipv4_address + type: ip - - name: original_exporter_ipv4_address + - name: source_ipv4_prefix type: ip - - name: original_exporter_ipv6_address + - name: source_ipv4_prefix_length + type: short + + - name: source_ipv6_address type: ip - - name: original_observation_domain_id - type: long + - name: source_ipv6_prefix + type: ip - - name: intermediate_process_id - type: long + - name: source_ipv6_prefix_length + type: short - - name: ignored_data_record_total_count - type: long + - name: source_mac_address + type: keyword - - name: data_link_frame_type + - name: source_transport_port type: integer - - name: section_offset + - name: source_transport_ports_limit type: integer - - name: section_exported_octets - type: integer + - name: src_traffic_index + type: long - - name: dot1q_service_instance_tag - type: short + - name: ssl_cert_serial_number + type: keyword - - name: dot1q_service_instance_id - type: long + - name: ssl_cert_signature + type: keyword - - name: dot1q_service_instance_priority + - name: ssl_cert_validity_not_after + type: keyword + + - name: ssl_cert_validity_not_before + type: keyword + + - name: ssl_cert_version type: short - - name: dot1q_customer_source_mac_address + - name: ssl_certificate_hash type: keyword - - name: dot1q_customer_destination_mac_address + - name: ssl_cipher type: keyword - - name: post_layer2_octet_delta_count - type: long + - name: ssl_client_version + type: short - - name: post_mcast_layer2_octet_delta_count - type: long + - name: ssl_compression_method + type: short - - name: post_layer2_octet_total_count - type: long + - name: ssl_object_type + type: keyword - - name: post_mcast_layer2_octet_total_count - type: long + - name: ssl_object_value + type: keyword - - name: minimum_layer2_total_length - type: long + - name: ssl_public_key_algorithm + type: keyword - - name: maximum_layer2_total_length - type: long + - name: ssl_public_key_length + type: keyword - - name: dropped_layer2_octet_delta_count + - name: ssl_server_cipher type: long - - name: dropped_layer2_octet_total_count - type: long + - name: ssl_server_name + type: keyword - - name: ignored_layer2_octet_total_count - type: long + - name: sta_ipv4_address + type: ip - - name: not_sent_layer2_octet_total_count - type: long + - name: sta_mac_address + type: keyword - - name: layer2_octet_delta_sum_of_squares + - name: standard_deviation_interarrival_time type: long - - name: layer2_octet_total_sum_of_squares - type: long + - name: standard_deviation_payload_length + type: short - - name: layer2_frame_delta_count - type: long + - name: system_init_time_milliseconds + type: date - - name: layer2_frame_total_count + - name: tcp_ack_total_count type: long - - name: pseudo_wire_destination_ipv4_address - type: ip - - - name: ignored_layer2_frame_total_count + - name: tcp_acknowledgement_number type: long - - name: mib_object_value_integer + - name: tcp_control_bits type: integer - - name: mib_object_value_octet_string - type: short + - name: tcp_destination_port + type: integer - - name: mib_object_value_oid - type: short + - name: tcp_fin_total_count + type: long - - name: mib_object_value_bits + - name: tcp_header_length type: short - - name: mib_object_value_ip_address - type: ip - - - name: mib_object_value_counter + - name: tcp_options type: long - - name: mib_object_value_gauge + - name: tcp_psh_total_count type: long - - name: mib_object_value_time_ticks + - name: tcp_rst_total_count type: long - - name: mib_object_value_unsigned + - name: tcp_sequence_number type: long - - name: mib_object_identifier - type: short + - name: tcp_source_port + type: integer - - name: mib_sub_identifier + - name: tcp_syn_total_count type: long - - name: mib_index_indicator + - name: tcp_urg_total_count type: long - - name: mib_capture_time_semantics - type: short + - name: tcp_urgent_pointer + type: integer - - name: mib_context_engine_id - type: short + - name: tcp_window_scale + type: integer - - name: mib_context_name - type: keyword + - name: tcp_window_size + type: integer - - name: mib_object_name - type: keyword + - name: template_id + type: integer - - name: mib_object_description + - name: tftp_filename type: keyword - - name: mib_object_syntax + - name: tftp_mode type: keyword - - name: mib_module_name - type: keyword + - name: timestamp + type: long - - name: mobile_imsi - type: keyword + - name: timestamp_absolute_monitoring-interval + type: long - - name: mobile_msisdn + - name: total_length_ipv4 + type: integer + + - name: traffic_type + type: short + + - name: transport_octet_delta_count + type: long + + - name: transport_packet_delta_count + type: long + + - name: tunnel_technology type: keyword - - name: http_status_code + - name: udp_destination_port type: integer - - name: source_transport_ports_limit + - name: udp_message_length type: integer - - name: http_request_method - type: keyword + - name: udp_source_port + type: integer - - name: http_request_host - type: keyword + - name: union_tcp_flags + type: short - - name: http_request_target - type: keyword + - name: upper_ci_limit + type: double - - name: http_message_version + - name: user_name type: keyword - - name: nat_instance_id - type: long - - - name: internal_address_realm - type: short + - name: username + type: keyword - - name: external_address_realm + - name: value_distribution_method type: short - - name: nat_quota_exceeded_event + - name: viptela_vpn_id type: long - - name: nat_threshold_event - type: long + - name: virtual_station_interface_id + type: short - - name: http_user_agent + - name: virtual_station_interface_name type: keyword - - name: http_content_type + - name: virtual_station_name type: keyword - - name: http_reason_phrase - type: keyword + - name: virtual_station_uuid + type: short - - name: max_session_entries - type: long + - name: vlan_id + type: integer - - name: max_bib_entries - type: long + - name: vmware_egress_interface_attr + type: integer - - name: max_entries_per_user - type: long + - name: vmware_ingress_interface_attr + type: integer - - name: max_subscribers - type: long + - name: vmware_tenant_dest_ipv4 + type: ip - - name: max_fragments_pending_reassembly - type: long + - name: vmware_tenant_dest_ipv6 + type: ip - - name: address_pool_high_threshold - type: long + - name: vmware_tenant_dest_port + type: integer - - name: address_pool_low_threshold - type: long + - name: vmware_tenant_protocol + type: short - - name: address_port_mapping_high_threshold - type: long + - name: vmware_tenant_source_ipv4 + type: ip - - name: address_port_mapping_low_threshold - type: long + - name: vmware_tenant_source_ipv6 + type: ip - - name: address_port_mapping_per_user_high_threshold - type: long + - name: vmware_tenant_source_port + type: integer - - name: global_address_mapping_high_threshold - type: long + - name: vmware_vxlan_export_role + type: short - name: vpn_identifier type: short + - name: vr_fname + type: keyword + + - name: waasoptimization_segment + type: short + + - name: wlan_channel_id + type: short + + - name: wlan_ssid + type: keyword + + - name: wtp_mac_address + type: keyword + + - name: xlate_destination_address_ip_v4 + type: ip + + - name: xlate_destination_port + type: integer + + - name: xlate_source_address_ip_v4 + type: ip + + - name: xlate_source_port + type: integer + diff --git a/x-pack/filebeat/input/netflow/decoder/fields/gen.go b/x-pack/filebeat/input/netflow/decoder/fields/gen.go index 743c1a062cb..2f5d04b28ad 100644 --- a/x-pack/filebeat/input/netflow/decoder/fields/gen.go +++ b/x-pack/filebeat/input/netflow/decoder/fields/gen.go @@ -131,6 +131,11 @@ func main() { filtered.WriteByte('\n') } } + if scanner.Err() != nil { + fmt.Fprintf(os.Stderr, "Failed reading from %s: %v\n", *header, err) + os.Exit(2) + } + reader := csv.NewReader(filtered) for lineNum := 1; ; lineNum++ { record, err := reader.Read() diff --git a/x-pack/filebeat/input/netflow/doc.go b/x-pack/filebeat/input/netflow/doc.go index 371e8cd6685..c5fee475d7e 100644 --- a/x-pack/filebeat/input/netflow/doc.go +++ b/x-pack/filebeat/input/netflow/doc.go @@ -4,4 +4,5 @@ package netflow -//go:generate go run fields_gen.go -output _meta/fields.yml --column-name=2 --column-type=3 --header _meta/fields.header.yml decoder/fields/ipfix-information-elements.csv +// Generate fields.yml for all Netflow fields. +//go:generate go run fields_gen.go --header _meta/fields.header.yml -output _meta/fields.yml decoder/fields/ipfix-information-elements.csv,2,3,true decoder/fields/cert_pen6871.csv,3,4,true decoder/fields/cisco.csv,1,4,true decoder/fields/assorted.csv,3,4,true diff --git a/x-pack/filebeat/input/netflow/fields.go b/x-pack/filebeat/input/netflow/fields.go index c1b9fcf244e..5dd614b6b22 100644 --- a/x-pack/filebeat/input/netflow/fields.go +++ b/x-pack/filebeat/input/netflow/fields.go @@ -19,5 +19,5 @@ func init() { // AssetNetflow returns asset data. // This is the base64 encoded gzipped contents of input/netflow. func AssetNetflow() string { - return "eJysXU2T5CbSvs+vUPjyXl5P+Gv2Yw572nWsD7vrgw97IxDKknBLQAOq6vKv3wAkFVWCahL1HBzhnn4eEkiS/ELzbfMC16+NAHsa5eVT01huR/jafPNvsD+P8vLNp6bpwDDNleVSfG3+9qlpmuZnDmNnmpOWU7P8ZkNF1/zy68+//LdxVObzp6Y5+V/76iHfNoJOEA/l/tirgq9Nr+Wslp8kRnt3xM/Lr8XjxWO6UbYfroO+wPUidRf9PDO0+/PbAB7WyNM2vAYmdbegWuia9trYgZsGziDs5087MeBNSW1B70SJ5/+OIP8CSztqaaNhpBa6xsrGDrBxNx2cOYPGDtQ2PQjQ4becXEHgzxHf44LF0tKu02DM3d/l1+4dsd2ffywi/p9xSnCR+mUdo+Gi+eXXr+6vm5PUE41XL5bJyFkzIPxx5CDVKEWPE+k/rQF9pu6vm05O1Mnxd7ekl4GzIV61pgVHbzKCWT6BsXRSScE6agEn2G98Aq/fDuqULuxvZvRZufHJxMeRpzcMvzT/lBePutcupSVzGzZQ07QAotGzEFz0/++2MIwPTIout05n0IZLkZSRCwv93ekoEHM9jAtxMxvoEkdPMguWdDBaSpichd2dQb9CO5yi7KUKGBDO0uHG09JKJkfCOxCWn3jCWphBaruHckXYSI0h8kScVnO2t3kZqGWKMCmsliNpuTU73Lo1O+RyIK2mwjgVIe4/aDhX55/I3t4sYPUcpzSc+BsZQfR2KF4s0bvBiJNMn2hiqXLbaiwX3mBUTzrmQM98B66aPtTNnisi4M2SQSq85G2vyLJv1BAxT21Ct9PjOmg88Rp8veBKGksmRo0l1eYg4qg1Rd6WgOiIuRoyK+JMPgZqLNW2AuxFr7af8siqTVzwaZ4IV8RKS8eclmfQ9O0A+mZi/nTkgOLA8aBVB3s3ehWL15eRtjB6klLrwCZF3C8QJrtgnMuNIu8XcKmMhk5q5KIPRuxMx9J9XXF07KXmdphQq0KZ5Wfw50fOCKPvwbwbK6Agei4AtTgL5M5Pfg4IDl63HPRwXjBHdSOYwBjawxEKv1bB7a6g8fZdy9mCJoZVuhNH7uIi7KRGQ6xUyzHDbO4DFO88uRMAGqEdK2KSHe58giaaik5O2FMaPNmEhM8vCmv3A+RWcbkdEJCTpv0Ewm7OOfN7j7kKDzjpi5JOlGV3ew3L02PH6lrFch6pSO1J1nL5YdEorsg+THzfMndcA0vuRz5gip1C3E396FLi0B4AbxaEmyYZgHag99CMst+ff2MpeyEGN3fPkcD/cJTgx6MEe58BSfDlKMHe30ES/PkowV+OEvz1KMH339V4nPW26Yhx26JY4v6/BhflmMrh6wWHG7TWv1piKDzwNNLeEOrixvy9n4Gu9508nQxgnF2pL1R3zss2ltp5v5nP1PGsRPDfSMedbvUzN0N5HuzBPFYFQEYzYjU9nTgjXHSw9+ky6SFjq3BUqXHxJuqUMSYo9+tiFE6NV2em46fgyISYT0meUMzcRs2j5T4louEmx4kyK0sTO8GXwonuMZvzRtCh0kivoH9YzuNiLtEnJEli+B/7eeAoOmpp6UQ2F4Z2v1PmznlNXk1pONczrIUFfBQTI5EZGi2V2kLditT+gq+vDdwJgDfpDwLU3AlLKlEDNeVOI5PTJAVRWirQlgMiQJO3QlswEuXQfVpp76BlD8k+VsbpyuhsA6O6K5fXVwTKI1ewoN1FuVTWypHhAFRBLUxqpDZp9bJLeXFxHBuoEG4hi82lhxmTAGQt9JIrq1CtUMNFeDhRYjzULXdAX7vNn6AKWBgvLpZiB63FriMzLatHrsOGkQUVtQNXQsO4wUQ/lf0dQ1nNYK7GwkS44JZERXr8TLpZL0HWM4In04gI0LMIZ2xNzVbkZHsh9ZEbayWovTKFdCdc2NoJbPjqGWwM1bd+urRTdI3t60pFsKj0VxGxRqW/ShflBa4ujHKuenFIsK/WVooeV2srFHbzWpJ1sFxK0qHy1bNnqHWs4uzV3VjFqLnbqvi4rgcHjFUYh7asclgHPDgsvM4gGOACG4ek7EXIywhdDz6Ngia4cNG5SwwVFzrgrHtvrKTPceGwIRmN7aepxMWFeWTFWNHrKGkXgRFxAVeYwk9I9If5YQ6Ljz7u5Sw1H8dSK9zH5Qw6p7iloC3d51OGpag4ijbz5AtbrzPVUOxbRBa2iuCxlIqoAT5mv3H9JY/oDhQOfBMa3hRmb2tUyhngtTifAeaPiyFbtq5czvNPhA/Fm+F/X/q8Z+nOO3OFQyja+bS0V7piHWdyHIFZWZGmuoPicg8hwEc36S2wrZMUWUtd4FFz40KEX6zaBskttVdL4K/tq6hw2xzyxGuR2tS4ig6pzFCJdIanDjnrvqq9pqabznvUgm6FvromTEdwqHt2YVGbHLUadiP6iI5gNy+pee95RL9OiWigY3F7miPxL0+KDa7glrvIKmcN01upwSgpnCuEgp24hgsdR6yMoVP5rE/liVE85KzJqaIAVn+Jx949oyPCvW95XbcL2AG0AFvnp2/od1yPvE1fCZ4aj3zPvLTfv+JbiQJMaS41t9fSyQYUm42VE+jaUTc8dvgJrJYEziw1aFYhbyiL6CVUBuZOkgvXyWJAxphHoORgebMZIdcHJw8PyZ7ePYs1UMPVcEZHvG90EB/66Op0McLWq9btGOHWfSnX44PCxZvzt1tl+nrxKA2zihirgU6oKU/0jawUqHEdsLJOs8ZJU/eFsAHYi5mL7+EVa5hE9PRyUTlJLkh1FUsq+joDMhgyYHzTIm5+8V5UFJEe8GgdvMPja0kPq1wzgUcG/BTuGfCTuAVmDPTSvlz+omCNySqwHbV06ed3Pu3IacvH1IXYSjkCFc9rvKF9AHPJCbi420asPTLoho0IbObpVknDFdEiFh8oUJZr1yqOoXAJhVwMhWNxBErKZA9ApvS1InAuNhVSXCf+x9IXlkxKZm+Ne7AFNgj+OiOuTC7CS3TfIzaGBH66pS9/6/6gwshylP1e27MTt7PvsaiBgmD6qix0Vei2V+RMR95xe/Wdm8VHjCt3GIhRvFAneg3kBfay5TUIc+JvoW2oAeJjWxwu0YOC03UDq5e1lZuKj1fASkRjb1K3ES7ZNmL+DV0eu76/W6qztc/31sZHVe69b1jvydYO7MFVwybreO9NU6p5xDwzuiG1bHMXbSfndky4CP6mHrl4ISdN3TRRlcdbEfC+KxVhRNb0Qh3BTvyPeRSDwh+bQXSWl0yJerGGrP03eIsQs4QfF7PQ1shxtkBA60T7RU6H/Idp+BkLi01oOGK4UOYRXuFhJzjQfv6OA++nd7wHY8lAzeBu44TTkt4vD4jOUKYnvQyMsFUeKmerZks0FS5s5qXWKoGlpY8mPHbV6bqRH9G4sZeNCuKXBzNhqb2H4jRUozZ5O9o4/2JWysVunIx84ntZc4dylJcaGJPixH2aiYxwhv0VmwOmHBNv1HHOX4Kk5lFNigi37CmGoGot9MWqmmcBccTlMzBRYTkrTv2kSGaB+mCQ0vxM3Z3ivC+luUH2VZ25tjP1F3QIX7dHfOUt6XkO3O4+8sxzvQy4kcPbH2Kgz/nu6dVbcLUvX+7gFaXjJX0/C36sP3Mlur0gO0zVakm7Y1TwQbODD5NokoJbqeOvpMT5R2yqOcG2pWORXD7THWyYFwhhQG7IlPUrwRkLChnaRGgxT768j/lKmqV1T5sdEN3kcLGq9iH1w2fB0tfuU62twmr7fpttvrHYoB9hx+9eGbXQS309QGHm9iNo/FdAsc/JQ9fI6CsDhigNJtVdkcla3YOXpFlxfPgAZ3JSI5TDw+NuZoNF822fa147q7qlTPcJ7sN0JU1LdaJ9AGFJNaBSOCyhD2T8q33N2zk8NgI7yGKvSJ/Yj1++fEd+59aCrnnqtGNAv3V6YHgWv2eW1df4O9inwrMh4UNbAAobaoIHMrIRwYFX0fcs1W+j72lCqxOaZJ//CibqcBot0CDzaFtGNrxrrUw7h4VRlPG7L/m+v5ZHkt4JBpwIPtcRdtGXRcq18tZLWauRUTdmrTZuV1z9dwqSFLiK60Zx5Kmz3/kJOnfD41+Mr+8vo1J+zRPGh/x80kV8UnWq+9bGirv/xiHCfQ/WeflcG+HCWOocVUv3p+BpR+GOoXj5M/iDjY1HPrq0u7E+4itQB9MT0bPNj2A6mO3ISVMRxi9fN1xoDnwKt55h/ebIwYVN0tQ/Bz9Is73JPsiTWJSql2wJMY7wBCNbneZbbDRe8aMm30OvNR52uVaeibdEtr8Ds6HSQvb/0MA7F8COIeyQC3MSnlC2xfORpDxbvMMmv9JfCn4SESc/VfuI94tfnLHfwXs696WZoR3Y+6CWs5fi16GPDLMwvBfF3nuEx/+bDA5s5vYZMj+q7zZDf//AIRlVdtaw1tGRVR7PIIWFN4v/OloMxqWyooWuBlaV+SK8uQqbqAE/hU6ym0ds6WiSLR+B8MnsI/33QJPhpkPMb7C+8Z7a2fin5AjPOfVIzmSKwVkWP76G1xmcQ5TOBz0XfgUPMvH8uAxqqe4TQcNz8NrKn3tCm0ULaiu8fB+iuTiv6v0fvB1BO4lfZ2kpgTcG0EGXeaj3pEFz0GAGOeKQfqF9Dp/2KdTzHfKmJtcO/p5mUCMFUYOmBnNy6RtZn0CAsJqXf6eAvpGWtxWoBUEUaL9UCKiZ2/DPk5V/Xpq+kfVTEG5I4R/Mu9UyMLVjacvuqoW+8Xvg/XDTjxoG/9mmagJtyUSVchM5KErE9GEirdtaJ1s/yjY69YfmeVaiwMv5XwAAAP//WmxoCA==" + return "eJysXc2S2ziSvvdTKGYOe9nusF1lt+3DnmYndg67O4c57A0BkSkKXSTAAkCp1E+/AfBHpAhQyAR96Imx9X3ETyIBZCYy/5r455e/Hv51FuZwEjUchDlUIEFzC+Vvh7+pg1T20KhSnG6//ZLM+OvhDW4/DxLsqVbXXw4HK2wNPw9/+R+wf6/V9S+/HA4lmEKL1golfx7+45fD4XD4u4C6NIeTVs1h+OWBy/Lwj3/+/R//d3BU5rdfDoeT/9lPD/n1IHkD80+5P/bWws9DpVXXDn9Twol3tWUe+/Nw4rWB6Z9WDXnamN+Gn82bMm+Oa8D0l2N73uB2Vbqc/X3k0+7Pv87gYQd1mj6voVC6HFBHKA/H28G6qYMLSPvbL6tmwEertAW9asp8aJ405L/B8pJbftBQO6k4WHWwZ5i4DyVcRAEHe+b2Ljt9u/oG/zbjexyweWt5WWowZvFv8bF70mz35z+HJv6bcfJxVfpt/MZByMM//vnT/fPhpHTD56M3b5NRnS6Aiccv962qlaxwTfrfowF94e6fD6VquGvH39yQXs+iOM9H7XAER28iDbOiAWN50wYbVnILuIb9SzTg5dtBndD18xv5ete677NG1LUITxh+aP5LXT1qKV2tVoWbsDM3hyOAPOhOSiGrf3dT2H8fCiXL2DhdQBuhZLCNQlqoFqsjoZnjYhyID52BMrD0+NGourPAQGu1XoCl6o41BGC9fLJWqZqdRXVm9qzBnFVdrjj8EG8z1OqaQaAta3jbClnlNmXGtFuTWtCsM6CJbTsVrNXKqkLVK8goGJso5v4qquTXUKnkrRF/+rXPTjWvDOK7C7CF4izFe7f+epygbWtR9PBjZ4QEY37VUMOFy2LNExmzGUnBLVRK37CjMKOYLTQagd/FMhpwtrZlnRbMWG6FsaJYT4k5K21TaAzoX3kF0lIoxFpsE1D0npvuuMcMWs1PJ1H8WtTcrIcuIkTasqIWIC0bNmXW7yX8QzRdk8si5A4shsDQ8uINLGoUVCctc4cqpsG0ShrAwyVcWaGkhMLNCB5P//KEZGdhrKo0b9ixc4PweUeuLztyvezI9boj19cdub7tyPU7gctqLk0jjCFJo0dztChnKpJMDZKhOsaxp7b8AY9u+hKPa7u7yIDOHfsgC7ofIRZSb3InJExD7U/+9OB3Jassr7PHIciCHoYQC24UeoaZWsnr0JqI2KcVEaJbxkBzrKFkJ82rxh1evPJMhXelGBABw1AEcwHNK2DueqG51uLiuiACx8Yw/li17rRvhezPjdww2TXH5O87vIQPy3j5By9cj8kMZ9Uy0V5e2draNFyh2ufob2h0q+GS1/rBEkWBXngtSmFv/p6znrPITeMoTu6uXgrdny3TcbIkDLFD+VXhL/nuP+m3W3//CF2iwmPS/xx37fEYcRpvPiArIQFxbytUXcNCcdxNVysOb76LUSjNCtC2b0vybN7B6KlZQHGif4eSp1Y1jZKs1ap1nQbMNCt5EiXIAlgNF1ibeWJGOHefogyTlBndHK9wbidgZaeHi3pEQqI9HlnmGwxmxKTVvHhLh5Tccna8WUBtQh5VC/nm9jC3++FUzAou/kTYwh7RQWfNNro30RumoRb8KGphbyuGo1I1cBlggNpy5pUrasxmGyhaOFfgVsNJfORgWQ2ysufkOVuy4PTICkxv/rf85je8iLY+uoHMCahaohQVGMvO3Jzdph4wAEdER7hvF+MtW53YclCivaHRbcgmkTAuLamEoyMvv68T0w7dvHOheygN4509Ky0st+KSfBBwwAJ39nGQwIYQF1NpWPPB4KM4c1khP9R8+AUKGkKOic1vSlMiT3Ue9cF6TyxmBFurKd96J0A0doNyoA70bbo4YzqmNXozloYZxRl8tEIna6QBhLs/jygNJw1mrbufoaxeb9PbGANa8PXJcRPUEATDKK4pMH3BbiEjSgunOtbj8RRpua6A8MUriOqMxFmLGXv7YZk7niHGUNnP76zojFUNaFaCQBzjHrG5B4QlX3SCYstwCR92lj1acql58A4RnzmPJwwmrc8G9EW4XVQay+VjtM6m0ITxOzXD8grHgB9ordoWSlbzG+gvTBUWLOuvF6ibRYimt1NSaHKbkfv93uad0YCBgNACY0efOBOyhPUFJYyDyoe3HLXiZcGNpbdgYPKG2hNPjux4hIWPHJvY9nwzouA19dudFLt0/aJPyesfZKFvrYWyD6lRtarWiz6qJtE2wAEQHNsYxJ5BS7DsDLwEjby0TuiW32rFyxg8qmAmgn466HDUCbY/SRL9G33kIF4Ke9gU3LWOG9we6R5uCtsyYzXwBqXIB/jMLhALTdv8vhuzWl0H8xRlDY00DRjDK8ihoKrxMfSTYuWesGgD2RyJs01NSKpVpyfwIY19sGv6AQY+LGjJ67HBTAOv17epyGidhIYrr2vm48cRKGOZP8wzqSSDprW3adMdvUXJkXQ93YoIZ9LtSQbokUsZ8I9F9biPxWRclszwpq2dDKSOv19tvLDi0nunVYeY9x5srRbHzgYCsLaBaL9cjxodC40otMJ5Fx4JNhxYGwQgy+FoRm2CY9jEht1nMyza9TZhJZfUz2rgBjlbDkb8mrkZ1rUYJ72H4iRflDVV7t/g5o7ITrsHwuM3vlnzI9ReS2NQfmU7Feudr/5wcEm26wQYTMsLIdf3uy0CqKGYtmj87WRJQr1kLVnIV6UZjdKM15W7MJ/XO8+2EBjLtc3UBj0HVR+MaJpG6NFEndCD6UDaArf8WAM71Z0599s+ftp7ihb4Gw6r9JXr0i0hY7nt0k8I4zUg/GjiGUqUIO0UuZHa2BGtTieDsXaeruxY8+JNdX5uk0XZR3GfRNW5iw/Gt+eQ1jCjC2aq5Lm4DpMfDoxIASG2iiuDDxs5ZG4N5IRivMb0bIKVYArEOfDKzrw+MdWCxEn2HHgWVapjYoHToWtOFNfwD2YAFWV9ujLd1QgHw+nKTNc0XN9Y+4bUE1f2p5LAWi4wp+k5KugMCeOqWh1nd6CsN2uVBnc2Sfy198QPXnnV2TZwDIqavD22PwuE3Y/RpeGRQgoruNu2NEpf9OB2MglFFFwaOHhL24D2Y8Q0l5UPwqVjA+O1gZ0OPKQvP6LTv21t6/S6dcooaAOLLj4PHa0wMWPUNrq/cLD2rHnAB/wM+975UBNl1rKRBm3AntV62aWBI07GbXB/rGCFKhGmg+n1Hgu/3ot+UhRN67/ljU2px5IFan2F2UK5X2x8MNrDNXj93QQwupcjKr2X1YBKB0jlzkuzmDyCwXFkGdxfQ1BgLg3V/DnS5OLJfhQh+4wIPsy5Bn8K9gOMmpkQCeW9b4gIY1kP4oOuORRF8HSC6kS/lxyhSt5N4iwgU483IQ4DDZeYx88hkk6KwDOjjTHdzeU5UmE9Piscxuk5gpuutpl+y5GK7EAdCbI9qCMRxoU6HEOZLVrc/bwHWqV7TZd6i7nDcE/b7rNMVEMjHLvyLegGSsEt4N07Hk1274iW9S9d1GkMTkFAS3HqYf2poVUi3UUkWpq/+o4bvUA4F4fIeeQlct54ze5EkS5HZviOI3e51VBAGQyXjYMMFMy06witaDM3IwDiqEAAX7xRSKe7n2JxRnzh8spUi3ld7iFadRY0C9iSwqJw+cbgw4I0PjuIF+jk7822lORufQjuNtKrCbsuU2BIreagfd4v7AcHFOV70jAuzRXj2p2AXhEGfKzPkT6UmoAbryMfmCulB5v+gShhhIxlhbDYjC53rDsr6Fv4Ap0OJ3695lbYLvDlU614VJwcUMmKhtRQ+VxGtP4OaIlHD3FnrBDtGS3OI/gNbuiArAUBziDlod5YclYGfQGawJ1e7zkpMIqBxqFFYwQz3bFPmYgd6/p3xtsWcWCbgQgjVHMLskg1PnuIhgvZFzwRkN3AnsHogqiwHJKqsDyWrrDmcOLXSQrLA0kKyyHpCmuGJnTXnjVwG7E7hs5AS1DA3vgEhNNNNdcVjFKMkd+FyQ8v/pkWw8yw/QDcdI2/7b13XCen9Mo0WAbgOc0wUMWMfFu45e0p/Awoci4NEmD9/kESXBBjLSSwgusS0XdVMdUmd1RdQbNCsFo0Yt23WDqEhuu3xPY0/IMdxZGBtFokz7xDDYgpqycGOsReoyJpHDAnmvABj44fWuDxEUQLOAE6hLe48ZY+JEfDkFco9fThaEixurPQBYKc3I9yCJRouobRbBgjetBOGQwIU0gDXA6R/OlRIR40zAgK1vuYm/IrK85QvIUyUUXb2WNNodJdQw1Y0KRo9wasVgwuRQgSPRzcURgHViOOrOCt7fSYdwzrJfEMSlofjoR9KjQH485rDukdXOjwWodsVNnVWPOMA6rjH1AQfXwz/BisF9gANkZqAJNbbW7SBkJCUqA+9IYdQ86v5w3uwbhcbCt4xbtAjoVE8DoF+jPtvWKIZ9QIHfJX+P7caKwOhVOnDqHCrawF1q9uK4q35A3lkaGTRlQSktWYOPoEzBuyHgNK4mFHDNsJOVh6xYA/8CwZCEeeJQEanHMIGNAZh4CBAXMIUEdRgzdgITRTD2qMMCVGAysprPK78vg24n6wxQ51gGsmNVi2tjbDmw9jefHGSmjTR/0RjJuzRzTSNRfDf/6Uy7BOio0kWGfCRhIkR4LFCNY5r5EEyVFlMYJ1dmskwfdcgh8oApJ/eYGkeZg9hVXt0AP4SLY3PCDRHvk1HueUf8CT8r49cNAVwZ0Dswc8IDEXGAe9tLL3XrM+91jVCRPyOEU5bDEd7zC3lxYdDtRDxmgiH29o4L3z2TtRCW97ovHSPVoTkSYKz6GhAHEBzax6g9QgvXtAmIZ7oYwTL9LvYZLHHstExs4BhDSiBGYuBSY6ckAi0+Y4lNKi8umOZEWLTvIknaW22pc3QrXYI3BXRAd775TlDD4KgBLKyMTEv+oO+pHLzeZnp3cr6C9ilIQEawruTpkFHyuhoB8bjCSacc698RY5ync82m26xuIctgG8kAXXQyIvlOZZclloWl/bJadDnRQ2t1f3oj/uEN610xP+XcgQ70/vRAUvzsA0lEKPUjdLXVwojVFGiaykhMgz8p5Q2+SleIfOunbmQvoIQ4yHbYMqfU8OklAGotPaPwIVBUgDjs10TbLx405UHllRW0o0yYLDHRWO3NDXWXlktapErCZbQje2K8I9nY/yyDS843eJRwKK4h/ApsVdK9bwyJNuHDxvDDp8IOMd7y1LNAnoX/n1+qGvkFEMNQLKsHpMaE6Mszek7MGqQZagd2vkQLdH+0jvJR9I+ie1ZGkY3yKOKZb/DG+YGKZCqTeR15iT0ld2OtIEdCKoMwhwz0EDBNhHoQEKXVyyBsHhc8agT06NiCQMcHR6bQJA4QnhkAGai0Dkyg3gP4acHlA60cqgMrmybXJl27BaRTKEYLqRJ5wmUzgNMz4ALlPTzGnWpuZknv5QQexL/EgRNwtMFO426y5Mgze75YGDTUI3Rhp0oMKKgliyNc5jQTdTNQnKFWyTEJWtc8lZnLmUPjtMahXQKN6XlcEfx5YsqfVDo/hdWpFaeTSK36UVqTVLo/hdWpFa7TSKz2lFf1jNunPOeMTaFRLyQwSxNe9kEbLFpy60nsbbT7VVEYMCgewqZKmuSIt5kC5Lj3gK36ASap4alRgl+UPY9BibKMvw5vhe5zZzxIfZwxuCHik+shdFb4jfoS02qy132xS+QsWSanhp2FfwYFKR2pN5j3QUNKOCQ3o1RZf++ve7rsG8K1qxDNVos1i8tmMNOD0uDCJR5JJnrPDbtSW3ELdepLTpgWvDdJHCRl05Y+niDAkbKPbZCuZkO2wFPV2mHp+RZOjxGct+enxGmicBefr3HlCfsSBGkqqjuBXmDBoGRZ7s/w/zGCD7mOY0wwr3yXaYgfU7fgLZ8PCCRJXjIx39LjRrv9/NWl4B2ct2ZyCBP2aOI4oHrDHi7twL2jmejoFWna81LIiSNWhIawmGnglLMPKYm6lVNSYFpMjOwICtb7QicMNmLG/W159nfcj0wnbyTaqr/PL7OoQyGYq3S0xQvDFhguItABMUf22foPi79gRNTa8egK4jK5Oh65jKZOg6mjIV+p0uTd/p0vSdLk3f6dL0nS5N3+nS9J0uTd/p0vSdLk3f6dL0gy5NP+jS9IMuTT/o0vSDLk0/6NL0gy5NP+jS9IMuTT/I0vTyiSxNL5/I0vTyiSxNL5/I0vTyiSxNL5/I0vTyiSxNL5/I0vTyiSxNL5/o0hR4epIMpUvTZ7o0faZL02e6NH2mS9PntTQlHMwnNF2gPtMF6vNaoBBt/rKWqQTbyYSmi9UXulh9WYsVps2I5NsB9Fq4MGhE7u4Ami5fX9byhfnwWsQQ6JcsEXtZixgGTZeyl7WUIdbVy1rKMGi6Cnuhb4gvdPl6oeuvF/qG+ErfEF/pmuuVLlOv9A3xlb4hvtKl6ZUuTa90aXrN0lavWRvi17VMYdBrscKg15KF6PdXunB9pQvXV7pwfaUL11e6cH1Lfj69xgZMN8lYunnghX55faXfyl7pt7JX+knlNXDWSB3i18Bun46lT+0rfeW9fksf5Os8vgKfcLBPj94naMfUdVkV90V9VFlm+up/6kpITzjhM9McTjzZBOT6DOpoQF/6GM0hMCXZhxLA4jyQcwJfDID27R6KcV7O0T5XDyF9TYADncBmxYFPYbOioMDHCrIE+SEmGs3OMEpdMtk5RVXL38ccU8mhCMPT9prRq8kHKXDJKyYKN9mGFappa7DJ7ywf4EPZFCq81WDSX6FP4CyFZdhJyAo0a3Wo9EhcUWFTUSuDf/PefmmZheIsVa0qRHkAcqZt8qbR8tIn+MStgSFlDKZjfY4ZkFarNjm0YJnUBlmbrlW1KG7sXQ31HaYiv+wsQHNdnFPDzWZM7x34vHihEmFp4FKrNlVBPWJx39WITdj/Ol4ubGOQJ5zsGub+L+JNzgzt4yuJSGiRQYhtHzpr7PimpeFFVP3GhdqzKPv5nRWdsaoBzS41D2qxJ03xJDRsRh2nEZ9TzGnkwJcZ8sjMJOdrDoIKdByNT8qzR2sCTFlt2qExO7SCvjOtOKjtICcaa/v3PO1yyftYM69G3H+Qi86zGdXpAnKJlq1CnyVjLLjj5MQy9InejDsBoQVZsp4l5XnynSfZw5DR9yD8xqHFpY9StqBbLQwyi5p/8qo54y3mUDyAfDqW2E71FD3mfyi4hUoF08M/5YjXJtvuLnwMBRdDcfgbg92j/bX8CGd+EZjX8CO8qgxhsDNyZiwoTqIGXBKYBbzmsupQYclLOPrx/QKOzsnwgKZVLA+S4K+SSxbTKmkA/fh9wYJKL7FEEhJLjATBTMXboiNkoZqN22kiGlcKdgU3Z966/0Vd3GIksVdyT2duKvZK0j1uAQ0pVoNJWoI78iP2Gx4byTS9PWiqs5UiT/uEpk37BM+Z9hUJedpbrVrQgccYT9fbu4K7+I0714omUlIsSDKKIIVkGpGclkwk1JZoTlBcGhplgbh47mDC6tEyUFP2mcQMb4jcx3CGzjkB6WhmSCeUe8merZIHT2mICTVHuN/ZxmMGm5WwR1H1ef7wVUpaA12p2FVonzHRalUz/5FHfETtzOB5l8kZUfrpeAYKnjCjIquBm+REo/2PmQVMyVwNNbfiAgy0Dhy6YzXN+nNWCcjq83cYbu/R4I6FwPjRqLqz+NYOcKnkrRmy0UUSC2zMRYjEOzHEe4ea1IFolj5ouKxha2mGqEglhEJElVYdNp9wiAdTbCqEz2+B6Y7ZI3wB7R/t+mSSWosLrzHPX0eeY9UuNBA3OMPCnMfHk/DyD164u2s2E6nqf4wFZ9uas7QaLvv0ajAb5VBceC1KYW/+PplsuB8ZerdDejKAJY4mqA+ePHTltIlH1fWY+vlpxMf2QA5USrMCtO3bRumZkifhHSishgusz7bP1P8seMt0zZTHOxpF8qxXebmxRx5fq+F4s7gX/Qt0LeTbUEU3Vlrj6eiuiFD+whgL9rgzY9FQKF0apqEW/ChqxIP7iccbq71ZkTS2OSfFKElfRmUPDmQplggbTVOvSPK79W2/bpE8BSEiqutq4hIVGMvO3Jz7YndYEfRlZ4oh5JOp08OgRXuZR7sh65nEcWnDEk9+tP0Zd+x+irfvCecyfqKEtZH42cp4ZNhroSx5sWlRIjQ5zr4IJdr9t+QhD3neiAxmJkKBoSc8OzfLckTFgSUXfWK0alsoc+NRNunwzupHur2atVd7yD78CFFGi4x1e+vpJApUrOCIh8pXzDpqxcu80JkHRn+/P/GAdRcHD598kzja880I71HKa0snxa5Dc9EntAYCWehba6EkRfveWYiX2AEYnItnUHsGLWF6sEM7lE4sT6pPPlV4E9Fm8VwEDeliNlZPLmzLjNXAG5L2nqL6s+wBPQupEv5IcRIarryucfUCZ2hj2ep1Fu3m3JMNFEcuJcbHM5HUvDKMy5IZ3rQ+XSJ6SNxtmRfeJ2BFA6ojXHt6Emu1OHahVMZpBP0+lWF46lmExpUbXaJHI9Hmq6mUZtyJ8voDspxGJq9JfYXqPTjye7T1GCyRIuIsS5nlIRlpztfNzTBcrtUFhSjr3PV2r/JLaYBXGE6ZemvvWHk8n8m0vAjVJEshghoKO77Xo59al2S5h/IlW/aRekanNON15a5mZ0SC7yWRT8K9j3oYi87vw5KnInqWTCXRk+QT0Fd6X+7Jxz1h6v1NeM37csyo0tAr9Bh+EQkZTWyDOp0MEHRVpYG9QerLshHlLaiDNVV1tg1oySfd9wy9JvFPKfEt9wxDiW1hQJMsuj1JO10IIsOIIwkeORMo+pEcnok1HHsLD3AExjWBY1KnWS15ZEG3RRRN27/wEu1lnbbjiYAt0MnJHRZo98uNBjyV0DUJ4jnomoQ8CiMaPwrVgMYDpdJQzl2HGRaPkW2wBw6+zL3ocs15s+A7BjV4bez7TRq4EFlOCFGIkGIkCPIETYUkKlp0RYip1za+OMIOExl/YoznMtBwaUWBPiqEyDopMC+X71S7m2pHSqp9dIWnGGtHkqar7U521pEy2wA8Eu1mAR4JKSbg4cDEbNHSzq1D7g2FjjV9hNNiTu9SkqkWRxqq5rGgGygFt0A3eGa8hZ9R5DyHn9FkWdbv+NHsSo18EnvEP4o9wh9nJ3rUS8IAfodBwScsmIENFMy0qe/ZZsBN/8ZztF2brJ439hJ5c/gUeXll4kz44uWVKa9H0MrIQbXqLGhmAm9fNoXr8s0/LpK+DFO/eNDfn2142G7XXFdASWF3J5idxukWt50O9TuFHgRoSKm6gnw79S4jg9gDn4EqdiFIwS+1mr/04FVbkIpqzQqS0TyAtZDACq5LwuioK2hWCFaLUC2+Z4HRDf+YXLsk66gj2MOl9MBDthkveOhW4wUNnSLLL9zwD9F0TebWOLIMy3AHJsJOO1ReY035lRVnKN5Mt/ZzPF2+I4spFN7a0YAFnRUy0IDVisGlIL1ruqMptppGyMx1KuROvp0VE32tLpkyVuuSiEyyx3IbWHZYbgMTZbkpKazS03PwC6/vepU6PAHOmQRQWdvaDO5rY3nxxkpo8SP1SEIb70cW8g0qxhSoIUTmWmfbJlMham08o0IU3nhGtc7NTaZCFBZ6RrXOrU6mWueVJ1Mhii4sqLJMDguGXKMDPYNdhIFszlnz0Cw6DzxZD5weuPZQT3c2yv7ywEA50DiKSyt7k8bwfKbqhDlToh/vpngN98ffJ17YQK6AbbGW3NJiQh1wyN/sQ1MHoWEaeL0+7CaQtconzCC03yNpxmYHp8xndomEOxGtVMKEzymZcCfZp/TByJddQyBEhKwlEKegzDeutkB6i3JfnKNqDSCpiDSZZsLd7IPZQryXRXC7tsDzNZBfZWCTirbfZ1YdiNBgqw9EaHBVCFYkOdUIJjJqVYIZAVFnEqoUjFhqtYIJnxsknO3AR9cjeABi6xI8wkn1CSYSVKL+BYqQsD+AJyTuD7AgE/gHGdCJ/O8seyT0X7Lt9Mg6J8H/gmOH4IY9Ev4/ctH96HsUAIhzZWiT3QoCPGPcpY07Nm7HVuVvCjsUDlhyZZtf9i0ksGbNLCjwQJhZWOAZG+0EmV1oYIMoo0W7rKFdVs8+62afFbNHrhJagYIJnVmo4M5Dzs06UeTlaA3R7LM+KTlbQ+CgheTpDJEzrI5wYqbVRzgt+lWfipevXz+xP4R1F+MM+86KiWzdeWCi23a0vQdMUsxfDm/gvfM5CSPL7ql8bLzUf/L5EdmoEt30EUu7TI9ozWWpGupr4emhcPzVa0ovHEP/hjqzGX3wAOm98sSR24ZhX9qJxnUG+3jgzqHarqY8Eb0zaHWMpW58pvcmEsLbxl3esq+fsaOb4ZVSbk6PMahwME6WsX3guaLJDHXsn1f2CVMHnYfeTvd46D5x0L8uxseBvWF0LAy8E934DjWbrn2zOzbOs+W2jbhfgPFB56SYPdPwus7x4+XepOZ4QprTNZwYAJB7kZvjs/qRmal1j1vTTpYAo4usPHTG8gy5sjxzECyXJdelr9c2FubIy08foMxNXWZuxkLjnVjZjl1btIwXbxn39oFBqmsNZTW8BabcmB3ReM09kp7GOob5DZcmwv5dpZCZQ5L1Fs8R0N4zOWRrzpmN1ybHkuMYnt3iEhh6hUSfQ3PLncNOV/kMbj14dwflLus4rkKW7h5V8JpgLZkzkBxd81hrYhaN+6aSa/WcbU+5VkvbSQl1lhu6K/fQN45lfINB3RIcR9aC6aR3LFCflHdtm/NeytfCop2EfcogH+jocyN6T2y4bOaTLlyEtl0ffX/f+P37csq7lDgbsZsPfPuwdB2pb1Tb+kWzE63hV/fJ4sz9ksUb9jzcGEpnr7YlninzDb35Bt5swy7VoJtjyMUbcCmGW5rBNs9QSzfQZhlmcwyyVENspgE2x/BKN7hmGVopBtYswyrdoJpnSM02oFINpzkG0xxDKd5AupNhdCeD6D6G0H0MoETD51gkA4simEmNqN8Yb4eoHYSUUM2qVHMq0YyabT6lmk2J5tJsM2mOeTTTLBqEm8gtKc5CNKoaU/uKAMyAFryOHcTinZ/wopLcdhqz9EbsVPFRKsv4KWQGQZIc4aRoTcGlJRpxQ0EFnxMV+VXRoh7eeUwtQNLaqppWDxoPdwd2aHX8A4rIq6XNBg/AcO7eTWTbHWtRsDe4bezKqQwRnbAJHyqXR6YpvqgGHHIzorg2yC6NHV0ZeBdGTMxQjouS28Apm+6wyHZU0B0UeY4JukOC7IjAOyDojge6w4HuaCA7GOiOBbpDIceRQHcgkB0HFpq2dvslxkRoT9YJeQ04nephQatPHCIaMJY361j8yOiPv78Xy78nbfkVeWXPcKaMB0CMGS7f8bKDwyXD0ZLnYMlxrJAdKkRHCtGBQnCcOAgOke1iuYjWQs19YopkEwrKHxP98D5emDzvS5LXJdYDrK/l0ly5DpRP5NYito2BZZ3Ym0RjQfI+C76NKL3AyTeMDbx2TcPiVvGSYHzLkTxpC/TM3kJo/Mz6QUeTOn/5cLI3pMfTKnB2iHXfL3Psqxe8c/DKuXGH1Eb8yQersE+GmvpFolOR4EwkOxE//EFqvgWO+W9EyxLlac2BE4ceP0gS9fNJgvj/AQAA//9/k9FY" } diff --git a/x-pack/filebeat/input/netflow/fields_gen.go b/x-pack/filebeat/input/netflow/fields_gen.go index 5e41a308766..66b77283c90 100644 --- a/x-pack/filebeat/input/netflow/fields_gen.go +++ b/x-pack/filebeat/input/netflow/fields_gen.go @@ -14,17 +14,17 @@ import ( "fmt" "io" "io/ioutil" + "log" "os" + "sort" + "strconv" "strings" "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow" ) var ( - outputFile = flag.String("output", "zfields.go", "Output file") - nameCol = flag.Int("column-name", 0, "Index of column with field name") - typeCol = flag.Int("column-type", 0, "Index of column with field type") - indent = flag.Int("indent", 0, "Number of spaces to indent") + outputFile = flag.String("output", "fields.yml", "Output file") header = flag.String("header", "fields.header.yml", "File with header fields to prepend") ) @@ -53,89 +53,141 @@ var typesToElasticTypes = map[string]string{ "ipv6address": "ip", } -var indentString string - -func makeIndent(n int) (s []byte) { - if n > 0 { - s = make([]byte, n) - for i := 0; i < n; i++ { - s[i] = ' ' - } - } - return s -} - -func write(w io.Writer, msg string) { - for _, line := range strings.Split(msg, "\n") { - writeLine(w, indentString+line+"\n") - } -} - -func writeLine(w io.Writer, line string) { - if n, err := w.Write([]byte(line)); err != nil || n != len(line) { - fmt.Fprintf(os.Stderr, "Failed writing to %s: %v\n", *outputFile, err) - os.Exit(4) - } -} - func usage() { - fmt.Fprintf(os.Stderr, "Usage: fields_gen [-output file.yml] [--column-{name|type}=N]* \n") + fmt.Fprintf(os.Stderr, "Usage: fields_gen [-header=file] [-output=file.yml] [input-csv,name-column,type-column,has-header]+\n") flag.PrintDefaults() os.Exit(1) } -func requireColumn(colFlag *int, argument string) { - if *colFlag <= 0 { - fmt.Fprintf(os.Stderr, "Required argument %s not provided\n", argument) - usage() - } -} - func main() { + log.SetFlags(0) flag.Usage = usage flag.Parse() + if len(flag.Args()) == 0 { - fmt.Fprintf(os.Stderr, "No CSV file to parse provided\n") + fmt.Fprintf(os.Stderr, "No CSV file args to parse provided\n") usage() } - csvFile := flag.Args()[0] - if len(csvFile) == 0 { - fmt.Fprintf(os.Stderr, "Argument -input is required\n") - os.Exit(2) + + if err := generateFieldsYml(flag.Args()); err != nil { + log.Fatal(err) } +} - requireColumn(nameCol, "--column-name") - requireColumn(typeCol, "--column-type") +func generateFieldsYml(args []string) error { + // Parse the arguments containing file path and parsing parameters. + var csvFiles []CSVFile + for _, v := range flag.Args() { + csvFile, err := NewCSVFileFromArg(v) + if err != nil { + return err + } + csvFiles = append(csvFiles, *csvFile) + } - indentString = string(makeIndent(*indent)) + // Read in all the field data. + var allFields []map[string]string + for _, csvFile := range csvFiles { + fields, err := csvFile.ReadFields() + if err != nil { + return err + } + allFields = append(allFields, fields) + } - fHandle, err := os.Open(csvFile) + // Merge fields and resolve conflicts in the data types. + fields, err := mergeFields(allFields...) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to open %s: %v\n", csvFile, err) - os.Exit(2) + return err } - defer fHandle.Close() - outHandle, err := os.Create(*outputFile) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create %s: %v\n", *outputFile, err) - os.Exit(3) + // Sort fields alphabetically by name. + type netflowField struct { + Name, Type string } - defer outHandle.Close() + var sortedFields []netflowField + for k, v := range fields { + sortedFields = append(sortedFields, netflowField{k, v}) + } + sort.Slice(sortedFields, func(i, j int) bool { + return sortedFields[i].Name < sortedFields[j].Name + }) headerHandle, err := os.Open(*header) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to open %s: %v\n", *header, err) - os.Exit(2) + return fmt.Errorf("failed to open %s: %v", *header, err) } defer headerHandle.Close() fileHeader, err := ioutil.ReadAll(headerHandle) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to read %s: %v\n", *header, err) - os.Exit(2) + return fmt.Errorf("failed to read header %s: %v", *header, err) } - write(outHandle, string(fileHeader)) + + outHandle, err := os.Create(*outputFile) + if err != nil { + return fmt.Errorf("failed to open %s: %v", *outputFile, err) + } + defer outHandle.Close() + + out := bufio.NewWriter(outHandle) + defer out.Flush() + + // Write output file. + writeLine(out, strings.Repeat("#", 40)) + writeLine(out, "# This file is generated. Do not modify.") + writeLine(out, strings.Repeat("#", 40)) + writeLine(out, string(fileHeader)) + + for _, f := range sortedFields { + writeLine(out, " - name: "+f.Name) + writeLine(out, " type: "+f.Type) + writeLine(out, "") + } + return nil +} + +// CSVFile represents a CSV file with containing netflow field information +// (field name, data type). +type CSVFile struct { + Path string + NameColumn int + TypeColumn int + Header bool +} + +func NewCSVFileFromArg(arg string) (*CSVFile, error) { + r := csv.NewReader(strings.NewReader(arg)) + parts, err := r.Read() + if err != nil { + return nil, fmt.Errorf("failed to parse argument %q: %w", arg, err) + } + if len(parts) != 4 { + return nil, fmt.Errorf("input argument must consist of 4 parts [path,name-column,type-column,header]") + } + + a := &CSVFile{} + a.Path = parts[0] + if a.NameColumn, err = strconv.Atoi(parts[1]); err != nil { + return nil, fmt.Errorf("failed to parse name column %q: %w", parts[1], err) + } + if a.TypeColumn, err = strconv.Atoi(parts[2]); err != nil { + return nil, fmt.Errorf("failed to parse type column %q: %w", parts[2], err) + } + if a.Header, err = strconv.ParseBool(parts[3]); err != nil { + return nil, fmt.Errorf("failed to parse header column %q: %w", parts[3], err) + } + return a, nil +} + +// ReadFields reads the fields contained in the CSV file and returns a map +// of names to Elasticsearch data type. +func (a CSVFile) ReadFields() (map[string]string, error) { + fHandle, err := os.Open(a.Path) + if err != nil { + return nil, fmt.Errorf("failed to open %v: %w", a.Path, err) + } + defer fHandle.Close() filtered := bytes.NewBuffer(nil) scanner := bufio.NewScanner(fHandle) @@ -145,6 +197,11 @@ func main() { filtered.WriteByte('\n') } } + if scanner.Err() != nil { + return nil, fmt.Errorf("failed reading from %v: %w", a.Path, err) + } + + fields := map[string]string{} reader := csv.NewReader(filtered) for lineNum := 1; ; lineNum++ { record, err := reader.Read() @@ -152,22 +209,21 @@ func main() { if err == io.EOF { break } - fmt.Fprintf(os.Stderr, "read of %s failed: %v\n", csvFile, err) - os.Exit(5) + return nil, fmt.Errorf("read of %s failed: %v\n", a.Path, err) } + n := len(record) vars := make(map[string]string) for _, f := range []struct { column int name string }{ - {*nameCol, "name"}, - {*typeCol, "type"}, + {a.NameColumn, "name"}, + {a.TypeColumn, "type"}, } { if f.column > 0 { if f.column > n { - fmt.Fprintf(os.Stderr, "%s column is out of range in line %d\n", f.name, lineNum) - os.Exit(6) + return nil, fmt.Errorf("%s column is out of range in line %d\n", f.name, lineNum) } vars[f.name] = record[f.column-1] } @@ -175,13 +231,49 @@ func main() { if len(vars["type"]) == 0 { continue } + esType, found := typesToElasticTypes[strings.ToLower(vars["type"])] if !found { continue } - write(outHandle, fmt.Sprintf(` - name: %s - type: %s -`, - netflow.CamelCaseToSnakeCase(vars["name"]), esType)) + + fields[netflow.CamelCaseToSnakeCase(vars["name"])] = esType + } + + return fields, nil +} + +func mergeFields(allFields ...map[string]string) (map[string]string, error) { + out := map[string]string{} + for _, fields := range allFields { + for name, esType := range fields { + if existingESType, found := out[name]; found { + var err error + esType, err = resolveConflict(existingESType, esType) + if err != nil { + return nil, fmt.Errorf("field %v: %w", name, err) + } + } + out[name] = esType + } + } + return out, nil +} + +func resolveConflict(a, b string) (string, error) { + if a == b { + // No conflict. + return a, nil + } + if a == "keyword" || b == "keyword" { + // If either is a keyword then use that. + return "keyword", nil + } + return "", fmt.Errorf("cannot resolve type conflict between %v != %v", a, b) +} + +func writeLine(w io.StringWriter, line string) { + if _, err := w.WriteString(line + "\n"); err != nil { + log.Fatalf("Failed writing line: %v", err) } } From 918ebb3f6c9c57f3d26f84727248b54303932a97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 16 Feb 2021 16:21:26 +0100 Subject: [PATCH 06/13] Only build targz and zip versions of Beats if PACKAGES is set in agent (#24060) --- x-pack/elastic-agent/magefile.go | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/x-pack/elastic-agent/magefile.go b/x-pack/elastic-agent/magefile.go index d64042b7d59..0149e7ea0bd 100644 --- a/x-pack/elastic-agent/magefile.go +++ b/x-pack/elastic-agent/magefile.go @@ -621,15 +621,7 @@ func selectedPackageTypes() string { return "" } - envVar := "PACKAGES=" - for _, p := range devtools.SelectedPackageTypes { - if p == devtools.Docker { - envVar += "targz," - } else { - envVar += p.String() + "," - } - } - return envVar[:len(envVar)-1] + return "PACKAGES=targz,zip" } func copyAll(from, to string) error { From 685d85cfd12cda7627149c64d2f40948af870b9c Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 16 Feb 2021 08:29:39 -0700 Subject: [PATCH 07/13] Fix ec2 metricset fields.yml and add integration test (#23726) --- CHANGELOG.next.asciidoc | 1 + metricbeat/docs/fields.asciidoc | 8 ++-- .../module/aws/ec2/_meta/fields.yml | 8 ++-- .../module/aws/ec2/ec2_integration_test.go | 37 +------------------ x-pack/metricbeat/module/aws/fields.go | 2 +- x-pack/metricbeat/module/aws/terraform.tf | 20 ++++++++++ 6 files changed, 31 insertions(+), 45 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 07f4ab5d862..1b2f752dada 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -499,6 +499,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add stack monitoring section to elasticsearch module documentation {pull}#23286[23286] - Fix metric grouping for windows/perfmon module {issue}23489[23489] {pull}23505[23505] - Add check for iis/application_pool metricset for nil worker process id values. {issue}23605[23605] {pull}23647[23647] +- Fix ec2 metricset fields.yml and the integration test {pull}23726[23726] - Unskip s3_request integration test. {pull}23887[23887] - Add system.hostfs configuration option for system module. {pull}23831[23831] diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 4af8bbf459f..d67075d4adc 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -2326,7 +2326,7 @@ type: scaled_float -- -*`aws.ec2.diskio.read.ops`*:: +*`aws.ec2.diskio.read.count`*:: + -- Total completed read operations from all instance store volumes available to the instance in collection period. @@ -2336,7 +2336,7 @@ type: long -- -*`aws.ec2.diskio.read.ops_per_sec`*:: +*`aws.ec2.diskio.read.count_per_sec`*:: + -- Completed read operations per second from all instance store volumes available to the instance in a specified period of time. @@ -2346,7 +2346,7 @@ type: long -- -*`aws.ec2.diskio.write.ops`*:: +*`aws.ec2.diskio.write.count`*:: + -- Total completed write operations to all instance store volumes available to the instance in collection period. @@ -2356,7 +2356,7 @@ type: long -- -*`aws.ec2.diskio.write.ops_per_sec`*:: +*`aws.ec2.diskio.write.count_per_sec`*:: + -- Completed write operations per second to all instance store volumes available to the instance in a specified period of time. diff --git a/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml b/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml index c7280fce998..7862ff75ea3 100644 --- a/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml +++ b/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml @@ -76,19 +76,19 @@ type: scaled_float description: > Bytes written per second to all instance store volumes available to the instance. - - name: diskio.read.ops + - name: diskio.read.count type: long description: > Total completed read operations from all instance store volumes available to the instance in collection period. - - name: diskio.read.ops_per_sec + - name: diskio.read.count_per_sec type: long description: > Completed read operations per second from all instance store volumes available to the instance in a specified period of time. - - name: diskio.write.ops + - name: diskio.write.count type: long description: > Total completed write operations to all instance store volumes available to the instance in collection period. - - name: diskio.write.ops_per_sec + - name: diskio.write.count_per_sec type: long description: > Completed write operations per second to all instance store volumes available to the instance in a specified period of time. diff --git a/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go b/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go index 121df878b27..d790140d7e7 100644 --- a/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go +++ b/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go @@ -17,7 +17,6 @@ import ( ) func TestFetch(t *testing.T) { - t.Skip("flaky test: https://github.com/elastic/beats/issues/20951") config := mtest.GetConfigForTest(t, "ec2", "300s") metricSet := mbtest.NewReportingMetricSetV2Error(t, config) @@ -27,41 +26,7 @@ func TestFetch(t *testing.T) { } assert.NotEmpty(t, events) - - for _, event := range events { - // RootField - mtest.CheckEventField("service.name", "string", event, t) - mtest.CheckEventField("cloud.availability_zone", "string", event, t) - mtest.CheckEventField("cloud.provider", "string", event, t) - mtest.CheckEventField("cloud.instance.id", "string", event, t) - mtest.CheckEventField("cloud.machine.type", "string", event, t) - mtest.CheckEventField("cloud.provider", "string", event, t) - mtest.CheckEventField("cloud.region", "string", event, t) - mtest.CheckEventField("instance.image.id", "string", event, t) - mtest.CheckEventField("instance.state.name", "string", event, t) - mtest.CheckEventField("instance.state.code", "int", event, t) - mtest.CheckEventField("instance.monitoring.state", "string", event, t) - mtest.CheckEventField("instance.core.count", "int", event, t) - mtest.CheckEventField("instance.threads_per_core", "int", event, t) - - // MetricSetField - mtest.CheckEventField("cpu.total.pct", "float", event, t) - mtest.CheckEventField("cpu.credit_usage", "float", event, t) - mtest.CheckEventField("cpu.credit_balance", "float", event, t) - mtest.CheckEventField("cpu.surplus_credit_balance", "float", event, t) - mtest.CheckEventField("cpu.surplus_credits_charged", "float", event, t) - mtest.CheckEventField("network.in.packets", "float", event, t) - mtest.CheckEventField("network.out.packets", "float", event, t) - mtest.CheckEventField("network.in.bytes", "float", event, t) - mtest.CheckEventField("network.out.bytes", "float", event, t) - mtest.CheckEventField("diskio.read.bytes", "float", event, t) - mtest.CheckEventField("diskio.write.bytes", "float", event, t) - mtest.CheckEventField("diskio.read.ops", "float", event, t) - mtest.CheckEventField("diskio.write.ops", "float", event, t) - mtest.CheckEventField("status.check_failed", "int", event, t) - mtest.CheckEventField("status.check_failed_system", "int", event, t) - mtest.CheckEventField("status.check_failed_instance", "int", event, t) - } + mbtest.TestMetricsetFieldsDocumented(t, metricSet, events) } func TestData(t *testing.T) { diff --git a/x-pack/metricbeat/module/aws/fields.go b/x-pack/metricbeat/module/aws/fields.go index 31a766459c7..f63e476ad07 100644 --- a/x-pack/metricbeat/module/aws/fields.go +++ b/x-pack/metricbeat/module/aws/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAws returns asset data. // This is the base64 encoded gzipped contents of module/aws. func AssetAws() string { - return "eJzsfd1zGzey73v+CtS+xE7JOo6dbN3Kw6nSlze6R5YVUV7njQvONEmsMMAYwFBmav/4W2gA8z0kh5yh5FPXD1sbkQR+/YFGd6PReEMeYf0boU/6B0IMMxx+I387+zL52w+ExKAjxVLDpPiN/PcPhBDyL/qk/0USGWccSCQ5h8hocvZlQhIpmJGKiQVJwCgWaTJXMsHPLrjM4idqouXpD4Qo4EA1/EYW9AdC5gx4rH/D0d8QQRMIaOw/s07tF5XMUv+XFlDVQcoDGbrQpz/lfw7jydm/ITKlP7s/TN2nj7B+kipu/3ia0DRlYuG/+7ef/lb6Xis29++BLuzAZEV5BiSlTHn+0CdNFGiZqQj0aYMC/f50lkWPYE7tfzcoaWLdgOGWJkDknFAyeU/8qI0JY5aA0EyKF8K4j6hMZVgNyD/+dOpV7vSn059+7Ik6ltmMwxigNTFLaogCkykBsZN3sRbI2d01+ZqBWjdJmjHOmVg0SCmvhC0Y/uXH+BeJpDCUCQsHCGjDEmogJtGSqgVoMpeKrGWmcKnSKJKZMISJ2qoN//LVOwNDS3+vL8EyNVdhzgs3ZeVLgTQuK/Q2qPtIv7EkSzoI8NgR/GkriItMKRDRunXypuo25r9qzBv5EUkmWMekE1ArFsFtde32mtcPgQMiqVaKSRcz2mGcJVIZ9hfEF1KbViB1xeoSaXlUmlhuNz4OQzYWVit5OTQSSW26xgxTWk53TtjOzG0zNoYMc51zEPFLZJkHdjSGVebrZNetVAnllq+fNV3AWRuuZ2ZcAZFkFuMxmNcxZzcfP4vZS1W8HNrRVK82YzfTLGv/yKgwzLRb+OdjGkr9q8d2FKZVZ+xkmjZUmWlMzf57kx2B2BFwZ1LW7YGVjQHsfmxFpltnBhEfNO+ViPeYFVVgGsOcCWbHGUxPHqGuc9uoaVD0sASiDYZP3mlMFWgQRhOKgYOllBKdQsTmDOJWnKXAZ522KeZQkKwLYsey0UQTSJXfs3UlkCDdbjnZHlCQHv55g6D/blBsTSyBbymXCpTDS2brIlDTDcc8yp3ig3zzYpiae56UI4cnUEB0pGgaooc8mv6CEcTTkkXLYoCWGNzKy5IUs/kclP0PS4dOaVT1FatBefi3yanPx9l3ETfFYTUuH7ak609LEC5SKvGf0JS1hK9rQRMZzw6SThjkSLKxP7zEKS/PDw21/NiDmbZJFkWg9Tzj9/A1A21uqLExzyld1aM10nNjbMqfeB2gK1B2C+NuLmtldI6DKAdEEyNzthEbAib0LymKP02MAprUWeGBZN6uldXMsARICorJ+LQ/QxL6bTSGhHDvJTLkk+BMwLWI4dsdqAiEoQu4U3KhQOtR1STNp7MMiWSScrC/cfaCEgFPZMHljHKiIZIipmpNmAVKmCYzsATT2DqXRhJKDJ1x6KbzTskV00wKiL8oZuCCpjRiZv1ZMDMunSJLZqAsjWmBgTxZECTyKNDL095LQEoI/t92+nei8h5o/NxEKqDx4DReSKGz5NgEBqNWENpGXOSxEbkC1b0cT1qn0ZKsZUYiKohRNHokS/lEkixa2tkwxVfmrVkqmS2WaWbscsg0bFjk3SzTWdLJspaUXg+G6Sz5Trl0ZPvQ1KxW2/D9MW103fqe+HQPKWcRtZQd0wcDTlMdKJ+BeQK7twqSpTHmnZmBhNA0BYoOBBPIsdzn0OhzWJvdOpMUYONKS5iz6CeEith52M2RqZBmCSr/hZ/M2/8t+3cL/47hsv2v4d+DokLTyNJ9IcWcs8iMpoBnXvkU2FDfc+kNhxWUvN04A+u4mQIX5XbxIjSd8zqSwh3UtOXVSDGcdMzQNAGcTvdjxUi2ShrKXyobztxxW5fLaBhnf+F6O4qhqkYD25zIDNFBbONvSy9tOzrcTGx1w3ox1Lbuab3Jnay1geRKKanG3Id7hq7OsC1AgGpmj90/KsjvDw935Ne3b4k21GR2Q4/hgAD3QoqYuXV1sYTo8QNl3Kq6Qz4icwp/bo5TEmoMJKnjVgpqLlVi13VA50S/YcHegYiZWJR2wgvUgmOQgLuR2/S8GKkCRGxAWIKaW1nrqLPMuJ8v6QqIkIaswZCZNXGlwQ70FGj8sFTSGA5XKxCjCfm+TfuROPgWAfqH0G3JWoccKEQO5I+t5r05UPKYOUuYac9mSUFoXlVFXmnrf1NdYYlwLHjdzQO07y9TD6o2fkxF8NveR/rNrgq90WU+zFQEh3lzfgS5YqOrGWC8ZDc0Krr3Mzc6005bSCxBo9GgacrXzuy8iSFBp9lySVs2tTNpk2Ut2PRgR7mxLtoLZlihEY7U9lC2ljOV8zKnyQepmswzBasjmupyrVKH20nj4AR4wDuoK9KT6Q0mvE0eX9zueEyBtPpiL1siDvKoInnRgnh+W/KRfitFGai/XXHVmAmMw+KpJVssoVG/5P41xqrp/hY978O4zhjteThXV8N2ppV/smGN7sm1vAZnVvad+h+Sw0wf8Xz86nxyWLnC0Afj/5Q8S3Bhnq+tNTs86A9JL83+QsUBGi3d+pCpjXeZFOUo1meh0UVMjXV5VwhJ2zCRRstwrHnLjJJvZtQaOCa0oSKCE/K0tPIxpYxCrbwn/LklCb4tYHaswaU3Km/cMvgumWP15lM6BGeswTGYJaz5gTlfNKZ+GxDtFw1LNuzYJTmOh7UmxAPB/pFBBjcgFmY5EN4aV+3mXte7PIn1RJlBDZTWpfAFCahZB5D0kEe8RXnFQLRVN6rr//pUlkMKym8p5NX1p7vJaxIDZytQ4KDnsrQfVna5uYuvfQ7v6nziF98p+WzX2RMzy3KdgRtgMrnM16gUfL2NLeUT6VFU1NdpbxC8Jq9EUd1tJHn369//p+YYvS6OEzdrwTC8Oc+UNueUWzs2ADcKTP/AnCsnd5lKpQaE9GqRvnt9QgoFJZ9SwxLkxu+Xl+SVNj+/dgdSF5KHv0U/v64S4+iNwS79ueUnLio6k5jpa9PSSEFsnc5XVtMsCILXYnIYlc+1+Rkh4MQKEspE6aBtZhnWuAzXrnJ4GIPJQSuwTamg/c2hW3Ha6olzfijnDXvuApeBzIsF4FJdR6aqsZqGJOs65scgaCNGV4cmpJefalLsnORsljBjymf/uY8evTvMR4/eHdNHv3h3mI8epdkpcvo0bRSGO+J1RDnE0zmXtP6FHWqLq5aEci4jPIO/uniHepcZKKcGqAJ/x89wG1SRTEM4Hw3OYvt9O0uIM0JTvPTTSsu2C48d9dG5Dl7cfc4tXb6wythwI7bfykqB7za8M7d5jIIYKN6DLQN3jBYF5iXVNmZVGcREM/sXZsgT1YTTTKDjjjadKlMvlikTozOV8kxPj0CUn6pKER5O4aFUYfIEyQRmjkqxhjMR9mcXd58vcAS/e/ub4kyTv0DJXSnVU3cPtJ43GIhUpKWVYLtWhDQkpSwmsXwSluSmvJ034MyKWWbWgEYZeos0zo8xHQntJAswT1I9njJxmlK7ae93mbid0rqV9zMQBRGwlVU9gTuXB0GYMKDmNALdWHpMhPYI1plpCwq7KZqmoKYaohEsYJO2kpuPttx6XTuTuZkimZkjCqk/+j2EVCLpf4uUmDidrc3ul/Kdi/4bafvRHuLDYY62wnC2o0jO0VWSW38St6vi8wvuaKvuGSU31IqLmX5k8tRGA8eTHEotLDLq3XxLRS4PbaSCIj+6oozjyYKR+8qtQehIcjsvyCqJa28KNxKDsduziK1c1nQUuZVIHVVwgbCS7PakcbsaynQwHwRFU6Qp6smZYy8wmW6WUn8KLzppG2KV9cnrtCrmeKJsZqSOu+TGFGWDtsNX3T6SdCW5p9ESosepK2sdiNR7SKUy2kbUWPpZQbqkmqRUY5GHNMvqh6FM2GLy1yeAaCyArn7mc8acakMSJjKzO5FTN96RaR2DkDDPM5DSLrFdick3i0gq+z9d7YmsW7eA+n2b/qk5qXxvsu07Vf4pS+gCTln7mti7p8L1ZTixw/FdsZORPqXWB1+RAT61Mhiw98O1iFmExeFBE2Iwruy9lHZmmoCwtqjDnOZAU8VW1MBpLPRUHNB9rSOR7EYnl7cT15fNs7cRGeyIktWrT7wm1v/cA9r13eoXQuNYgdaEai0jhrluPM3bC2s24ywai6E4eIOfO2qlhzYgFwPjPI4ra1xYRK7v8k9eWQa/JjOZuQ10H5biEjqNZNzOzb0NEY5b5+GJq4D/+e9vZsyQTGi2EJiJxkl2Qjq83FuRklepu6hC/kNUJoT7f3qZGcPE4g1ml/9DDKiECdTp/1iPBRsBhf8L8estFJmldW6dv2VN9VhbgZ8H3a2wLbQc9PHDOtYAP2azmqub9j41z1aMd06jRxDxhRTC+dwDXVyrijLKhy+zVUhTasbC1wS0oTPO9NI6m/72JTooksbEn0Sp3M9UsGDaYFVN0M0NtcG/PzzcXcgYpp7i6bs//xyYSrw99+7PP4kCnUqhwd2fC5fusFj1QNDvxwH9flTQv4wD+pdRQf86DuhfRwF9dXM+JpcjzqwNA2saELSuom6s0R0hj8hjDWoFahDI/o7ZMBc+64WRvv6xyKQg3MJaJrTrBi66SivKN9xEThnncgVqOOjNetlw/y636vmV+xlENNOuGlhnChtrgjuYt+Z+g44A5Wa5/l0Gph9636XK9KUbvlhg5VWHTj52G9lROyaWsnLx7BBgO9n8ChWcW7QC1Ou6trx6uCh/mtcXBK9QySyU2dIGH7pp/CxGFkkmhhXKcG1eCmlgXZrvSXJCmAiVbCfOLcSqXvuVpsOCDqAp7uw79reYepIJw3gjYaOMSzpoyD0fv4EsgcagNuwQeev1s5vzs8iwFRSenhPkMCwquqlXnD5fA0asWpb1lCIUxzi3uegQCTZ9vZy91Y/s96lagNmR/FD2fHPxeahy5zaqqyBrd71e3Vx8fl2+MXeW5g0FyI395flW3S7TdAtPx5OngKeGIMse+/GkeaekDRpgsAtEXST7A+0w3e5Cy/tgF189NFCtDnXEmLVE7osLX9tt2hiezguwZhc49sPN5BYW0jCah+tjuKYPN5MKkdj5u+w9+6AANS5mMUbzuTkglGjQGluKhrRplWDffIniROimbw4aph/YN4in937rm45B89xO8SbfXWkjY1FkK7aAvYeYKYjMKDCVH3wQgJ8Vn96whJnpFXbMgPiImCOZ8Vj8aKqXvsqBw+f7m3BMlcsFi8+tajn3xwYU3K4dZQcV5P/8z47h5/s//xyF1lJKxRFtsboYFKmWii0w/9phDHYP+MeD3xH2D4n/1zHxd+QABsX/9u2I+N++HRH4uzGBvxsR+Psxgb8fEfgvYwL/ZUjg13erv9cc7DH8qRbXuukk4C1xC2gz3BEzdHb4Iv2SVyL3yyC2hGljsPTZA7SXpja/IEGb9efepyvHENC2A7DWVGmVlCV2eXJ9F5jRLQ16SkM/bw67EEov/mccrlaUZ664bmhwGd+uLgu2Atf2zqXnlDWbvlGFJ4YKspTZhiU+QnZpr5zSpixp7XLAoQmJYpgjJiNu3aQvNBHxgcunIdNwG5IQcy6fNHlVPQB43bTx22x2Dfj04eJufPB2lxqNgJvJEQi4mYxGwOfLI0jg8+VwEvgebF8D8/i5tDr3rc4sqYj1kj4GN923J/YHvKLAUjS8D2G43Updtiwc8G10OAtTNJar2aE+Gz1Op0oho7NTE+kyLbi4R3Odu9f00DS9EEf5hDAR8QyPhh8u7v7r+m77iWIV+mgCaYFfVv1NTwygPL6LlV2myK9vp00bqLu4mzrbNb0HDUMmmJtFBxoMeXU/eXhdvSruLjDlBwByR9hXN+fPgnnfuh+L2SnTs7Pasdex2rH92apngrkr+rxIoVmMdQy+iOMZC0k2ocuLTJoREafJLKYHRUNuiCNGQjc44cuKgq7Fyp/NDO8I2o1VOx9vnoniUAVvtnyDKDOuLidsaKVnHt3H7qxWxOX/9M/z6owbdycvH3rLkaQvkx6aSFYwcH9sl0DjGzAG1GAoP0hFqF6LaKmkkNh9JgA9cRc4anJy2ll5dwPLl6ggsMq3jRho/IYjVF8cOMvc1rlhg78EbZjAuS9dX8X1B8p4pgYpBRmN0hz0TjRmaqgXcfBSTt6R0ZeoUdO2knQKIs69Lnzk0xOx/b2LMddCrcyUYotZ/8zGhpMBY7d9qc4G6fpp9cLJ07+N4R/Qztdp6BDh3h3TTll8w7T8lqWCSKo4xApbWHuRh+tXucUanMu5BhSVl0XZaKEI4F7x2LCzWx9GrTCRPgbqD7416pcJuYdFy2p0CAvw7pXaSgQRaPXfiqX40TccC+CLFEm0wY0ptRltpXZYn6aXhIgUlY6ye9MT7dz0fReKUHpkBQpLgux/cEb9GnHt2uR8G1tJzFYsLtz4erPZDrKLboV9GVD2ZoY9ltjFlxlQkvlFgOenyGpwTFVVQu7Vac47Rci0byLZcphBzYIaeKLrww4z8mE6XHi07RfFG/ru4cDokWCbSsuC27MH4sewrjh1bUDcbqFb/fRnfJ0eszfX4oOSScmfGlgpah3K/Lot8yk/bC75Rxt6NBegJ8jW58Ebkn9MOIX/593FFsyfMvMgx+Zz3mzL93NugPdH/ruzGmGPyGl/MWIj2l7MLg7xz5w7Pu5ZfuH04zWtDkp2gXtVJJjHLj8o57J7I8aA8k4qc8ZDFeYoG0ldGbBQ1D0Z5HdzQoMjnkq1wYkO7axlNrIyeK8MX5PFfqxQqqXxJeLu0n5oBhRz/5cN+7lLBl4qmY6BPuQaY4U3/1ss3lZoY+8hjU6yB+8iFeCjWLedMfcybh73yHtJoynsELtJGfqoHB98R2m/YDLGHc/S4by3FvVavq3WOoBW8WEPVKn4mA9U3V8e+EDVQc3vQ6tJ3+H+hw1S26U1ft+m8f+/yf2xm9zH1NAZ1TAtLa1RyAkT1a5RNd96zJHN8hZxp1SJVlB79Qvy7wndh2d9b2kCr87ub1+jCrjX0mK9HVTEqW7n1V6wLsoWpty8KrwoQUVMEkikWheFP4ghfPHyfFsj0xJ6FoMwbM4aXYmGIIFasao3OktTziAuhF/MeuqewCz+QJgjPRPsawYWgNP3/Bt22F4kuu5+w5E38d0mHM6wPZVaTzGdU9rdpXOKRzvTGFKzbMV2cONpmRlMLNkt5vqTJq8U0Pi/Kg+y6tflR8Yong06B4bpx3bsof/kVz51V4mmdAHCTP8tZ+NYDF8zMvnjhkzc3aUzOyGxE5abgGxt2DhXAHTGYepWz1G7nRcJ2aL9qaIilkngugfViXyqjVR0ccSe0R2wPQ6i086OdL4ef5ppiKcY+7kLjlMWD6kjoey/NAO5vgwvpmj3YIrFcOquawOeQ95JbRYKJn/ctIOX3HrvU//UP8LWXJopp4vTZDYgfE4XCzyT949QuuucOGv+GbqZUuNZtwGVoJH/cnaDBiYPpXrRZ63AlMmt3YH3tD/hLcvSls/0ozsK7HwSsAspMgM536OHcdD52B8XH6L2eDJMyb1Ff+9lU9p8rJysni1ZaPPrfIny/lSWzcf15I+bE/KRKkYvz93rNYW8KtN0eB76iabOP34mQ2ABuLXvSoz9A1YVinFLd1GN3c4xQ5XbD+tdFca8ncqyzeByoae+XK0pzUMWICpmiRQbCpRMiZ2418rCrfX4S8vt6D3X1tcMFNtdffZC5+cojrq2gYqBxlxGj+PCymcJFQe5W7oNn2thjtvac60+v/lWqvvPMiVVxS5hKyacbBMhruE/69EA/0A6SkcdjPPwIEBNc/NC2kwbUB7qid0MJPZ8oob8+sb5eXm7t81kum74z0KnW5u4TGtk5nm3w8lE95DLiPJndhKDdlaNvYEklYqqtXti3pUbWuO6TUu5XDCBfeIzNbKp8kEGzlgcYG2zB8UbsaeRTBLWnmcbzNq7OfpY+RLAGDh0NFgfbjvCOXK73wddzMeFdnl5U7qU2wNYMjIwJjQoo09IlsbUgH/S0HGyF1I30DHA7iNgfy92UHi53QmN0ktvNuOzHPlRk9tTrI9u/Tv3PK61wOHUAx+XjJaVp0isdfY7K7rtdn/11rowXHuwYOpRDckKJiKZ2Hjx1b0b/HXBE0Xncxa1+OnlunBkV5RpIxNQhUMUfmxZF/Kll5P8z+iFWBNfOsyg+DZdHjvvzJUgmSHZIjOzkMiWBz/698MX6xqNsZjrVc/00T+Z1XRStmLUwKHjcGkwk+Pm2MfkOIM6Ljo3xz7o0DMcF1zjvTcU8TaM3LeJ7enRDJl18RBwCTWcHjS+CeOc+V6zm8no41mMRQMm62KYY7tAKQinYpFZWb26vLx5nfslfSnr4ZqMRdlG76UnPT0dmHFJCku6Jw29rPYAFAxl1AP+nhZ9LBlUjX5PGfS0+2PRUN0aetLQb3d4gYrUM9wczfJWItIdhYDHsz7HzjAB/Uz5lFKCWkZRljKX9JsxQdUaUyjBfU2ojUuaZw0uw6Y2HimUyK0feg174NWSby9NSOyEZM449Mu6l+DXjw1Gh3/QcUHpx/rUVbeNmuMKlQrlecO1X7HA16hFiHiLSo0QEW91bcvUzLiMHgd7irOdnAoZ9Ux+ceHNIdl+9FAqGIlnUx/oT8coj9mz4CVkiv1jJxHl3Nk4H4AWpwD+m9sJVbJxxfAAui7PiR1QE84egXy5v364uidSkfurs8ur+5MhgYNYMAEDPxx4RaNl5XBXZcLz3s134iirH+KWDnDxIr2J2gmgSOfUbynT0un2kOukfnStilProEHhEbyC99iO3G0YkUxSatiMcWbWG863N8rKk7rgckb5NJ7lGwvE0/yUtNeeuoX067Lx+gdOSy69MajfiW09Ly0AFoXzqWKJ3WiL67Xtpzb+4WK0LtXv78gda7ZcAmwO6sh8KRRGQSztLubC1QBHlTni3IwaQw4ivexxYIXNUJSHq9E7kc7pwt23zOGIRQhpN+nDjg6lp9oPfjoinb545DD6KqfI+1A3Tei34Sgsl3pVSSo/h1gH72yxNenN4/HgLtQy+vuRysTApDLxEkid0egR7/JOoyUVC5i6Lg36NFLglqvqirIPrfjMpyZuat8gQhOcOnSfnbMV+HpP9y421kJs25k6ycJH6gf1WCOTVbu3dZFVKebYnYAnJmL5dOrmGTTOmc9BgVWestb5dlsFFW7+/OVRT2/9812p4F25v0O1KdydpGYTTOuF64RyHh7M2ETyHBs3uA7JrqthmKijaM/VRfjCIRo9ZulUgbH+vRRT3xdxyG3/oaUThJs3r9HITzDD6+06S1OpHJNSyYR5w8QbdCIV4OIgc6AmU4DeYvWAtFDaH3WYKCdwoyJUWKMFTfVSmmfjReSbtuKbVpwH8gIuZ2doS8iCxfYsBmxH3osBEY2WMF0yM0VX9HSW2dU3IO3Vq1jNpkG+x4u/B+Wmd6h2A+yacU01DLl8+4G+RwgazCbcPmbMUlynPeqJ+0ddubGp3NDCcnQfe5XfSuwofo711Mip9zhSF2Pqr3y6Z1V0zxTqogSwh+t4fzkpx8M5/UYSaZagiMDXOLz12LrRZWmoaJu6isGpu9L4XPbBLn93j3MtM5dfcoWM5R1hx3yGl6yvKeUwNyMRpyChDAP+0iUOTGNidV5LEWICVGfuDc56fV5ut99PY8r4OsjnhzrWPldr64PV7tniZ7kwxrx1O3l/2KXbWRY9gjnV7K/nKsHE2D3XV+fUuvyEx9aK23lLUzmfytm/ITLDr63StTQ3Qws2t4o4z0WN1xo7tM/vCYfqnR+mpHHhwYuXrGdhQ3Q3vEcUFr6llG+/rqGLRA/I5W4n773sToiCBVUxB38RdZ127MM59sWgHkMN8z+uHmq4rXIF3WOijYYteNNsRLx3nwfHu+EIdhDIl1c3Vw9XQ6NedlVQDIL596uzy530eZsuSD2mMnya1LVhL5QbqjkOxVkgmVzdXF08kE8odLz7bQ3dwFrhKJnqiApx5Ms39Xq6sMl6LO7sZGd2HEK9ApOpl0J+AHMM+jkbc7VVo0s7l++3gNCR4s3eUyyfBJc0fh7JOLEUGHCx7bZlPy1BQfUZWVf6jGfOMxl33EfP0ucmNyAIL+ai21V6rcxiP+lvOcG1Bv/lW72T0YDq9su3b9VHZF1/CtcYdBe5uRVHixaxwDC0fkukIj9vJOzXMQn79du36uuyxyAs1JvNmdJmapWjx2nM4VVnKag3Qecw9ZNnRMLLzYVKYuvlcvezNhYY6bItlUWJrXuwpmgGueHdzA905EN0c1SWAKepdhU3HaxBWeFCLtgRXt6k4RMdusRvWrt5PCgO6+2lxTF7e01u23t7PWPn27sMu19O2F9DtIW3ahC6WiSgNV2AJmnmG2x295WbfJxM3AMV99QMBUT5vjylpy8mHycBF4ndawmsfgm1jOsWDd2n+UdPy11OyrAN+5q8sivA3fH2a+B2QoxMWbQD2ltpsNwKC1z8oxDjQS7Yy9eBqWG1tFPgDp1mdugZ9moXMZ479SXtA97dHYsuNAAl7P6msJGByL5oGTeWM5+yofuWViHX3tJdB1bjT8kcUZBUchbtpPpdNLy5FivKWXxmjGKzbKiH2wahqvKCcBjnR0JzqJjBZ44A8sb1fftG7b59Uvlt/gvyfyefbl3j9UgqBZFxpYwJNRtb6W/l4q30tuW74aN7IkLIEjt70n8PsWIrEA/ykn8dlVqEisdvifTORsszO3uZnQfpyRifCmz3LH60nuSedEw+Tj5KYZYP8pIamKQgzOfJ5SCgoyVVC/fYgWN3tR8l1o5aLzbvZuiL0SPKQcQUr8qapb/843rWlXbptiOArwe6fF+P6vL9cWA7V9+VzPNjShe9jrAHuF6Tpkp+Ywk2GS/e73GwiJDijUs3x7lj5c94W1SycGK9cGPgdD1c8VXHIioDKioJ/NxYxtRsVKWAoi6yJIGYUQO8IyWS0yKkma6YZk3vdJhQu2oT3AZG5pwtlh05jRzZUVDV2WcUgxXlRfC3oz5YVRoXadDXXshCvDoutDy3OltbA8nzbkG+u4P3FYi7/bIFsm42cB5a5nEcNqMNPIQkNevQ/GKcVqE19pzdXQf24ctWzK1wx11CAwEdhWkgCnN79AP9RvS8G4/dR8Nei5n8MfE2szJu5d4XG+S5oepQez855If57p4dOsq7PTXmdPuK4a2b8d64yQ3vzpjyRyqO9DRFX2DDs6vyhMN+qPJnUs45jR6Xko/1zET+XkoRLa5JYhepda/ILExPlGz0aN4A+1be4/ePCDrsFAie0Drg/BhMH1r4hiPsbei0TACjixdr2S4o52M80eOvkkKMe3y1IZ7deV1dGaYdaRQhgE6M4QGAMXBi2JtjzcWU38Csg/T1muFrLj6ZM1GYpJglILR7tVlrGTHc2vDgrFCepqquUnGQoq5Ssbea/vPu9uXvwQ+ZEMAnZrhzh9KDAEAMDn+Kt/XsByyybNEn5C1hIsaLp5pcfvpyi3Hoz6U/fr5zvzr/x53/SfnTq8nD2fnN9eT3q0v85VvCdNF+jHLuy64RzIYEnSP/khq6ZXPdnf6a/1F+p8dqhOfIDoi27ap9ITWeQyrD+X8BAAD//yKjLyM=" + return "eJzsfd1zGzey73v+CtS+xE7JPI6dbN3Kw6mSRHmje2RZEeV13rjgTJPECgOMAQxlpvaPv4UGMN/DzxlKPnX9lIgk8OsPNLobjcYb8gjr3wh90j8QYpjh8Bv52/mXyd9+ICQGHSmWGibFb+S/fyCEkH/RJ/0vksg440AiyTlERpPzLxOSSMGMVEwsSAJGsUiTuZIJfnbJZRY/URMtRz8QooAD1fAbWdAfCJkz4LH+DUd/QwRNIKCx/8w6tV9UMkv9X1pAVQcpD2ToQo9+yv8cxpOzf0NkSn92f5i6Tx9h/SRV3P7xNKFpysTCf/dvP/2t9L1WbO7fA13YgcmK8gxISpny/KFPmijQMlMR6FGDAv1+NMuiRzAj+/8NSppYN2C4pQkQOSeUTN4TP2pjwpglIDST4oUw7iMqUxlWA/KPP428yo1+Gv30456oY5nNOAwBWhOzpIYoMJkSEDt5F2uBnN9dk68ZqHWTpBnjnIlFg5TyStiC4V9+jH+RSApDmbBwgIA2LKEGYhItqVqAJnOpyFpmCpcqjSKZCUOYqK3a8C9fvTMwtPT3+hIsU3MV5rx0U1a+FEjjskJvg7qP9BtLsqSDAI8dwY9aQVxmSoGI1q2TN1W3Mf9VY97Ij0gywTomnYBasQhuq2t3r3n9EDggkmqlmHQxox3GeSKVYX9BfCm1aQVSV6wukZZHpYnlduPjMGRjYbWSl0MjkdSma8wwpeV054TtzNw2Y2PIMNcFBxG/RJZ5YCdjWGW+TnbdSpVQbvn6WdMFnLfhembGFRBJZjGegnkdc3bz8bOYvVTFy6GdTPVqM3YzzbL2j4wKw0y7hX8+pqHUv3psJ2FadcZOpmlDlZnG1By+N9kRiB0BdyZl3R5Y2RjA7sdWZLp1ZhDxUfNeifiAWVEFpjHMmWB2nN705BHqOreNmgZFD0sg2mD45J3GVIEGYTShGDhYSinRKURsziBuxVkKfNZpm2L2Bcm6IHYsG000gVT5PVtXAgnS7ZaT7QEF2cM/bxD03w2KrYkl8C3lUoFyeMlsXQRquuGYR7lTfJRvXgxTc8+TcuTwBAqIjhRNQ/SQR9NfMIJ4WrJoWQzQEoNbeVmSYjafg7L/Y+nQKY2qvmI1KA//Njn1+TiHLuKmOKzG5cOWdP1pCcJFSiX+E5qylvB1LWgi49lR0gmDnEg29odjnHJ8cWyo5cfuzbRNsigCrecZv4evGWhzQ42NeUZ0VY/WyJ4bY1P+xOsAXYGyWxh3c1kro3McRDkgmhiZs43YEDChf0lR/GliFNCkzgoPJPN2raxmhiVAUlBMxqP9GZLQb4MxJIR7L5EhnwRnAq5FDN/uQEUgDF3AnZILBVoPqiZpPp1lSCSTlIP9jbMXlAh4IgsuZ5QTDZEUMVVrwixQwjSZgSWYxta5NJJQYuiMQzedd0qumGZSQPxFMQOXNKURM+vPgplh6RRZMgNlaUwLDOTJgiCRR4FenvZeAlJC8D/b6d+Jynug8XMTqYDGvdN4KYXOklMTGIxaQWgbcZHHRuQKVPdyPGudRkuylhmJqCBG0eiRLOUTSbJoaWfDFF+Zt2apZLZYppmxyyHTsGGRd7NMZ0kny1pSenswTGfJd8qlE9uHpma12obvj2mD69b3xKd7SDmLqKXslD4YcJrqQPkMzBPYvVWQLI0x78wMJISmKVB0IJhAjuU+h0afw9rs1pmkABtXWsKcRT8jVMTOw26OTIU0S1D5L/xk3v5v2b9b+HcKl+1/Df8eFBWaRpbuSynmnEVmMAU898qnwIb6nktvOKyg5O3GGVjHzRS4KLeLF6HpnNeRFO6gpi2vRorhpGOGpgngdHo/Vgxkq6Sh/KWy4dwdt3W5jIZx9heut5MYqmo0sM2JzBAdxDb+tvTStqPDzcRWN6wXQ23rnrY3uZO1NpBcKSXVkPvwnqGrM2wLEKCa2WP3jwry+8PDHfn17VuiDTWZ3dBjOCLAvZQiZm5dXS4hevxAGbeq7pAPyJzCn5vjlIQaA0nquJWCmkuV2HUd0DnRb1iwdyBiJhalnfASteAUJOBu5DY9L0aqABEbEJag5lbWOuosM+7nS7oCIqQhazBkZk1cabAjPQUaPyyVNIbD1QrEYEK+b9N+JA6+RYD+IXRbstYhewqRA/lDq/neHCh5zJwlzLRns6QgNK+qIq+09b+prrBEOBa87uYB2veXqQdVGz+kIvht7yP9ZleF3ugyH2cqgsO8OT+CXLHR1QwwXrIbGhXd+5kbnWmnLSSWoNFo0DTla2d23sSQoNNsuaQtm9qZtMmyFmx6sKPcWBftBTOs0AhHansoW8uZynmZ0+SDVE3mmYLVEU11uVapw+2kcXACPOAd1BXpyfQGE94mjy9udzylQFp9sZctEQd5UJG8aEE8vy35SL+VogzU3664asgExnHx1JItltCoX3L/GmPVdH+Lnu/DuM4Y7Xk4V1fDdqaVf7JhjR7ItbwGZ1b2nfY/JIeZPuH5+NXF5Lhyhb4Pxv8peZbgwrxYW2t2fNAfkl6a/YWKAzRauvUhUxvvMinKUazPQqOLmBrr8q4QkrZhIo2W4Vjzlhkl38yoNXBMaENFBGfkaWnlY0oZhVp5T/hzSxJ8W8DsWINLb1DeuGXwXTLH6s2ntA/OWINjMEtY8wNzvmhM/TYg2i8almzYsUtyHA5rTYhHgv0jgwxuQCzMsie8Na7azb2ud3kS64kygxoorUvhCxJQs44g6SGPeIvyip5oq25U1//1qSyHFJTfUsir6093k9ckBs5WoMBBz2VpP6zscnMXX/sc3tXFxC++Efls19kTM8tynYEbYDIZ52tUCr7expbyifQgKurrtDcIXpNXoqjuNpK8+/Xv/1NzjF4Xx4mbtaAf3lxkSpsLyq0d64EbBaZ/YM6Vk7tMpVIDQnq1SN+9PiOFgpJPqWEJcuP38Zi80ubn1+5A6lLy8Lfo59dVYhy9MdilP7f8xEVFZxIzfW1aGimIrdP5ymqaBUHwWkwOo/K5Nj8jBJxYQUKZKB20zSzDGpfh2lUOD2MwOWgFtikVdLg5dCtOWz1xzg/lvGHPXeDSk3mxAFyq68RUNVZTn2Rdx/wUBG3E6OrQhPTyU02KnZOczRJmTPnsP/fRo3fH+ejRu1P66JfvjvPRozQbIadHaaMw3BGvI8ohns65pPUv7FBbXLUklHMZ4Rn81eU71LvMQDk1QBX4O36G26CKZBrC+WhwFtvv21lCnBGa4qWfVlq2XXjsqI/OdfDy7nNu6fKFVcaGG7H9VlYKfLfhnbnNYxDEQPEebBm4Y7QoMC+ptjGryiAmmtm/MEOeqCacZgIdd7TpVJl6sUyZGJ2plGd6egKi/FRVivBwCg+lCpMnSCYwc1SKNZyJsD+7vPt8iSP43dvfFGea/AVK7kqpnrp7oPW8QU+kIi2tBNu1IqQhKWUxieWTsCQ35e28AWdWzDKzBjTK0FukcX6M6UhoJ1mAeZLqccTEKKV20z7sMnE7pXUr72cgCiJgK6t6AncuD4IwYUDNaQS6sfSYCO0RrDPTFhR2UzRNQU01RANYwCZtJTcfbbn1unYmczNFMjMnFNL+6A8QUomk/y1SYmI0W5vdL+U7F/030vajA8SHw5xsheFsJ5Gco6skt/1J3K6Kzy+4k626Z5RcXysuZvqRyZGNBk4nOZRaWGTUu/mWilwe2kgFRX50RRnHkwUjD5Vbg9CB5HZRkFUS18EUbiQGY7dnEVu5rOkkciuROqjgAmEl2R1I43Y1jDq7URzghaBwikRFPT1z6iWGtG2U1P40XnZS18dK2ye306qcQ4qzmZc67cIbVpwN6o5ffYdI05XmjqIlRI9TV97aE6n3kEpltI2ssQS0gnRJNUmpxmIPaZbVD0O5sMXkr1EA0VgIXf3M54451YYkTGRmdyKnbrwT0zoEIWGeZyClXWK7EpNvGpFUmyyJde8WUL93s3+KTirfo2z7jpV/yhK6gBFrXxMH91a4HoeTOxzfFT0Z6VNr++ArMsEjK4Mee0Bci5hFWCQeNCEG48rfS+lnpgkIa4s6DGoONFVsRQ2MYqGn4ogubB0JZTc6Gd9OXH82z95GhLAjSlavQvGaWP/zHtCu71a/EBrHCrQmVGsZMcx546neQVizGWfRUAzFwRv83FErPbQeuRgY53FcWePCInJ9l3/yyjL4NZnJzG2gh7AUl9AoknE7Nw82RDhunYdnrhL+57+/mTFDMqHZQmBGGifZCWn/cm9FSl6l7sIK+Q9RmRDuv/QyM4aJxRvMMv+HGFAJE6jT/7EeCzYECv8J8estFJmldXBdoGNN9VBbgZ8H3a2wLbQc+PHjOtcAP2XTmqub9n41z1aUd0GjRxDxpRTCed09XWCrijLKhy+zVUhTasrC1wS0oTPO9NI6m/4WJjooksbEn0ip3M9UsGDaYHVN0M0NNcK/PzzcXcoYpp7i6bs//+yZSrxF9+7PP4kCnUqhwd2jC5fvsGj1SNDvhwH9flDQvwwD+pdBQf86DOhfBwF9dXMxJJcjzqwNA2saELSuom6s0R0hD8hjDWoFqhfI/q5ZPxc/6wWSvg6yyKUg3MJaJrTrJi66SivKN9xIThnncgWqP+jNutlwDy+36vnV+xlENNOuKlhnChtsgjugt+Z+g44A5Wa5/l0Gph9776XK9KUbvlhg5VWHTj52HdlROyaWsnIRbR9gO9n8ChWcW7QC1Ou6trx6uCx/mtcZBK9QySyU29IGH7pp/CwGFkkm+hVKf+1eCmlgfZrvTXJGmAgVbWfOLcTqXvuVpsOCDqAp7u479reYepIJw3gjYaOMSzpoyD0fv4EsgcagNuwQeQv285uL88iwFRSenhNkPywquqpXnD5fC0asWpb1lCIUxzi3uegQCTZ9vZy91Y/s96lagNmR/FD+fHP5ua+y5zaqqyBrd75e3Vx+fl2+OXee5o0FyI395cVW3S7TdAtPp5OngKeGIMse++mkeaekDRqgt4tEXST7g+0w3e5Cy/thF189NlCtDnXCmLVE7osLX9tt2hCezguwZpc49sPN5BYW0jCah+tDuKYPN5MKkdgBvOw9+6AANS5mMUbzuTkglGjQGluLhrRplWDfhIniROimbw4aph/YN4in937rmw5B89xO8SbfXWkjY1FkK7aAvYeYKYjMIDCVH7wXgJ8Vn96whJnpFXbOgPiEmCOZ8Vj8aKqXv8qBw+f7m3BMlcsFi9Ctajn3xwYU3K4dZQcV5P/8z47h5/s//xyE1lJKxRFtsboYFKmWii0w/9phDHYP+IeD3xH294n/1yHxd+QAesX/9u2A+N++HRD4uyGBvxsQ+Pshgb8fEPgvQwL/pU/g13erv9cc7CH8qRbXuukk4G1xC2gz3AEzdHb4Iv2SVyTvl0FsCdOGYOmzB2gvTW1+QYI268+9T1cOIaBtB2CtqdIqKUvs9uT6LzCjWxr1lIZ+3hx2IZS9+J9xuFpRnrniur7BZXy7uizYClz7O5eeU9Zs+oYVnhgqyFJmG5b4ANmlg3JKm7KktUsCxyYkimFOmIy4dZO+0ETEBy6f+kzDbUhCzLl80uRV9QDgddPGb7PZNeDTh8u74cHbXWowAm4mJyDgZjIYAZ/HJ5DA53F/EvgebF8D8/C5tDr3rc4sqYj1kj4GN923KfYHvKLAUjS+D2G43Updtiwc8G10OAtTNJSr2aE+Gz1Op0oho7NTM+kyLbi4B3Odu9d03zS9EEf5jDAR8QyPhh8u7/7r+m77iWIV+mACaYFfVv1NTw2gPL6LlV2myK9vp00bqLu8mzrbNb0HDX0mmJtFBxoMeXU/eXhdvTLuLjHlBwByR9hXNxfPgvnQuh+L2SnTs7Pasdex2rH92apngrkr+r1IoVmMdQy+iOMZC0k2ocuLTJoREafJLKZHRUNuiBNGQjc44cuKgq7Fyp/N9O8I2o1VOx9vnoniUAVvtnyDKDOuLidsaKXnHt3H7qxWxOX/9c/06owbdycvH3rLkaQvk+6bSFYw8HBsY6DxDRgDqjeUH6QiVK9FtFRSSOxCE4CeuQscNTk57ay8v4HlS1QQWOXbRgw0fsMRqi8OnGVu69ywwY9BGyZw7rHrr7j+QBnPVC+lIINRmoPeicZM9fUyDl7KyTsz+hI1atpWkk5BxLnXhY99eiK2v3sx5FqolZlSbDXrn9vYcDJg7LYv1Xkv3T+tXjh5+jcy/EPa+ToNnSLc+2PaKYtvnJbfslQQSRWHWGELay/zcP0qt1i9cznXgKLysigbLRQB3GseG3Z268OoFSbSh0D9wbdI/TIh97BoWY0OYQHevVZbiSACrf5bsRQ/+sZjAXyRIok2uDGldqOt1Pbr0+wlISJFpbPswfREOzd/34UilB5ZgcKSIPs/nFG/RlzbNjnfxlYSsxWLCze+3nS2g+yia+G+DCh7M/0eS+ziy/QoyfwiwPNTZDU4pqoqIff6NOedImTaN5NsOcygZkENPNH1cYcZ+TAdLjza9sviLX33gGD0SLBdpWXB7fkD8WNYV5y6ViBut9CtfvozvlKP2Ztr8UHJpORP9awUtU5lft2W+ZQfNpf8ow29mgvQE2Tr8+ANyT8mnML/8+5yC+ZPmXmQQ/M5b7rl+zo3wPsj/91ZjbAH5LS/GLER7V7MLg7xz507PuxZfuH04zWtDkp2gXtVJJiHLj8o57L3RowB5Z1U5pyHKsxBNpK6MmChqHs6yO/mhAZHPJVqgxMd2lrLbGBl8F4ZviqLfVmhVEvjS8Tdpf3QDCjm/i8b9nOXDBwrmQ6BPuQaY4U3/1ss3lZoQ+8hjY6yR+8iFeCDWLedMe9l3DzugfeSRnPYPnaTMvRBOd77jtJ+wWSIO56lw3lvLeq1fFutdQCt4uMeqlLxKR+quh8f+VDVUU3wQ8tJ3+n+hw1S26VF/r7N4/9/s/tTN7uPqaEzqmFaWlqDkBMmql2jar75mCOb5S3iRlSJVlAH9Qvy7wrdh+d9b2kCr87vb1+jCrhX02K9HVTEqW7n1UGwLssWpty8KrwsQUVMEkikWheFP4ghfHF8sa2haQk9i0EYNmeNrkR9kECtWNUbnaUpZxAXwi9mHbmnMIs/EOZIzwT7moEF4PQ9/4Yddi8SXXe//sib+G4TDmfYnkqtp5jOKe3u0znFo51pDKlZtmI7ugG1zAwmluwWc/1Jk1cKaPxflYdZ9evyY2MUzwadA8P0Yzv20H/yK5+6q0RTugBhpv+Ws2Eshq8ZmfxxQybu7tK5nZDYCctNQLY2bJwrADrjMHWr56Rdz4uEbNH+VFERyyRw3YPqRD7VRiq6OGHv6A7YHgfRaWdHOl+PP800xFOM/dwFxymL+9SRUPZfmoFcj8PLKdo9nGIxjNx1bcBzyDupzULB5I+bdvCSW+996p/8R9iaSzPldDFKZj3C53SxwDN5/xilu86Js+afoZspNZ51G1AJGvkv5zdoYPJQai/6rBWYMjmS6ea23Afan/CmZWnLZ/rRHQV2Pg3YhRSZgZzfo4dx0PnYHxcfo/Z4MkzJvUV/72VT2nysnKyeLVlo8+t8ifL+VJbNx/Xkj5sz8pEqRscX7hWbQl6VaTo8D/1EU+cfP5MhsADc2nclxv4hqwrFuKW7qMZu55ihyu2H9a4KY95OZdlmcLnQU1+u1pTmMQsQFbNEig0FSqbETrzXysKt9fRLy+3oe66trxkotrv6HITOz1EcdW0DFQONuYweh4WVzxIqDnK3dBs+18Ict7XnWn1+861U959nSqqKXcJWTDjZJkJc238m01PRUTrqYJyHRwFqmpsX0mbagPJQz+xmILHnEzXk1zfOz8vbvW0m0/XDfxY63drEZVojM8+7HU8muodcRpQ/s5MYtLNq7A0kqVRUrd1T867c0BrXbVrK5YIJ7BOfqYFNlQ8ycMbiAGubPSjeih1FMklYe56tN2vv5tjHypcAxsCho8F6f9sRzpHb/X3QxXxYaOPxTelS7h7AkoGBMaFBGX1GsjSmBvzTho6TeyF1A50C7CEC9vdie4WX253QKL30djM+y5EfNbk9xfro1r9zz+RaCxxOPfCRyWhZeYrEWme/s6LbbvdXb60Lw3UAC6YeVZ+sYCKSiY0XX927wV8XPFF0PmdRi59ergtHdkWZNjIBVThE4ceWdSFfOp7kf0YvxJr40mEGxTfq8th5Z64EyfTJFpmZhUS2PPjRvx++WNdoiMVcr3qmj/7prKaTshWjBg4dh0u9mRw3xyEmxxnUYdG5OQ5Bh57hsOAa776hiLdh5L5N7J4eTZ9ZFw8Bl1DD6UHjmzDOme81u5mMfTyLoWjAZF0Mc2wXKAXhVCwyK6tX4/HN69wv2ZeyPVyToSjb6L3sSc+eDsywJIUlvScNe1ntHijoy6gH/Hta9KFkUDX6e8pgT7s/FA3VrWFPGvbbHV6gIu0Zbg5meSsR6Y5CwONZn2NnmIB+pnxKKUEtoyhLmUv6zZigao0plOC+JtTGJc2zBpdhUxuPFErk1g+9+j3wasm3lyYkdkIyZxz2y7qX4NePDQaHf9RxQenHeuSq2wbNcYVKhfK84dqvWOCr1CJEvEWlRoiIt7q2ZWpmXEaPvT3F2U5OhYx6Jr+48OaQbD96KBWMxLOpD/SnQ5THHFjwEjLF/rGTiHLubJwPQItTAP/N7YQq2bhieARd4wtiB9SEs0cgX+6vH67uiVTk/up8fHV/1idwEAsmoOeHA69otKwc7qpMeN67+c4cZfVD3NIBLl6kN1E7ARTpnPotZVo63e5zndSPrlVxah00KDyCV/Ae25G7DSOSSUoNmzHOzHrD+fZGWXlSF1zOKJ/Gs3xjgXian5LutaduIf26bLz+gdOSsTcG9TuxreelBcCicD5VLLEbbXG9tv3Uxj9cjNal+v0duWPNlkuAzUGdmC+FwiiIpd3FXLga4KgyR5ybUWPIUaSXPQ6ssOmL8nA1eifSOV24+5Y5HLEIIe0mfdjRofRU+8FHA9Lpi0eOo69yinwIddOEfuuPwnKpV5Wk8nOIdfDOFluT3jweD+5CLaN/GKlM9EwqEy+B1BmNHvEu7zRaUrGAqevSoEeRArdcVVeUfWzFZz41cVP7BhGa4NSh++ycrcDXe7p3sbEWYtvO1EkWPlLfq8camazava2LrEoxx+4EPDERy6eRm6fXOGc+BwVWecpa59ttFVS4+fOXRz299c93pYJ35f6O1aZwd5KaTTCtF64Tynl4MGMTyXNs3OA6JLuuhmGijqI9VxfhC4do9JilUwXG+vdSTH1fxD63/YeWThBu3rxGIz/BDK+36yxNpXJMSiUT5g0Tb9CJVICLg8yBmkwBeovVA9JCaX/UYaKcwI2KUGGNFjTVS2mejReRb9qKb1pxHsgLuJydoS0hCxbbsxiwHfleDIhotITpkpkpuqKjWWZXX4+0V69iNZsG+R4v/h6Um96h2g2wa8Y11dDn8t0P9D1C0GA24fYxY5biOt2jnnj/qCs3NpUbWliO7mOv8luJHcXPsZ4aOfUeR+piTP2VTw+sit4zhbooAdzDdbwfT8rxcE6/kUSaJSgi8DUObz22bnRZGirapq5icOquND6XfbDL393jXMvM5ZdcIWN5R9gxn+El62tKOczNQMQpSCjDgL90iQPTmFid11KEmADVmXuDs16fl9vt99OYMr4O8vmhjnWfq7X1wWr3bPGzXBhD3rqdvD/u0u0six7BjDT767lKMDF2z/XVObUuP+GxteJ23tJUzqdy9m+ITP9rq3Qtzc3Qgs2tIs5zUeO1xg7t83vCsXrnhylpXHjw4iXrWdgQ3Q3vAYWFbynl269r6CLRA3K528l7L7szomBBVczBX0Rdpx37cI590avHUMP8j6uHGm6rXEH3mGijYQveNBsQ793n3vFuOILtBfL46ubq4apv1MuuCopeMP9+dT7eSZ+36YLUQyrDp0ldGw5CuaGa41icBZLJ1c3V5QP5hELHu9/W0PWsFY6SqY6oECe+fFOvpwubrMfizk52Zscx1CswmXop5Acwp6CfsyFXWzW6tHP5fgsIHSne7D3F8klwSePnkYwTS4EBF9tuW/bTEhRUn5F1pc945jyTccd99Cx9bnIDgvBiLrpdpdfKLPaz/S0nuNbgv3yrdzLqUd1++fat+ois60/hGoPuIje34mjRIhYYhtZviVTk542E/TokYb9++1Z9XfYUhIV6szlT2kytcuxxGnN81VkK6k3QOUz95BmR8HJzoZLYernc/ayNBUa6bEtlUWLrHqwpmkFueDfzAx35EN2clCXAaapdxU0Ha1BWuJALdoSXN2n4RIcu8ZvWbh4PiuN6e2lxyt5ek9v23l7P2Pn2LsPulxP2Vx9t4a0ahK4WCWhNF6BJmvkGm9195SYfJxP3QMU9NX0BUb4vT+npi8nHScBFYvdaAqtfQi3jukVD92n+0dNyl5PSb8O+Jq/sCnB3vP0auJ0QI1MW7YD2Vhost8ICF/8oxHCQC/bydWBqWC3tFLhDp5kdeoa92kWM5077kvYB7+4ORRcagBJ2f1PYyEDkvmgZN5Yzn7K++5ZWIdfe0l0HVuNPyRxRkFRyFu2k+l00vLkWK8pZfG6MYrOsr4fbeqGq8oJwGOdHQnOomMFnjgDyxvV9+0btvn1W+W3+C/J/J59uXeP1SCoFkXGljAk1G1vpb+XirfS25bvho3siQsgSO/ek/x5ixVYgHuSYfx2UWoSKx2+J9M5GyzM7B5mdB+nJGJ4KbPcsfrSe5IF0TD5OPkphlg9yTA1MUhDm82TcC+hoSdXCPXbg2F3tR4m1o9aLzbsZ+mL0iHIQMcWrsmbpL/+4nnWlXbrtCODrkS7f15O6fH8c2c7VdyXz/JjSxV5H2D1cr0lTJb+xBJuMF+/3OFhESPHGpZvj3LHyZ7wtKlk4sV64MXC67q/4qmMRlQEVlQR+bixjajaqUkBRF1mSQMyoAd6REslpEdJMV0yzpnfaT6hdtQluAyNzzhbLjpxGjuwkqOrsM4rBivIi+NtRH6wqDYs06OteyEK8Oiy0PLc6W1sDyfNuQb67g/cViLv9sgWybjZw7lvmcRw2ow08hCQ169D8YphWoTX2nN9dB/bhy1bMrXDHXUIDAR2FaSAKc3vyA/1G9Lwbj91H/V6Lmfwx8TazMm7l3hfr5bmh6lAHPznkh/nunh06ybs9NeZ0+4rhrZvh3rjJDe/OmPJHKk70NMW+wPpnV+UJh8NQ5c+kXHAaPS4lH+qZify9lCJaXJPELlLrXpFZmJ4o2ejRvAH2rbzH758QdNgpEDyhdcD5MZg+tvANRzjY0GmZAEYXL9ayXVLOh3iix18lhRj3+GpDPLvzuroyTDvSKEIAnRjDAwBD4MSwN8eaiym/gVkH6es1w9dcfDJnojBJMUtAaPdqs9YyYri14cFZoTxNVV2l4ihFXaXiYDX9593ty9+DHzIhgE9Mf+cOpQcBgBgcfoS39ewHLLJs0WfkLWEixounmow/fbnFOPTn0h8/37lfXfzjzv+k/OnV5OH84uZ68vvVGH/5ljBdtB+jnPuyawSzIUHnyB9TQ7dsrrvTX/M/yu/0WI3wHNkB0bZddV9IjeeQynD+XwAAAP//waIyfw==" } diff --git a/x-pack/metricbeat/module/aws/terraform.tf b/x-pack/metricbeat/module/aws/terraform.tf index e767a028ab1..4f00b88df5b 100644 --- a/x-pack/metricbeat/module/aws/terraform.tf +++ b/x-pack/metricbeat/module/aws/terraform.tf @@ -46,3 +46,23 @@ resource "aws_s3_bucket_object" "test" { bucket = aws_s3_bucket.test.id content = "something" } + +resource "aws_instance" "test" { + ami = data.aws_ami.latest-amzn.id + monitoring = true + instance_type = "t1.micro" + tags = { + Name = "metricbeat-test" + } +} + +data "aws_ami" "latest-amzn" { + most_recent = true + owners = ["amazon"] + filter { + name = "name" + values = [ + "amzn2-ami-hvm-*", + ] + } +} From 239cff70b0567945a8f3e7480206aac874701871 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 16 Feb 2021 20:31:32 +0100 Subject: [PATCH 08/13] Support running Docker logging plugin on ARM64 (#24034) ## What does this PR do? This PR adds support for running Dockerlogbeat on ARM machines. ## Why is it important? Because we want to support running Beats on ARM. --- .ci/packaging.groovy | 1 + .../{Dockerfile => Dockerfile.tmpl} | 2 +- x-pack/dockerlogbeat/magefile.go | 154 +++++++++++------- 3 files changed, 100 insertions(+), 57 deletions(-) rename x-pack/dockerlogbeat/{Dockerfile => Dockerfile.tmpl} (82%) diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index b90182a5d00..34a5306eab3 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -204,6 +204,7 @@ pipeline { 'metricbeat', 'packetbeat', 'x-pack/auditbeat', + 'x-pack/dockerlogbeat', 'x-pack/elastic-agent', 'x-pack/filebeat', 'x-pack/heartbeat', diff --git a/x-pack/dockerlogbeat/Dockerfile b/x-pack/dockerlogbeat/Dockerfile.tmpl similarity index 82% rename from x-pack/dockerlogbeat/Dockerfile rename to x-pack/dockerlogbeat/Dockerfile.tmpl index 93fffb3e039..01e7d951ab6 100644 --- a/x-pack/dockerlogbeat/Dockerfile +++ b/x-pack/dockerlogbeat/Dockerfile.tmpl @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM {{ .from }} RUN apk --no-cache add ca-certificates COPY build/plugin/dockerlogbeat /usr/bin/ diff --git a/x-pack/dockerlogbeat/magefile.go b/x-pack/dockerlogbeat/magefile.go index b6abbad70fd..4c0c7daeb02 100644 --- a/x-pack/dockerlogbeat/magefile.go +++ b/x-pack/dockerlogbeat/magefile.go @@ -13,6 +13,7 @@ import ( "io/ioutil" "os" "path/filepath" + "runtime" "strings" "time" @@ -44,17 +45,27 @@ const ( packageStagingDir = "build/package/" packageEndDir = "build/distributions/" rootImageName = "rootfsimage" + dockerfileTmpl = "Dockerfile.tmpl" ) var ( buildDir = filepath.Join(packageStagingDir, logDriverName) dockerExportPath = filepath.Join(packageStagingDir, "temproot.tar") + + platformMap = map[string]map[string]interface{}{ + "amd64": map[string]interface{}{ + "from": "alpine:3.10", + }, + "arm64": map[string]interface{}{ + "from": "arm64v8/alpine:3.10", + }, + } ) func init() { devtools.BeatLicense = "Elastic License" devtools.BeatDescription = "The Docker Logging Driver is a docker plugin for the Elastic Stack." - devtools.Platforms = devtools.Platforms.Filter("linux/amd64") + devtools.Platforms = devtools.Platforms.Filter("linux/amd64 linux/arm64") } // getPluginName returns the fully qualified name:version string. @@ -67,7 +78,7 @@ func getPluginName() (string, error) { } // createContainer builds the plugin and creates the container that will later become the rootfs used by the plugin -func createContainer(ctx context.Context, cli *client.Client) error { +func createContainer(ctx context.Context, cli *client.Client, arch string) error { dockerLogBeatDir, err := os.Getwd() if err != nil { return errors.Wrap(err, "error getting work dir") @@ -77,6 +88,12 @@ func createContainer(ctx context.Context, cli *client.Client) error { return errors.Errorf("not in dockerlogbeat directory: %s", dockerLogBeatDir) } + dockerfile := filepath.Join(packageStagingDir, "Dockerfile") + err = devtools.ExpandFile(dockerfileTmpl, dockerfile, platformMap[arch]) + if err != nil { + return errors.Wrap(err, "error while expanding Dockerfile template") + } + // start to build the root container that'll be used to build the plugin tmpDir, err := ioutil.TempDir("", "dockerBuildTar") if err != nil { @@ -98,7 +115,7 @@ func createContainer(ctx context.Context, cli *client.Client) error { buildOpts := types.ImageBuildOptions{ Tags: []string{rootImageName}, - Dockerfile: "Dockerfile", + Dockerfile: dockerfile, } //build, wait for output buildResp, err := cli.ImageBuild(ctx, buildContext, buildOpts) @@ -137,56 +154,64 @@ func BuildContainer(ctx context.Context) error { return errors.Wrap(err, "error creating build dir") } - err = createContainer(ctx, cli) - if err != nil { - return errors.Wrap(err, "error creating base container") - } + for _, plat := range devtools.Platforms { + arch := plat.GOARCH() + if runtime.GOARCH != arch { + fmt.Println("Skippping building for", arch, "as runtime is different") + continue + } - // create the container that will become our rootfs - CreatedContainerBody, err := cli.ContainerCreate(ctx, &container.Config{Image: rootImageName}, nil, nil, "") - if err != nil { - return errors.Wrap(err, "error creating container") - } + err = createContainer(ctx, cli, arch) + if err != nil { + return errors.Wrap(err, "error creating base container") + } - defer func() { - // cleanup - if _, noClean := os.LookupEnv("DOCKERLOGBEAT_NO_CLEANUP"); !noClean { - err = cleanDockerArtifacts(ctx, CreatedContainerBody.ID, cli) - if err != nil { - fmt.Fprintf(os.Stderr, "Error cleaning up docker: %s", err) - } + // create the container that will become our rootfs + CreatedContainerBody, err := cli.ContainerCreate(ctx, &container.Config{Image: rootImageName}, nil, nil, "") + if err != nil { + return errors.Wrap(err, "error creating container") } - }() - fmt.Printf("Got image: %#v\n", CreatedContainerBody.ID) + defer func() { + // cleanup + if _, noClean := os.LookupEnv("DOCKERLOGBEAT_NO_CLEANUP"); !noClean { + err = cleanDockerArtifacts(ctx, CreatedContainerBody.ID, cli) + if err != nil { + fmt.Fprintf(os.Stderr, "Error cleaning up docker: %s", err) + } + } + }() - file, err := os.Create(dockerExportPath) - if err != nil { - return errors.Wrap(err, "error creating tar archive") - } + fmt.Printf("Got image: %#v\n", CreatedContainerBody.ID) - // export the container to a tar file - exportReader, err := cli.ContainerExport(ctx, CreatedContainerBody.ID) - if err != nil { - return errors.Wrap(err, "error exporting container") - } + file, err := os.Create(dockerExportPath) + if err != nil { + return errors.Wrap(err, "error creating tar archive") + } - _, err = io.Copy(file, exportReader) - if err != nil { - return errors.Wrap(err, "error writing exported container") - } + // export the container to a tar file + exportReader, err := cli.ContainerExport(ctx, CreatedContainerBody.ID) + if err != nil { + return errors.Wrap(err, "error exporting container") + } - //misc prepare operations + _, err = io.Copy(file, exportReader) + if err != nil { + return errors.Wrap(err, "error writing exported container") + } - err = devtools.Copy("config.json", filepath.Join(buildDir, "config.json")) - if err != nil { - return errors.Wrap(err, "error copying config.json") - } + //misc prepare operations - // unpack the tar file into a root directory, which is the format needed for the docker plugin create tool - err = sh.RunV("tar", "-xf", dockerExportPath, "-C", filepath.Join(buildDir, "rootfs")) - if err != nil { - return errors.Wrap(err, "error unpacking exported container") + err = devtools.Copy("config.json", filepath.Join(buildDir, "config.json")) + if err != nil { + return errors.Wrap(err, "error copying config.json") + } + + // unpack the tar file into a root directory, which is the format needed for the docker plugin create tool + err = sh.RunV("tar", "-xf", dockerExportPath, "-C", filepath.Join(buildDir, "rootfs")) + if err != nil { + return errors.Wrap(err, "error unpacking exported container") + } } return nil @@ -293,20 +318,23 @@ func Export() error { version = version + "-SNAPSHOT" } - tarballName := fmt.Sprintf("%s-%s-%s.tar.gz", logDriverName, version, "docker-plugin") + for _, plat := range devtools.Platforms { + arch := plat.GOARCH() + tarballName := fmt.Sprintf("%s-%s-%s-%s.tar.gz", logDriverName, version, arch, "docker-plugin") - outpath := filepath.Join("../..", packageEndDir, tarballName) + outpath := filepath.Join("../..", packageEndDir, tarballName) - err = os.Chdir(packageStagingDir) - if err != nil { - return errors.Wrap(err, "error changing directory") - } + err = os.Chdir(packageStagingDir) + if err != nil { + return errors.Wrap(err, "error changing directory") + } - err = sh.RunV("tar", "zcf", outpath, - filepath.Join(logDriverName, "rootfs"), - filepath.Join(logDriverName, "config.json")) - if err != nil { - return errors.Wrap(err, "error creating release tarball") + err = sh.RunV("tar", "zcf", outpath, + filepath.Join(logDriverName, "rootfs"), + filepath.Join(logDriverName, "config.json")) + if err != nil { + return errors.Wrap(err, "error creating release tarball") + } } return nil @@ -337,14 +365,28 @@ func Package() { start := time.Now() defer func() { fmt.Println("package ran for", time.Since(start)) }() - if _, enabled := devtools.Platforms.Get("linux/amd64"); !enabled { - fmt.Println(">> package: skipping because linux/amd64 is not enabled") + if !isSupportedPlatform() { + fmt.Println(">> package: skipping because no supported platform is enabled") return } mg.SerialDeps(Build, Export) } +func isSupportedPlatform() bool { + _, isAMD64Selected := devtools.Platforms.Get("linux/amd64") + _, isARM64Selected := devtools.Platforms.Get("linux/arm64") + arch := runtime.GOARCH + + if arch == "amd64" && isARM64Selected { + devtools.Platforms = devtools.Platforms.Remove("linux/arm64") + } else if arch == "arm64" && isAMD64Selected { + devtools.Platforms = devtools.Platforms.Remove("linux/amd64") + } + + return len(devtools.Platforms) > 0 +} + // BuildAndInstall builds and installs the plugin func BuildAndInstall() { mg.SerialDeps(Build, Install) From 048c3cc19bf43c8a6b332afaafdd0a2eb8e5bd49 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Tue, 16 Feb 2021 20:39:37 +0100 Subject: [PATCH 09/13] Update Beats to ECS 1.8.0 (#23465) Incorporates ECS 1.8 changes from the following PRs: Support host.type field in add_host_metadata processor and Auditbeat's system/host #23513 Winlogbeat #23563 Auditbeat auditd #23594 Journalbeat #23737 Packetbeat #23783 Filebeat: auditd #23723 cisco #23819 cef #23832 crowdstrike falcon #23875 fortinet firewall #23902 microsoft #23897 elasticsearch/audit #24000 Gsuite/Workspace #23709 o365 #23896 zoom #23904 okta #23929 aws/cloudtrail #23911 aws/s3access #23920 azure #23927 juniper/srx #23936 panw #23931 sophos/xg #23967 system/auth #23961 mysqlenterprise #23978 zeek #23847 Make all Beats and modules report ECS 1.8.0 #23992 Closes #23118 Co-authored-by: Marc Guasch --- CHANGELOG.next.asciidoc | 32 +- NOTICE.txt | 12 +- auditbeat/_meta/fields.common.yml | 21 - auditbeat/cmd/root.go | 2 +- auditbeat/docs/fields.asciidoc | 490 ++- auditbeat/include/fields.go | 2 +- auditbeat/module/auditd/_meta/fields.yml | 16 - auditbeat/module/auditd/audit_linux.go | 79 +- auditbeat/module/auditd/audit_linux_test.go | 59 +- auditbeat/module/auditd/fields.go | 2 +- auditbeat/module/auditd/golden_files_test.go | 225 ++ .../module/auditd/testdata/auditlogin.log | 3 + .../testdata/auditlogin.log-expected.json | 183 + auditbeat/module/auditd/testdata/centos7.log | 8 + .../auditd/testdata/centos7.log-expected.json | 621 +++ auditbeat/module/auditd/testdata/chown.log | 4 + .../auditd/testdata/chown.log-expected.json | 134 + auditbeat/module/auditd/testdata/passwd.log | 4 + .../auditd/testdata/passwd.log-expected.json | 282 ++ auditbeat/module/auditd/testdata/setuid.log | 6 + .../auditd/testdata/setuid.log-expected.json | 291 ++ .../module/auditd/testdata/sudo-asuser.log | 5 + .../testdata/sudo-asuser.log-expected.json | 322 ++ auditbeat/module/auditd/testdata/sudo.log | 20 + .../auditd/testdata/sudo.log-expected.json | 1293 ++++++ auditbeat/module/auditd/testdata/useradd.log | 8 + .../auditd/testdata/useradd.log-expected.json | 551 +++ .../module/auditd/testdata/userlogin.log | 4 + .../testdata/userlogin.log-expected.json | 257 ++ filebeat/docs/fields.asciidoc | 568 ++- filebeat/include/fields.go | 2 +- .../module/apache/access/config/access.yml | 2 +- filebeat/module/apache/error/config/error.yml | 2 +- filebeat/module/auditd/_meta/fields.yml | 20 - filebeat/module/auditd/fields.go | 2 +- filebeat/module/auditd/log/config/log.yml | 2 +- .../auditd/log/ingest/gen-ecs-mappings.py | 176 + .../module/auditd/log/ingest/pipeline.yml | 1828 ++++++++- .../test/audit-cent7-node.log-expected.json | 104 +- .../log/test/audit-rhel6.log-expected.json | 148 +- .../log/test/audit-rhel7.log-expected.json | 814 +++- .../test/audit-ubuntu1604.log-expected.json | 18 + filebeat/module/auditd/log/test/avc.log | 3 + .../auditd/log/test/avc.log-expected.json | 64 + .../auditd/log/test/test.log-expected.json | 85 +- filebeat/module/auditd/log/test/useradd.log | 8 + .../auditd/log/test/useradd.log-expected.json | 300 ++ .../elasticsearch/audit/_meta/fields.yml | 9 +- .../elasticsearch/audit/config/audit.yml | 2 +- .../audit/ingest/pipeline-json.yml | 61 +- .../elasticsearch/audit/ingest/pipeline.yml | 4 + .../test/test-audit-docker.log-expected.json | 21 + .../elasticsearch/audit/test/test-audit.log | 7 + .../audit/test/test-audit.log-expected.json | 192 + .../elasticsearch/deprecation/config/log.yml | 2 +- filebeat/module/elasticsearch/fields.go | 2 +- .../module/elasticsearch/gc/config/gc.yml | 2 +- .../elasticsearch/server/config/log.yml | 2 +- .../elasticsearch/slowlog/config/slowlog.yml | 2 +- filebeat/module/haproxy/log/config/file.yml | 2 +- filebeat/module/haproxy/log/config/syslog.yml | 2 +- filebeat/module/icinga/debug/config/debug.yml | 2 +- filebeat/module/icinga/main/config/main.yml | 2 +- .../module/icinga/startup/config/startup.yml | 2 +- .../module/iis/access/config/iis-access.yml | 2 +- .../module/iis/error/config/iis-error.yml | 2 +- filebeat/module/kafka/log/config/log.yml | 2 +- filebeat/module/kibana/log/config/log.yml | 2 +- filebeat/module/logstash/log/config/log.yml | 2 +- .../logstash/slowlog/config/slowlog.yml | 2 +- filebeat/module/mongodb/log/config/log.yml | 2 +- filebeat/module/mysql/error/config/error.yml | 2 +- .../module/mysql/slowlog/config/slowlog.yml | 2 +- filebeat/module/nats/log/config/log.yml | 2 +- .../nginx/access/config/nginx-access.yml | 2 +- .../module/nginx/error/config/nginx-error.yml | 2 +- .../config/ingress_controller.yml | 2 +- .../module/osquery/result/config/result.yml | 2 +- filebeat/module/postgresql/log/config/log.yml | 2 +- filebeat/module/redis/log/config/log.yml | 2 +- filebeat/module/santa/log/config/file.yml | 2 +- filebeat/module/system/auth/config/auth.yml | 2 +- .../module/system/auth/ingest/pipeline.yml | 53 +- .../test/auth-ubuntu1204.log-expected.json | 610 ++- .../auth/test/secure-rhel7.log-expected.json | 210 +- .../system/auth/test/test.log-expected.json | 18 +- .../auth/test/timestamp.log-expected.json | 9 +- .../module/system/syslog/config/syslog.yml | 2 +- .../traefik/access/config/traefik-access.yml | 2 +- go.mod | 6 +- go.sum | 12 +- heartbeat/cmd/root.go | 2 +- heartbeat/docs/fields.asciidoc | 396 +- heartbeat/include/fields.go | 2 +- journalbeat/_meta/fields.common.yml | 8 +- journalbeat/cmd/root.go | 2 +- journalbeat/docs/fields.asciidoc | 404 +- journalbeat/include/fields.go | 2 +- journalbeat/pkg/journalfield/conv.go | 88 +- journalbeat/pkg/journalfield/conv_test.go | 6 +- journalbeat/pkg/journalfield/default.go | 26 +- journalbeat/pkg/journalfield/default_other.go | 6 +- libbeat/_meta/fields.ecs.yml | 310 +- libbeat/metric/system/host/host.go | 4 +- .../add_host_metadata_test.go | 8 + .../docs/add_host_metadata.asciidoc | 1 + metricbeat/cmd/root.go | 2 +- metricbeat/docs/fields.asciidoc | 396 +- packetbeat/cmd/root.go | 2 +- packetbeat/docs/fields.asciidoc | 396 +- packetbeat/include/fields.go | 2 +- packetbeat/protos/amqp/amqp.go | 4 + packetbeat/protos/cassandra/pub.go | 2 + packetbeat/protos/http/event.go | 6 + packetbeat/protos/http/http.go | 43 + packetbeat/protos/http/http_parser.go | 1 + packetbeat/protos/http/http_test.go | 30 + packetbeat/protos/mongodb/mongodb.go | 2 + packetbeat/protos/mysql/mysql.go | 2 + packetbeat/protos/nfs/request_handler.go | 11 +- packetbeat/protos/sip/plugin.go | 2 + .../tests/system/config/golden-tests.yml | 5 + .../golden/established_tls-expected.json | 2 +- .../golden/http_basic_auth-expected.json | 155 + .../golden/non_established_tls-expected.json | 2 +- .../tests/system/golden/tls_1_3-expected.json | 2 +- .../golden/tls_all_options-expected.json | 2 +- .../system/golden/tls_no_certs-expected.json | 2 +- .../golden/tls_not_detailed-expected.json | 2 +- winlogbeat/cmd/root.go | 2 +- winlogbeat/docs/fields.asciidoc | 396 +- winlogbeat/include/fields.go | 2 +- x-pack/auditbeat/module/system/fields.go | 2 +- .../module/system/host/_meta/data.json | 1 + .../module/system/host/_meta/fields.yml | 4 + x-pack/auditbeat/module/system/host/host.go | 5 + .../auditbeat/module/system/socket/state.go | 4 +- .../module/activemq/audit/config/audit.yml | 2 +- .../module/activemq/log/config/log.yml | 2 +- .../module/aws/cloudtrail/config/aws-s3.yml | 2 +- .../module/aws/cloudtrail/config/file.yml | 2 +- .../module/aws/cloudtrail/ingest/pipeline.yml | 63 +- .../add-user-to-group-json.log-expected.json | 3 + .../change-password-json.log-expected.json | 6 + .../test/console-login-json.log-expected.json | 6 + .../create-access-key-json.log-expected.json | 2 + .../test/create-group-json.log-expected.json | 9 + .../create-key-pair-json.log-expected.json | 3 + .../test/create-trail-json.log-expected.json | 3 + .../test/create-user-json.log-expected.json | 3 + ...-virtual-mfa-device-json.log-expected.json | 3 + ...activate-mfa-device-json.log-expected.json | 1 + .../delete-access-key-json.log-expected.json | 2 + .../test/delete-group-json.log-expected.json | 8 + ...lete-ssh-public-key-json.log-expected.json | 2 + .../test/delete-trail-json.log-expected.json | 3 + .../test/delete-user-json.log-expected.json | 2 + ...-virtual-mfa-device-json.log-expected.json | 3 + ...iguration_recorders-json.log-expected.json | 3 + .../enable-mfa-device-json.log-expected.json | 2 + ...ove-user-from-group-json.log-expected.json | 3 + .../test/start-logging-json.log-expected.json | 3 + .../test/stop-logging-json.log-expected.json | 3 + .../update-access-key-json.log-expected.json | 2 + ...out-password-policy-json.log-expected.json | 3 + .../test/update-group-json.log-expected.json | 8 + ...pdate-login-profile-json.log-expected.json | 2 + ...date-ssh-public-key-json.log-expected.json | 4 + .../test/update-trail-json.log-expected.json | 6 + .../test/update-user-json.log-expected.json | 3 + ...load-ssh-public-key-json.log-expected.json | 1 + .../module/aws/cloudwatch/config/aws-s3.yml | 2 +- .../module/aws/cloudwatch/config/file.yml | 2 +- .../filebeat/module/aws/ec2/config/aws-s3.yml | 2 +- .../filebeat/module/aws/ec2/config/file.yml | 2 +- .../filebeat/module/aws/elb/config/aws-s3.yml | 2 +- .../filebeat/module/aws/elb/config/file.yml | 2 +- .../module/aws/s3access/config/aws-s3.yml | 2 +- .../module/aws/s3access/config/file.yml | 2 +- .../module/aws/s3access/ingest/pipeline.yml | 56 +- .../test/s3_server_access.log-expected.json | 62 +- .../module/aws/s3access/test/test.log | 1 + .../aws/s3access/test/test.log-expected.json | 124 +- .../module/aws/vpcflow/config/input.yml | 2 +- .../activitylogs/config/azure-eventhub.yml | 2 +- .../module/azure/activitylogs/config/file.yml | 2 +- .../azure/activitylogs/ingest/pipeline.yml | 36 +- .../test/activitylogs.log-expected.json | 5 + .../supporttickets_write.log-expected.json | 9 + .../azure/auditlogs/config/azure-eventhub.yml | 2 +- .../module/azure/auditlogs/config/file.yml | 2 +- .../azure/auditlogs/ingest/pipeline.yml | 7 +- .../test/auditlogs.log-expected.json | 1 + .../platformlogs/config/azure-eventhub.yml | 2 +- .../module/azure/platformlogs/config/file.yml | 2 +- .../azure/platformlogs/ingest/pipeline.yml | 16 +- .../platformlogs-eventhub.log-expected.json | 1 + .../test/platformlogs-kube.log-expected.json | 1 + .../signinlogs/config/azure-eventhub.yml | 2 +- .../module/azure/signinlogs/config/file.yml | 2 +- .../azure/signinlogs/ingest/pipeline.yml | 16 +- .../test/signinlogs.log-expected.json | 10 + .../barracuda/spamfirewall/config/input.yml | 2 +- .../module/barracuda/waf/config/input.yml | 2 +- .../module/bluecoat/director/config/input.yml | 2 +- .../filebeat/module/cef/log/config/input.yml | 2 +- .../module/cef/log/ingest/pipeline.yml | 29 +- .../log/test/fp-ngfw-smc.log-expected.json | 30 + .../checkpoint/firewall/config/firewall.yml | 2 +- .../module/cisco/asa/config/input.yml | 2 +- .../additional_messages.log-expected.json | 42 +- .../cisco/asa/test/asa-fix.log-expected.json | 4 - .../module/cisco/ftd/config/input.yml | 2 +- .../cisco/ftd/test/asa-fix.log-expected.json | 4 - .../module/cisco/ios/config/input.yml | 2 +- .../module/cisco/meraki/config/input.yml | 2 +- .../module/cisco/nexus/config/input.yml | 2 +- .../cisco/shared/ingest/asa-ftd-pipeline.yml | 16 +- .../module/cisco/umbrella/config/input.yml | 2 +- .../module/coredns/log/config/coredns.yml | 2 +- .../crowdstrike/falcon/config/falcon.yml | 17 +- .../crowdstrike/falcon/config/pipeline.js | 474 --- .../falcon/ingest/auth_activity_audit.yml | 34 + .../falcon/ingest/detection_summary.yml | 163 + .../falcon/ingest/firewall_match.yml | 137 + .../falcon/ingest/incident_summary.yml | 29 + .../crowdstrike/falcon/ingest/pipeline.yml | 334 ++ .../ingest/remote_response_session_end.yml | 25 + .../ingest/remote_response_session_start.yml | 25 + .../falcon/ingest/user_activity_audit.yml | 29 + .../module/crowdstrike/falcon/manifest.yml | 11 +- .../falcon-audit-events.log-expected.json | 126 +- .../test/falcon-events.log-expected.json | 18 +- .../test/falcon-sample.log-expected.json | 78 +- .../module/cyberark/corepas/config/input.yml | 2 +- .../module/cylance/protect/config/input.yml | 2 +- .../envoyproxy/log/config/envoyproxy.yml | 2 +- .../module/f5/bigipafm/config/input.yml | 2 +- .../module/f5/bigipapm/config/input.yml | 2 +- .../fortinet/clientendpoint/config/input.yml | 2 +- .../fortinet/firewall/config/firewall.yml | 2 +- .../module/fortinet/firewall/ingest/event.yml | 87 - .../fortinet/firewall/ingest/pipeline.yml | 163 +- .../fortinet/firewall/ingest/traffic.yml | 98 +- .../module/fortinet/firewall/ingest/utm.yml | 87 - .../firewall/test/fortinet.log-expected.json | 27 +- .../fortinet/fortimail/config/input.yml | 2 +- .../fortinet/fortimanager/config/input.yml | 2 +- .../module/gcp/audit/config/input.yml | 2 +- .../module/gcp/firewall/config/input.yml | 2 +- .../module/gcp/vpcflow/config/input.yml | 2 +- .../google_workspace/admin/config/config.yml | 2 +- .../google_workspace/admin/config/pipeline.js | 11 + ...in-application-test.json.log-expected.json | 45 +- ...admin-calendar-test.json.log-expected.json | 71 +- .../admin-chat-test.json.log-expected.json | 20 +- ...admin-chromeos-test.json.log-expected.json | 105 +- ...admin-contacts-test.json.log-expected.json | 5 +- ...delegatedadmin-test.json.log-expected.json | 46 +- .../admin-docs-test.json.log-expected.json | 21 +- .../admin-domain-test.json.log-expected.json | 428 +- .../admin-gmail-test.json.log-expected.json | 48 +- .../admin-groups-test.json.log-expected.json | 95 +- ...admin-licenses-test.json.log-expected.json | 49 +- .../admin-mobile-test.json.log-expected.json | 182 +- .../admin-org-test.json.log-expected.json | 85 +- ...admin-security-test.json.log-expected.json | 120 +- .../admin-sites-test.json.log-expected.json | 25 +- .../admin-user-test.json.log-expected.json | 580 ++- .../module/google_workspace/config/common.js | 3 + .../google_workspace/drive/config/config.yml | 2 +- .../test/drive-test.json.log-expected.json | 140 +- .../google_workspace/groups/config/config.yml | 2 +- .../groups/config/pipeline.js | 11 + .../test/groups-test.json.log-expected.json | 170 +- .../google_workspace/login/config/config.yml | 2 +- .../google_workspace/login/config/pipeline.js | 19 + .../test/login-test.json.log-expected.json | 71 +- .../google_workspace/saml/config/config.yml | 2 +- .../google_workspace/saml/config/pipeline.js | 2 +- .../test/saml-test.json.log-expected.json | 16 +- .../user_accounts/config/config.yml | 2 +- .../user_accounts-test.json.log-expected.json | 40 +- .../module/gsuite/admin/config/config.yml | 2 +- .../module/gsuite/admin/config/pipeline.js | 11 + ...in-application-test.json.log-expected.json | 45 +- ...admin-calendar-test.json.log-expected.json | 71 +- ...ite-admin-chat-test.json.log-expected.json | 20 +- ...admin-chromeos-test.json.log-expected.json | 105 +- ...admin-contacts-test.json.log-expected.json | 5 +- ...delegatedadmin-test.json.log-expected.json | 46 +- ...ite-admin-docs-test.json.log-expected.json | 21 +- ...e-admin-domain-test.json.log-expected.json | 428 +- ...te-admin-gmail-test.json.log-expected.json | 48 +- ...e-admin-groups-test.json.log-expected.json | 95 +- ...admin-licenses-test.json.log-expected.json | 49 +- ...e-admin-mobile-test.json.log-expected.json | 182 +- ...uite-admin-org-test.json.log-expected.json | 85 +- ...admin-security-test.json.log-expected.json | 120 +- ...te-admin-sites-test.json.log-expected.json | 25 +- ...ite-admin-user-test.json.log-expected.json | 580 ++- .../filebeat/module/gsuite/config/common.js | 3 + .../module/gsuite/drive/config/config.yml | 2 +- .../gsuite-drive-test.json.log-expected.json | 140 +- .../module/gsuite/groups/config/config.yml | 2 +- .../module/gsuite/groups/config/pipeline.js | 11 + .../gsuite-groups-test.json.log-expected.json | 170 +- .../module/gsuite/login/config/config.yml | 2 +- .../module/gsuite/login/config/pipeline.js | 19 + .../gsuite-login-test.json.log-expected.json | 59 +- .../module/gsuite/saml/config/config.yml | 2 +- .../module/gsuite/saml/config/pipeline.js | 2 +- .../gsuite-saml-test.json.log-expected.json | 16 +- .../gsuite/user_accounts/config/config.yml | 2 +- ...-user_accounts-test.json.log-expected.json | 40 +- .../module/ibmmq/errorlog/config/errorlog.yml | 2 +- .../imperva/securesphere/config/input.yml | 2 +- .../module/infoblox/nios/config/input.yml | 2 +- .../module/iptables/log/config/input.yml | 2 +- .../module/juniper/junos/config/input.yml | 2 +- .../module/juniper/netscreen/config/input.yml | 2 +- .../module/juniper/srx/config/srx.yml | 2 +- .../module/juniper/srx/ingest/pipeline.yml | 20 + .../juniper/srx/test/atp.log-expected.json | 6 + .../juniper/srx/test/flow.log-expected.json | 62 +- .../juniper/srx/test/idp.log-expected.json | 6 + .../juniper/srx/test/utm.log-expected.json | 15 + .../microsoft/defender_atp/config/atp.yml | 2 +- .../defender_atp/ingest/pipeline.yml | 27 +- .../defender_atp-test.json.log-expected.json | 9 +- .../module/microsoft/dhcp/config/input.yml | 2 +- .../m365_defender/config/defender.yml | 2 +- .../m365_defender/ingest/pipeline.yml | 27 +- ...365_defender-test.ndjson.log-expected.json | 4 +- .../module/misp/threat/config/input.yml | 2 +- .../module/mssql/log/config/config.yml | 2 +- .../mysqlenterprise/audit/config/config.yml | 2 +- .../mysqlenterprise/audit/ingest/pipeline.yml | 52 +- .../audit/test/mysql_audit_test.log | 5 +- .../test/mysql_audit_test.log-expected.json | 323 +- .../module/netflow/log/config/netflow.yml | 2 +- .../netscout/sightline/config/input.yml | 2 +- .../module/o365/audit/_meta/fields.yml | 39 + .../module/o365/audit/config/input.yml | 7 +- .../module/o365/audit/config/pipeline.js | 229 +- .../test/04-sharepoint.log-expected.json | 4 + .../06-sharepointfileop.log-expected.json | 11 + .../o365/audit/test/08-azuread-users.log | 11 + .../test/08-azuread-users.log-expected.json | 1212 ++++++ .../audit/test/08-azuread.log-expected.json | 120 +- .../test/11-dlp-sharepoint.log-expected.json | 7 + .../test/13-dlp-exchange.log-expected.json | 1 + .../test/14-sp-sharing-op.log-expected.json | 10 + .../15-azuread-sts-logon.log-expected.json | 64 + .../o365/audit/test/25-ms-teams-groups.log | 49 + .../test/25-ms-teams-groups.log-expected.json | 3456 +++++++++++++++++ .../audit/test/25-ms-teams.log-expected.json | 44 +- .../test/40-sec-comp-alerts.log-expected.json | 1 + x-pack/filebeat/module/o365/fields.go | 2 +- .../module/okta/system/config/input.yml | 18 +- .../module/okta/system/config/pipeline.js | 215 - .../module/okta/system/ingest/pipeline.yml | 497 +++ .../okta-system-test.json.log-expected.json | 41 +- .../oracle/database_audit/config/config.yml | 2 +- .../module/panw/panos/config/input.yml | 2 +- .../module/panw/panos/ingest/pipeline.yml | 12 + .../test/pan_inc_other.log-expected.json | 2 - .../test/pan_inc_threat.log-expected.json | 200 - .../test/pan_inc_traffic.log-expected.json | 197 - .../panw/panos/test/threat.log-expected.json | 228 +- .../panw/panos/test/traffic.log-expected.json | 300 +- .../proofpoint/emailsecurity/config/input.yml | 2 +- .../module/rabbitmq/log/config/log.yml | 2 +- .../radware/defensepro/config/input.yml | 2 +- .../module/snort/log/config/input.yml | 2 +- .../module/snyk/audit/config/config.yml | 2 +- .../snyk/vulnerabilities/config/config.yml | 2 +- .../sonicwall/firewall/config/input.yml | 2 +- .../module/sophos/utm/config/input.yml | 2 +- .../module/sophos/xg/config/config.yml | 2 +- .../module/sophos/xg/ingest/antivirus.yml | 4 +- .../filebeat/module/sophos/xg/ingest/atp.yml | 3 + .../module/sophos/xg/ingest/cfilter.yml | 3 + .../module/sophos/xg/ingest/event.yml | 5 + .../module/sophos/xg/ingest/firewall.yml | 5 + .../filebeat/module/sophos/xg/ingest/idp.yml | 9 +- .../module/sophos/xg/ingest/pipeline.yml | 5 + .../module/sophos/xg/ingest/sandstorm.yml | 3 + .../filebeat/module/sophos/xg/ingest/waf.yml | 3 + .../xg/test/anti-spam.log-expected.json | 33 + .../xg/test/anti-virus.log-expected.json | 24 + .../sophos/xg/test/atp.log-expected.json | 12 + .../sophos/xg/test/cfilter.log-expected.json | 27 + .../sophos/xg/test/event.log-expected.json | 60 +- .../sophos/xg/test/firewall.log-expected.json | 61 +- .../sophos/xg/test/idp.log-expected.json | 15 + .../sophos/xg/test/sandbox.log-expected.json | 18 + .../sophos/xg/test/waf.log-expected.json | 15 + .../sophos/xg/test/wifi.log-expected.json | 6 + .../module/squid/log/config/input.yml | 2 +- .../module/suricata/eve/config/eve.yml | 2 +- .../module/tomcat/log/config/input.yml | 2 +- .../zeek/capture_loss/config/capture_loss.yml | 2 +- .../zeek/connection/config/connection.yml | 2 +- .../module/zeek/dce_rpc/config/dce_rpc.yml | 2 +- .../filebeat/module/zeek/dhcp/config/dhcp.yml | 2 +- .../filebeat/module/zeek/dnp3/config/dnp3.yml | 2 +- .../filebeat/module/zeek/dns/config/dns.yml | 2 +- .../filebeat/module/zeek/dpd/config/dpd.yml | 2 +- .../module/zeek/files/config/files.yml | 2 +- .../filebeat/module/zeek/ftp/config/ftp.yml | 2 +- .../filebeat/module/zeek/http/config/http.yml | 3 +- .../module/zeek/http/test/http-json.log | 4 +- .../http/test/http-json.log-expected.json | 74 + .../module/zeek/intel/config/intel.yml | 2 +- .../filebeat/module/zeek/irc/config/irc.yml | 2 +- .../module/zeek/kerberos/config/kerberos.yml | 2 +- .../module/zeek/modbus/config/modbus.yml | 2 +- .../module/zeek/mysql/config/mysql.yml | 2 +- .../module/zeek/mysql/ingest/pipeline.yml | 4 + .../module/zeek/notice/config/notice.yml | 2 +- .../filebeat/module/zeek/ntlm/config/ntlm.yml | 2 +- .../filebeat/module/zeek/ocsp/config/ocsp.yml | 2 +- x-pack/filebeat/module/zeek/pe/config/pe.yml | 2 +- .../module/zeek/radius/config/radius.yml | 2 +- .../filebeat/module/zeek/rdp/config/rdp.yml | 2 +- .../filebeat/module/zeek/rfb/config/rfb.yml | 2 +- .../filebeat/module/zeek/sip/config/sip.yml | 2 +- .../module/zeek/smb_cmd/config/smb_cmd.yml | 2 +- .../zeek/smb_files/config/smb_files.yml | 2 +- .../zeek/smb_mapping/config/smb_mapping.yml | 2 +- .../filebeat/module/zeek/smtp/config/smtp.yml | 2 +- .../filebeat/module/zeek/snmp/config/snmp.yml | 2 +- .../module/zeek/socks/config/socks.yml | 2 +- .../filebeat/module/zeek/ssh/config/ssh.yml | 2 +- .../filebeat/module/zeek/ssl/config/ssl.yml | 2 +- .../module/zeek/stats/config/stats.yml | 2 +- .../module/zeek/syslog/config/syslog.yml | 2 +- .../zeek/traceroute/config/traceroute.yml | 2 +- .../module/zeek/tunnel/config/tunnel.yml | 2 +- .../module/zeek/weird/config/weird.yml | 2 +- .../filebeat/module/zeek/x509/config/x509.yml | 2 +- .../module/zoom/webhook/config/webhook.yml | 2 +- .../module/zoom/webhook/ingest/account.yml | 72 +- .../zoom/webhook/ingest/chat_channel.yml | 1 + .../module/zoom/webhook/ingest/meeting.yml | 39 +- .../module/zoom/webhook/ingest/phone.yml | 11 + .../module/zoom/webhook/ingest/pipeline.yml | 13 +- .../module/zoom/webhook/ingest/recording.yml | 32 +- .../module/zoom/webhook/ingest/user.yml | 127 +- .../module/zoom/webhook/ingest/webinar.yml | 65 +- .../module/zoom/webhook/ingest/zoomroom.yml | 4 - .../test/account.ndjson.log-expected.json | 18 +- .../chat_channel.ndjson.log-expected.json | 136 + .../chat_message.ndjson.log-expected.json | 6 + .../test/meeting.ndjson.log-expected.json | 31 +- .../test/phone.ndjson.log-expected.json | 9 + .../test/recording.ndjson.log-expected.json | 138 +- .../test/user.ndjson.log-expected.json | 100 +- .../test/webinar.ndjson.log-expected.json | 54 +- .../module/zscaler/zia/config/input.yml | 2 +- x-pack/functionbeat/docs/fields.asciidoc | 396 +- x-pack/functionbeat/include/fields.go | 2 +- x-pack/heartbeat/include/fields.go | 2 +- x-pack/metricbeat/cmd/root.go | 2 +- .../config/winlogbeat-powershell.js | 49 +- .../test/testdata/4103.evtx.golden.json | 14 + .../test/testdata/4104.evtx.golden.json | 6 + .../test/testdata/4105.evtx.golden.json | 3 + .../test/testdata/4106.evtx.golden.json | 3 + .../security/config/winlogbeat-security.js | 81 +- .../test/testdata/4744.evtx.golden.json | 1 + .../test/testdata/4745.evtx.golden.json | 1 + .../test/testdata/4746.evtx.golden.json | 11 +- .../test/testdata/4747.evtx.golden.json | 11 +- .../test/testdata/4748.evtx.golden.json | 1 + .../test/testdata/4749.evtx.golden.json | 1 + .../test/testdata/4750.evtx.golden.json | 1 + .../test/testdata/4751.evtx.golden.json | 11 +- .../test/testdata/4752.evtx.golden.json | 11 +- .../test/testdata/4753.evtx.golden.json | 1 + .../test/testdata/4759.evtx.golden.json | 1 + .../test/testdata/4760.evtx.golden.json | 1 + .../test/testdata/4761.evtx.golden.json | 11 +- .../test/testdata/4762.evtx.golden.json | 11 +- .../test/testdata/4763.evtx.golden.json | 1 + ...security-windows2012_4778.evtx.golden.json | 3 +- ...security-windows2012_4779.evtx.golden.json | 3 +- ...security-windows2016_4727.evtx.golden.json | 1 + ...security-windows2016_4728.evtx.golden.json | 11 +- ...security-windows2016_4729.evtx.golden.json | 11 +- ...security-windows2016_4730.evtx.golden.json | 1 + ...security-windows2016_4731.evtx.golden.json | 1 + ...security-windows2016_4732.evtx.golden.json | 11 +- ...security-windows2016_4733.evtx.golden.json | 11 +- ...security-windows2016_4734.evtx.golden.json | 1 + ...security-windows2016_4735.evtx.golden.json | 1 + ...security-windows2016_4737.evtx.golden.json | 1 + ...security-windows2016_4754.evtx.golden.json | 1 + ...security-windows2016_4755.evtx.golden.json | 1 + ...security-windows2016_4756.evtx.golden.json | 11 +- ...security-windows2016_4757.evtx.golden.json | 11 +- ...security-windows2016_4758.evtx.golden.json | 1 + ...security-windows2016_4764.evtx.golden.json | 1 + ...security-windows2016_4799.evtx.golden.json | 1 + .../module/sysmon/config/winlogbeat-sysmon.js | 11 +- .../sysmon-11-filedelete.evtx.golden.json | 3 + .../sysmon-11-registry.evtx.golden.json | 15 +- .../sysmon-12-processcreate.evtx.golden.json | 1 + .../testdata/sysmon-9.01.evtx.golden.json | 19 + 510 files changed, 26495 insertions(+), 3814 deletions(-) create mode 100644 auditbeat/module/auditd/golden_files_test.go create mode 100644 auditbeat/module/auditd/testdata/auditlogin.log create mode 100644 auditbeat/module/auditd/testdata/auditlogin.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/centos7.log create mode 100644 auditbeat/module/auditd/testdata/centos7.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/chown.log create mode 100644 auditbeat/module/auditd/testdata/chown.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/passwd.log create mode 100644 auditbeat/module/auditd/testdata/passwd.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/setuid.log create mode 100644 auditbeat/module/auditd/testdata/setuid.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/sudo-asuser.log create mode 100644 auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/sudo.log create mode 100644 auditbeat/module/auditd/testdata/sudo.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/useradd.log create mode 100644 auditbeat/module/auditd/testdata/useradd.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/userlogin.log create mode 100644 auditbeat/module/auditd/testdata/userlogin.log-expected.json create mode 100644 filebeat/module/auditd/log/ingest/gen-ecs-mappings.py create mode 100644 filebeat/module/auditd/log/test/avc.log create mode 100644 filebeat/module/auditd/log/test/avc.log-expected.json create mode 100644 filebeat/module/auditd/log/test/useradd.log create mode 100644 filebeat/module/auditd/log/test/useradd.log-expected.json create mode 100644 packetbeat/tests/system/golden/http_basic_auth-expected.json delete mode 100644 x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml create mode 100644 x-pack/filebeat/module/o365/audit/test/08-azuread-users.log create mode 100644 x-pack/filebeat/module/o365/audit/test/08-azuread-users.log-expected.json create mode 100644 x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log create mode 100644 x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json delete mode 100644 x-pack/filebeat/module/okta/system/config/pipeline.js diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1b2f752dada..e42f4d99c23 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -381,6 +381,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] - Fix Okta default date formatting. {issue}24018[24018] {pull}24025[24025] - Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709] +- aws/s3access dataset was populating event.duration using the wrong unit. {pull}23920[23920] +- Zoom module pipeline failed to ingest some chat_channel events. {pull}23904[23904] *Heartbeat* @@ -604,6 +606,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add the `enable_krb5_fast` flag to the Kafka output to explicitly opt-in to FAST authentication. {pull}23629[23629] - Added new decode_xml processor to libbeat that is available to all beat types. {pull}23678[23678] - Add deployment name in pod's meta. {pull}23610[23610] +- Added ECS 1.8 `host.os.type` field to `add_host_metadata` processor. {pull}23513[23513] - Add `selector` information in kubernetes services' metadata. {pull}23730[23730] *Auditbeat* @@ -625,6 +628,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add several improvements for auditd module for improved ECS field mapping {pull}22647[22647] - Add ECS 1.7 `configuration` categorization in certain events in auditd module. {pull}23000[23000] - Improve file_integrity monitoring when a file is created/deleted in quick succession. {issue}17347[17347] {pull}22170[22170] +- system/host: Add new ECS 1.8 field `os.type` in `host.os.type`. {pull}23513[23513] +- Update Auditbeat auditd module to ECS 1.8 {pull}23594[23594] {issue}23118[23118] *Filebeat* @@ -835,6 +840,26 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] - Added string splitting for httpjson input {pull}24022[24022] - Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771] +- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819] +- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709] +- Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875] +- Update Filebeat auditd dataset to ECS 1.8.0. {pull}23723[23723] {issue}23118[23118] +- Updated microsoft defender_atp and m365_defender to ECS 1.8. {pull}23897[23897] {issue}23118[23118] +- Updated o365 module to ECS 1.8. {issue}23118[23118] {pull}23896[23896] +- Upgrade CEF module to ECS 1.8.0. {pull}23832[23832] +- Upgrade fortinet/firewall to ECS 1.8 {issue}23118[23118] {pull}23902[23902] +- Upgrade Zeek to ECS 1.8.0. {issue}23118[23118] {pull}23847[23847] +- Updated azure module to ECS 1.8. {issue}23118[23118] {pull}23927[23927] +- Update aws/s3access to ECS 1.8. {issue}23118[23118] {pull}23920[23920] +- Upgrade panw module to ecs 1.8 {issue}23118[23118] {pull}23931[23931] +- Updated aws/cloudtrail fileset to ECS 1.8. {issue}23118[23118] {pull}23911[23911] +- Upgrade juniper/srx to ecs 1.8.0. {issue}23118[23118] {pull}23936[23936] +- Update mysqlenterprise module to ECS 1.8. {issue}23118[23118] {pull}23978[23978] +- Upgrade sophos/xg fileset to ECS 1.8.0. {issue}23118[23118] {pull}23967[23967] +- Upgrade system/auth to ECS 1.8 {issue}23118[23118] {pull}23961[23961] +- Upgrade elasticsearch/audit to ECS 1.8 {issue}23118[23118] {pull}24000[24000] +- Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929] +- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118] *Heartbeat* @@ -843,6 +868,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Journalbeat* +- Update Journalbeat to ECS 1.8. {pull}23737[23737] *Metricbeat* @@ -978,6 +1004,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change build process for x-pack distribution {pull}21979[21979] - Tuned the internal queue size to reduce the chances of events being dropped. {pull}22650[22650] - Add support for "http.request.mime_type" and "http.response.mime_type". {pull}22940[22940] +- Upgrade to ECS 1.8.0. {pull}23783[23783] *Functionbeat* @@ -1004,6 +1031,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add dns.question.subdomain fields for sysmon DNS events. {pull}22999[22999] - Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046] - Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684] +- Add new ECS 1.8 improvements. {pull}23563[23563] *Elastic Log Driver* @@ -1038,7 +1066,3 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d ==== Known Issue *Journalbeat* - - - - diff --git a/NOTICE.txt b/NOTICE.txt index 4a49e2f9af4..d8956ba5a9b 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -5891,11 +5891,11 @@ This Agreement is governed by the laws of the State of New York and the intellec -------------------------------------------------------------------------------- Dependency : github.com/elastic/ecs -Version: v1.6.0 +Version: v1.0.0-beta2.0.20210202203518-638aa2bb5271 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.6.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.0.0-beta2.0.20210202203518-638aa2bb5271/LICENSE.txt: Apache License @@ -6547,11 +6547,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.1 -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-libaudit/v2 -Version: v2.1.0 +Version: v2.2.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.1.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.2.0/LICENSE.txt: Apache License @@ -7665,11 +7665,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-structform@v -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-sysinfo -Version: v1.3.0 +Version: v1.5.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.3.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.5.0/LICENSE.txt: Apache License diff --git a/auditbeat/_meta/fields.common.yml b/auditbeat/_meta/fields.common.yml index a7633a98b0c..f6c6e6d7145 100644 --- a/auditbeat/_meta/fields.common.yml +++ b/auditbeat/_meta/fields.common.yml @@ -66,27 +66,6 @@ type: keyword description: Audit user name. - - name: effective - type: group - description: Effective user information. - fields: - - name: id - type: keyword - description: Effective user ID. - - name: name - type: keyword - description: Effective user name. - - name: group - type: group - description: Effective group information. - fields: - - name: id - type: keyword - description: Effective group ID. - - name: name - type: keyword - description: Effective group name. - - name: filesystem type: group description: Filesystem user information. diff --git a/auditbeat/cmd/root.go b/auditbeat/cmd/root.go index a819fa708f9..0766f05b05c 100644 --- a/auditbeat/cmd/root.go +++ b/auditbeat/cmd/root.go @@ -35,7 +35,7 @@ const ( Name = "auditbeat" // ecsVersion specifies the version of ECS that Auditbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd for running auditbeat. diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc index a3411566ed5..cd143ad919e 100644 --- a/auditbeat/docs/fields.asciidoc +++ b/auditbeat/docs/fields.asciidoc @@ -51,15 +51,6 @@ alias to: user.id -- -*`user.euid`*:: -+ --- -type: alias - -alias to: user.effective.id - --- - *`user.fsuid`*:: + -- @@ -87,15 +78,6 @@ alias to: user.group.id -- -*`user.egid`*:: -+ --- -type: alias - -alias to: user.effective.group.id - --- - *`user.sgid`*:: + -- @@ -139,15 +121,6 @@ alias to: user.name -- -*`user.name_map.euid`*:: -+ --- -type: alias - -alias to: user.effective.name - --- - *`user.name_map.fsuid`*:: + -- @@ -175,15 +148,6 @@ alias to: user.group.name -- -*`user.name_map.egid`*:: -+ --- -type: alias - -alias to: user.effective.group.name - --- - *`user.name_map.sgid`*:: + -- @@ -2722,54 +2686,6 @@ type: keyword -- -[float] -=== effective - -Effective user information. - - -*`user.effective.id`*:: -+ --- -Effective user ID. - -type: keyword - --- - -*`user.effective.name`*:: -+ --- -Effective user name. - -type: keyword - --- - -[float] -=== group - -Effective group information. - - -*`user.effective.group.id`*:: -+ --- -Effective group ID. - -type: keyword - --- - -*`user.effective.group.name`*:: -+ --- -Effective group name. - -type: keyword - --- - [float] === filesystem @@ -4738,7 +4654,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -4791,7 +4707,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -5982,6 +5898,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -7056,6 +6985,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -7226,6 +7168,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -10377,6 +10332,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -10552,6 +10508,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -10562,6 +10631,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -10665,6 +10847,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -10781,6 +11076,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- @@ -12040,6 +12348,16 @@ type: keyword The operating system's kernel version. +type: keyword + +-- + +*`system.audit.host.os.type`*:: ++ +-- +OS type (see ECS os.type). + + type: keyword -- diff --git a/auditbeat/include/fields.go b/auditbeat/include/fields.go index 6930e7ef2b8..861d51b9705 100644 --- a/auditbeat/include/fields.go +++ b/auditbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h7991GcmRP+P95CkINfGXPJ6cl+V6L3oHLdk17x3U5bdf0OWf6wKYyKYntFKlOMq1SLxbY19jX2ydZMIJkMi+yJduyXdUu9AwsKZNkBIPBiOCPEWtq3f5oGzUNFmPBsxqURW90VXuyCjKd1fjxl0ILOL4A+I7axiGwaP0gQmOdYwYIWyJTs2xMWr69ltEfsKsFzbpRiMrAVQTyZX+2XqJV3sxVTS02C9uirUNLbVIKVekipMNGQM5LHaD/DFTYFoM8NeCE/pYLFAo4r8JgoX27qbGCtULqWpMDUMFmGhHhWHWpj7D5TUdC+UgMo140SYhiYyo0j/H06CvssVQQ9hXhj+2SUudYG3+Qp+axG27I5X+w4kDZEMoyKKdRhNJcuDPzfQyM4+zaFKhC3UaC8U57Uqk0T1PCMPqGOWywqKbxqYPYKzBswIMyknQyyeQk41SzdLaMc43B4FUZTiD1uPXZifHRZ6DBK5hxnw9zmat0htIM73gtD8esyt9fT7mCOsWnn9uEunAbRIhzwb8SJY2cRIT8R8FZmk7pTGG8vbxl06kbk5P7q8h+cYUsK9towlhRxclykrs8WBDJjvjkygzlKsJhXbVJwiYMgvZEWpuBSBEEEs12WkH4UBWJ3BgJC8zLPJCPTcuD7RCaQpXkokQKzbUUcixz5eryA9+Lr/0AXWlwbGjt8Pzjei0RDgCUaTwqIk3ISkSIsoYdeqe7e1ClOQzDvOyEC4vDij4FNDXD7f4u5TBl5OzsqMSPBrTOIgjR8LVyDkbA5UDyFqjAE+h7KxKooutTtV+uUI2CfcfI7nXoj6PB9stB6SGTUcz1bFVpAI+4njXPzgcpdMYqRXxhOFJoLphYWWrCj6WUhLaz2vg+ykyPyCEgTGjDIHOhs9klV7IhqdDjsA67IKfnn+AGQm2ER4dzh7Wq2bRDapzQIypoUueUKyJ/x3CGTF6Cc97U75kUQ67zBPfrlGr4UA/4/k/SSqVovSUbe1vRbnd7f6vTJq2U6tZbsr0T7XR2Drr75H+9qQ1yhUGcN18UyzbcflwJcFJfY79NKIYc0AqTAzLMqMhTmoXJR/WIzUgMudeM2VlKhWb3TV0OGvEMLaqYCTxYgCsEqUT4VJ9lRdoqZ9oWOxQOLyWT0Uxx8wcGFtskdss6BKd9lNrwyTyIFjgYrGbjG8MGOWTSUVuPbvSl0lJsJHFtbjI25FKscqX9DD3cttA2/u1o3rhWtNTsmBpX2r/lrM/KjKoeY9bG0HyEWaAWfFln3CvWTj/fbBt76/Tzze56ec8Y03gFBH84PGoeSzWHuo4ecGb75sL4jtabgsslofXfp0ZoPx5eeKfaJlrj1twqFqIkk4zfUM3I8Yf/XA8M2fICABctlTQhfZpSEcMSDM78ZEYymZuVWbFUDZ0TudAljqUuS4QMgCtzL5cF6JYuYarVKkAzfT/DrHKrpzYND7xRZNk+T8QRmskyllw2mYSPWGEcYJPDEVM66NTxCPtuAyGTCUv8kPO+syT9lL8vLmS0A8gxNGfdyIHMSGsgZWSfi2I5bhGuSCv8opq+Gw9HLZAqYZhUEVKssZgr4yjZkpjguqb82l5ZwoM/lQ8G/KtvEZ5ZG2k9ebu5iY/gE8ZBWo/IBUKZtESv/ysf+yhzf0YUH0/SGdH0uphXdHVTqjTRU0lS2mepQq9aSA0QFUwiaqi/ODtWHqXcimWUX7fqG2HAjZJUeLavUhp8JyD03kgZ5GY1/57TFLPIBkAcB5sIjIYCFoNQFPY1ZhM0bgAkAa/hGV5ZVKy4R4ScCkLJhGaaB3EwUhsBKA+bINr8z/5uoRXekgKTJ0/tNdGYiiIQRspy1Q44YOu5qjpBfZbKabOYN6+J8roJeduaTqcRo0pH45ltAQUDVwZVuhX5Fk9tKmxsZUSLPLNIK8LrXTcFIr6l8n4vUnm/W1p87ZIQF8MrZSZ1VW2LNlptXHNCEp1RnpolM2EZlw2Jsg0BXtjuOCnQcnIJZDyB1mODAYPs6KZXKyiW+jV2cXa83sazvGshp8IFcUvDIla5tF2cHJSAEVknK8EiieoKstqvbza422ZmCeTg29aMoBXnKcViJhZTj/B9SW5yxbJotSITRgyKK2wecRccPhI5mLctUkHOjg8/G5V1iBQf+6ZCWXlTp46NKU9XRJxxTwl04MzvOmwxMtrzkS/yP1vg0BD8RhUbAjjAtyBC0j7LNDnhQmlmRazEGzgHeDYBxKPglUsgErmyY/D5qe7tUbc9CYeI+aYDYDYIKo5zheGccCaws/ogVpkdxXIK9A6gxrUMasaHmBmE9qOCEoQKKWZj/kcAqkQW+o9fsEwOH5AroAJqxWf2g6HuyhsDsRQDnKsqTkckDfaVcQObhOrORA2PI0p2tqDL+iAeL37zbBrtfGQ8SmGzTadyyEWd6EClUVBpdVZkMl3ZPWZfbw0EEnpyEU9INGHHOxfJe837VNBLmoy5aLVJK2NgRYvhJZRDuwveG4I3XHaxAL3hvrr1UhRzb9ewADr8DdHMEHEoIIoJ1dSOcEoViWWashiSadhvL0ZM+YbhGslM5mTARYKLyi/xVA6VXdu+EIXrG67TIRxmiaNqNhmxMctousJaJieuj9rC5MoPf40P4OowVkVbr5XySmCZQGQJUQXK1dvIGCQnUVjM5Mo2CCoskUwZu7NuSu7T7cFOpzMoMWMlOqmhlIuHKAmBIB4csfPxHEu4guw+GVeB4pYDvCQnZMJsRL9EcnGI7jNsgMCAAZ6weo007+3V6rCEg7E3+sf0minCNZlIpXgf02x4+SxcCiOnRiDHTGc8RpmFi+EVqS1fNTMLBhz/OE9pBuP1TbIx167uUBXk+VFqi+zgeCdOMFsGkLHiBYXrsjQMiEnIEtsLzzjAkODVDDRFqCZX5j27L5ptEj4a7oOhSBuc4WRrj+2w/oB1KNuNtw/2ekmfHQw63b1t2t3d2uv393vbe4Pdkjyu6HihZFE6YUPoTaCdgFsVJK1oeBFqldiVCfodLhRaeaFpKqc4/QlXOuP9PLzaYduwd3SyHG4t+bgG3For2zgYd3GAKKUpJBaAuHWxQoQP1wTDP8VvY6qAghPjnfLY3uQrrSJn7oQREAwY50p79AgJnPt3jGrV1Ai6yHZbgiJEE5/9xD9qJvKqMMzw9unALAyMsQUlnBqCLCEdG3a5lYVIJmylZ5xOmqgXCeiyomcCSdBTibrIi5Jpwb3stKIz+81vsEwDzHeYGQjSAQDOBq9LtoNJcKR7tVgcUfZd4SnfqN1O/Mjc1VjX2mKyVFHJwRDqElUZgHkW5zwAAJcF1cpgZIZgundXTEsrWTIl3rwp7EvIT2gBDxCNBeJ8b+1KdFZmbpD2QmGYSbGwYyWsaC6GOVcjP2vFooQlbfYLkk9KW73d56QyQyWhu2Dzw1i+CKbc+ZNXCUXzFS1UlppCwTjpWScbqBU8jy1RYyoQNapYg5ng+tvo2H/dsoZWwVX0RwVbYH4DbL9Ca9mPWVGuEDB53aWEpfcJeLGSfxOd+QZ7tmQn+B06MMwdJUEnJ26CTgfYiMx8GzRjldFVV+gc1Tt1ltNVSate3aF1S9PRCHl/nBn5Zznjq5sQj5st+Rb1WSl0sJYklfLauGDUXpVlGiuKVnyLIMms1+51bmxFvWg79LMAXltys4pvbvGy8CnnB7n7wzWsNVEMzo9Qizk4tcUab+LBcdTkWRnBCMDPRjBoGY/dtufO4Q0KwNlahRge6uKoSoMIselF7ouQqADgfQe0OzyXt/jugqZ5COagl1gKxROslTliYCJBEc8guRbCd//it1TEPkNEVJTpVvM6dGwoM9PJegjVPw18fDxf8W07zyim4d1Pi22H8RZ3LAiGDzA5Q/NzjgueSryX5dn9MoHclr+vQO5XIPcrkPuFALlxTbpkh4Xae0Y0Nw7pFc39iuZ+nCG9orkX59krmvsVzf0toblxr3gZaG4Yy4rR3JbgO1DMNLUuQ7EUpQc4NyKZg1vBxqcBp1gMXzyyey47ogfy4wUiuxe31J4Q3t0g888O7w7tx1d49yu8+xXe/QrvfoV3v8K7X+Hdr/DuRxvEK7z7UQTwFd79Cu9+hXe/wrtf4d238qxU3w9Jt7CDi+Kb+bCDlq0OZhZbSpXig5nDi1KoqwDZx2kcS0y5B4k9sS+i6Vcp5Hj2qx3hr97IMQR/OL34+YQcXlz8f0f/gJqbg4yOGVRy+FXUkAlmTRt6SyMpGrbjwIN277XwzKc5x5jO6fF5m3z8+/tf2pAQfN1BySiJ5XhsdK0dclQ0DYgdICjSNNY8jv4KI/KFP8JU7iM+HFnr1qftlM5NM20U7eKIfm3x8YTG+tfWelTqisUjWM/RX0M21DqFM+Gi0WsuIFwBxiqNR5A20+fNhti3RgQM9tOGCYtjOZ6kXCHUcyhpiqMr2v21FWRdF0b5GYcLIS9m6FgfdRHQgJ/lJ9imrBz6Lotqx3mG5YtdvnE8cHFyVbLkcdLhdz8pHqMOa9FzMyLvfVe2LV46FCLObfE1agEAC5lGxdDnrCfM+DhYzEwTLoZMaVAWGDhkOpNqgs5DECPQdDhE8lyiwooyCVdc2QFFuV6ZkdMygs0xjobcLMmkY95/2CosuWKE1vTDr57QX20r7ZLLSNbY18inAqZa0/g6GnOdMUgFjK+ozYvDTqfT2yTrrSp78JcmxqzQqmqV5NUhChdlUsiTmj59OJPqPCrXj6qwadU5sUGMfCdQFOIFMStsvs64RVsp89VvAk+yNL12e+jqdA0tx073ltq86HZ2DhqkD76fw6HvxEdvlS6SLD0j4TSE0r2qGTmS4zG1F/HOkQoxROTWJGPuPkh9tp5JVSzMz5CPdWFfHT8Xf3cOY1XefyqtAXEkVB1hrw/VxGFbD2Nvp9Odp0SizuJVPOYw90UrnPk6ZcmpulWtrHqqPsspy85HLE0fOFfPo24WZnXI3ubtdeWsXu79BUMONgO5izfY8hvLVCKnUJAozJhfigwMZJwrFyMtynu4XPqEa8XSAexOHCr3Qr7/dEbojeRQ2GwjYRM98rUPCscOh/A12ukc2FZjllkcPlwGYEvUQo/5ZLSyEnfnWDWaiwScTVvIArtEsUvyzH9tr04FLK0pyLPzy5Oj459OLn8+P7z85fTip8vDk/PLbm//8ujd0eX5T4e9nd1FF6TNIxjwbkVc+HzyYcPVPFeaimSDplKw0qxJuBTpi4jZscGpol+BEDDBKyjjHEsmbLCvcZorfgMK9KpO0mU8olxcEcVFbA8Hw5K4BI9U8e6+z8afclWP9304PY2ihSs0zhvJqiOZIa+Dzmu3GkvcL0IgI7hyMX8u7jUHxUU1NwtU26Pi8qX/Ac+ULomFu8E88qjxcgQWJ6XVJu6vJSrm4ThHVI2icbKzook5KmkmMTTGNxc6KGvz4XiHJBziSHJAjk9+9vNXvpIHGRQWWDLv8Rqs4kozEdsTd1valKqRrSQc4iz8wX0xG3h6UpTszycTlsG1YeBXdSY67/d2j/be9452dt69P9473j/Zf7f/fvvd+3fvO0cHJ0f3mRM1ot1nm5Tznw673/ysHJxsHWwdH2x1t/b39/ePe/v7vd3do97xQXen190+7h53j45O3vUO7zk7xVbzLPPT29ltniHPw+AS6MNnqGgVZ+px1s3u/t773d3dw87O9sn77t5hZ/+k977X3e2dHL7bPnp31Dnu7e6cdI/39vd23p3sbb97v3W01+0dHR70jg/fL1zuz9LIlcpXZuscF5fqWRL6NL+x2OOPcATuE5hwjRuRLddTm6VakOPjj/ZGNflZSk2ODtvk05cfT8Ugo0pneQwnMReMjtvk+OhHjzo4PvrRYRkXZ99vdGtV27c9NodMMMXVO+zXpgkxtvQIIX4zMmGZETUjYufnZ5uFfU3IiIpEjeh1HTWSbLOdfnc/2e3v7MR73d5eb/9gq9frxge7fdrbXlaahNSXdKAXEqikmNyy0FDNNi84QDa9jTwdMeFux5aMAUWEBFgzy4JrwuHK5EndSuh1et2NjvnvotN5C/9FnU7nP5e1FAy9fcjU8YQEW5NoYWK7B3udxyAWbyQ/MryqUv5bSRJTuLltxPjjqdWpmqVpqQAZXq51pdqN71mvtWi5xxWhWDXYnnhbZ4poGZFf8Oa1V9vm4VI1TNTjvt0hM5yfcHsHOETn21vANf4DchZzLESxXJbnqCufUz/XNHKhiT1b7tTI4xn+Bqr4uFSk9JE0sconeLp7ib70ygEitptm26HkxOM3I5amsslhmePB93Z2L/9+9MF48Fv728afKR48OTq+7VE/L617+T9fdzoHEU3hQo3mNwyW/Kr4ecbRWnNSF/RrYexr54cf1yOECph+zFrNZobfTWYCVl/neoYYgUBs4by2n2uLHsHLUIATK+6bGSvu+OM5CSkmZM00NeVpEtMsUettaLqERWX18/s3fw2W/b2mAC2jCIe7Sr3r5sDCakARrB19hGqYZhBGkkNOeh7XiHaWlzHGyU98OCKHSuUZNT6+rd51tKxzUeYFXPVdOR/wQvHa0TpcvVRVMr8sXJq4gYYk1LqrnNYG9b52fJ9ZPfrxy3mbfPJ29amIQZHD1lbcAWiHtneDBPj19BiSAFeAi0vIqxIF143TRWfrVeZ8MMJitMg/OZs+gKAwJcaKiQq7UmTt0wMW+qmIH4lmml7mgq/K1GkinabE9Gg48OUeLKhI/wPYAJnRLmV2CUCz1R18+b0WM7FlxPXnd9qLNjkH2Nrnmpwf0ZQPZCY4vQ+lj+EZgo9EdZCNeAFXcI5X1Ov0OhudvY3uLulsve3uvN06+P/BNbovcQ92A++krur3zaWse7DR2QfKum+3O297O/enDO9YXV6z2SVNh2YdjMYrc/5s+0318f2FsGtWX4g/n99rIwloi/PsZlWL7gLP8W7CQ2VGWJqaB2L7U0Ed8XyuH3X5n3xWuxovBFd6stNbGC4xhyHs60SK4h79fbJSndgm/HQmLOM3tcn0Z0gLELe7s7O155gvEva1CqO4H7GK/7HI5M8jFC4k8z88LjSYSzWhMZxY9XkDwrfX2d6/z9AVyzhNLxfOG/aA6ynYlcsIBttV4ek27pLVoHnhjLqELkWkJZ2MqMghl1G7nGutCJpPuR5JcNpSY6wYz8tH0H3T8YhmNIYEDVUm7+y8f/fu4Gjv+OTd+87BfufguNs7Ojq8l8ZQfCiozg33VqwMT8s3zEJW+0GEmuIXRjJm3Ddm+KPC+624tQ9kDrAK8ndJzqgYkqNsNtGSpLyf0WwWkXPGPKxkyPUo7xujZnMoUyqGm0O52U9lf3Mou1F3e1Nl8WYMDWwaxsD/RUP5w9nW1t7G2dbOVm0a8HRm456q2gYHnscVVt4XdsOoEqdGNGNJNExln6beJixqTN6T1udwdR/H03U0vARXt6qqXKAJk0bN8XXPL34s7N02OfvxnAry3nixXMUy8IXbxgOKwPNdiRS8GDe3xICHUPTcfu68RVya0Mci8AU4tRV670XSn8BBtciA1VpVQdpr06k1c2qiuLUwASv0W+YAFQtPxl99h8oCeBzSxoNLOoFUuU15ChSLJ72d3WxhD4UpTfspKPYFKO1LmTIqmgh6hz+RQUpLZNnEPBdn50SwodQcz6WmFNJ8xEypQZ4aw9ObVJAMmpunLO5VECbAHjKfcyFYuvByE+yrvnQQ2CedSo+77TP4CsbNkoh8thmPENZCgqQvkOj38OOhTShk7AZnM06n04hTQQGGTJWxUsdMaLWpU7UBlBjJNzRsYLtzf4i+jvQ4/YGmE7HhxrjBE7VegUJh5rLAaUjlFG6JqrrUmVFudqOFhS5jKh+vVOC4qoClQeBsv3A12lNrxOsrGjhVKV1YzGx97heJ7LVjWxbZWyfpuZC980ayIhavEtkbzsW95uBlInvtOL8bZK+bpm8Z2RvOyfeB7H3OWXlsZG9ldr4TZO+CM1S0+g0iey2NK0X2ni+F4a1hd4s9Asdac+WeBMNrO/+Nbq0MLNYM4sWOHw3Eu3Wwvb3dpf3dnb2dbdbrdfb6Xdbtb+/s9bd2t7vJkvx4rKNapel4UsO0WgDnSwDxBvQ+yuntMgQ/OYjXErtaQOn5wtDRikJuUAA1cNHKFMAr3vH58I7hFPzZ8Y6NvPjG8I4NNLyEQ6BvDO/YwMUXcxB0L7xjA0HPfQ60crzjHTS/gKOhJ8E7NrDhOz1OCin97vCOVeK+H7xjSNn3hnecQ9ufF+84hyHfJ95xDrHfAt4xHPor3vEJ8Y4lxr/iHZ8O71hi/HeOd2ym9dvCOzbR8BJc3W8H79jEwRfj5t4L79hE0XP7uY+Kd7yLwBfg1C6Ld2wi6U/goH6TeMfycfyjFyNA06xUHc0dK09opiwuC76XGR9yI3yIQms4sIl6CwfB3VysGAb40XA/5X+wBKFycFTtUYCwiYRk3kWiSxg6l0AvdhMqXHbjJprqFM2hp7HEUL2CjunP1QqBz7HETP1GTeiMxsyXEzrEhzNmD6bgHF9OjBsOkDxXcAQQnxRwekW9Qkoy9nsO1R4koQLgA7ZdW2wDVi6FUtd9w+zfc5bNbImhQvoHgwO6f7Df7e/FcbJD/7IAS5GKJ+RplW3wGfOoBuUdba0ZrOJXsMwC0vrMuJREyyEzrCpXG7Qt20pQjrEjKpIUXTDfCdTz3bDASZY4XqsqX7f7g4PeYGtnb6+/tZ3QXboVs4PeQdJhHba9t7VbZqcb6xMz1XW7sLyG79iSjq42ri8kCiVNxoyqPLMeJQixF0orwJ7loRi7TaLCzE5n0Nndo7TTpwedXn8vYF6eocKyiYO//HwGH+cnDv7y85lLCWwrqxCbvQedP2m6tPsh1lY1ryg8hrRPusEb+vsZg5KOJJFTYcRDEhWP2Ji1ff3VCdUj+74kDja7SC7g1dbLO8Zqdq4IVpYGxVDLeaPCupqngigJFWIVM1rI8HNMZ5jS2uLRTz8bajcNCw1fsRhfOmv7+AKtFvQUUAD01KbDMm1jBdCgGPsUwhVD6YpTX9mcV8i5ehHMhtRXHtXvgN+rYi3kvIcKsb5ALqJOjZpynTfs53YteLbApADoNXF4tJTRBMVNl6qd1lrnisC5u2KacLOcLfa4bSZYSG30ZTaDBOQj2E/K71cad91iEVsyzpWGRvq+uHHSUMAVo0/wcJ+R1kQMg/xQ5vVWZL4L+vootYXtTjE7mqULDIRSNV8/UkXWnP+naRYN/1hvA+W+TV9kVYoQQWfrYiVkrTX8o9XG8WALrfW6PE1smCeoTjUcLxa1vZcMfS4KINv1SeBMB4X/h6tgtWo5aVXm6+qHKzykKdfbdYOuVBoc5Okj2n3PVhHldICVJozChhpofGwUkK2DNpM5JDkv1MsskAalZYiE4oJc5VkKRV2v4GIR4DNBPeHK5gqigAIRQSxBDwoMOQcmB4vENxmWsW9Ip1/WV2+3t7c2FaNZPPrb7z/a7/HzD1pOSrPn1Md3MINvvoixTLB8udeKIPqKKMZEibOeow3agwsimEZbRAqupfEiUCnJPlgZid+6+syWbzffwFxnjKpQFCjcxCKpHCpsw7wKJQA0E+Q3o9+8FW8RubDrV+tRe8nxxfn8a75ZqoyunlLlB9ouWSVC6rpyupcQmdbm/FySrwlVKpCaR7+0Y5svCirAJhhVxqBXVS72M9WjSt+BbrUMalWGI7Mlj+sw+vDW+rON45CFnq6NY3u7Hubf3t4qDQocvFWaNNCBFWL8tc/QssFf7KW4Jhr8OjA8rQhbbe/6G+xdaPeEcY+wl8hoezQ/vY0lpHkXVmhW6B7EKgRjh1fhGawJbfrr59o/1Q46Q2LRcvItYtF4Qdh4oovxwNDxySv7ti3h6A9lOVwIEJpTzUif6Slj5fuNeirRsq5s0HjlkWUseYLC/86lKzoFFezcGUPvZML8elV5H3+aV1IbhcG3ZatoG2+rNZAyhPW0oJJ/+MW3W9HfTCVU9VfzyvovVsy/inrygS3wMlclB+fQ+ny1CBtO1XDH4/mrt42mJ453ztZVpswJ1CqF3HcCutwa2mgGzMjvOU3RCAlKvjtHp9ADRflgGzJnX2M2wa18JJUtN52LxFrttVUcgT9NXaQh8FmqI4BgHne1apn7HUvGFsEX7YqtQc/1KuPFimkHHPAKtEZQn6V4O6S+gJtXe1kjhLzFmAJVOhrPbAso8rjmqdKtqIgy2DL+2ErJ7wNalT1s8TrJyaXK+71I5f1uSa20S8uzGB5qd+sEOIB60UYLIxZmY9AZ5WnhADcsU6oWPnvUcnIJZDyBMmeDAZb/Nb1aQbHUr7GLs+P1Nl5MvhZyKlzB7Up0BpVi24X8QL2FSztYJA1BgGq/vtmwNFksxyAH37bOB30/T90XM7GY4ofvS3KTK5at8Fz/i22+wRAPR4DhSxtvdZ/nB1xBCiGubsOuznIkXKBRbBQE7cscFSc8ij4c1HdjN9Q70Tb0Zwvg2y9tKTgjHyN6wyDKwwBnIbMgXCR0xpmyZiN0AmpFQjl2KuA1njhN4WLDVBAKN96tV4k7QKAox3binj+eG5aHxpCrzGYFS8HUHTPAlsnBPFuNCnJ2fPjZsO4QhfXYNxUu87J5CtdzViiV5fs/US129chol2cLfxha36hiB2+bLd/XhKg5gIdpn2WanHChNOPlQtsgidFzSRz0vlKRQ/pWVra2fmzmMw4BabaQJJbh35ykVBtdFjUMcYUKO+Q/dlbqP7hM/uhT/8WXKrVpBaC2SYbFMEuafQCn0KiCBKFCitmY/xGEWpFx/uMXxQZ5agT/yrwU8eTKiAZ+MIRdeUstlmKAM0TT8m4ikgbj17jhFSmqyk9cXCt4TNlxMXzlbpv6BEw14bjvCJ5NZ52PZGY9HZmRVA6DM0XVcLuWgtIqRzdkurIrrz5fDR7tm54IRUtD82L5WJOiMtY3/2pd8z4V9JImYy5abdLKGPg0YnhpGrwzC0xoOF3SoTsPCMwnUny7gBGFbThTSgCoBi7XjhnGySjpZ3IawBj80roYsZmNWKuRnBKjoAWZsr47m4f4tmnKGMA+6GZRObkfqgt4LWH3MNP8U2lC21t1LvnnkRTsjtW3kgEVrKsjtemAZrw0qBd/mlPRdYF8XJbko0rrB/kHT1O6uRN1yBrOxn8jR5+/2Jkhn85Jt3fZRQfuA43NF/++Tg4nk5T9wvr/4Hpzt7MTdaPujh/e2j9+uvhw1sZ3/s7ia7nucH+b3V7UIR9kn6dss7tz0t3et+ze3O1s22xsnukqGtAxT1cVPv90TrB9sub8vowlI6rbJGF9TkWbDDLG+ippkykXiZyq9Xq9PHiyNu7v4+z2E+LexNDaVM7+FSH4wefZyQA/j3ZhTc5QdD7I3+gNq3LrmmWCrcpVqdGAvflhI2yPTuetkO1oO+psdLu9DbiNx+Pq6L8TN2fOXDt0UDDT8yb336uccRb4U82s68+u55gJLVWb5P1c6Py2NUyzKa+t4dVCi2uDX1Qeu52oW9WUqx1qgNm+Y+c02j2wr25SqxmtZfXPs8OPi9hU5jlnTdGsOKqzxvuM7Hd6Ufd3oulwTa3jGcGExtdMe9CowhAfVYSLIUDVIGMJ/gntU6VkzO3NCNOEcGf74BOB02So1u6uB/XXMm1nqPGKOvz2uY8IcYgM9U1UZCyWWWKa42KYWmo1HcJpAmAhckAUQYpQN3kjRMiYgf6+wcXG74SJmE5UjqNUbevSNY2MlGALejbhcXCsYYNqgKilHp+hmFAyI2ssGkbkPxm7bpNfeMbUiGbX6wA+4DcsnRFveYPzndEB3FqtcIILwbK5s4pNEHzIEldMsCJrLlxoW7W/lelfn0Pk7eQhfbbdZam8hbxSjVAA/LkDZ+NtJwm3kuXGU5IVI+iYMYo5dmg6HIIusE1+6ruUboFwO+mNQim3GXsb5M89bpv0sh267AD386vCYrmdo59wFWcMAgvVFWbbhBEE7c2blwHP2JSmqWqTDIRftdFtpQnp05SKmGVqCddmZQEoIOj0GC1FLC7q7gJ77tf19e3O6JN4Pp8m9mYUUABxgWVokLlWPLnjlrnX+nkqWEb73N/ac+q/9sP8fcBsA6WGFjiooA1dk9qphUvPXcQWFhEpsxqHcrVIHkjPJQfOIDD6PItHXDPMbQaE6BpfKJxgqeKY9mLEFHMYOmcSbfj1vTYI47zH4L6Yvs6/nJ+smz8w6UQKD/pGixfczRWZkfd23a6XDhiLDOC/5zSdqWFOsyTCv+FG9e9T1h+xdLI5kJcABU03r4WcpiwZMtP0ZonAS8t6zlQ00uN//Rs05AdWZkbx7H+tN8L8HOzZHSHVT/je/Kvl6FqqUK7ZLNzZ/4qkBBJplDryl9JKXFCxzArLsjQ5hZMeohMhsQrkaY9vlNqsXyz85/nCt6CDEb9Yr6jG1eCLZpbC4rN7lvJbOE1hNwx7a3p7zvKIb1g05jpjmCHf6LDNAf0dxDz9Ib5hl3BiehkMTl3GGaOaJf86guv5vttQt3KGe/HJ14lURnMc/fMkpPC/avN7KsiYxp/OCebwIb2o24t22yEer8wOi/j9+fPREknRGWS6WPUCcVo0iPQHxSm4umVq6oujaYoaVsfJoixYmWViKHcUW9Wwdnq87tAhNn1JCVXVtFkSPKSPyGl4rk7y8uGJ7cA26s7g6nyt7h6Liv50RPUlV5dmCfBk3cp6VcZ96zVZPz3+r4Y52sC8UJ1OZ4miDwANXdlt70OSMcTLz1cwJfvZahu8uDbmmg/R/fG8cJPhpT+pzEuVMc0zEg/5Rp8L8y2E8+Ih/5v540fPx91udwk2GsG7XKnwWy9SZkTFVDSLamOmsG6nux8tIxSmfcGy6IaJRK7qnvyFRfvN2+BhCASHUCPrggnaTxdPChXLjEX9Ip3QbcQMUkl1owl7bppByE9GxdAefXWijrG4u52oY4F75k9XYWbEyFgqTRS7YVl4aeSdMTGVbVEa79NYbEoxpcZw1gZae5JKrh1TxkxnPFZkjWpN42tyA3CFAmWI9zW+cj1rk0nGb3jKhszeIbUn4ZpleJF2vU34eEJjXbQanmubNny75rVhBs2apiwyBMZkE+XC9d05RkCD+eVMdRDdjUTGuSF5vWap7kQ7y00xEzc8k1CFZ6GjrCea65NwWHdNOhUz4m8jgZTYGWqT+8wQHMjyjEFlohcwRZqNJzJ7SbNzYUd018TA2c+Y6hwZbVia8AAJ3S7t126u4sdbFwtyeLWxcnDkP7o8NKWIR+E6r3385/F6sdkDbFxDwm/PI5gGkE8qrrkYQoi6dSanUOyGJTwft1CaWz/x4agFU2DcNHLTM5Pq1advESRBVQOQmHHd96Whq6Ktrahj4ccziCEmbMBF+UamaaF4uDRHgRTBE1wRORUsQeuFCjrE2NP705/PL6JP2RBTD5E1+MIoT/LlfANrIggJtb8GPHC1gqQ/bTIdSaMMuHIXrbUkI5ZOQO9DRF2xGITTWLagJ4z1NZEiOCzTjI4VoXEmFRrOU5mlyRwRFTdJJLjS0VDeQMxiw6oiENe6MsDDkcVE1U7JCq0LP+uNFgYAdw33QFG4TZBCBj1IT596nk0yLjOu7USQjA1pBofDgQq4HwdrRrzpJvZd3xGH/LrTOQjDj5Bv6KiSMP/WkyiujBWQ4uaAZzDoiZiF5QKSZrF8rVQ1UKXMpWGkkmMulHRGUjkc2lwcUMPNKFM8yUn4kMNO6PIcFskLPUdYnGtj45E+FzTjxo453/xw+uGk3JuwIN2+TOAZ2EBpOlNwTxZu8btRSojoX/s1+4u76h+mjkMoocK8IObtNlze1iPPDqrJlfkBckpdRdCMbXFE1YgpJ29hUaVSIs2MFehavKxwZd68gqQ5kDmhdLzSZ2QiJ7kZV+LP/fDcCgcSFCy6WvfkndzYSaW6gC6WSo9Vw8vu7Kg4WFPt8lAcKzCzFfIjvGhkA9Bmtm0oi1zpVEVBFq4rm6TDtgg/B0VJr5Y4BXmtX/Es9Sv+7DUrvtU6Fa+1Key/+874i0nUea96FH+WGhR/4roT33etie+uvsT3VVPie6sj8Vo7osyE77NexLdXI+K1LsST1YV4rQXxhLUgvvf6D99qzYfXOg8PmO0X4zLer7bDd1nP4Tup4fB91234Zmo1bJie35I+g6NqKuKRzPDjRuwQjPZ85h0+UxrCf4e2j1wqLLsnmdf9eYM7KoCTzTS1WUghzGyG2hgZh8tLI6l0oKiRTzTlPsvohOqRezh4sGGA5t8xm2QshlOIDTgJKF6EYxf4xMv3mKhwF6lK4zP0RZqP2R/ucvT84SGOvfLwmA8RZ/mW6Cxn5daRI6VmZVgCHD9cNsnNHNL9/ACMBo72h3kGk4KdNdG3AOvNDIXP3UoWNHrfOb21ZcNcY+4zFXGhdBAsvZNHEH7Ad4l7l/DELYs4lXlSrIAj89HhAjIyZpomVNPmRfHB/orgjrj0KgAIC3+EJsklPHDpmjRPxkwpBI+Fa6REObwU8TEdsiKrS5E0Ysw3aD9Our2tRv1RCMipaYGcHnt4Ig7XccSKxw/k0MwUPCTTJBRUNyAz/ghH5Wi9Y6obH751uoM+3AAL6OLt3XiC/PNL97SA9Fb6WlSMg97GNB5xwWCNL9SZfSEKXli0rxBtdbmAQrv9rUV7nWQStNiCE2cfX37eMjYsrL7b+yg92ti+UwuJjK9BVq1eOHafG5YX/gZ2h9kf0xRLoIBSwN/MClcjmelL1MyFPeG2Y+xvw+uEOdumHxZpOIEuv1JSIrg7QNYg/2MTswKGNb/SyLQ5XRmNs3xvoOmCBbVkr5U3F+v0/t3ZTLbkB3Lx6fjTW/KTnBrzYkwnRskq9rfaWEobPbl9syfz9TnxOh2HEDnJNftvIbc/4aeGRk7FQIbSarcFyM/qdE0goOb7RvG0+8bJ0Xl4s9glEVURi1U0G6eRfQ6vxtEMY6pCio3izUqaLukzh86X9PlTU8ql5ZroS5kyKhZk76DgCFzAKaa93q9UUT/nab3L+oz63bvV3T/udg5aiw3n0zmBHkJcTPNAYpmwxnVw21iUzpiOR4sPxvWCyfjEzEvgdd5nmWAaoABWDv8RftfQbvG7t7nKBlTRKAml8HatWrx0p2YtDfp2matyfCKTZrWz1GIOODCRGFaqT67pKm/Q4fft6bNMyJfT43pH4DJPaPx4RBUt1juTSU3lP7AzlwVnTmcVJ+XhHboGm+50mx7/7//+P8qmvakPyWrwvz54rwh+vhzTyYSLoX229dcFF3ZAk93bxnRSHzIkEcQY2IsbdzC25sHbvG6RYilcUHl5JJzbzHN+hM2EZGyS8pgqph93+RTtzllECZukcjauuPAP77hod07HENwb5Omjkxw0PKfrO2zM+3bsm72z22aD+uH9Yrt287b7ZLFzf/ZfNLRrfyz2bB8waNpji7bJUhss+7qoSW97iAp09i1mvaX4N5nKa043aK5lwhVcrinI/x/4Kzm2v8xI+BwJohp3BogamgotHDsO3+S80Kl9LsIIWvkuzRIRQxdatsfncuAHECSWau6T3xbYntPdCY1HNk8mltXzF5otMMjmsWccCor53DRJjnkUNM10PnFnbNgQVksZ411qH/PUtjQwHTNtCMvs/SqYN6bB3cF05/CF+di2F3ZhaHArg6aQyV8hauL0Mz5hxYvwpA1QerhwVRoSXM/QCjjTzEKLNJ9kMsljvTwjAY7j165txpjgnrbbur23uJS6faN8rrS1oOf1O7oOLusu2TO+609YPfmBLCiS5UKYieaieRyuJurSvX/5+YyMoN6HcQOhOyutMJLbmB7nWeUYqOyCzun1F19Xz9E3pcqLuHXXaa5HTGifhwRroPnAduVsx2erWOB0Z8mDnb+EJxtW5Va1e6nX9zxlhGqd8X6uHey/SdcppnN+G/+KwtdGozfw9BzLfPqCmSNbyuMKm74ifa5NNxH5NOYA6oGS0VOuWOXIRDE9XN1YhkuNBZPhLi/NhBy6wg1wUprBZUOb0AmUJJlIpXjfFhLNBE1tZyTMRURcxce0qbIJVAFEkU3kVKSSunJlEfkUViAlrnIwpmWDBChtcsMpuvwfjk81G/8yYhl7n8mxKkQmCppwvOIDN9LKbS8hdb1YwEPS2cxlrocFCrzj9QezRyg+BVaOWdzN8oVqBqZdEtQWxH82i74lx1gQNVlMuci/zrWkari/85Mz84I99yyuHMIMNppftdIm80StoTc5FUV2d1mCDYS5zZduFlp6ozw1ppFqw5ViOvdt2lZYkFmwlQceO7th6R19FMiszhL9QsvRXxpry9ymUr9g+oQgMkiqYVLvu+cJnx9ZLeOYzaMuNUOl7XkCE4SnFmB+0MPpcZXNJUdrucYEpEAu0e0LDS1G+4mvS7RK+iu9PJwHlQZFkAq6VICj0mb5uzkt2vIldU7M992WD1ZWuytYMocp92y3QULgMi5kbFtMRN7751cqI9VuHi4k1RYfQUqCJp9ETGr9PZac1BpuEBRFbypm/VwZOTePrlQ8gh4eLhlBY48gFNjak8hD2NVjiULYJnLj/wUAAP//fwthXw==" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3rsuN3Eij4P95CoQcsS3NUiWSEnXpDe+EWpexdtSXz1KPv+8bT0hgFUjCXQToAkoUvXEizmuc1ztPcgKZAAp1oURKYkvdlsN2iGQVkJlIJDITeUl5PGuhZoIaAd5vu1PXWE+ws5c6+zHldsyK1vahX836PK8+WZF/dYpa1qJ0yvMXIvvBHSMzHxnhaQRHgirOBLSFgsOAM7XQcVAWmPVjodNu43+L0m61oXCXQVPlLZKxG66qqkOfGayBd8DZYatJ1VGL7sHJx1YAhUMT6aL45g4j6dA+ZxY5YQMu8BYHL2jA/2R+E4R64yGWQtjlGXhFHU0ekrEhzcCbqhiYJ6oVPI/r3+d434rydJDKKVyzZUlhMZ3KjFwefbKjYp9Z5cFE2GLGb4qoHC645jQlF//1AbpJMb2uNuyPdlAzYAEL3tUgL3qlqzqTFZDprEaPvxRSwNEFgu+oHRwci9YOIjTWOVaAsC0yNcvGZM2Pt2bkB5xqwbAOClEBXEXAX/ZnayVa4c1c19TisLAj2j601BalUJUpQjysB+SiNAHaz4CFHTGoUwNG6G+5QKaA+yp0Ftq3mwYrSCukrg05ABFslhEjHKsm9REOv+VQKF+JodeLJglRbEyF5jHeHt3CGUsFYbcY/tgqCXWuwFM2yFPz2A036LqOzmC3G0RZBu00Cleac3dmfo6BMZzdmAJFqDtI0N9pbyqV5mlKGHrfsIYNNtU0NnXgewWCDXjQRpJOJpmcZJxqls6WMa7RGbwqxQm4Ho8+uzDe+ww4eAEz7vNhLnOVzpCb4R0v5eGaVfn89ZQr6FN89qlFqHO3gYc4F/yWKGn4JCLkvwrK0nRKZwr97eUjm04dTI7vryP7he3nXdbRhNGiipvlJHd1sMCTHfHJtQHlOkKwrlskYRMGTnsirc5ApAgcieY4rUT4UBWJ3CgJC6zLvCAfW5YHxyE0hS7JRYsUmmsp5FjmyooCpHvxtQfQtZDHgdYPLz5s1ArhQIAyjUeFpwlJiRGirOGE7nV2D6o4h26Yl11wYfGwoo8BTs3hdn+Xcpgycn5+VKJHQ7TOIhGi4WvlGowQlwPFW6ADTyDvLUugiK4v1X65QzUy9j2QPejSH6HB8ctO6SGTUcz1bFVlAI+4njWvznspdMYqTXwBHCk0F0ysrDThh1JJQjtZDb4PMtMjcggRJrQByFzobHbFlWwoKvQ0pMMpyNnFR8hAqEF4dDgXrFWtpgWpcUGPqKBJnVKuifw94AyZvALjvGnecymGXOcJntcp1fCh7vD9/8laKsXaW7K5tx3tdnb2t9stspZSvfaW7PSiXrt30Nkn/+NNDcgVOnHefFYs23TnccXBSX2P/Rah6HJALUwOyDCjIk9pFhYf1SM2IzHUXjNqZ6kUmj03ddlpxDPUqGIm8GIBUghSieFTfZYVZaucalucUAheSiajmeLmD3QstkjstnUYnPZBakMn8yBq4KCwmoNvDAfkkEmHbd270ZdKS7GZxLW1ydiQS7HKnfYzzHDXRtv8j6N5cK1oq1mYGnfaf+Ssz8qEql5j1mBovsIsohZ8W2c8K9bPPt3sGH3r7NPN7kb5zBjTeAUIvz88aoalWkNdR4+4s31zaWxHa01Bckmo/fepYdoPh5feqLaF1rhVt4qNKMkk4zdUM3L8/r83AkW2vAHAREslTUifplTEsAWDOz+ZkUzmZmdWNFWD50QulMSxVLJESABImXu5JECzdAlVrdYBmumHKWaVrJ7aMjwyo8iSfR6LY2gmy1hy1aQSPmGHcQibHI6Y0sGkjkY4dwsQmUxY4kHO+06T9Et+WiRktIKQYxjOmpEDmZG1gZSRfS6K5XiNcEXWwi+q5bvxctQGUiUMiypCiTUWc2UMJdsSE0zXlH+xKUt48afywYDf+hHhmfWR1pO3W1v4CD5hDKSNiFxiKJOWaPXf8rH3MvdnRPHxJJ0RTb8U64qmbkqVJnoqSUr7LFVoVQupIUQFi4ga7C/Pj5WPUl6LZZR/WasfhAE1Slzhyb5KbvCTANN7JWWQm938e05TrCIbBOK4sIlAaSjCYjAUhd3GbILKDQRJwGt4h1dmFcvuESFnglAyoZnmgR+M1CAA4WELRJv/7O82tMJrUqDy5KlNE42pKBxhpMxXrYACtp+rqiPUZ6mcNrN5854o75uQtmvT6TRiVOloPLMjIGPgzqBKr0V+xDNbChtHGdGiziziiuH1bpoiIn5N5f1upPJ+p7T5WiUmLsArVSZ1XW2LMdZauOeEJDqjPDVbZsIyLhsKZRsEPLPdc1Og5eQK0PgKUo8NBgyqo5tZLaNY7NfZ5fnxRgvv8r4IORXOiVsCi1jh0nJ+chAChmUdrwSbJKoLyOq8ftggt82sEvDBty0ZQSrOE4rFSiwmHuH7Et/kimXRalkm9BgUKWw+4i64fCRyMO9YpIKcHx9+MiLrEDE+9kOFvPKmjh0bU56uCDljnhKYwKnf9bDFyEjPJ07kfzbHoUH4jSoOBDCA74gISfss0+SEC6WZZbESbeAe4NkYEK+CV86BiOTKrsHnl7q3V932Jhw85lsuALOBURHOFbpzwpXAyepArLI6iqUUyB2IGtcy6BkfxsxgaD8KKEGokGI25n8EQZVIQv/xM7bJ4QNyDVhAr/jMfjDYXXtlIJZigGtVjdMRSYN+ZczAJqa6t1DD07CSXS2Ysg7E0/lvnk2iXYyMRSlstelUDrmoIx2INAoirU6KTKYry2P2/daAIWEm5/GEQhMW3rmRvF94nwp6RZMxF2stspYx0KLF8Araod0X3hsGb7jqYkH0hvvqzqQo5t6uxQLo8DeMZgaPQxGimFBNLYRTqkgs05TFUEzDfns5YsoPDGkkM5mTARcJbiq/xVM5VHZv+0YUbm5Ip8NwmCWuqtlkxMYso+kKe5mcuDlqG5MrD/46H0DqMHZF26i18kpgm4BnCaMKlOu3kTEoTqKwmcm1HRBEWCKZMnpnXZXcpzuDXrs9KBFjJTKpoZWLD1ESAoN4EGJn4zmScAXVfTKuAsEtB5gkJ2TCrEe/hHJxie4rbADDgAKesHqPNG/t1fqwhMDYjP4x/cIU4ZpMpFK8j2U2PH8WJoXhU8OQY6YzHiPPQmJ4hWvLqWZmw4DhH+cpzQBePyQbc+36DlWDPD9IbSM7OObECWbbADJWvKBwX5bAAJ+ELJG9sIyDGBJMzUBVhGpybd6z56I5JuGjoT4oirTBGE6291iP9QesTdluvHOw10367GDQ7uzt0M7u9l6/v9/d2RvslvhxRdcLJY3SMRuG3gTSCahViaQVDS9CrxK7M0G+Q0Kh5ReapnKKy59wpTPez8PUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8NvY6oAgxNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPt3jGrVNAiayPZYgiZEE1/9xD9qFvK6UMww+3RgNgb62IIWTg1OlhCPTbvdykwkE7bSO07HTdSzBExZkTMBJ+ipRFnkWcmM4F52UtGp/eY32KZBzHdYGQjKAUCcDaZLtoJFcKh7sVhcUfZd4yk/qD1OPGQuNdaNthgvVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx5k2hX0J9QhvwAN5YQM7P1qp4Z2XmgLQJhWElxUKPlbCjuRjmXI38qhWbEra0OS9IPikd9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzQTZRKngaW6TGVGDUqGINaoKbb7Nt/+mUJbQKUtGfNNgC6xvg+BVcy3bMimqFgMrrkhKWPifgxUr9TTTmG/TZkp7gT+hAMXeYBJOcuAU6G+AgMvNj0IxVoKvu0Dmid+o0p+uSVL2+R+qWlqMx5P1pVuSf5YqvbkF83GzJtqivSiGDtSSplF+MCUZtqizT2FG0YlsERWa9dK9TYzvqRjuhnQXhtSUzq/jmDisLn3J2kMsfrsVaE8Xg/gilmAuntrHGW3hxHDVZVoYxguBnwxi0HI/dsvfOYQYFxNlagRhe6iJUJSDC2PSi9kWIVBDgfU9od3gvb+O7C5zmRTAHs8RSKJ5gr8wRAxUJmngGxbUwfPcv/kjF2GfwiIoy3mrehI4MZWI6Xg9D9c8CGx/vV/zYzjKKaZj7aWPbAd4ix4Kg+wCLMzQ/56jgscS8LE/ulxnIben7Gsj9Gsj9Gsj9QgK5cU+6YoeF2HvGaG4E6TWa+zWa+2lAeo3mXpxmr9Hcr9Hc31I0N54VLyOaG2BZcTS3RfieKGaaWpOh2IrSBzg3RjIHWcHGpgGjWAxffGT3XHJEj6THC4zsXlxT+4rh3Q08/+zh3aH++Bre/Rre/Rre/Rre/Rre/Rre/Rre/Rre/WRAvIZ3PwkDvoZ3v4Z3v4Z3v4Z3v4Z330mzUn8/RN2GHVwW38wPO1iz3cHMZkupUnwwc/GiFPoqQPVxGscSS+5BYU+ci2h6K4Ucz361EP7qlRyD8Puzy59PyOHl5f919A/ouTnI6JhBJ4dfRS0ywexpg28JkmJgCwdetHurhWe+zDn6dM6OL1rkw99Pf2lBQfANF0pGSSzHYyNrLchRMTRE7ABCkaax5nH0V4DIN/4IS7mP+HBktVtftlM6M82MUYyLEP26xscTGutf1zai0lQsHsF+jv4akqE2KdwJF4N+4QLcFaCs0ngEZTN93WzwfWuMgMF5WrBgcSzHk5QrDPUcSpoidMW4v64FVdeFEX7G4MKQFwM69kddJGjAr/JXOKYsH/opi27HeYbti129cbxwcXxV0uRx0eF3vyg+Rh32oqdmRE79VHYsXroUIs5s8T1qIQAWKo2Koa9ZT5ixcbCZmSZcDJnSICzQcch0JtUEjYfAR6DpcIjouUKFFWES7riyAYp8vTIlZ80wNkc/GlKzxJOOeP9lu7DkihFakw+/ekR/taO0SiYjWWe3kS8FTLWm8ZdozHXGoBQwvqK2Lg/b7XZ3i2ysVcmDvzQRZoVa1VqJX11E4aJECmlSk6ePJ1KdRuX+URUyrbomNrCRnwSaQrwgYoXD1wm36ChluvpD4KtsTS/dHrs73UDLkdO9pbYuO+3eQQP3wfdzKPSd2OhrpUSSpVckXIaQu1e1IkdyPKY2Ee8CsRBDjNyaZMzlg9RX65lExcL0DOlYZ/bV0XPxd+cQVuX9ryU1wI+EoiOc9bGSOBzrceRttzvzhEjUXryLxxzivmiBM1+mLLlUd4qVVS/VJzll2cWIpekj1+p5xM3CpA7J23y8rpzUy72/oMvBViB3/gbbfmOZTuQUGhKFFfNLnoGBjHPlfKRFew9XS59wrVg6gNOJQ+deqPefzgi9kRwam20mbKJHvvdBYdghCLdRr31gR41ZZuPwIRmALdELPeaT0cpa3F1g12guEjA2bSMLnBLZLskz/7VNnQpIWhOQ5xdXJ0fHP51c/XxxePXL2eVPV4cnF1ed7v7V0bujq4ufDru93UU3pK0jGNBuRVT4dPJ+0/U8V5qKZJOmUrDSqklIivRNxCxscKvodyA4TDAFZZxjy4RNdhunueI3IECv6yhdxSPKxTVRXMT2cjBsiUvwShVz9301/pSrur/v/dlZFC3coXEeJKv2ZIa0DiavZTWWqF+4QEaQcjF/LR60BkWimlsFqu1VcTnpf8AzpUts4TKYRz5qvOyBxUVZaxH31xId8xDOEVWjaJz0VrQwRyXJJIZG+eZCB21t3h/3SMLBjyQH5PjkZ79+5ZQ8qKCwwJY5xTRYxZVmIrY37ra1KVUj20k4jLPwF/fFauDtSdGyP59MWAZpw0Cv6kq0T/d2j/ZOu0e93rvT473j/ZP9d/unO+9O3522jw5Ojh6yJmpEO8+2KBc/HXa++VU5ONk+2D4+2O5s7+/v7x939/e7u7tH3eODTq/b2TnuHHeOjk7edQ8fuDrFUfMs69Pt7TavkKdhkAT6+BUqRsWVepp9s7u/d7q7u3vY7u2cnHb2Dtv7J93Tbme3e3L4bufo3VH7uLvbO+kc7+3v9d6d7O28O90+2ut0jw4PuseHpwu3+7M4cqXylek6x0VSPUtCm+Y3Fvv4I4TAfQIVrvEgsu16aqtUc3J8+NFmVJOfpdTk6LBFPn7+8UwMMqp0lsdwE3PJ6LhFjo9+9FEHx0c/uljGxcn3G91e1fFtr82hEkyReofz2jIhRpceYYjfjExYZljNsNjFxflWoV8TMqIiUSP6pR41kuywXr+zn+z2e714r9Pd6+4fbHe7nfhgt0+7O8tyk5D6ig70QgyVFItbZhqq2dYlh5BNryNPR0y47NiSMqCIkBDWzLIgTTjcmTypawnddrez2Tb/Xrbbb+HfqN1u//eymoLBtw+VOr4iwlYlWhjZzsFe+ymQxYzkJw6vqrT/VpLEFDK3DRt/OLMyVbM0LTUgw+Ra16rd2J71XouWelwRil2D7Y23NaaIlhH5BTOvvdg2D5e6YaIc9+MOmaH8hNsc4DA632YB1+gPkbNYYyGK5bI0R1n5nPK5JpELSezJcq9EHs/wNxDFx6UmpU8kiVU+wdvdK7SlVx4gYqdp1h1KRjx+M2JpKpsMljkWfLe3e/X3o/fGgt/e3zH2TPHgydHxXY/6dVl7kP1z22sfRDSFhBrNbxhs+VXR85yjtua4LpjXhrGvXxx+2IgwVMDMY/ZqNjP0blITsPs61zOMEQjYFu5r+7m20SOYDAVxYkW+mdHijj9ckBBjQtbNUFOeJjHNErXRgqFLsaisfn//5q/Btn/QEqBmFCG4q5S7bg1sWA0IgvWjD9AN0wBhODmkpKdxDWmneRllnPzEhyNyqFSeUWPj2+5dR8saF2VaQKrvyumACcXrRxuQeqmqaH5euDVxAw5JKHVXuawN4n39+CGrevTj54sW+ej16jMRgyCHo63IAWiFuncDB/j99BScACnARRLyqljBTeNk0flGlTjvDbMYKfJPzqaPQCgsibFipMKpFFn/+IiNfibiJ8KZple54KtSdZpQpykxMxoKfH4ACSrc/wgyQGW0K5ldQaDZ6i6+/FmLldgy4ubzJ+1li1xA2NqnGp8f0ZQPZCY4fQimT2EZgo1EdVCNeAFTcI5V1G1325vtvc3OLmlvv+303m4f/N9gGj0UuUebgfdiV7X75mLWOdhs7wNmnbc77bfd3sMxwxyrqy9sdkXTodkHo/HKjD87flN/fJ8Q9oXVN+LPFw86SALc4jy7WdWmu8R7vJvwUpkRlqbmgdj+VGBHPJ3rV13+J1/VrkYLwZWe9LoLh0vMIQi7nUhR5NE/pCrViR3CL2fCMn5TW0x/h7QAcru93vaeI75I2G01jOJhyCr+xyKLPw9RSEjmf/i40GAt1YTGcGPV5w0Rvt32zv5DQFcs4zS9Wrhu2CPSU3AqVxEMjqvC0m08JatO88IYdQVdCk9LOhlRkUMto1a51lrhNJ9yPZJgtKVGWTGWl/eg+6HjEc1oDAUaqkTu9U7fvTs42js+eXfaPthvHxx3ukdHhw+SGIoPBdW5od6KheFZOcMsJLUHIpQUvzCSMWO+MUMfFea34tE+kDmEVZC/S3JOxZAcZbOJliTl/Yxms4hcMObDSoZcj/K+UWq2hjKlYrg1lFv9VPa3hrITdXa2VBZvxTDAliEM/C8ayh/Ot7f3Ns+3e9u1ZcDbmc0HimrrHHgeU1h5W9iBUUVOjWjGkmiYyj5NvU5Y9Jh8IK7PYeo+jaXrcHgJpm5VVDlHExaNmmPrXlz+WOi7LXL+4wUV5NRYsVzFMrCFW8YCisDyXQkXvBgzt0SAx2D03HbuvE1cWtCnQvAFGLUVfB+E0p/AQLWRAavVqoKy12ZSq+bUWHF7YQRWaLfMCVQsLBmf+g6dBfA6pIUXl3QCpXKb6hQoFk+6vd1sYQuFKU37KQj2BTDtS5kyKpoQeoc/kUFKS2jZwjyX5xdEsKHUHO+lphTKfMRMqUGeGsXTq1RQDJqbp2zcqyBMgD5kPudCsHTh7SbYrb5yIbBfdSl93G2fwVcAN0si8slWPMKwFhIUfYFCv4cfDm1BIaM3OJ1xOp1GnAoKYchUGS11zIRWWzpVm4CJ4XyDwyaOO/eH6Hakx+kPNJ2ITQfjJk/URiUUCiuXBUZDKqeQJarqXGeg3OpECzNdxlQ+XinDcVUJlgaGs/NCarTH1rDXLSo4VS5dmM1sf+4XGdlrYVs2sreO0nNF9s6DZEUkXmVkb7gWD1qDlxnZa+H8biJ73TJ9y5G94Zp8H5G9z7kqTx3ZW1md7ySyd8EVKkb9BiN7LY4rjey9WCqGtxa7W5wRCGvNlPsqMbx28t/o9sqCxZqDeHHiJwvi3T7Y2dnp0P5ub6+3w7rd9l6/wzr9nd5ef3t3p5MsSY+nuqpVmo4ntZhWG8D5EoJ4A3yf5PZ2GYS/ehCvRXa1AaUXC4eOVgRygwCoBRetTAC8xjs+X7xjuAR/9njHRlp8Y/GODTi8hEugbyzesYGKL+Yi6EHxjg0IPfc90MrjHe/B+QVcDX2VeMcGMnyn10khpt9dvGMVue8n3jHE7HuLd5yD25833nEOQb7PeMc5yH4L8Y4h6K/xjl8x3rFE+Nd4x68X71gi/Hce79iM67cV79iEw0swdb+deMcmCr4YM/dB8Y5NGD23nfuk8Y73IfgCjNpl4x2bUPoTGKjfZLxj+Tr+yZsRoGpW6o7mrpUnNFM2Lgu+lxkfcsN8GIXWcGETdRd2gru1WHEY4AdD/ZT/wRIMlYOrah8FCIdIiOZ9KLqCoXMR9Gw3ocJVN27CqY7RHHwaWwzVO+iY+VyvEPgcS6zUb8SEzmjMfDuhQ3w4Y/ZiCu7x5cSY4RCS5xqOQMQnhTi9ol8hJRn7PYduD5JQAeEDdlzbbAN2LoVW131D7N9zls1si6GC+weDA7p/sN/p78Vx0qN/WYCkiMVXpGmVbPAZ66gG7R1trxns4leQzAak9ZkxKYmWQ2ZIVe42aEe2naAcYUdUJCmaYH4S6Oe7aQMnWeJorap03ekPDrqD7d7eXn97J6G7dDtmB92DpM3abGdve7dMTgfrVyaqm3Zhfg3fsS0dXW9c30gUWpqMGVV5Zi1KYGLPlJaBPclDNnaHRIWY7fagvbtHabtPD9rd/l5AvDxDgWULB3/++Rw+zi8c/Pnnc1cS2HZWIbZ6Dxp/0kxpz0PsrWpeUXgNaZ90wBv8+xmDlo4kkVNh2EMSFY/YmLV8/9UJ1SP7viQubHaRWsCr7Zd3jN3sXBOsLA2aoZbrRoV9Nc8EURI6xCpmpJCh55jOsKS1jUc/+2Sw3TIkNHTFZnzprOX9C7Ta0FNAA9AzWw7LjI0dQINm7FNwVwyla059bWteIeVCCBEhA1jRnpakXLOMptC83Y/JRJxK6yi8/tc1rNH1v6/J+tnJ5Sn5+fTID9rd2+5uIEzhg4UvxPlTIMq3z1zXpcQFljpw/YgIdq13Z0PFLp+M4OLVV8URUKofGtt6wmGwrJGubvIGNcRuYY8a8BLE6iYujC5lNMFdoktNWmujc0UgXEAxTbiRQjZkumX4UkhtxHw2g7rpIzgGy+9XBnfTYu9dMs6VhkH6vidz0tB3Fp1m8HCfkbWJGAZlrczra5H5Lpjrg9Q22niKRd0sXqDXlJoQe0gVWXdmq6ZZNPxjowWY+zF9b1gpwsA/z1jra8M/1loID46wtlHnp4n1TgVNtYbjxZzND+KhT0XfZitWCFxF4Sb44ToQMlpO1irrdf3DNd4tldsEO6ArDRIHefqE6uqzNXI5G2CDDHPOQOs2PjZy07Zvm8kcarMXUnEWcIPSMgzg4oJc51kKvWivIR8KwkpBquLO5gqclwIDmViChh/on05UgSLlhwy77zd0ASjLq7c7O9tbitEsHv3t9x/t9/j5By0npdVz4uM7WME3n8VYJth13UtFYH1FFGOiRFlP0QbpwQURTKMKJQXX0hg/KJRkH5SjxJ+4fWa7zptvYK0zRlXIChQSyEgqh6rlz0ToXKCZIL8Z+eaNDxtIDMpKtY225xzfU9C/5oelysjqKVUe0FZJmRJS14XTg5jIjDbn5xJ/TahSAdc8ea6RHb7oAwGHYFSBQa+qy+0nqkeVuQPZagm0VgFHZkveMqLT5K01wxvhkIWcrsGxs1O/ndjZ2S4BBXbpKlUamMAyMf7aZ6jZ4C82l68JB78PDE0rzFY7u/4GZxfqPaG7JpwlMtKelpVTIc27sEOzQvZgiEUAe2Q12wzv82C+fq79U61gMkQWNSc/Iva6F4SNJ7qAB0DHJ6/t27bzpL9L5pDHIDSnmpE+01PGymmZeirRIKgc0JipyTKWXK3WlrkMLNFiUhDBzgoz+E4mzO9Xlffxp3mdwJEZ/Fi2+bcxEtcGUobRSGtmQdbCL6oSFDVKS9eEaZaNuWCJOXljrlhqk0AoJARaF0Zxu63ywYDf+hHhGch9fbu1hY/gE5HMhhsRucxmrr/uZJLJWz7GuA6ujJ2j+HiSzogGq7WubJqlTGmfpYpMeZqCKgbn0ZSlKWB/eX6sCkETyyj/slYX7dVgLe+PA+N4VXxwAaPPF4tw4FQVd4wquH7bqHoivHOOrjJmjqFWyeR+EpDlVtFGNWBGfs9pikpI0KneGTqFHCi6HltPP7uN2QSP8pFUtkt2LhKrtdd2cQRuAOocJIHNUoUAfJDctdhl7nfsdFv4jLTrEQcz15ujFzumFVCgsO6rCPVZikkt9Q3cvNvLEiGkLbpCqNLReGZHQJbHPU+VXouqrgc7SsnuA1yVvSPyMsnxpcr73Ujl/U5JrLRK27MAD6W7NQJcXH0xxho6WszBoDPK08IAbtimVC18Zarl5ArQ+ArCnA0G2LXYzGoZxWK/zi7Pjzda6Gn5IuRUuD7hFacSCsWW81SCeAu3drBJGpwA1XkLx03QUS2WY+CDb1vmg7yfJ+6LlVhM8MP3Jb7JFctWGI7w2Q7foIiHEMCrzk3sPs/3EwMXwnWA9RY7zZFwgUqxERC0L3MUnPAo2nDQlo7dUG9EW4+l7dtvv7Qd7Ax/jOgNAy8Pg/AQmQXuIqEzzpRVG2ESECsSushTAa/xxEkK59KmglBI1LdWJZ4AgaAc24VbqCXdiIohU9Fqd33Y3Ro9xjKbFaQFlXfMIDRODubpbFSQ8+PDT4aEh8i0x36ocLsvXhLd4g4JSCtk4HKG0+L1kix45vB84pCfVbYZNRi/UcWR3zI6gu99UbMYD9M+yzQ54UJpxsWyxAHufjbuhdmfm32RBCtr8lu/ZPT1mQB723ZTzZRm461JSrURoUtzOWKxwqMkXEWcbFkQgwT+J+exz749rC3lAP1kMmxAWjqWBnDzj3JTECqkmI35H4GfGMnvP35WbJCnZhNem5cinlwbHsQPBsFrr2bGUgxwnWlaPgpF0qC554oly7NrlVHjItvjKZnU3VGoIgl4YRDrXPhQIFcpaC9GMrP2nMxIKofBha9qSH2mIGmXpUUm05WlLPt6QxiaYWYiFFUuzYvdanWrCjpv/rX2hfepoFc0GXOx1iJrGQPjTgyvzIBLVPH57rQff63sFPw/pYJXYP9CVbwCwFcl707y/InVvCoRvlVFr4rHi1T1CiBflb3HKHsFHV+wulcA+arwhdT4U6h8z6ERhLFNL/uwXzw85gk0AQfn93rIl/F7ked3GcSvfzS7+V9P3bmnriPRcx2ovq74Sz0rF5dZjzhIffTLn+GM1DQbMv2ndB1Y1F+o38BC9/L1iGdwGljafK/KxLIUeJHqxrJIvEhfgYXwVWV5jKPAEvEFewkshC9W7fmKLgJLiu9Y9wmDiq7o0OXKBKFFpPh2gQAjHMOFGQnIk4d6uWOGMeSU9DM5DTKT/R69HLGZzeZQIzkl5jwRZMr6Lt0Wcj/MUFwMi4B0m2ife1BdMPjiMUEJM8N/LaFrZ6uuJf80koLdY3msBKCCdPXiS3RAM14C6sVnOlVEYsAfVyX+qOL6Xv7B05Ru9aI2WcfV+H/I0afPdmXIxwvS6V51MLjxPY3NF/+5QQ4nk5T9wvr/4Hprt92LOlGn58Fb/8dPl+/PW/jO31n8RW64Uh5bnW7UJu9ln6dsq9M76ezsW3Jv7bZ3bIMlT3QVDeiYp6tKLfl4QXB8su5iIjOWjKhukYT1ORUtMsgY66ukRaZcJHKqNmoExCdrcH8feY0fsZSFGFoFzyn0IkwM9q0zMiiJhWpsjc+Qdd7L3+gNq1LrC8sEW5UBVsMBZ/NgYyUOOp23Q3ainai92el0N6HAJo+r0L9o0+zRa+0S/oOVnre4/1mljDMHvtbKuvnsfo6Z0FK1SN7Phc7v2sM0m/LaHjaArUzlVxgqfm3nsTUQQPOnmg1lxv/AJ2QVSS609ItrRLQ90PqZpAkU4mNZbJR4kG2cqcAe+OgfV4wMZJrKqRnZduorcpIhb2zdV/nZeEtSLvLbFhnTGCgq+G2R2mDpWi/g8PGCzGT+5k1mzn8KWQwQMG+TdGxKbcqVbtmE+yArApP8/ZATOcmNPZRE5FPKqGIkZZrkCvIHSH9mCCXMDFRg4U2c6uToomWoOsnkRCpGeJBNR5MEujDWI+ABzUX1Zami1RaWqvH5oqKr04461UN1taAGFbvuUbKMIhCo4jepPUStEv7P88MPi6jf5jmneNOsyHi05uCM7Le7Ued3oulwXW1gqtWExl+Y9iWDFGZKUEW4GEJREehXgX/C+FQpGXNbF88MIVyKNNjhYKgbrP3GpL4or50MD0fXq9HvlA+YKR4Z7JuwyFgss8QMx8UwtdhqOoSkLJAOORRmgAaRbvFGWGjAAPr7JhebvxMmYjpROUKpWtaN0AQZKWV/69mEx0F2mM1NgGIr1Ke5KyaUzMg6i4YR+W/GvrTILzxjakSzLxuQw81vWDoj3kgDp1FGB1CzuEIJLgTL5q4qDkHwIYtcscCKrLusCzuq/a2M/8YcJO9GD/Gz4y6L5R3oobT7ixPn6czLXy68hDK4iwZeMYyO/YKYI4emwyHIAjvkx75r6BUwt+PeKORyewo08J973A7peTt0E0HVFL8rbCUv51xKuIozBs6s6g6zYwIEwXjz1mXAMzalaapaJAPmVy30gdCE9GlKRcwytYQVvDLHKSB0doxGhWGJohK0p35dXi965qzQSP44sXUxAQNwMi2Dg8y14sk9Nca91M9TwTLa575mqxP/tR/mnwPmGCgNtEC+F22YmtSSv1xz5sINtVCyFSpwKy2IAM2Z5MApBEaeZ/GIa4adrQARXaMLheAfVWS7XoIiaEuROO150+/v9UF4g3EMlq6Z6+LzxcmG+QNbDqTwoB+0eMHVLZQZObX7dqOUp1n0f/49p+lMDXOaJRH+DfW0f5+y/oilk62BvIKKOumW0fdSlgyZGXqrhOCV052ZikZ6/K//gIE8YGViFM/+e6OxWoqrHuUy8epq4pt/rTm8lrhvjVNzWLgU6hVxCbRRKE3kS5KWqKBimRWaZWlxCn9OWOQF2mpAl+74RqmtelnZf14sXAM7gPjFGtA1qgZfNJMUNp89s5Q/wmkKp2E4W9Pbc7ZHfMOiMdcZw/7oRoZtDejvwObpD/ENu4LE06sAOHUVZ8wYTP86guLsftpQtnKGZ/HJ7UQqIzmO/nkSYvjv2vqeCWMdfbwg2MGFdKNON9pthWVNyuSwVt7Pn46WaInNoM/BqjeIk6LB3RFoPnjFydUdS1PfHE1L1LA7ThYlwco0E4O5w9iKhvWz4w2XZG+bV5SKUzQdlgRznSNyFqYnk7x8HWcnsIO6u+M6Xaunx6KsPx1RfcXVldkCPNmwvF7l8cLkr/L62fG/G9ZoE7sCtdvtJVr+Q4WdldX6PiQZw7Jj8wVMSX+20gbLlo655kM0fzwt3GJ47k8q61IlTPOKxEO+2efCfAue33jI/2b++NHTcbfTWYKMhvGuVsr81oqUGVExFc2s2tgnqtPu7EfLMIUZX7AsumEikauqkn5pi6bMO+ABBIIg1NC6ZIL208VbAsUyY1G/aCZzFzKDVFLdqMJemGGwckJGxdDekrajttG4O+2obeufmD9Jn7mbhrFUmih2w7Kw9t47o2IqO6I01qfR2JRiSo3hWhak9iSVXDuijJnOeKzIOtWaxl/IDQTiFB5NLHt3y/WsRSYZv+EpGzJbQdhGX2iWYRnljRbh4wmNdTFqGEthxvDjmteGGQxrhrJRUQCTbZMKxZvnKAEN6pdT1YF1NxMZ5wbljZqm2ot6yy0xEzc8k8KMttCt51da65MQrPsWnYoZ8UUdgUvsCrXIQ1YI7u55xsz46gUskWbjicxe0upcWojuWxi4JhxTnSOhDUkTHhSUapXOa7dW8dPtiwUpvFpfORjyH1wXkpLHozCd1z/883ijOOyh+paGds+eRrAMwJ9UfOFiCC7qtXM5XWuRtfcs4fl4Dbl57Sc+HK3BEhgzjdx0zaJ68elHBE5QVQckxPkVc2mYqhhrO2rbKk4z8CEmbMBFubCtGaF4uLRGARfBE1wRORUsQe2FCjpE39Pp2c8Xl9HHbIiNZ8g6fGGEJ/l8sYkd8YUUm5NMDnhgagUtX1pkOpJGGHDl6lVrSUYsnYDcB4+6YjEwp9FsQU4Y7WsiRXCvqhkdK0LjTCpUnKcyS5M5LCpukkhwpaOhvAGfxaYVRcCudWGAlyOLsapdkhVqF37VGzUMqH9kqAeCwh2CFPqnQXPy1NNsknGZcW0XgmRsSDOIIwhEwMMoWFPizTSxn/oeP+Rtr30Quh+h28xRpV36nTdRXBktIMXDAe9g0BIxG8s5JM1mua30tFelvpWhp5JjJ4x0RlI5HNpODOTy/IIYYYo3OQkfcjgJXZe7onWdpwiLc210PNLngmbc6DEXW+/P3p+UZxM2Sr0vE3gGDlCazhSUG4Zi6A5KCR79L37P/uIqpoeNwzB8VWFXCPN2C2pg+3teiPi7Nj9AR6HrCIaxI46oGjHl+O345OdNJsypUW5Rb8SMjyy3pf3Nm9fQMgUK0JeuV/qsuEb29354b4WAmJcjNaLd3u71hkfv5MYuKtVFuGzYbLbmXnZ3R8XFmmqVQXGkwL5GSI+wXqN1QJvVtq4scq1TFQU9mK5tiwY7Ivwcp5wJbQm6+C0ITWGjmmMFMg1WFffpG1bZpnLBvLbu4/rF4YeNCCP1zDyK3NBsZiR/XNmOoB64PpqoKARrAq6dPjTCNNsQojFx5YqGFIbLjz9ckBBjQtbNUFOeJjHNEmXV8lICB6u3zXzz16D69cJahu/S/wxtGn2Xxoc1Mm/oV798n3qP/3O0blRV1Bbv3WjhfgntGpdbPezW6LsxGhWqRT5+/rHSmx36M96x0n6vPHTFX0ybxveGKYxU+Cdn0yWReO7OjA/buGcifgSeL6BB43JoVzh7SdS/00aOQuoraOmyADoP7r8vJHQhYNkiPfi77c32HvTg337b6b3dPliuB79BCO+jVokR+BgWwaZzsNneB2w6b3fab7u95bAJeq2vunH2oe8i70J+8Epf1xrPV7FcojV1gA+071+hpQrjIy42UIWlqXkgtj8F3eaDfuCBBUYWbK5vbNFJr7vwVUBABGZb/S9Ah3lN9E/sEEWHB5ZBqe3yomE4w2II7fZ623veDE3YbfUefHEEFf9jkUWehxy4HPgf/kIjWDM1obExuEif67oW3m3v7C/uNsk4TVfbv9amJuJU7g4UjhbPns2nGLhAQNAozUQc+qcH9mYaSpPDyk5GVGDr2RbhOojiRqtUW8+BBGMoNQoEXGNMJhjc7YcuOuHVCNvrnb57d3C0d3zy7rR9sN8+OO50j44OF29O79wTKxdoZ+VE5VIncwdEuPN/YRDkOB4zuNoJi6vj0evcKeTvkpxTMSRH0MifpLyf0WwWkQvG/M3okOtR3ofIpaFMqRhuDeVWP5X9raHsRJ2dLZXFWzEMsGVsdPhfNJQ/nG9v722eb/fqvXaM+t3b3VxC3H733f+/1Y7/r13+H7HaL8ZkfFhn/++ym/930sH/++7a/8106t80M78lfQZX1VTEI5nhx83YRTDa+5l3+EwJhP8Xxj5yHYXsmWRe9/cN7qoAbjbT1DZzBDezAbXRMw7JSyOpdCCokU405b5Z44TqkXs4eLABQPPPMZtkLIZbiE24CShehGsX+MTLeUxUuESqEnwGv0jzMfvD5dHPBw/j2CsPj/kQ4yzfEp3lrDw6UqQ0rITNYr/CD1dNfDMHdb8+EEYDV/vDPINFwcma8FuA9GaFwufuRAsGfeia3jmyIa5R95mKuFA6cJbeSyNwP+C7xL1LeOK2RZzKPCl2wJH56OICMjJmmiZU0+ZN8d7+isEdcelVCCAs7BGaJFfwwJUb0jwZM6UweCzcIyXM4aWIj+kwqAZbVCAZ803aj5NOd7tRfhQMcmZGIGfHPjwRwXUUsezxAzk0KwUPyTQJGdUBZOCPECqH6z1L3fjwncsdzOEALEIX757GI+SfX3qmBbi3MteibBzMNqbxiAt2FWRD3z2ZfSFMn150rjDa6moBgXb3W4vOOskkSLEFF84+vvy6ZWxYaH13z1F6tHF8JxYSGX8BXrVy4dh9bthe+BvoHeZ8TFMG7aNBKOBvZoerkcz0FUrmQp9wxzHOt+llwpxj04NFGm6gy6+UhAieDlCpyv/YRKyAYM2vNBJtzlRG4iw/G0i6YEMtOWvlzcUmffh0tiEo+YFcfjz++Jb8JKdGvRjTCVYD+FsNltJBT+4+7Ml8eU68TEcQIse55vwt+PYn/NQwyJkYyJBb7bEAbS6drAkY1HzfyJ723Dg5uggzi10vRhWxWEWzcRrZ5zA1jmboUxVSbBZvVqrZSt+AcT6nz1+aUv02N0RfypRRsSB5BwVFIAGnWPb6vFJF/Zyn9SnrK+pP77XO/nGnfbC2GDgfLwjMEMbFNAMSy4Q17oO7YFE6YzoeLQ6MmwULUYqZ58AveZ9lgmkIBbB8+I/wu4Zxi9+9zlVWoIpBSciFd0vV4qV7JWsJ6Lt5rkrxiUyaxc5SmzmgwESiW6m+uGaqvEGGP3SmTzIhn8+O6xOByTyh8dMhVYxYn0wmNZH/yMlcwaQ5k1WMlMdP6AZsyuk2M/7v//m/lK2QVAfJSvC/PvqsCH6+GtPJhIuhfXbtrwtu7AAne7aN6aQOMhSuRB/Yi4M7gK0ZeFsCMFIshQSVl4fChS1S6CFsRiRjk5THVJUrbJJHc3Mx7pxNlLBJKmfjign/+ImLcedMDM69QZ4+OcrBwHOmvkfHfOjEfth7p21WqB8/L45rD297ThYn9yf/RcO49sfizPYOg6YzthibLHXAsttFVXo7Q1REZ9+h1luMf5Op/MLpJs21TLiC5JoC/f8PfyXH9pcZCZ8jgVfjXgdRw1ChhmPh8EPOc53a5yL0oJVzaZbwGDrXsr0+lwMPQFBYqnlOfpdje850JzQe2ZKqI1pKaLaBQbYdOON6VNA1IUmOdRQ0zXQ+cXdsOBCHys1jzKX2Pk+IF5/QjI6ZNohlNr8K1o1pMHewazR8YT62bMIugAZZGTSFhugKoybOPuETlr0IT1oQSg8JVyWQID1DK6BMMwltpPkkk0ke6+UJCeE4fu/aYYwK7nG7a9oHs0tp2jfK10pbD2beuGfqIFl3yZnxXX/D6tEPeEGRLBdQqY6LZjjyLH3Y7J9/PicjY9iPjBkI01luBUjuInqcZ5VroLIJOmfWX0YMtkGB35Qqz+LWXKe5HjGhfR2SjAipvRVWvdvx1SoWuN1Z8mLnL+HNhhW5VelemvWUp4xQrTPez7UL+2+SdYrpnN9FP2+/gkRvoOkF0xjcwwA22OGQ0IJDX5M+12aaiHwccwjqkYbyU65Y5cpEMT1cHSzDpWDBusnLczMhh67/PdyUZpBsaAs6gZAkE6kUN2vObjHLzE5GwlpEBPcCJPeU+zFou184smwipyKVNLH+0Ih8FOksGEblE2sscVsApUVuOEWT//3xmWbjX0YsY6eZHKuCZaJgCEcrPnCQVrK9hNT1RhmPKWczl7g+LFBgjtcfLHEFSG0JrBw7B5jtC508zLhEMZrFo9CYwLQvi47RIGq8CIVD52pStbi/i5Nz84K99yxSDmEFG9WvsJh7hRhVlbM2m5yKol+ALIUNhC2Alh4WRnqjPDZmkOrApaYlDx/a9g6RWXCUBxY7u2HpPXMUkVntJeaFkaO//KVhAe4UqZ+xfELgGSRVN6m33fOEz/esluOYzaOuNENl7HkME7inFiB+MMPZcZXMJUNrucEEVMsu4Q2pllCPazHkT/3zK6VAdZrHk6E6oggqh7sxQ6ybKDF/SNudp06M+Qbc8h7L2nwFVebQ5aEDNzCKojcVpW0uj1yYR1fKHsEMj+eMYLAnYAoc7avwQzjVU7FCOCZS4/8EAAD///RXNxU=" } diff --git a/auditbeat/module/auditd/_meta/fields.yml b/auditbeat/module/auditd/_meta/fields.yml index 2d1b778e955..92e004e3fc1 100644 --- a/auditbeat/module/auditd/_meta/fields.yml +++ b/auditbeat/module/auditd/_meta/fields.yml @@ -14,10 +14,6 @@ type: alias path: user.id migration: true - - name: euid - type: alias - path: user.effective.id - migration: true - name: fsuid type: alias path: user.filesystem.id @@ -30,10 +26,6 @@ type: alias path: user.group.id migration: true - - name: egid - type: alias - path: user.effective.group.id - migration: true - name: sgid type: alias path: user.saved.group.id @@ -57,10 +49,6 @@ type: alias path: user.name migration: true - - name: euid - type: alias - path: user.effective.name - migration: true - name: fsuid type: alias path: user.filesystem.name @@ -73,10 +61,6 @@ type: alias path: user.group.name migration: true - - name: egid - type: alias - path: user.effective.group.name - migration: true - name: sgid type: alias path: user.saved.group.name diff --git a/auditbeat/module/auditd/audit_linux.go b/auditbeat/module/auditd/audit_linux.go index a2c9e004877..1cd9133a917 100644 --- a/auditbeat/module/auditd/audit_linux.go +++ b/auditbeat/module/auditd/audit_linux.go @@ -20,7 +20,6 @@ package auditd import ( "fmt" "os" - "os/user" "runtime" "strconv" "strings" @@ -462,7 +461,7 @@ func filterRecordType(typ auparse.AuditMessageType) bool { case typ == auparse.AUDIT_REPLACE: return true // Messages from 1300-2999 are valid audit message types. - case typ < auparse.AUDIT_USER_AUTH || typ > auparse.AUDIT_LAST_USER_MSG2: + case (typ < auparse.AUDIT_USER_AUTH || typ > auparse.AUDIT_LAST_USER_MSG2) && typ != auparse.AUDIT_LOGIN: return true } @@ -554,35 +553,67 @@ func buildMetricbeatEvent(msgs []*auparse.AuditMessage, config Config) mb.Event normalizeEventFields(auditEvent, out.RootFields) - switch auditEvent.Category { - case aucoalesce.EventTypeUserLogin: - // Set ECS user fields from the attempted login account. - if usernameOrID := auditEvent.Summary.Actor.Secondary; usernameOrID != "" { - if usr, err := resolveUsernameOrID(usernameOrID); err == nil { - out.RootFields.Put("user.name", usr.Username) - out.RootFields.Put("user.id", usr.Uid) - } else { - // The login account doesn't exists. Treat it as a user name - out.RootFields.Put("user.name", usernameOrID) - out.RootFields.Delete("user.id") + // User set for related.user + var userSet common.StringSet + if config.ResolveIDs { + userSet = make(common.StringSet) + } + + // Copy user.*/group.* fields from event + setECSEntity := func(key string, ent aucoalesce.ECSEntityData, root common.MapStr, set common.StringSet) { + if ent.ID == "" && ent.Name == "" { + return + } + if ent.ID == uidUnset { + ent.ID = "" + } + nameField := key + ".name" + idField := key + ".id" + if ent.ID != "" { + root.Put(idField, ent.ID) + } else { + root.Delete(idField) + } + if ent.Name != "" { + root.Put(nameField, ent.Name) + if set != nil { + set.Add(ent.Name) } + } else { + root.Delete(nameField) } } - return out -} + setECSEntity("user", auditEvent.ECS.User.ECSEntityData, out.RootFields, userSet) + setECSEntity("user.effective", auditEvent.ECS.User.Effective, out.RootFields, userSet) + setECSEntity("user.target", auditEvent.ECS.User.Target, out.RootFields, userSet) + setECSEntity("user.changes", auditEvent.ECS.User.Changes, out.RootFields, userSet) + setECSEntity("group", auditEvent.ECS.Group, out.RootFields, nil) -func resolveUsernameOrID(userOrID string) (usr *user.User, err error) { - usr, err = user.Lookup(userOrID) - if err == nil { - // User found by name - return + if userSet != nil { + if userSet.Count() != 0 { + out.RootFields.Put("related.user", userSet.ToSlice()) + } } - if _, ok := err.(user.UnknownUserError); !ok { - // Lookup failed by a reason other than user not found - return + getStringField := func(key string, m common.MapStr) (str string) { + if asIf, _ := m.GetValue(key); asIf != nil { + str, _ = asIf.(string) + } + return str } - return user.LookupId(userOrID) + + // Remove redundant user.effective.* when it's the same as user.* + removeRedundantEntity := func(target, original string, m common.MapStr) bool { + for _, suffix := range []string{".id", ".name"} { + if value := getStringField(original+suffix, m); value != "" && getStringField(target+suffix, m) == value { + m.Delete(target) + return true + } + } + return false + } + removeRedundantEntity("user.effective", "user", out.RootFields) + return out } func normalizeEventFields(event *aucoalesce.Event, m common.MapStr) { diff --git a/auditbeat/module/auditd/audit_linux_test.go b/auditbeat/module/auditd/audit_linux_test.go index ec0997ef340..17d8a25acb3 100644 --- a/auditbeat/module/auditd/audit_linux_test.go +++ b/auditbeat/module/auditd/audit_linux_test.go @@ -24,7 +24,6 @@ import ( "io/ioutil" "os" "os/exec" - "os/user" "sort" "strings" "testing" @@ -141,20 +140,20 @@ func TestLoginType(t *testing.T) { for idx, expected := range []common.MapStr{ { - "event.category": []string{"authentication"}, - "event.type": []string{"start", "authentication_failure"}, - "event.outcome": "failure", - "user.name": "(invalid user)", - "user.id": nil, - "session": nil, + "event.category": []string{"authentication"}, + "event.type": []string{"start", "authentication_failure"}, + "event.outcome": "failure", + "user.effective.name": "(invalid user)", + "user.id": nil, + "session": nil, }, { - "event.category": []string{"authentication"}, - "event.type": []string{"start", "authentication_success"}, - "event.outcome": "success", - "user.name": "adrian", - "user.audit.id": nil, - "auditd.session": nil, + "event.category": []string{"authentication"}, + "event.type": []string{"start", "authentication_success"}, + "event.outcome": "success", + "user.effective.name": "adrian", + "user.audit.id": nil, + "auditd.session": nil, }, { "event.category": []string{"authentication"}, @@ -355,36 +354,12 @@ func assertNoErrors(t *testing.T, events []mb.Event) { for _, e := range events { t.Log(e) - if e.Error != nil { + if !assert.Nil(t, e.Error) { t.Errorf("received error: %+v", e.Error) } - } -} - -func BenchmarkResolveUsernameOrID(b *testing.B) { - for _, query := range []struct { - input string - name string - id string - err bool - }{ - {input: "0", name: "root", id: "0"}, - {input: "root", name: "root", id: "0"}, - {input: "vagrant", name: "vagrant", id: "1000"}, - {input: "1000", name: "vagrant", id: "1000"}, - {input: "nonexisting", err: true}, - {input: "9987", err: true}, - } { - b.Run(query.input, func(b *testing.B) { - var usr *user.User - var err error - for i := 0; i < b.N; i++ { - usr, err = resolveUsernameOrID(query.input) - } - if assert.Equal(b, query.err, err != nil, fmt.Sprintf("%v", err)) && !query.err { - assert.Equal(b, query.name, usr.Username) - assert.Equal(b, query.id, usr.Uid) - } - }) + errorMsgKey, err := e.RootFields.GetValue("error.message") + if err == nil && !assert.Nil(t, errorMsgKey) { + t.Errorf("event has error messages: %v", errorMsgKey) + } } } diff --git a/auditbeat/module/auditd/fields.go b/auditbeat/module/auditd/fields.go index 5b23bddb2bb..33845baec49 100644 --- a/auditbeat/module/auditd/fields.go +++ b/auditbeat/module/auditd/fields.go @@ -32,5 +32,5 @@ func init() { // AssetAuditd returns asset data. // This is the base64 encoded gzipped contents of module/auditd. func AssetAuditd() string { - return "eJzMXVuPHLdyftevIPwiG7DWznGQBz0cQMfOwyJOIsRSkCAIRlyyuofabrJFsmd2zq8Pipdu9m2ma6QcHD8I3tlh8Vb11VfFIvcNe4bLW8Z7qbx8xZhXvoG37F3+WYITVnVeGf2WfTiCA8YtMH8EVilopGM1aLDcg2RPl/B5lMVaI/sGHl6x9MW3r14x9oZp3sJb1juwrxhjzF86eMtqa/ou/Jy/i/+fv8x7JcMH+eu8UdylTzruj1HeQ+j4Yfhuq2rL48C97WEicqfEXbJgpzCoKhBenWCf2MrtlFupBtzFeWj3Cd4r1/ETyH0i630SwzbvXNSdIsdFJQh3O4XHFSAIrvZKLvaMIB7/PbS8m/Qw2s7MWv+cPmTssWKfLDjTnOCgpPvElGMOPPMm9MGUDoYrjK5U3cfu8RPNPuUuPw3Czqpp8KueK804a3nXKV0zU6FRRfsNA3VB/BFY6jl+Ooj5Hh7qh2Da7M2fmTXG//CQflliwCoKrC3uChJM+ltb1zU8uCmbIBUIYkdFJnRQYsTNHgqdI3RB6SHaC0F4vV92NBPK4hOEz1GEsj6Ebko8Ie0yoY8FstzsaJgJNEr3L/vA5cMR2B///Ds2YEqC9spfEAMCARDe2OvGPPj/satnuJyNHec56Y4LYXrtmeufWuWRbFTGMt4jSHklwpRmXVjTAKULHNJrN0yqaJ4lStNypSkyP+TVKARHKczYIOBh1kcDJ2hudAEvvO2Qpbmf93cbBM97E9xDbezla+eU5eCshGk7bn0L2ruHkvN11ghwbpX2TXp4H7/IuPdWPfUe3MMmNxTnW/42dftwNvZZ6foglQUc/uWKw12ZsuitBe1ZEsMGMZM5OtNbAben+Ef4HvNH7pm3qq7BggzGAyfQfnu+OKdX23s1G7Zy6OpRLLZj3DkjVODqZ4U/s16rF+aMeAY/mYcE55UezerqZH4bv8y4lBb37u92ZkOksy/2aME5XsMBv3tldKNJXpzgTXOdj33IUVIWH2QmSpQkoCnxruO2NfYgQSuQiSCNeP2lBy2mw2qMrm93npsy3bdPYDNwhx1i3OFyqlqPId0zWA3NA/tj2iVL7V2ICZ03uNXYnPVK+1/+lIllbM64lkxwjdDamBPY+XScG1H8pgrMJxQas8ffxrF7wzhrTK30A3vXNHF2jllogp6Mvx4kZSmB4h75Kca5jrfATrzpYTpgC65v/C6l6EUANGNZxdWqcnyIRLlv/OBFUUFAMtNBYuTfJzk/oZAfglaXPK1t+QBqS++9QaoRwmboX7bawv5sfOg012w9andh8cshlI5BFUPfWs0rGpC1IAnaICQT1MgezFhVK82bmSbgf4+/PbBHH5VBG8/Ekes6GglT1Tj9+HkId7g2/gg205WHxVQdCKPlHZONSp4a35zgpVOIIZfJfAZd5gk442r9yOBFQOcDozpj0DfM7Mgd/o9kn1z/ac4dzNNnEH6/7pTbVe6EP4bw0SaB7AnwZy5Q9/vO6AwiO5WpAOo7Neld+cu8wueg40dg34Xxfoejj3iNhPvH5Gl+nAjCNXyTMOWHpS7cqfbffffttGqQlSUdzZnCBRd7Gn/7BA4lZdUMkMod68BWxrYgH9hH16N+4uYPigAv5cZFJtmizwj4ggKiasALiD4g+CbHWBALty+q+V25gL+hyYJULLRwHVOVNpIUeYQGyZXOQw44USRJOCn06snKK9Nrifbz0yinMN8DNQpbqAsKocZZq0LoodWqmD3R000pEwS5S8YyZXJVACIIM2cNNsLu42/zUJaoBqioSRWip6gUWPa960Ao3oT+HDO6ufww6wj/pU7/WWmJNhNnMZCVaKsWKrDIGOV8jZYpjb1rFKx3uUjKQ0uReD4qcQytEIDycIWxcjHYlmjQ+H1WNbzGVWY8DH5lpcnzD3atNOMn4aYYJ7nn+yAOiQR+m1XWtAVXS5GIu5GEFUWmZdfANfhKNR4s6zi6SCaV64xTKxmbVukFGd0Dd6HdOn5ysaAo1/NMOQ2UE07FPg0ypSSNMubAW+NhFh1nmqUcE0ZrEB51EPdl1qNQ3ZGG1EFTTMWEvXTeJAHMQQPIq+aWQ7JE2dtI0OICJfY7EwnaWwWONOQhFE2NM/EbNcjzp4UhIfxQunFgT9iNZaJRGO4qnVdpAK95F079lQaJcGHYJlDqG8JdR1t+h2NOOa0lCHIrjlTdhKYK7ZQH4XubkGshuBZUweOOclv3ISEYg6RA4U4wS5YMMMA/3wcD2G4dBnqtSDAQE+iybDfEF4UOEgEwNF1DFA+2xSCUtMCpTTT1EktsrzVaaGdNbXmLPmjWX2259saSzLPjbTrSd4x3nTUn7GNk+HPiGtKjRF8xNCqga8tuTEdVxzk3GcKRCMfK5ZTLfHc8KT/u/YX1SSVp2zI1h72KGpKFydSUZvEoawzkY07PiJC/nk+toA37cv8f/pt5eJnbRMVb1ZAWqWAF1ngjzBIESHCTlOVf3/3KeFMbq/yx3XJ3XUVTfLBhRStjz9xKDLYtiAtrwR/NwpV6aEnSpzgZctmRhLpJ3mOOxj9/VYDC/+Hrmv/p65r/8lXNj8Z5KnvGdcztqOSr6YwlOY/GCIRl8Gdjn1nRegjnqBITe8Rm6/4NXsj+LcAGtmNijG4GgyaBazI+ZD2V0nUwarXQ2YbKm6frmKjzgj3dtTnbKyl4x59Uo2iYjwHNy9hWLfiw5rb+ClyY8qeUbGQr3EnD+Q1o5BkkUqnhHLA9pe2jAObAo1HMzRe/c3ji4rkx9aFRLU31YheRYL12LMlhX3rogRVEuyASdAph7GWNZwneHWjJjUy0hwKRQkHYWIlVJgpo/htEb4MsbJmISUi5Y+hwUgvs0HA+dCTrxL3N0+iQNIbyiavTMI28R4s6CyE62atJZqWk62oH8YTgtYuHNRvJMtPQZDYyHu7NxDxxrYFGkVOTuH9GRxQEyTpeLwAWOIZatKAyHKKmlklVYvQ9ZyGn9o3wL1S4OaE9CqOR4DHn7cqGEWPVYb8241UHqJKkVc41J0GXw9mKK+xmIX9ySkvq4N1//sokCBWOhEPIBPKneBK/grp2WC1ypt5UzOo6H3xJidZvTcs4O83JCFqmBtJ0slUGbpzyT+UZ+aIPp2o4HfALhgRlqg7h6JpXVTRRVw5ETCMPoCtjhaItONo5LkFsDOhNmfPc93NXjUt8El1/zxqPHvvX9x+ZMHZBBCzaK0X0UJbGUl1aIaCoRKDRyat1BtMyg7n3l5JILYYlQUcUjx4k+LXArOKkBH5iQVmnJ0HoYJmNfn5DRK1OyThc3yj9nNPWDrRcaKPrnz6T2KfrutAowuJVsOX/8/ObX/6XCuJzpriaYRPTY/pd2R9/RImxJYam7uKquXJHF0V3aq8dO4ENOLtu9MK0JNUw4wrHI+RG6dXMGyI3EU9LHE2QfQ1Ns5s6kax+KK0NaYBRRnkUNexmwx3V/mP5YWh5ffihmpO0PsodYqOD5+55WiU1WLqiSAxnX8MolT6CVTc57JQZEaEqNY5wNef4juR3YonipTFcThA3pXnm0c43Tw2ghjugnvQjVmcdLNqO/vzEGyUPCcDu0exp02H+xLxfmn5hk/ORdi9UA398/19D1mGdzRDDFtWJEZHWg5aWi5AIpYgFf0T09NlDhRrSx9/iye0cQe/wU6ke66qTUkTf+vg+5Jxry1tWWV4HGjbWKKzoLi1ZG6AiJhcmfHoN2k4tlRmECGkzlgnZBRKwZVE7IQ2ZKTVk7iyclOldvGm1FugaR2OPgyaPNbdzdKdXduRPtg7wFLFcZGJyGwUjqF1SuWdS2Kbc803F6rgdU/a7nUQZ9GRPESWt1Y80QDpZa0DXQ3n9sPNVw2kxVAd6yB2vnRL3RO3k7OPHpR0Rq20cCCQcudJwJZ0dooDaEtNmkf5H5dnKFR9omfKg6zuTcKieLa2kCb02b0NZhqlYC62xF+SP//KXedwS0i73uO0x65LMQIJQMuS7Zn3cFaXjDHZF6bg64siplXEoH5tx4cHmJMwOFo/Q+60yPMhZTtdyPL1XFckse8+U9mArLjbSJqIl2WUOm6YFtzOZR2NI2Dme+WLLeAyXqIvARVo5e8NdJtd04h7bXk+u0g2KT/WfIa1zLd3sFEkrrmXJpicrZ678wSvaQefG6QrKYoWswVOFDDUpMkhN1oJpNBIiYuXE2S7UomJWfKQiI24JWiuZYtNIInszjaQyOISyO/ZTcmiDZyvv58fAGmdTSh04mLEtLW6PXTWmfu2mrcujJyINQ1PM7GsGszPh/o5QMtwe4bYGHy7ylFmfKyFLy0mh0O3isjP3tKK7aS1vbL+RDgid3+l1ZrKI/CfxnqWcJ2NocJwcYGYQ2B74nC0o0XblJct9CoARr6lC41zAvKK0jRFER3WOkVIoa0/nbYWQCWSMTmuvE4xlIda0yokecaKg4WPdMmmNebxfGOrOkWvkBN9VTqOofLiswwhVCTP/MTmjJkFpeUa9E0olVLxv/Js7cCM1DURzPQ0VYjEq2A1Al4K3IASR6axXMxvo5Dvu3JkMqVE5K2PDUXuQYaxE7K6XeBd2g1ixeqYWPuRSu3u2I3P+jNql0k4vBU8CrxONt5SZobJQ5/rJQxF506B9sQnEJYnGtp3XLEpD9h20pFs62K7njfrrrls6IaVFOyiiV5qQj0QzaRye6lg/ErXETHLCzKs0JZz0U8dbJtPXxmqePn8N1kwu4o7MnphNLhzTWj0ubtRXJMsmMe/CE8XAp+KqIdbEzMKdJGHtkExpWkyt9K2Q+kTy+8nuWMvFceMsskyo7ZLZtry7mo4LeS/iqfpw7J30YLMM46sz89d1AnsgZqaHXLdDWF9JdTv4Qqxpmb6TMd+wv4kL+vJ08bR1GJPfjn3p+fBSQCloXBLq0eC8ICWkRYp7dhMnTXeeg/ffyTwQkanlOgjIt0t1UAPJySfTyM3kU4gXSN60TDHs9KiSWmadjlAf328wjeCiiXe8Fx56+ZiWMsI3xLRkfCTlSw/OD4Uu+ZXBIG+j3sURT5Vjkfg2+crv8pBcVWqTLuQoHXMsS3L7N7AZVKVDy2nefJ5Jw/bzJxhyMmPtzgoRzGPOdfOMMaALvYpk70nr0+cDMVGcssObhMwCd7TbcEUKi0nQJuT6eBIUor/N23eNcuRM2pxLxVQ9StquxKRmVjIu7MmuPPW068MpzeT6p8wyeheOV0pq3xhdOzYw4wkyk+yuRGaCp6IC6SR0WILo/1P2qbcky/r4H4+sM0oHBQ1lh+t5oUjz77hYUKqme+3StYKfpHLhRu1mGe99GZapku7MskS6SuVScz+5UmrV0SQ2+ZTWGc2La0wDCt+ZZ99ZtOrJxYhjAj+VG6EAVa2/6Ukk3OXpya0aUw2kl4+icsRAxkF4RWB6p2MYMu1ad3hNXYkkf+0Foq0L0aqt7771ESJ11fIablwAaeQ9p+5ZzRcn77fO3A/E1cuPdA7+5fqhQyp0p/RwPoayu2gTKfQ+c5dFVX14uFGb9Yzy/ZziVkI5BdMkZzBEQBIa8BvlrrHKfiZ3Wj+++a5fWcu6NaQVil8Us668oDeJbwhSLT/Prww4b/vw5MWym7t7mTz0spQ7uyq/LXl4PLLX6uVaj2lOUTD7Hr/+I1Pd6R/Dv//0Y87orL1ANz65Spgk+enV4uw1PTL0quywfLJ3/THe+JBvfHotP9j4amVs43N07zQzVoaYpElvuvmkA3kMzIIANSSgindKMagZJJ3BQrzR5w2CY9SZ+HCdNCLEoOnlxfj2vXID3qkqPHZibREq5pcYMnvMr2iEN5mMxTaflBZNL+Fg+fmQhpvf7B/kTN7snz5MeuZWK13fuco42ofpYerGIqP25b6WfwbkL8B9fiwojTSuXfGq4uxNx/HviyRqF4Tl4zquZfjdcD1Wwgka04UsAP5SwlM/FuN0ve2MSw+dTZ4ArsGks885mq1OFKcZmuS/eBIGCJXS+bVbYfQJtAqZQqWZ4A7YxfSpNm4MN0BbJY7jdvcuhnRZeoi4lGa/m9p57o6oD4+6BufZvxkJy7eTy6JJpN+g/UET30aYvuE4FqylPYtSFw+HK3/5tj0pf5l3YqFWRn/TbqLIxWxMr729HJQzB2r1adnbr1EOe/zj30MZ6uJxdzNhtYP+gTmE+GnffDCGVb6XEJS+4T788PDq/wIAAP//fdJUmQ==" + return "eJzMXVuPHLdyftevIPwiG7DWznGQBz0cQMfOwyJOIsRSkCAIRlyyuofabrJFsmd2zq8Pipdu9m2ma6QcHD8I3tlh8Vb11VfFIvcNe4bLW8Z7qbx8xZhXvoG37F3+WYITVnVeGf2WfTiCA8YtMH8EVilopGM1aLDcg2RPl/B5lMVaI/sGHl6x9MW3r14x9oZp3sJb1juwrxhjzF86eMtqa/ou/Jy/i/+fv8x7JcMH+eu8UdylTzruj1HeQ+j4Yfhuq2rL48C97WEicqfEXbIqt1NapRpwF+eh3Sd4r1zHTyD3iaz3SQz7sXOQO0XGQRIEV3slF8tKEI//HlreTXoY9XCm+X9OHzL2WLFPFpxpTnBQ0n1iyjEHnnkT+mBKByMQRleq7mP3+Ilmn3KXnwZhZ9U0+FXPlWactbzrlK6ZqVBBoy2Egbog/ggs9Rw/HcR8Dw/1QzAT9ubPzBrjf3hIvyztadWi1hZ3xaom/a2t65pt3ZRNkFpa2U25hUoQuqD0ENWZILzeLztqMWXgBOGlHZKWn9DHwiJvdjTMBBql+5d9RvnhCOyPf/4dGzAlQXvlL2g7wQkJb+x1Ixh80NjVM1zOxo7znHTHhTC99sz1T63y6PAqYxnv0bi9EmFKsy6saYDSBQ7ptRsmVTTPEqVpudIUmR/yahSCoxRmbBDwMOujgRM0N7qAF952yBTcz/u7DYLnvQnuoTb28rVzynJwVsK0Hbe+Be3dQ8k7OmsEOLdKPSY9vI9fZNx7q556D+5hk5+I8y0/lbp9OBv7rHR9kMoCDv9yxVGtTFn01oL2LIlhg5jJHJ3prYDbU/wjfI/5I/fMW1XXYEEG44ETaL89X5zTq+29mg1bOXSRKBbbMe6cESrwxbPCn1mv1QtzRjyDn8xDgvNKj2Z1dTK/jV9mXEqLe/d3O7OBbe/jvy04x2s44HevjG40yYsTvGmu85gPmaln8UFmohJJApoS7zpuW2MPErQCmYjFiNdfetBiOqzG6Pp257kp0337BDYDd9ghxh0up6r1GFY8g9XQPLA/pl2y1N6FuMR5g1uNzVmvtP/lT5mQxeaMa8kE1witjTmBnU/HuRHFb6rAfEKhMXv8bRy7N4yzxtRKP7B3TRNn55iFJujJ+OtBUpYSqOGRn2Ks5XgL7MSbHqYDtuD6xu9Sil4EQDOWVVytKseHSDD7xg9eFBUEJDMdJCb7fZLzEwr5IWh1SaDalg+gtvTeG2QUIWyG/mWrLezPxodOc83Wo3YXFr8cQukYVDH0rdW8ogFZC5KgDUIyQY3swYxVtdK8mWkC/vf42wN79FEZtPFMHLmuo5EwVY3Tj5+HMIFr449gM115WEzVgTBa3jHZqOSp8c0JXjqFGHKZzGfQZZ6AM67WjwxeBHQ+MKozBkvDzI7c4f9I9sn1n+bcwTx9BuH36065XeVO+GMIu2wSyJ4Af+YCdb/vjM4gslOZCqC+U5Pelb/MK3wOOn4E9l0Y73c4+ojXSLh/TJ7mx4kgXMM3CVN+WOrCnWr/3XffTqsGWVnS0ZwpXHCxp/G3T+BQUlbNAKncsQ5sZWwL8oF9dD3qJ27+oAjwUm5cZJIt+oyALyggqga8gOgDgm9yjAWxcPuimt+VC/gbmixIxUIL1zFVaSNJkUdokFzpPOSAE0WShJNCr56svDK9lmg/P41yCvM9UKOwhbqgEGqctSqEHlqtitkTPd2UMkGQu2QscxlXBSCCMHPWYCPsPv42D2WJaoCKmlQheopKgWXfuw6E4k3ozzGjm8sPs47wX+r0n5WWaDNxFgNZibZqoQKLjFHO12iZ0ti7RsF6l4ukPLQUieejEsfQCgEoD1cYKxeDbYkGjd9nVcNrXGXGw+BXVpo8/2DXSjN+Em6KcZJ7vg/ikEjgt1llTVtwtRSJuBvJS1FkWnYNXIOvVOPBso6ji2RSuc44tZKxaZVekNE9cBfareMnFwuKcj3PlNNAOeFU7NMgU0rSKGPuuDUeZtFxplnKMWG0BuFRB3FfZj0K1R1pSB00xVRM2EvnTRLAHDSAvGpuOSRLlL2NBC0uUGK/M5GgvVXgSEMeQtHUOBO/UYM8f1oYEsIPpRsH9oTdWCYaheGu0nmVBvCad+HUX2mQCBeGbQKlviHcdbTldzjmlNNagiC34kjVTWiq0E55EL63CbkWgmtBFTzuKLd1HxKCMUgKFO4Es2TJAAP8830wgO3WYaDXigQDMYEuy3ZDfFHoIBEAQ9M1RPFgWwxCSQuc2kRTL7HE9lqjhXbW1Ja36INm/dWWa28syTw73qZjZcd411lzwj5Ghj8nriE9SvQVQ6MCurbsxnRUdZxzkyEciXCsXE65zHfHk/Lj3l9Yn1SSti1Tc9irqCFZmExNaQZVhVH0EMjHnJ4RIX89n1pBG/bl/j/8N/PwMreJireqIS1SwQqs8UaYJQiQ4CYpy7+++5XxpjZW+WO75e66iqb4YMOKVsaeuZUYbFsQF9aCP5qFK/XQkqRPcTLksiMJdZO8xxyNf/6qAIX/w9c1/9PXNf/lq5ofjfNU9ozrmNtRyVfTGUtyHo0RCMvgz8Y+s6L1EM5RJSb2iM3W/Ru8kP1bgA1sx8QY3QwGTQLXZHzIeiql62DUaqGzDZU3T9cxUecFe7prc7ZXUvCOP6lG0TAfA5qXsa1a8GHNbf0VuDDlTynZyFa4k4bzG9DIM0ikUsM5YHtK20cBzIFHo5ibL37n8MTFc2PqQ6NamurFLiLBeu1YksO+9NADK4h2QSToFMLYyxrPErw70JIbmWhHr6pOUCgIGyuYykQBzX+D6G2QhS0TMQkpdwwdTmqBHRrOh45knbi3eRodksZQPnF1GqaR92hRZyFEJ3s1yayUQl3tIJ4QvHbxsGYjWWYamsxGxsO9mZgnrjXQKHJqEvfP6IiCIFnH6wXAAsdQixZUhkPU1DKpSoy+5yzk1L4R/oUKNye0R2E0EjzmvF3ZMGKsOuzXZrzqAFWStMq55iTocjhbcYXdLORPTmlJHbz7z1+ZBKHCkXAImUD+FE/iV1DXDqtFztSbilld54MvKdH6rWkZZ6c5GUHL1ECaTrbKwI1T/qk8I1/04VQNpwN+wZCgTNUhHF3zqoom6sqBiGnkAXRlrFC0BUc7xyWIjQG9KXOe+37uqnGJT6Lr71nj0WP/+v4jE8YuiIBFe6WIHsrSWKpLKwQUlQg0Onm1zmBaZjD3/lISqcWwJOiI4tGDBL8WmFWclMBPLCjr9CQIHSyz0c9viKjVKRmH6xuln3Pa2oGWC210/dNnEvt0XRcaRVi8Crb8f35+88v/UkF8zhRXM2xieky/K/vjjygxtsTQ1F1cNVfu6KLoTu21YyewAWfXjV6YlqQaZlzheITcKL2aeUPkJuJpiaMJsq+haXZTJ5LVD6W1IQ0wyiiPoobdbLij2n8sPwwtrw8/VHOS1ke5Q2x08Nw9T6ukBktXFInh7GsYpdJHsOomh50yIyJUpcYRruYc35H8TixRvDSGywnipjTPPNr55qkB1HAH1JN+xOqsg0Xb0Z+feKPkIQHYPZo9bTrMn5j3S9MvbHI+0u6FauCP7/9ryDqssxli2KI6MSLSetDSchESoRSx4I+Inj57qFBD+vhbPLmdI+gdfirVY111UoroWx/fh5xzbXnLKsvrQMPGGoUV3aUlawNUxOTChE+vQduppTKDECFtxjIhu0ACtixqJ6QhM6WGzJ2FkzK9izeU1gJd42jscdDkseZ2ju70yo78ydYBniKWi0xMbqNgBLVLKvdMCtuUe76pWB23Y8p+t5Mog57sKaKktfqRBkgnaw3oeiivH3a+ajgthupAD7njtVPinqidnH38uLQjYrWNA4GEI1carqSzQxRQW2LaLNL/qDxbueIDLVMedH1nEg7Vs6WVNKHX5m0oyzAVa6E19oL88V/+Mo9bQtrlHrc9Zl2SGUgQSoZ816yPu6J0nMGuKB1XRxw5tTIO5WMzLjzYnITZweIRer9Vhgc5y+lajqf3qiKZZe+Z0h5sxcVG2kS0JLvMYdO04HYm82gMCTvHM19sGY/hEnURuEgrZ2+4y+SaTtxj2+vJVbpB8an+M6R1rqWbnSJpxbUs2fRk5cyVP3hFO+jcOF1BWayQNXiqkKEmRQapyVowjUZCRKycONuFWlTMig8lZMQtQWslU2waSWRvppFUBodQdsd+Sg5t8GzlvfYYWONsSqkDBzO2pcXtsavG1K/dtHV59ESkYWiKmX3NYHYm3N8RSobbI9zW4MNFnjLrcyVkaTkpFLpdXHbmnlZ0N63lje030gGh8zu9zkwWkf8k3rOU82QMDY6TA8wMAtsDn7MFJdquvGS5TwEw4jVVaJwLmFeUtjGC6KjOMVIKZe3pvK0QMoGM0WntdYKxLMSaVjnRI04UNHysWyatMY/3C0PdOXKNnOC7ymkUlQ+XdRihKmHmPyZn1CQoLc+od0KphIr3jX9zB26kpoForqehQixGBbsB6FLwFoQgMp31amYDnXzHnTuTITUqZ2VsOGoPMoyViN31Eu/CbhArVs/UwodcanfPdmTOn1G7VNrppeBJ4HWi8ZYyM1QW6lw/eSgibxq0LzaBuCTR2LbzmkVpyL6DlnRLB9v1vFF/3XVLJ6S0aAdF9EoT8pFoJo3DUx3rR6KWmElOmHmVpoSTfup4y2T62ljN0+evwZrJRdyR2ROzyYVjWqvHxY36imTZJOZdeKIY+FRcNcSamFm4kySsHZIpTYuplb4VUp9Ifj/ZHWu5OG6cRZYJtV0y25Z3V9NxIe9FPFUfjr2THmyWYXx1Zv66TmAPxMz0kOt2COsrqW4HX4g1LdN3MuYb9jdxQV+eLp62DmPy27EvPR9eCigFjUtCPRqcF6SEtEhxz27ipOnOc/D+O5kHIjK1XAcB+XapDmogOflkGrmZfArxAsmblimGnR5VUsus0xHq4/sNphFcNPGO98JDLx/TUkb4hpiWjI+kfOnB+aHQJb/OF+Rt1Ls44qlyLBLfJl/5XR6Sq0pt0oUcpWOOZUlu/wY2g6p0aDnNm88zadh+/gRDTmas3VkhgnnMuW6eMQZ0oVeR7D1pffp8ICaKU3Z4k5BZ4I52G65IYTEJ2oRcH0+CQvS3efuuUY6cSZtzqZiqR0nblZjUzErGhT3Zlaeedn04pZlc/5RZRu/C8UpJ7Ruja8cGZjxBZpLdlchM8FRUIJ2EDksQ/X/KPvWWZFkf/+ORdUbpoKCh7HA9LxRp/h0XC0rVdK9dulbwk1Qu3KjdLOO9L8MyVdKdWZZIV6lcau4nV0qtOprEJp/SOqN5cY1pQOE78+w7i1Y9uRhxTOCnciMUoKr1Nz2JhLs8PblVY6qB9PJRVI4YyDgIrwhM73QMQ6Zd6w4veiuR5K+9QLR1IVq19d23PkKkrlpew40LII2859Q9q/ni5P3WmfuBuHr5kc7Bv1w/dEiF7pQezsdQdhdtIoXeZ+6yqKoPDzdqs55Rvp9T3Eoop2Ca5AyGCEhCA36j3DVW2c/kTuvHN9/1K2tZt4a0QvGLYtaVF/Qm8Q1BquXn+ZUB520fnrxYdnN3L5OHXpZyZ1fltyUPj0f2Wr1c6zHNKQpm3+PXf2SqO/1j+PeffswZnbUX6MYnVwmTJD+9Wpy9pkeGXpUdlk/2rj/GGx/yjU+v5QcbX62MbXyO7p1mxsoQkzTpTTefdCCPgVkQoIYEVPFOKQY1g6QzWIg3+rxBcIw6Ex+uk0aEGDS9vBjfjFduwDtVhcdOrC1CxfwSQ2aP+RWN8CaTsdjmk9Ki6SUcLD8f0nDzW/eDnMlb99OHSc/caqXrO1cZR/swPUzdWGTUvtzX8k9R/AW4z48FpZHGtSteVZy96Tj+jYtE7YKwfFzHtQy/G67HSjhBY7qQBcBfSnjqx2Kcrredcemhs8kTwDWYdPY5R7PVieI0Q5P8VzfCAKFSOr92K4w+gVYhU6g0E9wBu5g+1caN4QZoq8Rx3O7exZAuSw8Rl9Lsd1M7z90R9eFR1+A8+zcjYfl2clk0ifQbtD9o4tsI0zccx4K1tGdR6uLhcOUv37Yn5S/zTizUyuhv2k0UuZiN6bW3l4Ny5kCtPi17+zXKYY9//HsoQ1087m4mrHbQPzCHED/tmw/GsMr3EoLSN9yHHx5e/V8AAAD//+Sz5kQ=" } diff --git a/auditbeat/module/auditd/golden_files_test.go b/auditbeat/module/auditd/golden_files_test.go new file mode 100644 index 00000000000..adea4781612 --- /dev/null +++ b/auditbeat/module/auditd/golden_files_test.go @@ -0,0 +1,225 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// +build linux + +package auditd + +import ( + "bufio" + "context" + "encoding/json" + "flag" + "io/ioutil" + "os" + "os/user" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/go-libaudit/v2" + "github.com/elastic/go-libaudit/v2/aucoalesce" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/metricbeat/mb" + mbtest "github.com/elastic/beats/v7/metricbeat/mb/testing" +) + +const ( + testDir = "testdata" + testExt = ".log" + testPattern = "*" + testExt + goldenSuffix = "-expected.json" + goldenPattern = testPattern + goldenSuffix + fileTimeout = 3 * time.Minute + terminator = "type=TEST msg=audit(0.0:585): msg=\"terminate\"" +) + +var ( + update = flag.Bool("update", false, "update golden data") + + knownUsers = []user.User{ + {Username: "vagrant", Uid: "1000"}, + {Username: "alice", Uid: "1001"}, + {Username: "oldbob", Uid: "1002"}, + {Username: "charlie", Uid: "1003"}, + {Username: "testuser", Uid: "1004"}, + {Username: "bob", Uid: "9999"}, + } + + knownGroups = []user.Group{ + {Name: "vagrant", Gid: "1000"}, + {Name: "alice", Gid: "1001"}, + {Name: "oldbob", Gid: "1002"}, + {Name: "charlie", Gid: "1003"}, + {Name: "testgroup", Gid: "1004"}, + {Name: "bob", Gid: "9999"}, + } +) + +func readLines(path string) (lines []string, err error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + scanner := bufio.NewScanner(f) + for scanner.Scan() { + lines = append(lines, scanner.Text()) + } + return lines, scanner.Err() +} + +func readGoldenFile(t testing.TB, path string) (events []common.MapStr) { + data, err := ioutil.ReadFile(path) + if err != nil { + t.Fatalf("can't read golden file '%s': %v", path, err) + } + if err = json.Unmarshal(data, &events); err != nil { + t.Fatalf("error decoding JSON from golden file '%s': %v", path, err) + } + return +} + +func normalize(t testing.TB, events []mb.Event) (norm []common.MapStr) { + for _, ev := range events { + var output common.MapStr + data, err := json.Marshal(ev.BeatEvent(moduleName, metricsetName).Fields) + if err != nil { + t.Fatal(err) + } + json.Unmarshal(data, &output) + norm = append(norm, output) + } + return norm +} + +func configForGolden() map[string]interface{} { + return map[string]interface{}{ + "module": "auditd", + "failure_mode": "log", + "socket_type": "unicast", + "include_warnings": true, + "include_raw_message": true, + "resolve_ids": true, + "stream_buffer_consumers": 1, + } +} + +type TerminateFn func(mb.Event) bool +type terminableReporter struct { + events []mb.Event + ctx context.Context + cancel context.CancelFunc + err error + isLast TerminateFn +} + +func (r *terminableReporter) Event(event mb.Event) bool { + if r.ctx.Err() != nil { + return false + } + if r.isLast(event) { + r.cancel() + return false + } + r.events = append(r.events, event) + return true +} + +func (r *terminableReporter) Error(err error) bool { + if r.ctx.Err() != nil && r.err != nil { + r.err = err + r.cancel() + } + return true +} + +func (r *terminableReporter) Done() <-chan struct{} { + return r.ctx.Done() +} + +func runTerminableReporter(timeout time.Duration, ms mb.PushMetricSetV2, isLast TerminateFn) []mb.Event { + ctx, cancel := context.WithTimeout(context.Background(), timeout) + reporter := terminableReporter{ + ctx: ctx, + cancel: cancel, + isLast: isLast, + } + go ms.Run(&reporter) + <-ctx.Done() + return reporter.events +} + +func isTestEvent(event mb.Event) bool { + mt, ok := event.ModuleFields["message_type"] + return ok && mt == "test" +} + +func TestGoldenFiles(t *testing.T) { + // Add testing users and groups to test with resolve_ids enabled. + aucoalesce.HardcodeUsers(knownUsers...) + aucoalesce.HardcodeGroups(knownGroups...) + + sourceFiles, err := filepath.Glob(filepath.Join(testDir, testPattern)) + if err != nil { + t.Fatal(err) + } + + for _, file := range sourceFiles { + testName := strings.TrimSuffix(filepath.Base(file), testExt) + t.Run(testName, func(t *testing.T) { + lines, err := readLines(file) + if err != nil { + t.Fatalf("error reading log file '%s': %v", file, err) + } + mock := NewMock(). + // Get Status response for initClient + returnACK().returnStatus(). + // Send expected ACKs for initialization + returnACK().returnACK().returnACK().returnACK().returnACK(). + // Send audit messages + returnMessage(lines...). + // Send stream terminator + returnMessage(terminator) + + ms := mbtest.NewPushMetricSetV2(t, configForGolden()) + auditMetricSet := ms.(*MetricSet) + auditMetricSet.client.Close() + auditMetricSet.client = &libaudit.AuditClient{Netlink: mock} + mbEvents := runTerminableReporter(fileTimeout, ms, isTestEvent) + t.Logf("Received %d events for %d audit records", len(mbEvents), len(lines)) + assertNoErrors(t, mbEvents) + events := normalize(t, mbEvents) + goldenPath := file + goldenSuffix + if *update { + data, err := json.MarshalIndent(events, "", " ") + if err != nil { + t.Fatal(err) + } + if err = ioutil.WriteFile(goldenPath, data, 0644); err != nil { + t.Fatalf("failed writing golden file '%s': %v", goldenPath, err) + } + } + golden := readGoldenFile(t, goldenPath) + assert.EqualValues(t, golden, events) + }) + } +} diff --git a/auditbeat/module/auditd/testdata/auditlogin.log b/auditbeat/module/auditd/testdata/auditlogin.log new file mode 100644 index 00000000000..6cc3de721f0 --- /dev/null +++ b/auditbeat/module/auditd/testdata/auditlogin.log @@ -0,0 +1,3 @@ +type=LOGIN msg=audit(1611244872.857:1414): pid=27681 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=58 res=1 +type=LOGIN msg=audit(1611244909.293:1465): pid=27768 uid=0 old-auid=1000 auid=1001 tty=pts2 old-ses=58 ses=59 res=1 +type=LOGIN msg=audit(1234877011.799:7734): login pid=26125 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1172 diff --git a/auditbeat/module/auditd/testdata/auditlogin.log-expected.json b/auditbeat/module/auditd/testdata/auditlogin.log-expected.json new file mode 100644 index 00000000000..c2bd2506e81 --- /dev/null +++ b/auditbeat/module/auditd/testdata/auditlogin.log-expected.json @@ -0,0 +1,183 @@ +[ + { + "auditd": { + "data": { + "old-ses": "4294967295", + "tty": "(none)" + }, + "message_type": "login", + "result": "success", + "sequence": 1414, + "session": "58", + "summary": { + "actor": { + "primary": "unset", + "secondary": "root" + }, + "object": { + "primary": "1000", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-login-id-to", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=LOGIN msg=audit(1611244872.857:1414): pid=27681 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=58 res=1" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 27681 + }, + "related": { + "user": [ + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "1000", + "name": "vagrant" + } + } + }, + { + "auditd": { + "data": { + "old-ses": "58", + "tty": "pts2" + }, + "message_type": "login", + "result": "success", + "sequence": 1465, + "session": "59", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "object": { + "primary": "1001", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-login-id-to", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=LOGIN msg=audit(1611244909.293:1465): pid=27768 uid=0 old-auid=1000 auid=1001 tty=pts2 old-ses=58 ses=59 res=1" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 27768 + }, + "related": { + "user": [ + "alice", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1001", + "name": "alice" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1000", + "name": "vagrant", + "old-auid": { + "id": "1000", + "name": "vagrant" + } + } + }, + { + "auditd": { + "data": { + "new_ses": "1172", + "old_ses": "4294967295" + }, + "message_type": "login", + "result": "unknown", + "sequence": 7734, + "session": "", + "summary": { + "actor": { + "primary": "4294967295", + "secondary": "root" + }, + "object": { + "primary": "0", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-login-id-to", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=LOGIN msg=audit(1234877011.799:7734): login pid=26125 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1172" + ], + "outcome": "unknown", + "type": [ + "start" + ] + }, + "process": { + "pid": 26125 + }, + "related": { + "user": [ + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "effective": { + "id": "0", + "name": "root" + }, + "new_auid": { + "id": "0", + "name": "root" + }, + "old_auid": { + "id": "4294967295" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/centos7.log b/auditbeat/module/auditd/testdata/centos7.log new file mode 100644 index 00000000000..a17b4b0c7fd --- /dev/null +++ b/auditbeat/module/auditd/testdata/centos7.log @@ -0,0 +1,8 @@ +type=USER_START msg=audit(1610992796.780:425): pid=10174 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="vagrant" exe="/usr/sbin/sshd" hostname=10.0.2.2 addr=10.0.2.2 terminal=ssh res=success' +type=ADD_GROUP msg=audit(1610992959.555:463): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct="bob" exe="/usr/sbin/useradd" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success' +type=ADD_USER msg=audit(1610992959.558:464): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user id=1002 exe="/usr/sbin/useradd" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054112.528:629): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-primary-group id=1002 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054112.538:631): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=1002 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054337.523:639): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-uid id=9999 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054337.530:641): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-mail-file-owner id=9999 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054337.531:642): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=9999 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' diff --git a/auditbeat/module/auditd/testdata/centos7.log-expected.json b/auditbeat/module/auditd/testdata/centos7.log-expected.json new file mode 100644 index 00000000000..8df1f7943f8 --- /dev/null +++ b/auditbeat/module/auditd/testdata/centos7.log-expected.json @@ -0,0 +1,621 @@ +[ + { + "auditd": { + "data": { + "acct": "vagrant", + "grantors": "pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog", + "hostname": "10.0.2.2", + "op": "PAM:session_open", + "terminal": "ssh" + }, + "message_type": "user_start", + "result": "success", + "sequence": 425, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "ssh", + "secondary": "10.0.2.2", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610992796.780:425): pid=10174 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct=\"vagrant\" exe=\"/usr/sbin/sshd\" hostname=10.0.2.2 addr=10.0.2.2 terminal=ssh res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 10174 + }, + "related": { + "user": [ + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "10.0.2.2" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "sshd_t", + "level": "s0-s0", + "role": "system_r", + "user": "system_u" + } + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost.localdomain", + "op": "add-group", + "terminal": "pts/1" + }, + "message_type": "add_group", + "result": "success", + "sequence": 463, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/useradd", + "object": { + "primary": "bob", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610992959.555:463): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct=\"bob\" exe=\"/usr/sbin/useradd\" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "9999", + "name": "bob" + }, + "process": { + "executable": "/usr/sbin/useradd", + "pid": 10246 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "localhost.localdomain", + "id": "1002", + "op": "add-user", + "terminal": "pts/1" + }, + "message_type": "add_user", + "result": "success", + "sequence": 464, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/useradd", + "object": { + "primary": "1002", + "type": "account" + } + } + }, + "event": { + "action": "added-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_USER msg=audit(1610992959.558:464): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user id=1002 exe=\"/usr/sbin/useradd\" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "creation" + ] + }, + "process": { + "executable": "/usr/sbin/useradd", + "pid": 10246 + }, + "related": { + "user": [ + "oldbob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "1002", + "name": "oldbob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "1002", + "op": "changing-primary-group", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 629, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "oldbob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054112.528:629): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-primary-group id=1002 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20839 + }, + "related": { + "user": [ + "oldbob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "1002", + "name": "oldbob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "1002", + "op": "updating-home-dir-owner", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 631, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "oldbob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054112.538:631): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=1002 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20839 + }, + "related": { + "user": [ + "oldbob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "1002", + "name": "oldbob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "9999", + "op": "changing-uid", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 639, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054337.523:639): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-uid id=9999 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20862 + }, + "related": { + "user": [ + "bob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "9999", + "name": "bob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "9999", + "op": "updating-mail-file-owner", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 641, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054337.530:641): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-mail-file-owner id=9999 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20862 + }, + "related": { + "user": [ + "bob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "9999", + "name": "bob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "9999", + "op": "updating-home-dir-owner", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 642, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054337.531:642): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=9999 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20862 + }, + "related": { + "user": [ + "bob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "9999", + "name": "bob" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/chown.log b/auditbeat/module/auditd/testdata/chown.log new file mode 100644 index 00000000000..88995214e36 --- /dev/null +++ b/auditbeat/module/auditd/testdata/chown.log @@ -0,0 +1,4 @@ +type=SYSCALL msg=audit(1611091464.740:263): arch=c000003e syscall=260 success=yes exit=0 a0=ffffffffffffff9c a1=12d6210 a2=3e9 a3=ffffffff items=1 ppid=9492 pid=9494 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=8 comm="chown" exe="/usr/bin/chown" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=CWD msg=audit(1611091464.740:263): cwd="/home/vagrant" +type=PATH msg=audit(1611091464.740:263): item=0 name="test" inode=921833 dev=fd:02 mode=0100664 ouid=9999 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 +type=PROCTITLE msg=audit(1611091464.740:263): proctitle=63686F776E002D5200616C6963650074657374 diff --git a/auditbeat/module/auditd/testdata/chown.log-expected.json b/auditbeat/module/auditd/testdata/chown.log-expected.json new file mode 100644 index 00000000000..502ff7b51b5 --- /dev/null +++ b/auditbeat/module/auditd/testdata/chown.log-expected.json @@ -0,0 +1,134 @@ +[ + { + "auditd": { + "data": { + "a0": "ffffffffffffff9c", + "a1": "12d6210", + "a2": "3e9", + "a3": "ffffffff", + "arch": "x86_64", + "exit": "0", + "syscall": "fchownat", + "tty": "pts2" + }, + "message_type": "syscall", + "paths": [ + { + "cap_fe": "0", + "cap_fi": "0000000000000000", + "cap_fp": "0000000000000000", + "cap_fver": "0", + "dev": "fd:02", + "inode": "921833", + "item": "0", + "mode": "0100664", + "name": "test", + "obj_domain": "user_home_t", + "obj_level": "s0", + "obj_role": "object_r", + "obj_user": "unconfined_u", + "objtype": "NORMAL", + "ogid": "1000", + "ouid": "9999", + "rdev": "00:00" + } + ], + "result": "success", + "sequence": 263, + "session": "8", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/bin/chown", + "object": { + "primary": "test", + "type": "file" + } + } + }, + "event": { + "action": "changed-file-ownership-of", + "category": [ + "file" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611091464.740:263): arch=c000003e syscall=260 success=yes exit=0 a0=ffffffffffffff9c a1=12d6210 a2=3e9 a3=ffffffff items=1 ppid=9492 pid=9494 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=8 comm=\"chown\" exe=\"/usr/bin/chown\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=CWD msg=audit(1611091464.740:263): cwd=\"/home/vagrant\"", + "type=PATH msg=audit(1611091464.740:263): item=0 name=\"test\" inode=921833 dev=fd:02 mode=0100664 ouid=9999 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0", + "type=PROCTITLE msg=audit(1611091464.740:263): proctitle=63686F776E002D5200616C6963650074657374" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "file": { + "device": "00:00", + "gid": "1000", + "group": "vagrant", + "inode": "921833", + "mode": "0664", + "owner": "bob", + "path": "test", + "selinux": { + "domain": "user_home_t", + "level": "s0", + "role": "object_r", + "user": "unconfined_u" + }, + "uid": "9999" + }, + "process": { + "executable": "/usr/bin/chown", + "name": "chown", + "pid": 9494, + "ppid": 9492, + "title": "chown -R alice test", + "working_directory": "/home/vagrant" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "filesystem": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/passwd.log b/auditbeat/module/auditd/testdata/passwd.log new file mode 100644 index 00000000000..6ae44815ba4 --- /dev/null +++ b/auditbeat/module/auditd/testdata/passwd.log @@ -0,0 +1,4 @@ +type=USER_CHAUTHTOK msg=audit(1610986912.458:797): pid=13107 uid=0 auid=1002 ses=15 msg='op=PAM:chauthtok acct="bob" exe="/usr/bin/passwd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/1 res=success' +type=USER_CHAUTHTOK msg=audit(1610987544.541:805): pid=13379 uid=0 auid=1000 ses=14 msg='op=changing comment id=1003 exe="/usr/sbin/usermod" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_CHAUTHTOK msg=audit(1610987708.643:810): pid=13519 uid=0 auid=1000 ses=14 msg='op=changing name id=1003 exe="/usr/sbin/usermod" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610988774.279:815): pid=13812 uid=0 auid=1000 ses=14 msg='op=changing /etc/group; group bob/1003, new name: bobby acct="bob" exe="/usr/sbin/groupmod" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success' diff --git a/auditbeat/module/auditd/testdata/passwd.log-expected.json b/auditbeat/module/auditd/testdata/passwd.log-expected.json new file mode 100644 index 00000000000..d12ceeb5739 --- /dev/null +++ b/auditbeat/module/auditd/testdata/passwd.log-expected.json @@ -0,0 +1,282 @@ +[ + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:chauthtok", + "terminal": "pts/1" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 797, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/passwd", + "object": { + "primary": "pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610986912.458:797): pid=13107 uid=0 auid=1002 ses=15 msg='op=PAM:chauthtok acct=\"bob\" exe=\"/usr/bin/passwd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/bin/passwd", + "pid": 13107 + }, + "related": { + "user": [ + "bob", + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob", + "target": { + "id": "9999", + "name": "bob" + } + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1003", + "op": "changing", + "terminal": "pts/2" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 805, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "charlie" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610987544.541:805): pid=13379 uid=0 auid=1000 ses=14 msg='op=changing comment id=1003 exe=\"/usr/sbin/usermod\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 13379 + }, + "related": { + "user": [ + "charlie", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1003", + "name": "charlie" + } + } + }, + { + "auditd": { + "data": { + "hostname": "ubuntu-bionic", + "id": "1003", + "op": "changing", + "terminal": "pts/2" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 810, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "charlie" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/2", + "secondary": "ubuntu-bionic", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610987708.643:810): pid=13519 uid=0 auid=1000 ses=14 msg='op=changing name id=1003 exe=\"/usr/sbin/usermod\" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 13519 + }, + "related": { + "user": [ + "charlie", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1003", + "name": "charlie" + } + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "hostname": "ubuntu-bionic", + "op": "changing", + "terminal": "pts/2" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 815, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/groupmod", + "object": { + "primary": "pts/2", + "secondary": "ubuntu-bionic", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610988774.279:815): pid=13812 uid=0 auid=1000 ses=14 msg='op=changing /etc/group; group bob/1003, new name: bobby acct=\"bob\" exe=\"/usr/sbin/groupmod\" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/sbin/groupmod", + "pid": 13812 + }, + "related": { + "user": [ + "bob", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1000", + "name": "vagrant" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/setuid.log b/auditbeat/module/auditd/testdata/setuid.log new file mode 100644 index 00000000000..1e0292a8e67 --- /dev/null +++ b/auditbeat/module/auditd/testdata/setuid.log @@ -0,0 +1,6 @@ +type=SYSCALL msg=audit(1611163038.267:531): arch=c000003e syscall=106 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="setuids" exe="/tmp/setuids" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=PROCTITLE msg=audit(1611163038.267:531): proctitle="/tmp/setuids" +type=SYSCALL msg=audit(1611163038.267:529): arch=c000003e syscall=117 success=yes exit=0 a0=ffffffffffffffff a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="setuids" exe="/tmp/setuids" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=PROCTITLE msg=audit(1611163038.267:529): proctitle="/tmp/setuids" +type=SYSCALL msg=audit(1611163038.267:530): arch=c000003e syscall=105 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=0 fsgid=1000 tty=pts0 ses=1 comm="setuids" exe="/tmp/setuids" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=PROCTITLE msg=audit(1611163038.267:530): proctitle="/tmp/setuids" diff --git a/auditbeat/module/auditd/testdata/setuid.log-expected.json b/auditbeat/module/auditd/testdata/setuid.log-expected.json new file mode 100644 index 00000000000..f5d29f8453e --- /dev/null +++ b/auditbeat/module/auditd/testdata/setuid.log-expected.json @@ -0,0 +1,291 @@ +[ + { + "auditd": { + "data": { + "a0": "0", + "a1": "3e8", + "a2": "ffffffffffffffff", + "a3": "7ffe354fcc60", + "arch": "x86_64", + "exit": "0", + "syscall": "setgid", + "tty": "pts0" + }, + "message_type": "syscall", + "result": "success", + "sequence": 531, + "session": "1", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "setgid", + "object": { + "type": "process" + } + } + }, + "event": { + "action": "changed-identity-of", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611163038.267:531): arch=c000003e syscall=106 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=\"setuids\" exe=\"/tmp/setuids\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=PROCTITLE msg=audit(1611163038.267:531): proctitle=\"/tmp/setuids\"" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "process": { + "executable": "/tmp/setuids", + "name": "setuids", + "pid": 19930, + "ppid": 1541, + "title": "/tmp/setuids" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "filesystem": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "group": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + }, + { + "auditd": { + "data": { + "a0": "ffffffffffffffff", + "a1": "3e8", + "a2": "ffffffffffffffff", + "a3": "7ffe354fcc60", + "arch": "x86_64", + "exit": "0", + "syscall": "setresuid", + "tty": "pts0" + }, + "message_type": "syscall", + "result": "success", + "sequence": 529, + "session": "1", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "setresuid", + "object": { + "type": "process" + } + } + }, + "event": { + "action": "changed-identity-of", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611163038.267:529): arch=c000003e syscall=117 success=yes exit=0 a0=ffffffffffffffff a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=\"setuids\" exe=\"/tmp/setuids\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=PROCTITLE msg=audit(1611163038.267:529): proctitle=\"/tmp/setuids\"" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "process": { + "executable": "/tmp/setuids", + "name": "setuids", + "pid": 19930, + "ppid": 1541, + "title": "/tmp/setuids" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "filesystem": { + "group": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + }, + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "1000", + "name": "vagrant", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + }, + { + "auditd": { + "data": { + "a0": "0", + "a1": "3e8", + "a2": "ffffffffffffffff", + "a3": "7ffe354fcc60", + "arch": "x86_64", + "exit": "0", + "syscall": "setuid", + "tty": "pts0" + }, + "message_type": "syscall", + "result": "success", + "sequence": 530, + "session": "1", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "setuid", + "object": { + "type": "process" + } + } + }, + "event": { + "action": "changed-identity-of", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611163038.267:530): arch=c000003e syscall=105 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=0 fsgid=1000 tty=pts0 ses=1 comm=\"setuids\" exe=\"/tmp/setuids\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=PROCTITLE msg=audit(1611163038.267:530): proctitle=\"/tmp/setuids\"" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "process": { + "executable": "/tmp/setuids", + "name": "setuids", + "pid": 19930, + "ppid": 1541, + "title": "/tmp/setuids" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "0", + "name": "root" + }, + "filesystem": { + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "0", + "name": "root" + }, + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "1000", + "name": "vagrant", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/sudo-asuser.log b/auditbeat/module/auditd/testdata/sudo-asuser.log new file mode 100644 index 00000000000..f9e02e9469a --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo-asuser.log @@ -0,0 +1,5 @@ +type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd="/home/alice" cmd="bash" terminal=pts/1 res=success' +type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' diff --git a/auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json b/auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json new file mode 100644 index 00000000000..61aa7ffbdb5 --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json @@ -0,0 +1,322 @@ +[ + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 458, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 459, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "cmd": "bash", + "terminal": "pts/1" + }, + "message_type": "user_cmd", + "result": "success", + "sequence": 460, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "oldbob" + }, + "object": { + "primary": "bash", + "type": "process" + } + } + }, + "event": { + "action": "ran-command", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd=\"/home/alice\" cmd=\"bash\" terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 14178, + "working_directory": "/home/alice" + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_refr", + "result": "success", + "sequence": 461, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "refreshed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 462, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/sudo.log b/auditbeat/module/auditd/testdata/sudo.log new file mode 100644 index 00000000000..086e7683f4c --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo.log @@ -0,0 +1,20 @@ +type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd="/home/alice" cmd="bash" terminal=pts/1 res=success' +type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_AUTH msg=audit(1610876634.103:457): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=failed' +type=CRED_ACQ msg=audit(1610735886.818:434): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ACCT msg=audit(1610735886.818:433): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:accounting acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_AUTH msg=audit(1610735886.818:432): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1610735886.818:431): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=CRED_REFR msg=audit(1610735886.818:430): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_CMD msg=audit(1610735886.818:429): pid=11791 uid=1002 auid=1002 ses=15 msg='cwd="/home/alice" cmd="su" terminal=pts/1 res=success' +type=USER_ACCT msg=audit(1610735886.818:428): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_AUTH msg=audit(1610735886.818:427): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ROLE_CHANGE msg=audit(1610735886.822:436): pid=11793 uid=0 auid=1002 ses=15 msg='op=su acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success selected-context=1234' +type=USER_START msg=audit(1610735886.822:435): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=CRED_DISP msg=audit(1610735949.474:440): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_END msg=audit(1610735949.474:439): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=CRED_DISP msg=audit(1610735949.474:438): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_END msg=audit(1610735949.474:437): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' diff --git a/auditbeat/module/auditd/testdata/sudo.log-expected.json b/auditbeat/module/auditd/testdata/sudo.log-expected.json new file mode 100644 index 00000000000..838e8b1831a --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo.log-expected.json @@ -0,0 +1,1293 @@ +[ + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 458, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 459, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "cmd": "bash", + "terminal": "pts/1" + }, + "message_type": "user_cmd", + "result": "success", + "sequence": 460, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "oldbob" + }, + "object": { + "primary": "bash", + "type": "process" + } + } + }, + "event": { + "action": "ran-command", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd=\"/home/alice\" cmd=\"bash\" terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 14178, + "working_directory": "/home/alice" + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_refr", + "result": "success", + "sequence": 461, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "refreshed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 462, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "fail", + "sequence": 457, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610876634.103:457): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=failed'" + ], + "outcome": "failure", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_acq", + "result": "success", + "sequence": 434, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "acquired-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_ACQ msg=audit(1610735886.818:434): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 433, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610735886.818:433): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:accounting acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 432, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610735886.818:432): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 431, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610735886.818:431): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_refr", + "result": "success", + "sequence": 430, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "refreshed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_REFR msg=audit(1610735886.818:430): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "cmd": "su", + "terminal": "pts/1" + }, + "message_type": "user_cmd", + "result": "success", + "sequence": 429, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "oldbob" + }, + "object": { + "primary": "su", + "type": "process" + } + } + }, + "event": { + "action": "ran-command", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=USER_CMD msg=audit(1610735886.818:429): pid=11791 uid=1002 auid=1002 ses=15 msg='cwd=\"/home/alice\" cmd=\"su\" terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 11791, + "working_directory": "/home/alice" + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 428, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610735886.818:428): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 427, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610735886.818:427): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "su", + "selected-context": "1234", + "terminal": "/dev/pts/1" + }, + "message_type": "user_role_change", + "result": "success", + "sequence": 436, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "1234", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-role-to", + "category": "mac", + "kind": "event", + "original": [ + "type=USER_ROLE_CHANGE msg=audit(1610735886.822:436): pid=11793 uid=0 auid=1002 ses=15 msg='op=su acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success selected-context=1234'" + ], + "outcome": "success" + }, + "process": { + "executable": "/bin/su", + "pid": 11793 + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "0", + "name": "root" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 435, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610735886.822:435): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_disp", + "result": "success", + "sequence": 440, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "disposed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_DISP msg=audit(1610735949.474:440): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:session_close", + "terminal": "/dev/pts/1" + }, + "message_type": "user_end", + "result": "success", + "sequence": 439, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "ended-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_END msg=audit(1610735949.474:439): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "end" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_disp", + "result": "success", + "sequence": 438, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "disposed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_DISP msg=audit(1610735949.474:438): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:session_close", + "terminal": "/dev/pts/1" + }, + "message_type": "user_end", + "result": "success", + "sequence": 437, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "ended-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_END msg=audit(1610735949.474:437): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "end" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/useradd.log b/auditbeat/module/auditd/testdata/useradd.log new file mode 100644 index 00000000000..3f99f5e3b41 --- /dev/null +++ b/auditbeat/module/auditd/testdata/useradd.log @@ -0,0 +1,8 @@ +type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe="/usr/sbin/useradd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe="/sbin/pam_tally2" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success' +type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct="charlie" exe="/usr/bin/passwd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' diff --git a/auditbeat/module/auditd/testdata/useradd.log-expected.json b/auditbeat/module/auditd/testdata/useradd.log-expected.json new file mode 100644 index 00000000000..b737a91893b --- /dev/null +++ b/auditbeat/module/auditd/testdata/useradd.log-expected.json @@ -0,0 +1,551 @@ +[ + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "op": "adding", + "terminal": "pts/2" + }, + "message_type": "add_group", + "result": "success", + "sequence": 584, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/groupadd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "1004", + "name": "testgroup" + }, + "process": { + "executable": "/usr/sbin/groupadd", + "pid": 2940 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "op": "adding", + "terminal": "pts/2" + }, + "message_type": "add_group", + "result": "success", + "sequence": 586, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/groupadd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "1004", + "name": "testgroup" + }, + "process": { + "executable": "/usr/sbin/groupadd", + "pid": 2940 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "terminal": "pts/2" + }, + "message_type": "add_group", + "result": "success", + "sequence": 587, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/groupadd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "1004", + "name": "testgroup" + }, + "process": { + "executable": "/usr/sbin/groupadd", + "pid": 2940 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "op": "adding", + "terminal": "pts/2" + }, + "message_type": "add_user", + "result": "success", + "sequence": 591, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/useradd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe=\"/usr/sbin/useradd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "creation" + ] + }, + "process": { + "executable": "/usr/sbin/useradd", + "pid": 2945 + }, + "related": { + "user": [ + "root", + "testuser", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1004", + "name": "testuser" + } + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "localhost", + "reset": "0", + "terminal": "/dev/pts/2" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 593, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "testuser" + }, + "how": "/sbin/pam_tally2", + "object": { + "primary": "/dev/pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe=\"/sbin/pam_tally2\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/sbin/pam_tally2", + "pid": 2948 + }, + "related": { + "user": [ + "testuser", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "1004", + "name": "testuser" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "acct": "charlie", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:chauthtok", + "terminal": "pts/2" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 594, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "charlie" + }, + "how": "/usr/bin/passwd", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct=\"charlie\" exe=\"/usr/bin/passwd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/bin/passwd", + "pid": 2953 + }, + "related": { + "user": [ + "charlie", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1003", + "name": "charlie" + } + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:authentication", + "terminal": "pts/2" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 595, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/bin/chfn", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/chfn", + "pid": 2954 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:accounting", + "terminal": "pts/2" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 596, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/bin/chfn", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/chfn", + "pid": 2954 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/userlogin.log b/auditbeat/module/auditd/testdata/userlogin.log new file mode 100644 index 00000000000..cd4603826f7 --- /dev/null +++ b/auditbeat/module/auditd/testdata/userlogin.log @@ -0,0 +1,4 @@ +type=USER_LOGIN msg=audit(1553501549.148:110544844): user pid=374 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=localhost addr=1.2.3.4 terminal=ssh res=failed' +type=USER_LOGIN msg=audit(1553452002.231:110276965): user pid=10318 uid=0 auid=700 ses=5388 msg='op=login id=700 exe="/usr/sbin/sshd" hostname=1.2.3.4 addr=1.2.3.4 terminal=/dev/pts/0 res=success' +type=USER_AUTH msg=audit(1552714590.571:21114): pid=11312 uid=0 auid=0 ses=62 msg='op=PAM:authentication acct="bob" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/0 res=success' +type=CRED_ACQ msg=audit(1553557236.015:4088825): pid=9033 uid=0 auid=1001 ses=352 msg='op=PAM:setcred acct="bob" exe="/usr/sbin/sshd" hostname=localhost addr=127.0.0.1 terminal=ssh res=success' diff --git a/auditbeat/module/auditd/testdata/userlogin.log-expected.json b/auditbeat/module/auditd/testdata/userlogin.log-expected.json new file mode 100644 index 00000000000..43de97179d4 --- /dev/null +++ b/auditbeat/module/auditd/testdata/userlogin.log-expected.json @@ -0,0 +1,257 @@ +[ + { + "auditd": { + "data": { + "acct": "(unknown)", + "hostname": "localhost", + "op": "login", + "terminal": "ssh" + }, + "message_type": "user_login", + "result": "fail", + "sequence": 110544844, + "summary": { + "actor": { + "primary": "unset", + "secondary": "(unknown)" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "ssh", + "secondary": "1.2.3.4", + "type": "user-session" + } + } + }, + "event": { + "action": "logged-in", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_LOGIN msg=audit(1553501549.148:110544844): user pid=374 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=\"(unknown)\" exe=\"/usr/sbin/sshd\" hostname=localhost addr=1.2.3.4 terminal=ssh res=failed'" + ], + "outcome": "failure", + "type": [ + "start", + "authentication_failure" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 374 + }, + "related": { + "user": [ + "(unknown)" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "1.2.3.4" + }, + "user": { + "effective": { + "name": "(unknown)" + } + } + }, + { + "auditd": { + "data": { + "hostname": "1.2.3.4", + "id": "700", + "op": "login", + "terminal": "/dev/pts/0" + }, + "message_type": "user_login", + "result": "success", + "sequence": 110276965, + "session": "5388", + "summary": { + "actor": { + "primary": "700", + "secondary": "700" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "/dev/pts/0", + "secondary": "1.2.3.4", + "type": "user-session" + } + } + }, + "event": { + "action": "logged-in", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_LOGIN msg=audit(1553452002.231:110276965): user pid=10318 uid=0 auid=700 ses=5388 msg='op=login id=700 exe=\"/usr/sbin/sshd\" hostname=1.2.3.4 addr=1.2.3.4 terminal=/dev/pts/0 res=success'" + ], + "outcome": "success", + "type": [ + "start", + "authentication_success" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 10318 + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "1.2.3.4" + }, + "user": { + "audit": { + "id": "700" + }, + "id": "700" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/0" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 21114, + "session": "62", + "summary": { + "actor": { + "primary": "root", + "secondary": "bob" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/0", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1552714590.571:21114): pid=11312 uid=0 auid=0 ses=62 msg='op=PAM:authentication acct=\"bob\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/0 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11312 + }, + "related": { + "user": [ + "bob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "0", + "name": "root" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "0", + "name": "root" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "ssh" + }, + "message_type": "cred_acq", + "result": "success", + "sequence": 4088825, + "session": "352", + "summary": { + "actor": { + "primary": "alice", + "secondary": "bob" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "ssh", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "acquired-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_ACQ msg=audit(1553557236.015:4088825): pid=9033 uid=0 auid=1001 ses=352 msg='op=PAM:setcred acct=\"bob\" exe=\"/usr/sbin/sshd\" hostname=localhost addr=127.0.0.1 terminal=ssh res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 9033 + }, + "related": { + "user": [ + "alice", + "bob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1001", + "name": "alice" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1001", + "name": "alice" + } + } +] \ No newline at end of file diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index b94b9e22a0f..bdb00d656b3 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -525,54 +525,6 @@ type: keyword Name of the group. -type: keyword - --- - -[float] -=== effective - -Effective user information. - - -*`user.effective.id`*:: -+ --- -Effective user ID. - -type: keyword - --- - -*`user.effective.name`*:: -+ --- -Effective user name. - -type: keyword - --- - -[float] -=== group - -Effective group information. - - -*`user.effective.group.id`*:: -+ --- -Effective group ID. - -type: keyword - --- - -*`user.effective.group.name`*:: -+ --- -Effective group name. - type: keyword -- @@ -41334,7 +41286,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -41387,7 +41339,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -42578,6 +42530,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -43652,6 +43617,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -43822,6 +43800,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -46973,6 +46964,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -47148,6 +47140,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -47158,6 +47263,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -47261,6 +47479,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -47377,6 +47708,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- @@ -47962,11 +48306,6 @@ example: 0 -- -[float] -=== audit - - - *`elasticsearch.audit.layer`*:: + @@ -48030,6 +48369,27 @@ example: ['kibana_admin', 'beats_admin'] -- +*`elasticsearch.audit.user.run_as.name`*:: ++ +-- +type: keyword + +-- + +*`elasticsearch.audit.user.run_as.realm`*:: ++ +-- +type: keyword + +-- + +*`elasticsearch.audit.component`*:: ++ +-- +type: keyword + +-- + *`elasticsearch.audit.action`*:: + -- @@ -48126,6 +48486,13 @@ type: text -- +*`elasticsearch.audit.invalidate.apikeys.owned_by_authenticated_user`*:: ++ +-- +type: boolean + +-- + [float] === deprecation @@ -110208,6 +110575,13 @@ Fields from Office 365 Management API audit logs. +*`o365.audit.AADGroupId`*:: ++ +-- +type: keyword + +-- + *`o365.audit.Actor`*:: + -- @@ -110348,6 +110722,13 @@ type: text -- +*`o365.audit.CommunicationType`*:: ++ +-- +type: keyword + +-- + *`o365.audit.CorrelationId`*:: + -- @@ -110383,6 +110764,13 @@ type: keyword -- +*`o365.audit.DoNotDistributeEvent`*:: ++ +-- +type: boolean + +-- + *`o365.audit.EntityType`*:: + -- @@ -110390,6 +110778,13 @@ type: keyword -- +*`o365.audit.ErrorNumber`*:: ++ +-- +type: keyword + +-- + *`o365.audit.EventData`*:: + -- @@ -110425,6 +110820,13 @@ type: keyword -- +*`o365.audit.FromApp`*:: ++ +-- +type: boolean + +-- + *`o365.audit.GroupName`*:: + -- @@ -110474,6 +110876,13 @@ type: keyword -- +*`o365.audit.IsDocLib`*:: ++ +-- +type: boolean + +-- + *`o365.audit.Item.*`*:: + -- @@ -110488,6 +110897,13 @@ type: object -- +*`o365.audit.ItemCount`*:: ++ +-- +type: long + +-- + *`o365.audit.ItemName`*:: + -- @@ -110502,6 +110918,34 @@ type: keyword -- +*`o365.audit.ListBaseTemplateType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListBaseType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListColor`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListIcon`*:: ++ +-- +type: keyword + +-- + *`o365.audit.ListId`*:: + -- @@ -110509,6 +110953,13 @@ type: keyword -- +*`o365.audit.ListTitle`*:: ++ +-- +type: keyword + +-- + *`o365.audit.ListItemUniqueId`*:: + -- @@ -110789,6 +111240,13 @@ type: keyword -- +*`o365.audit.TemplateTypeId`*:: ++ +-- +type: keyword + +-- + *`o365.audit.UniqueSharingId`*:: + -- diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index fc47070e6e2..5d99d5a7ede 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h79+Y2ciRB/P/5FAh2xM/S/KgSSb192zshS/K0duTHtuTu3Z3eoMAqkESrCNAFlGj2xUXc17ivd5/kApkACvWgRD1oyW45eiZEsiqBTCQSmYl8rKl1+6MFagAWc8G7GuRFr3RVR7ICMp3X6PGXQgo4ukDwHbXAwbFo7SBCY51jBQjbIlOzbEJaHl7LyA841QKwbhaiMnEVAX/Zn62VaIU3c11Ti8PCQrR9aKktSqEqQ4R4WA/IeWkAtJ8BCwsxqFMDRujvuUCmgPsqdBbat5uAFaQVUtdADkEEm2XECMeqSX2E4DcdCuUrMfR60SQhik2o0DzG26MvcMZSQdgXDH9sl4Q6x974wzw1j11zgy7/gxUXygZRlkE7jcKV5tydmR9jaAxnB1OgCHUHCfo77U2l0jxNCUPvG9awwaaaxqYOfK9AsCEP2kjS6TST04xTzdL5XYxrdAavSnECrsejzy6M9z4DDl7ATAZ8lMtcpXPkZnjHS3m4ZlU+fz3lCvoUn35sE+rcbeAhzgX/QpQ0fBIR8p8FZWk6o3OF/vbykU1nbk6O7y8j+8UlkqysowmjRRU3y0nu6mCBJzvi00szlcsIp3XZJgmbMnDaE2l1BiJF4Eg0x2klwoeqSORGSVhiXRYF+diyPAiH0BS6JBctUmiupZATmSvXlx/oXnztJ+hagyOgtcPz9+u1QjgQoEzjceFpQlJihChrOKF3ursHVZxDN8zzLriwfFjRhwCn5nC7v0s5Shk5Ozsq0aMhWmeZCNHwtXINRojLgeIt0IEnkPeWJVBE15dqv9yhGhn7lpnd69IfZ4Pwy07pEZNRzPV8VWUAj7ieN6/OOyl0xipNfGE6UmgumFhZacL3pZKEdrDa/N7LTI/JIUSY0IZJ5kJn8z5XsqGo0OOQDocgp+cfIAOhNsOjw4XTWtVq2ik1LugRFTSpU8o1kb9lOiMm+2CcN417JsWI6zzB8zqlGj7UHb7/k7RSKVqvycbeVrTb3d7f6rRJK6W69Zps70Q7nZ2D7j75X69qk1yhE+fVJ8WyDXceVxyc1PfYbxOKLgfUwuSQjDIq8pRmYfFRPWZzEkPtNaN2lkqh2XNTl51GPEONKmYCLxYghSCVGD41YFlRtsqptsUJhdNLyXQ8V9z8gY7FNondtg6D095LbehkHkQNHBRWc/BN4IAcMemwrXs3BlJpKTaSuLY2GRtxKVa5036GEW7aaBv/frRoXivaanZOjTvt33M2YGVCVa8xa3NovsIsohZ8W2c8K9ZOP15vG33r9OP17nr5zJjQeAUIvzs8ap5LtYa6jh5wZ/vqwtiO1pqC5JJQ+x9Qw7TvDy+8UW0LrXGrbhUbUZJpxq+pZuT43X+tB4pseQOAiZZKmpABTamIYQsGd34yI5nMzc6saKoGz6lcKonjTskSIQEgZe75kgDN0juoarUO0EzfTzGrZPXUluGBGUWW7ItYHEMzWcaSfpNK+IgdxiFscjRmSgeDOhrh2G1AZDpliZ9yPnCapF/yt0VCRjsIOQZw1owcyoy0hlJG9rkolpMW4Yq0wi+q5bvxctQGUiUMiypCiTUWc2UMJdsSE0zXlF/ZlCW8+FP5cMi/eIjwzNpY6+nrzU18BJ8wBtJ6RC4wlElLtPq/8In3Mg/mRPHJNJ0TTa+KdUVTN6VKEz2TJKUDliq0qoXUEKKCRUQN9hdnx8pHKbdiGeVXrfpBGFCjxBWe7KvkBj8IML1XUoa52c2fc5piFdkgEMeFTQRKQxEWg6Eo7EvMpqjcQJAEvIZ3eGVWseweEXIqCCVTmmke+MFIbQYgPGyBaPM/+7sNrfCaFKg8eWrTRGMqCkcYKfNVO6CA7eeq6ggNWCpnzWzevCfK+yakbWs2m0WMKh1N5hYCMgbuDKp0K/IQT20pbIQypkWdWcQVw+vdMEVEfEvlg16k8kG3tPnaJSYupleqTOq62hYwWm3cc0ISnVGemi0zZRmXDYWyDQKe2W65KdBy2gc0voLUY8Mhg+roZlTLKBb7NXZxdrzexru8KyFnwjlxS9MiVri0nZ8chIBhWccrwSaJ6gKyOq4HG+S2mVUCPvi2JSNIxUVCsViJ5cQjfF/im1yxLFoty4QegyKFzUfcBZePRA4XHYtUkLPjw49GZB0ixsceVMgrr+rYsQnl6YqQM+YpgQGc+l0PW4yM9HzkRP4ncxwahF+p4kAAA/iGiJB0wDJNTrhQmlkWK9EG7gGejAHxKnjlHIhIruwafHGpe3vVbW/CwWO+6QIwGxgV57lCd064EjhYfRKrrI5iKQVyB6LGtQx6xocxMxjajwJKECqkmE/4H0FQJZLQf/yEbXL4kFwCFtArPrMfDHaXXhmIpRjiWlXjdETSoF8ZM7CJqW4t1PA4rGRXC4asT+Lx/DdPJtHOx8aiFLbadCpHXNSRDkQaBZFWJ0Um05XlMft+a8CQMJLzeEKhCTvfhZG8V3xABe3TZMJFq01aGQMtWoz60A7ttvDeMHjDVRcLojfcVzcmRTH3di0WQIe/YTQzeByKEMWEampnOKOKxDJNWQzFNOy3F2OmPGBII5nLnAy5SHBT+S2eypGye9s3onBjQzodhsPc4aqaTcdswjKarrCXyYkbo7YxufLTX+NDSB3GrmjrtVZeCWwT8CxhVIFy/TYyBsVJFDYzubQAQYQlkimjd9ZVyX26PdzpdIYlYqxEJjW0cvEhSkJgEA/O2Nl4jiRcQXWfjKtAcMshJskJmTDr0S+hXFyi+wobwDCggCes3iPNW3u1PizhZGxG/4ReMUW4JlOpFB9gmQ3Pn4VJYfjUMOSE6YzHyLOQGF7h2nKqmdkwYPjHeUozmK8HySZcu75D1SDP91LbyA6OOXGC2TaAjBUvKNyXpWmAT0KWyF5YxkEMCaZmoCpCNbk079lz0RyT8NFQHxRF2mAMJ1t7bIcNhqxD2W68fbDXSwbsYNjp7m3T7u7W3mCw39veG+6W+HFF1wsljdIxG4beBNIJqFWJpBUNL0KvErszQb5DQqHlF5qmcobLn3ClMz7Iw9QOC8Pm6GQ5ZC15vwZkrZV1HPS7uIAopSkUFgC/dbFDhHfXBNM/xW9jqgCDE2Od8thm8pV2kVN3Qg8IOoxzpX30CAmM+zeMatUEBE1keyxBE6Kpr37iHzULeVkoZph9OjQbA31sQQunBidLiMeG3W5lJpIJW+kdp+Mm6lkChqzImYAT9EyiLPKsZCC4l51UdGq/+Q22aRDzHVYGgnIAEGeD6ZLtYBEc6l4sFleUA9d4ygO1x4mfmUuNddCW46WKSA6mUOeoygTMs7jmQQBwmVEtD0ZmCmZ4l2Ja2smSKfHqVaFfQn1CG/AA3lhAzo/WrnhnZeYmaRMKw0qKhR4rYUdzMcq5GvtVKzYlbGlzXpB8Wjrq7TknlZkqCc0FWx/G0kUw5e6fvEgowFekUJlrCgHjuGedbKBU8DS2SE2owKhRxRrUBDfeRsf+65YltApS0R812ALrGyD8Cq5lO2ZFtUJA5XVJCXc+J+DFSv1NNOYb9NmSnuBP6EAxd5gEg5y4BTodIhCZeRg0Y5XZVXfoAtE7c5rTZUmqXt4idUvL0Rjy/jgr8ku54qtbEB83W7It6qtSyGAtSSrllTHBqE2VZRo7ilZsi6DIrJfudWpsRb1oO7SzILy2ZGYV39xgZeFTzg5y+cO1WGuiGNwfoRRz4dQ21ngTL46jJsvKMEYQ/GwYg5bjsdv23jnMoIA4WysQw0tdnFVpEmFselH7IkQqCPC+JbQ7vJe38d0FTosimINRYikUT7BX5piBigRNPIPiWhi++xd/pGLsM3hERRlvtWhAR4YyMR2vh6H6p4GNj/crHrazjGIa5n7a2HaYb5FjQdB9gMUZmp9zVPBYYl6WJ/fzDOS29H0J5H4J5H4J5H4mgdy4J12xw0LsPWE0N07pJZr7JZr7cab0Es29PM1eorlform/pWhuPCueRzQ3zGXF0dwW4VuimGlqTYZiK0of4NwYyRxkBRubBoxiMXr2kd0LyRE9kB7PMLJ7eU3tK4Z3N/D8k4d3h/rjS3j3S3j3S3j3S3j3S3j3S3j3S3j3S3j3o03iJbz7URjwJbz7Jbz7Jbz7Jbz7Jbz7RpqV+vsh6jbs4KL4ZnHYQct2BzObLaVK8eHcxYtS6KsA1cdpHEssuQeFPXEsoukXKeRk/pud4W9eyTEIvzu9+PmEHF5c/H9H/4Cem8OMThh0cvhN1CITzJ42+JZmUgC288CLdm+18MyXOUefzunxeZu8//vbX9tQEHzdhZJREsvJxMhaO+WoAA0RO4BQpGmseRz9FWbkG3+EpdzHfDS22q0v2ymdmWZgFHBxRr+1+GRKY/1baz0qDcXiMezn6K8hGWqDwp1wAfSKC3BXgLJK4zGUzfR1s8H3rTECBsdpw4LFsZxMU64w1HMkaYqzK+D+1gqqrgsj/IzBhSEvZurYH3WZoAG/yl/hmLJ86Icsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoReeuHsrB46VKIOLPF96iFAFioNCpGvmY9YcbGwWZmmnAxYkqDsEDHIdOZVFM0HgIfgaajEaLnChVWhEm448oGKPL1ypSclmFsjn40pGaJJx3x/tN2YckVI7QmH37ziP5mobRLJiNZY18iXwqYak3jq2jCdcagFDC+ojYvDjudTm+TrLeq5MFfmgizQq2qVeJXF1G4LJFCmtTk6cOJVKdRuX9UhUyrrokNbOQHgaYQz4hYIfg64ZaFUqarPwS+ytb00u2hu9MBuhs53Vtq86Lb2Tlo4D74fgGFvhMbvVVKJLnzioTLEHL3qlbkSE4m1CbinSMWYoSRW9OMuXyQ+mo9kahYmp4hHevMvjp6Lv/uAsKqfPC1pAb4kVB0hKM+VBKHsB5G3k6nu0iIRJ3lu3gsIO6zFjiLZcodl+pGsbLqpfooZyw7H7M0feBaPY24WZrUIXmbj9eVk/pu7y/pcrAVyJ2/wbbfuEsncgoNicKK+SXPwFDGuXI+0qK9h6ulT7hWLB3C6cShcy/U+0/nhF5LDo3NNhI21WPf+6Aw7HAKX6KdzoGFGrPMxuFDMgC7Qy/0mE/HK2txd45do7lIwNi0jSxwSGS7JM/81zZ1KiBpTUCenfdPjo5/Oun/fH7Y//X04qf+4cl5v9vb7x+9Oeqf/3TY29lddkPaOoIB7VZEhY8n7zZcz3OlqUg2aCoFK62ahKRI30TMzg1uFf0OBIcJpqBMcmyZsMG+xGmu+DUI0Ms6Sv14TLm4JIqL2F4Ohi1xCV6pYu6+r8afclX39707PY2ipTs0LprJqj2ZIa2DwWtZjSXqFy6QMaRcLF6Le61BkajmVoFqe1VcTvof8kzpElu4DOaxjxove2BxUVpt4v66Q8c8nOeYqnE0SXZWtDBHJckkRkb55kIHbW3eHe+QhIMfSQ7J8cnPfv3KKXlQQWGJLfMW02AVV5qJ2N6429amVI1tJ+EwzsJf3BergbcnRcv+fDplGaQNA72qK9F5u7d7tPe2d7Sz8+bt8d7x/sn+m/2322/evnnbOTo4ObrPmqgx7T7Zopz/dNj95lfl4GTrYOv4YKu7tb+/v3/c29/v7e4e9Y4Puju97vZx97h7dHTypnd4z9UpjponWZ/ezm7zCnkaBkmgD1+hAiqu1OPsm939vbe7u7uHnZ3tk7fdvcPO/knvba+72zs5fLN99Oaoc9zb3TnpHu/t7+28OdnbfvN262iv2zs6POgdH75dut2fxZErla9M1zkukupZEto0v7PYxx/hDNwnUOEaDyLbrqe2SjUnx/sfbUY1+VlKTY4O2+TDpx9PxTCjSmd5DDcxF4xO2uT46EcfdXB89KOLZVyefL/TrVUd3/baHCrBFKl3OK4tE2J06TGG+M3JlGWG1QyLnZ+fbRb6NSFjKhI1plf1qJFkm+0MuvvJ7mBnJ97r9vZ6+wdbvV43Ptgd0N72XblJSN2nQ70UQyXF4paZhmq2ecEhZNPryLMxEy47tqQMKCIkhDWzLEgTDncmT+paQq/T6250zH8Xnc5r+C/qdDr/dVdNweA7gEodXxFhqxItjWz3YK/zGMhiRvIjh1dV2n8rSWIKmduGjd+fWpmqWZqWGpBhcq1r1W5sz3qvRUs9rgjFrsH2xtsaU0TLiPyKmddebJuHS90wUY57uCNmKD/lNgc4jM63WcA1+kPkLNZYiGJ5V5qjrHxK+VyTyIUk9mS5VSJP5vgbiOLjUpPSR5LEKp/i7W4fbemVB4jYYZp1h5IRj9+MWZrKJoNlgQXf29nt//3onbHgt/a3jT1TPHhydHzTo35dWveyf77sdA4imkJCjebXDLb8quh5xlFbc1wXjGvD2NfOD9+vRxgqYMYxezWbG3o3qQnYfZ3rOcYIBGwL97WDXNvoEUyGgjixIt/MaHHH789JiDEhawbUjKdJTLNErbcBdCkWldXv71/9Ndj291oC1IwinO4q5a5bAxtWA4Jg7eg9dMM0kzCcHFLS07iGtNO8jDJOfuKjMTlUKs+osfFt966juxoXZVpAqu/K6YAJxWtH65B6qapoflq6NXEDDkkodVe5rA3ife34Pqt69OOn8zb54PXqUxGDIIejrcgBaIe6dwMH+P30GJwAKcBFEvKqWMEN42TR2XqVOO8Msxgp8gtnswcgFJbEWDFS4VCKrH14wEY/FfEj4UzTfi74qlSdJtRpSsyIhgKf7kGCCvc/gAxQGa0vsz4Emq3u4suftViJLSNuPH/SXrTJOYStfazx+RFN+VBmgtP7YPoYliHYSFQH1YiXMAUXWEW9Tq+z0dnb6O6Sztbr7s7rrYP/H0yj+yL3YDPwVuyqdt9CzLoHG519wKz7ervzurdzf8wwx6p/xeZ9mo7MPhhPVmb8WfhN/fF9QtgVq2/En8/vdZAEuMV5dr2qTXeB93jX4aUyIyxNzQOx/anAjng616+6/E++ql2NFoIrPd3pLR0usYAg7MtUiiKP/j5VqU4sCL+cCcv4dW0x/R3SEsjt7uxs7Tnii4R9qYZR3A9Zxf9YZvEXIQoJyfwPHxcarKWa0hhurAa8IcK319nev8/UFcs4TftL1w17QHoKDuUqgsFxVVi6jadk1WleGKOuoEvhaUmnYypyqGXULtdaK5zmM67HEoy21CgrxvLyHnQPOh7TjMZQoKFK5J2dt2/eHBztHZ+8eds52O8cHHd7R0eH95IYio8E1bmh3oqF4Wk5wywktZ9EKCl+ZSRjxnxjhj4qzG/Fo30ocwirIH+X5IyKETnK5lMtScoHGc3mETlnzIeVjLge5wOj1GyOZErFaHMkNwepHGyOZDfqbm+qLN6MAcCmIQz8XzSSP5xtbe1tnG3tbNWWAW9nNu4pqq1z4GlMYeVtYTeNKnJqTDOWRKNUDmjqdcKix+Q9cX0KU/dxLF2Hw3MwdauiyjmasGjUAlv3/OLHQt9tk7Mfz6kgb40Vy1UsA1u4bSygCCzflXDBszFzSwR4CEZPbecu2sSlBX0sBJ+BUVvB914o/QkMVBsZsFqtKih7bQa1ak6NFbeWRmCFdsuCQMXCkvGp79BZAK9D2nhxSadQKrepToFi8bS3s5stbaEwpekgBcG+BKYDKVNGRRNCb/AnMkxpCS1bmOfi7JwINpKa473UjEKZj5gpNcxTo3h6lQqKQXPzlI17FYQJ0IfM51wIli693QT7ovsuBParLqWPux0w+ArmzZKIfLQVjzCshQRFX6DQ7+H7Q1tQyOgNTmeczWYRp4JCGDJVRkudMKHVpk7VBmBiON/gsIFwF/4QfRnrSfoDTadiw81xgydqvRIKhZXLAqMhlTPIElV1rjOz3OxGSzNdxlQ+WSnDcVUJlgaGs+NCarTH1rDXF1Rwqly6NJvZ/tzPMrLXzu2ukb11lJ4qsnfRTFZE4lVG9oZrca81eJ6RvXae301kr1umbzmyN1yT7yOy9ylX5bEjeyur851E9i65QgXUbzCy1+K40sje8zvF8NZid4szAudaM+W+SgyvHfx3urWyYLHmIF4c+NGCeLcOtre3u3Swu7O3s816vc7eoMu6g+2dvcHW7nY3uSM9HuuqVmk6mdZiWm0A53MI4g3wfZTb27sg/NWDeC2yqw0oPV86dLQikBsEQC24aGUC4CXe8eniHcMl+LPHOzbS4huLd2zA4TlcAn1j8Y4NVHw2F0H3indsQOip74FWHu94C87P4Groq8Q7NpDhO71OCjH97uIdq8h9P/GOIWbfW7zjAtz+vPGOCwjyfcY7LkD2W4h3DKf+Eu/4FeMdS4R/iXf8evGOJcJ/5/GOzbh+W/GOTTg8B1P324l3bKLgszFz7xXv2ITRU9u5jxrveBuCz8CovWu8YxNKfwID9ZuMdyxfxz96MwJUzUrd0dy18pRmysZlwfcy4yNumA+j0BoubKLe0k5wtxYrDgN8b6if8j9YgqFycFXtowDhEAnRvA1FVzB0IYKe7aZUuOrGTTjVMVqAT2OLoXoHHTOe6xUCn2OJlfqNmNAZjZlvJ3SID2fMXkzBPb6cGjMcQvJcwxGI+KQQp1f0K6QkY59z6PYgCRUQPmDh2mYbsHMptLoeGGJ/zlk2ty2GCu4fDg/o/sF+d7AXx8kO/csSJEUsviJNq2SDz1hHNWjvaHvNYBe/gmQ2IG3AjElJtBwxQ6pyt0EL2XaCcoQdU5GkaIL5QaCf74YNnGSJo7Wq0nV7MDzoDbd29vYGW9sJ3aVbMTvoHSQd1mHbe1u7ZXK6uX5lorphl+bX8B3b0tH1xvWNRKGlyYRRlWfWogQm9kxpGdiTPGRjd0hUiNnpDDu7e5R2BvSg0xvsBcTLMxRYtnDwp5/P4OPiwsGffj5zJYFtZxViq/eg8SfNkPY8xN6q5hWF15D2STd5g/8gY9DSkSRyJgx7SKLiMZuwtu+/OqV6bN+XxIXNLlMLeLX98o6xm51rgpWlQTPUct2osK/mqSBKQodYxYwUMvSc0DmWtLbx6KcfDbabhoSGrtiML523vX+BVht6CmgAemrLYRnY2AE0aMY+A3fFSLrm1Je25hVSrt4Es6H0lY/qd4HfqyIt1LyHDrG+QS5GnRox5QZvOM/tXvBkgUWBoNfExaOljCbIbrrU7bQGnSsC9+6KacLNdraxx22zwEJqIy+zORQgH8N5Un6/AtwNi01sySRXGoAMfHPjpKGBK3qf4OEBI62pGAX1oczrrch8F4z1XmobtjvD6mgWL1AQSt18/UwVWXP2n6ZZNPpjvQ2Ye5i+yaoUYQSd7YuVkLXW6I9WG+eDEFrrdX6aWjdP0J1qNFnOa3svHvpYNEC2+5PAnQ4y/w+XwW7VctqqrNflD5d4SVPut+smXek0OMzTR9T7nqwjyukQO00YgQ090PjECCDbB20ucyhyXoiXecANSsswEooLcplnKTR1vYTEIojPBPGEO5sr8AIKjAhiCVpQoMi5YHLQSDzIsI19Qzn9srx6vb29takYzeLx3z7/aL/Hzz9oOS2tnhMf38EKvvokJjLB9uVeKgLrK6IYEyXKeoo2SA8uiGAadREpuJbGikChJAegZST+6Bow277dfANrnTGqQlagkIlFUjlSCMO8Ci0ANBPkdyPfvBZvI3Lh1K/2o/ac45vz+dc8WKqMrJ5R5SfaLmklQuq6cLoXExloC34u8deUKhVwzaMn7VjwRUMFOASjyhz0qtrFfqR6XBk7kK2WQK3KdGR2x+s69D68tvZs4zxkIadr89jerrv5t7e3SpMCA2+VKg0MYJkYfx0w1GzwF5sU14SD3weGphVmq51df4OzC/We0O8RjhIZaY/qp9exhDTvwg7NCtmDsQrB3OFVeAZ7QpvxBrn2T7WDwRBZ1Jw8RGwaLwibTHUxH5g6Pnlp37YtHP2lLIeEAKE51YwMmJ4xVs5v1DOJmnXlgMaUR5ax5Cs0/ncmXTEoiGBnzhh8p1Pm96vKB/jTopbayAwelu2ibayt1lDKMKynBZ38wy++3Y7+Zimhq79a1NZ/uWb+1agn79gCK3NVfHAO0BeLRThwqoo7Xs9fvm5UPXG+C46uMmaOoVbJ5H4QkOVW0UY1YE4+5zRFJSRo+e4MnUIOFO2DrcucfYnZFI/ysVS23XQuEqu113ZxBPY0dZ6GwGapzgCcedz1qmXud2wZWzhftGu2BiPXu4wXO6YdUMAL0BpCA5Zidkh9Azfv9rJECGmLPgWqdDSZWwjI8rjnqdKtqPAy2Db+CKVk9wGuyl62eJnk+FLlg16k8kG3JFbape1ZTA+luzUCXIB6AaOFHgtzMOiM8rQwgBu2KVVL3z1qOe0DGl9BmLPhENv/mlEto1js19jF2fF6GxOTr4ScCddwu+KdQaHYdi4/EG/h1g42SYMToDquBxu2JovlBPjg25b5IO8XiftiJZYT/PB9iW9yxbIV3ut/suAbFPFwBui+tP5W93mxwxW4EPzq1u3qNEfCBSrFRkDQgcxRcMKjaMNBfzd2Tb0RbV1/tgG+/dK2gjP8MabXDLw8DOIsZBa4i4TOOFNWbYRBQKxIaMdOBbzGEycpnG+YCkIh491alXgCBIJyYhfu6f25YXtodLnKbF6QFFTdCYPYMjlcpKtRQc6ODz8a0h0isx57UOE2L6unkJ6zQq4s5/9ENd/VI0e7PJn7w+D6ShUneNsc+b4nRM0APEwHLNPkhAulGS832gZOjJ6K42D0lbIc4reytrX1azNfcQhQs40ksQ3/5jSl2siyqGGKKxTYIf1xsNL4QTL5oy/9J9+q1JYVgN4mGTbDLEn2IdxCowgShAop5hP+R+BqRcL5j58UG+apYfxL81LEk0vDGvjBIHbpNbVYiiGuEE3Lp4lIGpRfY4ZXuKjKP3GRVvCYvON8+Mplm/oCTDXmuO8MnkxmnY9lZi0dmZFUjoI7RdWQXUtBaJW9GzJdWcqrr1eDV/tmJEJR09C82D5WpajM9dU/W1d8QAXt02TCRatNWhkDm0aM+gbgrVVgQsWpT0fuPiBQn0jx7RJKFMJwqpSAoBpIrp0w9JNRMsjkLAhj8FvrYszm1mOtxnJGjIAWZMYG7m4e/NsGlFGAvdPNRuXkfqrO4XUHvYcZ8F9LEtrRqmvJP46lYLfsvpVMqCBdPVKbDmnGS5N69rc5FVkX8Ee/xB9VXN/JP3ia0s2dqEPWcDX+Bzn6+MmuDPlwTrq9fhcNuHc0Nl/8xzo5nE5T9isb/IPrzd3OTtSNujt+emv/+Oni3Vkb3/k7i6/kuov72+z2og55Jwc8ZZvdnZPu9r4l9+ZuZ9tWY/NEV9GQTni6Kvf5h3OC8Mmas/syloypbpOEDTgVbTLMGBuopE1mXCRyptbr/fLgydq8v4+72w8Y9yZGVqdy+q8Igx98nZ0M4udRL6zxGbLOO/k7vWZVal2xTLBVmSo1HHA0P20M26OzRTtkO9qOOhvdbm8DsvF4XJ39d2LmLFhrFx0UrPSixf2PKmWcBv61VtaNZ/dzzISWqk3yQS50ftMeptmM1/bwakOLa5Nflh+7nahblZSrnWoQs33LyWmke6BfXadWMlrN6pezw/fL6FTmOadN0ay4qrPK+5zsd3pR9zPRdLSm1vGOYErjK6Z90KhCFx9VhIsRhKpBxRL8E+BTpWTMbWaEASHc3T7YRGA0Gay1y/WgPi3TDoYSr+jDb597jyEOkcG+CYuMxTJLDDguRqnFVtMR3CZALEQOEUVQItQt3hgjZMxEP29wsfGZMBHTqcpxlqptTbqmmZFS2IKeT3kcXGtYpxpE1FIfn6GYUDIjaywaReS/GLtqk195xtSYZlfrEHzAr1k6J17zBuM7o0PIWq1QggvBsoWriiAIPmSRKxZYkTXnLrRQ7W9l/NcXIHkzeoifhXtXLG9Ar9QjFAL+3IWzsbaThFvOcvMp8YphdKwYxRw5NB2NQBZYkB8GrqRbwNyOe6OQy23F3gb+c49bkJ63Q5Mdwv38rrCx3M7QT7iKMwaOheoOszBhBgG8Resy5Bmb0TRVbZIB86s2mq00IQOaUhGzTN3BtFmZAwoQOj1GTRGbi7pcYE/9ury+2Rj9KpbPh6nNjAIMwC9wFxxkrhVPbsky91I/TwXL6ID7rD0n/ms/LD4HzDFQArTERQVtGJrUbi1cee7Ct7AMS5ndOJKrjeSB8lxy6BQCI8+zeMw1w9pmgIiu0YXCDZYqrmkvxkwxF0PnVKINv7/XhqGf9xjMFzPW+afzk3XzBxadSOFBD7R4wWWuyIy8tft2vXTBWFQA/5zTdK5GOc2SCP+GjOrPMzYYs3S6OZR9CAVNN6+EnKUsGTEDerOEYN+SnjMVjfXkn/8OgPzEysQonv3v9cYwPxf27K6Q6jd8r/7ZcnjdqVGuOSzc3f+KuAQKaZQG8klpJSqoWGaFZllanMJID6MTobAK1GmPr5XarCcW/nK+dBZ0MONnaxXVqBp80UxS2Hz2zFL+CKcpnIbhaE1vL9ge8TWLJlxnDCvkGxm2OaSfgc3TH+Jr1ocb034wOdWPM0Y1S/55BOn5fthQtnKGZ/HJl6lURnIc/XISYvjftfU9FWRC4w/nBGv4kF7U7UW77TAer0wOG/H788ejOxRFZ1DpYtUbxEnRwNMfNKfg6oalqW+OpiVq2B0ny5JgZZqJwdxhbEXD2unxuosOseVLSlFVTYclwUv6iJyG9+okL1+e2AEsUHcHV6dr9fRYlvVnY6r7XPXNFuDJuuX1Ko976DVePz3+74Y12sC6UJ1O5w5NHyA0dGXZ3ockYxgvv1jAlPRnK20wcW3CNR+h+eNp4RbDc39SWZcqYZpXJB7xjQEX5ltw58Uj/jfzx4+ejrvd7h3IaBivv1Lmt1akzIiKqWhm1cZKYd1Odz+6C1MY+IJl0TUTiVxVnvyFjfZbdMDDFAhOoYbWBRN0kC5fFCqWGYsGRTmhm5AZppLqRhX23IDBkJ+MipG9+upEHaNxdztRxwbumT9dh5kxIxOpNFHsmmVh0sgbo2IqC1Ea69NobEoxpSZw1wZSe5pKrh1RJkxnPFZkjWpN4ytyDeEKRZQh5mt84XreJtOMX/OUjZjNIbU34ZplmEi73iZ8MqWxLqCG99oGhodrXhtlANaAspEhMCdbKBfSdxcoAQ3ql1PVgXU3EhnnBuX1mqa6E+3cbYmZuOaZhC48S11lfaW1PgmndduiUzEnPhsJuMSuUJvcZ4XgQpZnDDoTPYMl0mwyldlzWp0LO6PbFgbufiZU50hoQ9KEB5HQ7dJ57dYqfrx9sSSFV+srB0P+vatDU/J4FKbz2vtfjteLwx7CxjUU/PY0gmUA/qTiiosRuKhbZ3IGzW5YwvNJC7m59RMfjVuwBMZMI9c9s6hefHqIwAmq6oDEiut+LA1DFbC2oo4NP56DDzFhQy7KGZkGQvFwaY0CLoInuCJyJliC2gsVdIS+p7enP59fRB+yEZYeImvwhRGe5NP5BvZEEBJ6fw15YGoFRX/aZDaWRhhw5RKttSRjlk5B7oNHXbEYmNNotiAnjPY1lSK4LNOMThShcSYVKs4zmaXJAhYV10kkuNLRSF6Dz2LDiiJg17owwMuR5VjVLskKtQu/6o0aBgTuGuqBoHCHIIUKelCePvU0m2ZcZlzbhSAZG9EMLocDEXA/CtaUeDNM7Ie+xQ/5ZadzELofod7QUaVg/o03UVwZLSDFwwHvYNASMRvLOSTNZvlS6WqgSpVLQ08lx1oo6ZykcjSytTigh5sRpniTk/ARh5PQ1Tksihd6irA410bHIwMuaMaNHnO++e703Ul5NGGDdAcygWfgAKXpXEGeLGTxu1lK8Ohf+T37q0v1D0vHYSihwrog5u02JG/rsScH1eTS/AA1pS4jAGMhjqkaM+X4LWyqVCqkmbEiuhaTFS7Nm5dQNAcqJ5SuVwaMTOU0N/NK/L0f3lvhRIKGRZfrHr2Ta7uoVBehi6XWY1X3srs7Ki7WVLs8FUcKrGyF9AgTjawD2qy2dWWRS52qKKjCdWmLdFiI8HPQlPTyDrcgL/0rnqR/xZ+9Z8W32qfipTeF/XffFX82hTrv1Y/iz9KD4k/cd+L77jXx3fWX+L56SnxvfSReekeUifB99ov49npEvPSF+Gp9IV56QXzFXhDfe/+Hb7Xnw0ufhwes9rMxGe/X2+G77OfwnfRw+L77NnwzvRo2zMivyYDBVTUV8Vhm+HEjdhGM9n7mDT5TmsK/AuwjVwrLnknmdX/f4K4K4GYzTW0VUnAzm6k2esYheWkslQ4ENdKJptxXGZ1SPXYPBw82TND8O2bTjMVwC7EBNwHFi3DtAp94OY+JCpdIVZqfwS/SfML+cMnRi6eHceyVhyd8hHGWr4nOclaGjhQpgZVhC3D80G/imwWo+/WBMBq42h/lGSwKDtaE3xKkNysUPncjWgD0vmt6I2RDXKPuMxVxoXTgLL2VRuB+wHeJe5fwxG2LOJV5UuyAI/PRxQVkZMI0TaimzZvinf0Vgzvi0qsQQFjYIzRJ+vBA34E0T8ZMKQweC/dICXN4KeITOmJFVZeiaMSEb9BBnHR7W43yo2CQUwOBnB778EScrqOIZY8fyKFZKXhIpknIqG5CZv4RzsrhestSNz5843IHY7gJFqGLNw/jEfLP33mkJbi3MtaybByMNqHxmAsGe3ypwewLUfDCsmOF0Vb9JQTazW8tO+o0kyDFllw4+/jd1y1jo0Lru3mM0qON8J1YSGR8Bbxq5cKx+9ywvfA30DvM+Zim2AIFhAL+Zna4GstM91EyF/qEO45xvA0vExYcm35apOEGuvxKSYjg6QBVg/yPTcQKCNb8SiPRFgxlJM7dRwNJF2yoO45aeXO5Qe8/nK1kS34gFx+OP7wmP8mZUS8mdGqErGJ/q82ldNCTmw97slieEy/TcQqR41xz/hZ8+xN+agByKoYy5FZ7LEB9VidrAgY13zeypz03To7Ow8xiV0RURSxW0XySRvY5TI2jGfpUhRQbxZuVMl3SVw5dzOmLl6ZUS8uBGEiZMiqWJO+woAgk4BTLXh9XqmiQ87Q+ZH1F/end6u4fdzsHreWm8+GcwAhhXEzzRGKZsMZ9cNNclM6YjsfLT8aNgsX4xNxz4FU+YJlgGkIBLB/+I/yuAW7xu9e5ygpUAZSEXHizVC1eulWyliZ9M89VKT6VSbPYudNmDigwlehWqi+uGSpvkOH3HemjTMin0+P6QGAyT2n8eEgVEOuDyaQm8h84mKuCs2CwipHy8AEdwKacbjPi//3f/0fZsjf1KVkJ/tcHnxXBz/0JnU65GNlnW39dcmMHONmzbUKn9SlDEUH0gT27eQdza568resWKZZCgsrzQ+HcVp7zM2xGJGPTlMdUMf2426eAu2ATJWyayvmkYsI/fOAC7oKBwbk3zNNHRzkAvGDoW3TM+w7swd46bLNC/fBxEa49vO05WZzcH/0XDXDtj8WZ7R0GTWdsAZvc6YBlX5ZV6e0IURGdfYNabzH+XabyitMNmmuZcAXJNQX6/4a/kmP7y5yEz5HAq3Grg6gBVKjh2Hl4kItcp/a5CD1o5VyaO3gMnWvZXp/LoZ9AUFiqeUx+k2N7wXAnNB7bOpnYVs8nNNvAIFvHnnFoKOZr0yQ51lHQNNP51N2xISDsljLBXGrv89S2NTCdMG0Qy2x+Fawb02DuYLlz+MJ8bNuEXZgaZGXQFCr5K4yaOP2IT1j2IjxpQyg9JFyVpgTpGVoBZZpJaCPNp5lM8ljfnZAQjuP3rgVjVHCP203D3ptdSsO+Ur5W2low8votQwfJunccGd/1N6we/YAXFMlyIcxCc9E8D9cT9c6jf/r5jIyh34cxA2E4y60wk5uIHudZ5RqobIIuGPVX31fP4TejyrO4NddprsdMaF+HBHugObGWylEhxc7kCPtFQva6uO2SJ3WPp1yU73BKaKZyFNleczaE/wb62izPm+ofFvifY0a+63EK4rOIHzTTwzumGajbNCGbBJrFmQej+iTlcKhYea8FQVJ3mpnvKIowbVqJVfgNuVBUKUKrV0rGwKaTx6KQWVGEiCXCMtuItNgb2JXPMuorpROZ61eGS8zfLMtelafHxTTXoXe5mA6clrdSBQBggkhlvYq1clGQSVRp/AeklEFzVBtPV66HjqlIZohLIqcuv0r7wZWttmflxFueMrioxI0D61ZdlLkyDDKkcalg1cNZxAIk7IuG6K+gXZvN1ps3T8X9+mhTcQB9wykYp9QspDIFl5fYBwvwsTgWWqjlE4q8CleTbqCbF2Xl03ADVabhlMlpJkfZ4+3cal0JC75BbA1TOlK3AfO7qNxS2bxaKeJegj/Wehq55NvIHgv9lImRbyi58E649OpAJvNoMC8cZzfe21Tqvd9uBRRuTY9z/ZXFpkO1C0p9BUvTg2xM1nAzvrSu4GWOBYXpjV7uoQ7RtCBu6IlM8nS5kIPSozeS3bB6Hy7RNZ1MlwJuq1wtAx1vpSKqdfaoQQ0h3IK9rVsK0geLshXkmmbc7GZFZhnXmgljVyGEV4r82/mH97A2kPQLjcIzHtRZdDX7gisMyG4sYltc323Mwg9UMXsCleHa46kadsHjyTQKwh3vQIzTo3cfwefeBLJ2i7w8SLRUyiBH9wf59wJkCSb9I6808FjK8jesOM4HC3dv8f0NXo+w6YCDGNXGKimJpOnovWUYs/0RSB04E59zljPchLUxkjD59tYxHCyIiqkPBU0Tzbv9houCu2HjQZEiH6fkmVL5hGX9sii+1xJZ8xLghT17SMlt+zlnEKARhtzdFzcHzRemKvPrFR1e0Tvzq5ZTHj+MEv8wA1tAi9f2AcjjAMXSWmo+/n7AgaydJG2CxYQpRUcNfs4rNn8Mwl2xeRs7Lhn9JLE9C83Ox9+tdQFd7Z3oXjinQSrjq9q5Se6xby0toAjKWiwnU0h4T9ZxCFIMUZvDmNGEZao2NtROXW7wQ9esTw7tRBCorW+visKMlhJtR5mgdQD+a/3LFZv/62vyL0DHf21Ff/l/AQAA///BVjb0" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3rsuN3MiC8P95CgQd8bU0H1UiqXvv8ZlQS2pbZ9SXY6ntc2Y8IYFVIAmrCNAFlCh6YyP2Nfb19kk2kAmgUBdKpCR2q9ty2A6RrAIyE4lEZiIvKY9nbdRMUCPA+2136hrrCXb2Umc/ptyOWdHaPvSrWZ/n5Ucr8i/fopa1KJ3y/JnIfnDHyMxHRngawZGgijMBbaHgMOBMLXQclAVm/Vjodjr436K0W20o3EXQVHmTZOyGq6rq0GcGa+AdcHbYalJ11KJ7cPKxFUDh0EQ6L765w0g6tM+ZRU7YgAu8xcELGvA/md8Eod54iKUQdnkGXlFHk4dkbEgz8KYqBuaJagfP4/r3Od63ojwdpHIK12xZUlhMb2VGLo4+2lGxz6zyYCJsMeM3RVQOF1xzmpLz/34P3aSYXlPr9kc7qBmwgAXvapAXvdJVnckKyHRWo8dfCing6ALBd9QODo5FawcRGuscK0DYFpmaZWPS8uO1jPyAUy0Y1kEhKoCrCPjL/mytRCu8meuaWhwWdkTbh5baohSqMkWIh/WAnJcmQPsZsLAjBnVqwAj9LRfIFHBfhc5C+3bTYAVphdS1IQcggs0yYoRj1aQ+wuE3HQrlKzH0etEkIYqNqdA8xtujWzhjqSDsFsMf2yWhzhV4ygZ5ah674QZd19EZ7HaDKMugnUbhSnPuzszPMTCGsxtToAh1Bwn6O+1NpdI8TQlD7xvWsMGmmsamDnyvQLABD9pI0skkk5OMU83S2TLGNTqDV6U4Adfj0WcXxnufAQcvYMZ9PsxlrtIZcjO846U8XLMqn7+ecgV9ik8/tgl17jbwEOeC3xIlDZ9EhPx3QVmaTulMob+9fGTTqYPJ8f1VZL+w/bzLOpowWlRxs5zkrg4WeLIjPrkyoFxFCNZVmyRswsBpT6TVGYgUgSPRHKeVCB+qIpEbJWGBdZkX5GPL8uA4hKbQJblokUJzLYUcy1xZUYB0L772ALoW8jjQ2uH5+/VaIRwIUKbxqPA0ISkxQpQ1nNA73d2DKs6hG+Z5F1xYPKzoQ4BTc7jdD1IOU0bOzo5K9GiI1lkkQjR8rVyDEeJyoHgLdOAJ5L1lCRTR9aXaL3eoRsa+B7IHXfojNDh+2Sk9ZDKKuZ6tqgzgEdez5tV5J4XOWKWJL4AjheaCiZWVJnxfKkloJ6vB915mekQOIcKENgCZC53NLrmSDUWFnoZ0OAU5Pf8AGQg1CI8O54K1qtW0IDUu6BEVNKlTyjWRvwecIZOXYJw3zXsmxZDrPMHzOqUaPtQdvv+TtFIpWq/Jxt5WtNvd3t/qtEkrpbr1mmzvRDudnYPuPvlfr2pArtCJ8+qTYtmGO48rDk7qe+y3CUWXA2phckCGGRV5SrOw+KgesRmJofaaUTtLpdDsuanLTiOeoUYVM4EXC5BCkEoMn+qzrChb5VTb4oRC8FIyGc0UN3+gY7FNYretw+C091IbOpkHUQMHhdUcfGM4IIdMOmzr3o2+VFqKjSSurU3GhlyKVe60n2CGuzbaxn8ezYNrRVvNwtS40/4zZ31WJlT1GrMGQ/MVZhG14Ns641mxdvrxZtvoW6cfb3bXy2fGmMYrQPjd4VEzLNUa6jp6xJ3tqwtjO1prCpJLQu2/Tw3Tvj+88Ea1LbTGrbpVbERJJhm/oZqR43f/WA8U2fIGABMtlTQhfZpSEcMWDO78ZEYymZudWdFUDZ4TuVASx1LJEiEBIGXu+ZIAzdIlVLVaB2imH6aYVbJ6asvwyIwiS/Z5LI6hmSxjyWWTSviEHcYhbHI4YkoHkzoa4dxtQGQyYYkHOe87TdIv+dsiIaMdhBzDcNaMHMiMtAZSRva5KJbjFuGKtMIvquW78XLUBlIlDIsqQok1FnNlDCXbEhNM15Rf25QlvPhT+WDAb/2I8MzaSOvJ681NfASfMAbSekQuMJRJS7T6b/nYe5n7M6L4eJLOiKbXxbqiqZtSpYmeSpLSPksVWtVCaghRwSKiBvuLs2Plo5RbsYzy61b9IAyoUeIKT/ZVcoOfBJjeKymD3Ozm33OaYhXZIBDHhU0ESkMRFoOhKOw2ZhNUbiBIAl7DO7wyq1h2jwg5FYSSCc00D/xgpAYBCA9bINr8Z3+3oRVekwKVJ09tmmhMReEII2W+agcUsP1cVR2hPkvltJnNm/dEed+EtG1Np9OIUaWj8cyOgIyBO4Mq3Yr8iKe2FDaOMqJFnVnEFcPr3TRFRHxL5f1epPJ+t7T52iUmLsArVSZ1XW2LMVpt3HNCEp1RnpotM2EZlw2Fsg0CntnuuSnQcnIJaHwGqccGAwbV0c2sllEs9mvs4ux4vY13eddCToVz4pbAIla4tJ2fHISAYVnHK8EmieoCsjqvHzbIbTOrBHzwdUtGkIrzhGKxEouJR/i+xDe5Ylm0WpYJPQZFCpuPuAsuH4kczDsWqSBnx4cfjcg6RIyP/VAhr7yqY8fGlKcrQs6YpwQmcOp3PWwxMtLziRP5v5jj0CD8ShUHAhjAd0SEpH2WaXLChdLMsliJNnAP8MUYEK+CV86BiOTKrsHnl7q3V932Jhw85psuALOBURHOFbpzwpXAyepArLI6iqUUyB2IGtcy6BkfxsxgaD8KKEGokGI25n8EQZVIQv/xE7bJ4QNyBVhAr/jMfjDYXXllIJZigGtVjdMRSYN+ZczAJqa6t1DD07CSXS2Ysg7E0/lvvphEOx8Zi1LYatOpHHJRRzoQaRREWp0UmUxXlsfs+60BQ8JMzuMJhSYsvHMjea95nwp6SZMxF602aWUMtGgxvIR2aPeF94bBG666WBC94b66MymKubdrsQA6/A2jmcHjUIQoJlRTC+GUKhLLNGUxFNOw316MmPIDQxrJTOZkwEWCm8pv8VQOld3bvhGFmxvS6TAcZomrajYZsTHLaLrCXiYnbo7axuTKg7/GB5A6jF3R1mutvBLYJuBZwqgC5fptZAyKkyhsZnJlBwQRlkimjN5ZVyX36fZgp9MZlIixEpnU0MrFhygJgUE8CLGz8RxJuILqPhlXgeCWA0ySEzJh1qNfQrm4RPcVNoBhQAFPWL1Hmrf2an1YQmBsRv+YXjNFuCYTqRTvY5kNz5+FSWH41DDkmOmMx8izkBhe4dpyqpnZMGD4x3lKM4DXD8nGXLu+Q9Ugz/dS28gOjjlxgtk2gIwVLyjclyUwwCchS2QvLOMghgRTM1AVoZpcmffsuWiOSfhoqA+KIm0whpOtPbbD+gPWoWw33j7Y6yV9djDodPe2aXd3a6/f3+9t7w12S/y4ouuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNUznF5U+40hnv52Fqhx3D5uhkOWQteb8GZK2VdRz0u7iAKKUpFBYAv3WxQ4R31wTgn+K3MVWAwYmxTnlsM/lKu8ipO6EHBB3GudI+eoQExv0bRrVqGgRNZHssQROiia9+4h81C3lVKGaYfTowGwN9bEELpwYnS4jHht1uZSaSCVvpHafjJupZAqasyJmAE/RUoizyrGRGcC87qejUfvMbbNMg5jusDATlACDOBtMl28EiONS9WCyuKPuu8ZQf1B4nHjKXGutGW4yXKiI5AKHOURUAzLO45kEAcJlRLQ9GBgQzvUsxLe1kyZR49arQL6E+oQ14AG8sIOdna1e8szJzQNqEwrCSYqHHStjRXAxzrkZ+1YpNCVvanBckn5SOenvOSWVAJaG5YOvDWLoIptz9kxcJxfAVKVTmmkLAOO5ZJxsoFTyNLVJjKjBqVLEGNcHNt9Gx/3TLEloFqehPGmyB9Q1w/AquZTtmRbVCQOV1SQlLnxPwYqX+JhrzDfpsSU/wJ3SgmDtMgklO3AKdDnAQmfkxaMYq0FV36BzRO3Wa01VJql7dI3VLy9EY8v40K/JzueKrWxAfN1uyLeqrUshgLUkq5bUxwahNlWUaO4pWbIugyKyX7nVqbEW9aDu0syC8tmRmFd/cYWXhU84OcvnDtVhrohjcH6EUc+HUNtZ4Ey+OoybLyjBGEPxsGIOW47Hb9t45zKCAOFsrEMNLXYSqBEQYm17UvgiRCgK87wntDu/lbXx3gdO8COZgllgKxRPslTlioCJBE8+guBaG7/7FH6kY+wweUVHGW82b0JGhTEzH62Go/mlg4+P9ih/bWUYxDXM/bWw7wFvkWBB0H2BxhubnHBU8lpiX5cn9PAO5LX1fArlfArlfArmfSSA37klX7LAQe18wmhtBeonmfonmfhqQXqK5F6fZSzT3SzT31xTNjWfF84jmBlhWHM1tEb4nipmm1mQotqL0Ac6NkcxBVrCxacAoFsNnH9k9lxzRI+nxDCO7F9fUPmN4dwPPf/Hw7lB/fAnvfgnvfgnvfgnvfgnvfgnvfgnvfgnvfjIgXsK7n4QBX8K7X8K7X8K7X8K7X8K776RZqb8fom7DDi6Kb+aHHbRsdzCz2VKqFB/MXLwohb4KUH2cxrHEkntQ2BPnIpreSiHHs18thL96Jccg/O704qcTcnhx8f8d/R16bg4yOmbQyeFXUYtMMHva4FuCpBjYwoEX7d5q4Zkvc44+ndPj8zZ5/8PbX9pQEHzdhZJREsvx2MhaC3JUDA0RO4BQpGmseRz9FSDyjT/CUu4jPhxZ7daX7ZTOTDNjFOMiRL+2+HhCY/1raz0qTcXiEezn6K8hGWqTwp1wMeg1F+CuAGWVxiMom+nrZoPvW2MEDM7ThgWLYzmepFxhqOdQ0hShK8b9tRVUXRdG+BmDC0NeDOjYH3WRoAG/yp/hmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoReeunsmPx0qUQcWaL71ELAbBQaVQMfc16woyNg83MNOFiyJQGYYGOQ6YzqSZoPAQ+Ak2HQ0TPFSqsCJNwx5UNUOTrlSk5LcPYHP1oSM0STzri/bftwpIrRmhNPvzqEf3VjtIumYxkjd1GvhQw1ZrG19GY64xBKWB8RW1eHHY6nd4mWW9VyYO/NBFmhVpVq8SvLqJwUSKFNKnJ08cTqU6jcv+oCplWXRMb2MhPAk0hnhGxwuHrhFt0lDJd/SHwWbaml26P3Z1uoOXI6d5Smxfdzs5BA/fB93Mo9I3Y6K1SIsnSKxIuQ8jdq1qRIzkeU5uId45YiCFGbk0y5vJB6qv1hUTFwvQM6Vhn9tXRc/F35xBW5f3PJTXAj4SiI5z1sZI4HOtx5O10uvOESNRZvIvHHOI+a4EzX6YsuVR3ipVVL9VHOWXZ+Yil6SPX6suIm4VJHZK3+XhdOamXe39Bl4OtQO78Dbb9xjKdyCk0JAor5pc8AwMZ58r5SIv2Hq6WPuFasXQApxOHzr1Q7z+dEXojOTQ220jYRI9874PCsEMQbqOdzoEdNWaZjcOHZAC2RC/0mE9GK2txd45do7lIwNi0jSxwSmS7JM/81zZ1KiBpTUCenV+eHB3/eHL50/nh5S+nFz9eHp6cX3Z7+5dHb44uz3887O3sLrohbR3BgHYrosLHk3cbrue50lQkGzSVgpVWTUJSpG8iZmGDW0W/A8Fhgiko4xxbJmyw2zjNFb8BAXpVR+kyHlEurojiIraXg2FLXIJXqpi776vxp1zV/X3vTk+jaOEOjfMgWbUnM6R1MHktq7FE/cIFMoKUi/lr8aA1KBLV3CpQba+Ky0n/A54pXWILl8E88lHjZQ8sLkqrTdxfS3TMQzhHVI2icbKzooU5KkkmMTTKNxc6aGvz7niHJBz8SHJAjk9+8utXTsmDCgoLbJm3mAaruNJMxPbG3bY2pWpkOwmHcRb+4r5YDbw9KVr255MJyyBtGOhVXYnO273do723vaOdnTdvj/eO90/23+y/3X7z9s3bztHBydFD1kSNaPeLLcr5j4fdr35VDk62DraOD7a6W/v7+/vHvf393u7uUe/4oLvT624fd4+7R0cnb3qHD1yd4qj5IuvT29ltXiFPwyAJ9PErVIyKK/U0+2Z3f+/t7u7uYWdn++Rtd++ws3/Se9vr7vZODt9sH7056hz3dndOusd7+3s7b072tt+83Tra6/aODg96x4dvF273Z3HkSuUr03WOi6R6loQ2zW8s9vFHCIH7BCpc40Fk2/XUVqnm5Hj/vc2oJj9JqcnRYZt8+PT9qRhkVOksj+Em5oLRcZscH33vow6Oj753sYyLk+83urWq49tem0MlmCL1Due1ZUKMLj3CEL8ZmbDMsJphsfPzs81CvyZkREWiRvS6HjWSbLOdfnc/2e3v7MR73d5eb/9gq9frxge7fdrbXpabhNSXdKAXYqikWNwy01DNNi84hGx6HXk6YsJlx5aUAUWEhLBmlgVpwuHO5EldS+h1et2Njvn3otN5Df9GnU7nH8tqCgbfPlTq+IwIW5VoYWS7B3udp0AWM5KfOLyq0v5bSRJTyNw2bPz+1MpUzdK01IAMk2tdq3Zje9Z7LVrqcUUodg22N97WmCJaRuQXzLz2Yts8XOqGiXLcjztkhvITbnOAw+h8mwVcoz9EzmKNhSiWy9IcZeWXlM81iVxIYk+WeyXyeIa/gSg+LjUpfSJJrPIJ3u5eoi298gARO02z7lAy4vGbEUtT2WSwzLHgezu7lz8cvTMW/Nb+trFnigdPjo7vetSvS+tB9s/tTucgoikk1Gh+w2DLr4qeZxy1Ncd1wbw2jH3t/PD9eoShAmYes1ezmaF3k5qA3de5nmGMQMC2cF/bz7WNHsFkKIgTK/LNjBZ3/P6chBgTsmaGmvI0iWmWqPU2DF2KRWX1+/tXfw22/YOWADWjCMFdpdx1a2DDakAQrB29h26YBgjDySElPY1rSDvNyyjj5Ec+HJFDpfKMGhvfdu86Wta4KNMCUn1XTgdMKF47WofUS1VF89PCrYkbcEhCqbvKZW0Q72vHD1nVo+8/nbfJB69Xn4oYBDkcbUUOQDvUvRs4wO+np+AESAEukpBXxQpuGieLztarxHlnmMVIkZ85mz4CobAkxoqRCqdSZO3DIzb6qYifCGeaXuaCr0rVaUKdpsTMaCjw6QEkqHD/I8gAldEuZXYJgWaru/jyZy1WYsuIm8+ftBdtcg5hax9rfH5EUz6QmeD0IZg+hWUINhLVQTXiBUzBOVZRr9PrbHT2Nrq7pLP1urvzeuvg/wfT6KHIPdoMvBe7qt03F7PuwUZnHzDrvt7uvO7tPBwzzLG6vGazS5oOzT4YjVdm/Nnxm/rj+4Swa1bfiD+dP+ggCXCL8+xmVZvuAu/xbsJLZUZYmpoHYvtTgR3xdK5fdfmffFW7Gi0EV3qy01s4XGIOQdjtRIoij/4hValO7BB+OROW8ZvaYvo7pAWQ293Z2dpzxBcJu62GUTwMWcX/WGTx5yEKCcn8Dx8XGqylmtAYbqz6vCHCt9fZ3n8I6IplnKaXC9cNe0R6Ck7lKoLBcVVYuo2nZNVpXhijrqBL4WlJJyMqcqhl1C7XWiuc5lOuRxKMttQoK8by8h50P3Q8ohmNoUBDlcg7O2/fvDk42js+efO2c7DfOTju9o6ODh8kMRQfCqpzQ70VC8PTcoZZSGoPRCgpfmEkY8Z8Y4Y+KsxvxaN9IHMIqyA/SHJGxZAcZbOJliTl/Yxms4icM+bDSoZcj/K+UWo2hzKlYrg5lJv9VPY3h7Ibdbc3VRZvxjDApiEM/C8ayu/Otrb2Ns62drZqy4C3MxsPFNXWOfBlTGHlbWEHRhU5NaIZS6JhKvs09Tph0WPygbh+CVP3aSxdh8NzMHWroso5mrBo1Bxb9/zi+0LfbZOz78+pIG+NFctVLANbuG0soAgs35VwwbMxc0sEeAxGX9rOnbeJSwv6VAg+A6O2gu+DUPoTGKg2MmC1WlVQ9tpMatWcGituLYzACu2WOYGKhSXjU9+hswBeh7Tx4pJOoFRuU50CxeJJb2c3W9hCYUrTfgqCfQFM+1KmjIomhN7gT2SQ0hJatjDPxdk5EWwoNcd7qSmFMh8xU2qQp0bx9CoVFIPm5ikb9yoIE6APmc+5ECxdeLsJdqsvXQjsZ11KH3fbZ/AVwM2SiHy0FY8wrIUERV+g0O/h+0NbUMjoDU5nnE6nEaeCQhgyVUZLHTOh1aZO1QZgYjjf4LCB4879Ibod6XH6HU0nYsPBuMETtV4JhcLKZYHRkMopZImqOtcZKDe70cJMlzGVj1fKcFxVgqWB4ey8kBrtsTXsdYsKTpVLF2Yz25/7WUb2WtiWjeyto/SlInvnQbIiEq8ysjdciwetwfOM7LVwfjORvW6ZvubI3nBNvo3I3i+5Kk8d2VtZnW8ksnfBFSpG/Qojey2OK43sPV8qhrcWu1ucEQhrzZT7LDG8dvLf6NbKgsWag3hx4icL4t062N7e7tL+7s7ezjbr9Tp7/S7r9rd39vpbu9vdZEl6PNVVrdJ0PKnFtNoAzucQxBvg+yS3t8sg/NmDeC2yqw0oPV84dLQikBsEQC24aGUC4CXe8cvFO4ZL8GePd2ykxVcW79iAw3O4BPrK4h0bqPhsLoIeFO/YgNCXvgdaebzjPTg/g6uhzxLv2ECGb/Q6KcT0m4t3rCL37cQ7hph9a/GOc3D788Y7ziHItxnvOAfZryHeMQT9Jd7xM8Y7lgj/Eu/4+eIdS4T/xuMdm3H9uuIdm3B4Dqbu1xPv2ETBZ2PmPijesQmjL23nPmm8430IPgOjdtl4xyaU/gQG6lcZ71i+jn/yZgSompW6o7lr5QnNlI3Lgu9lxofcMB9GoTVc2ES9hZ3gbi1WHAb43lA/5X+wBEPl4KraRwHCIRKieR+KrmDoXAQ9202ocNWNm3CqYzQHn8YWQ/UOOmY+1ysEPscSK/UbMaEzGjPfTugQH86YvZiCe3w5MWY4hOS5hiMQ8UkhTq/oV0hJxn7PoduDJFRA+IAd1zbbgJ1LodV13xD795xlM9tiqOD+weCA7h/sd/t7cZzs0L8sQFLE4jPStEo2+Ix1VIP2jrbXDHbxK0hmA9L6zJiURMshM6Qqdxu0I9tOUI6wIyqSFE0wPwn0892wgZMscbRWVbpu9wcHvcHWzt5ef2s7obt0K2YHvYOkwzpse29rt0xOB+tnJqqbdmF+Dd+xLR1db1zfSBRamowZVXlmLUpgYs+UloE9yUM2dodEhZidzqCzu0dpp08POr3+XkC8PEOBZQsHf/rpDD7OLxz86aczVxLYdlYhtnoPGn/STGnPQ+ytal5ReA1pn3TAG/z7GYOWjiSRU2HYQxIVj9iYtX3/1QnVI/u+JC5sdpFawKvtl3eM3excE6wsDZqhlutGhX01TwVREjrEKmakkKHnmM6wpLWNRz/9aLDdNCQ0dMVmfOms7f0LtNrQU0AD0FNbDsuMjR1Ag2bsU3BXDKVrTn1la14h5UIIESEDWNGelqRcs4ym0Lzdj8lEnErrKLz65xWs0dW/rsja6cnFW/LT2yM/aG9vq7eOMIUPFr4Q50+BKN8+c12XEhdY6sD1IyLYtd6dDRW7fDKCi1dfFUdAqX5obOsJh8GyRrq6yRvUELuFPWrASxCrm7gwupTRBHeJLjVprY3OFYFwAcU04UYK2ZDptuFLIbUR89kM6qaP4Bgsv18Z3E2LvXfJOFcaBun7nsxJQ99ZdJrBw31GWhMxDMpamddbkfkumOu91DbaeIpF3SxeoNeUmhB7SBVZc2arplk0/GO9DZj7MX1vWCnCwD/PWGut4R+tNsKDI7TW6/w0sd6poKnWcLyYs/lBPPSx6NtsxQqBqyjcBN9dBUJGy0mrsl5X313h3VK5TbADutIgcZCnT6iufrFGLqcDbJBhzhlo3cbHRm7a9m0zmUNt9kIqzgJuUFqGAVxckKs8S6EX7RXkQ0FYKUhV3NlcgfNSYCATS9DwA/3TiSpQpPyQYff9hi4AZXn1ent7a1MxmsWjv/3+vf0eP3+n5aS0ek58fAMr+OqTGMsEu657qQisr4hiTJQo6ynaID24IIJpVKGk4Foa4weFkuyDcpT4E7fPbNd58w2sdcaoClmBQgIZSeVQtf2ZCJ0LNBPkNyPfvPFhA4lBWam20fac43sK+tf8sFQZWT2lygPaLilTQuq6cHoQE5nR5vxc4q8JVSrgmifPNbLDF30g4BCMKjDoVXW5/Uj1qDJ3IFstgVoVcGS25C0jOk1eWzO8EQ5ZyOkaHNvb9duJ7e2tElBgl65SpYEJLBPjr32Gmg3+YnP5mnDw+8DQtMJstbPrb3B2od4TumvCWSIj7WlZORXSvAs7NCtkD4ZYBLBHVrPN8D4P5uvn2j/VDiZDZFFz8iNir3tB2HiiC3gAdHzyyr5tO0/6u2QOeQxCc6oZ6TM9ZayclqmnEg2CygGNmZosY8nlam2Zi8ASLSYFEeysMIPvZML8flV5H3+a1wkcmcGPZZt/GyOxNZAyjEZqmQVphV9UJShqlJauCdMsG3PBEnPyxlyx1CaBUEgItC6M4nZb5YMBv/UjwjOQ+/p6cxMfwScimQ3XI3KRzVx/3ckkk7d8jHEdXBk7R/HxJJ0RDVZrXdk0S5nSPksVmfI0BVUMzqMpS1PA/uLsWBWCJpZRft2qi/ZqsJb3x4FxvCo+OIfR54tFOHCqijtGFVy9blQ9Ed45R1cZM8dQq2RyPwnIcqtooxowI7/nNEUlJOhU7wydQg4UXY+tp5/dxmyCR/lIKtslOxeJ1dpruzgCNwB1DpLAZqlCAD5I7lrsMvc7drotfEba9YiDmevN0Ysd0w4oUFj3VYT6LMWklvoGbt7tZYkQ0hZdIVTpaDyzIyDL456nSreiquvBjlKy+wBXZe+IvExyfKnyfi9Seb9bEivt0vYswEPpbo0AF1dfjNFCR4s5GHRGeVoYwA3blKqFr0y1nFwCGp9BmLPBALsWm1kto1js19jF2fF6Gz0t10JOhesTXnEqoVBsO08liLdwawebpMEJUJ23cNwEHdViOQY++LplPsj7eeK+WInFBD98X+KbXLFsheEIn+zwDYp4CAG86tzE7vN8PzFwIVwHWG+x0xwJF6gUGwFB+zJHwQmPog0HbenYDfVGtPVY2r799kvbwc7wx4jeMPDyMAgPkVngLhI640xZtREmAbEioYs8FfAaT5ykcC5tKgiFRH1rVeIJEAjKsV24hVrSjagYMhWtdteH3a3RYyyzWUFaUHnHDELj5GCezkYFOTs+/GhIeIhMe+yHCrf74iXRLe6QgLRCBi5nOC1eL8mCZw7PJw75WWWbUYPxK1Uc+W2jI/jeFzWL8TDts0yTEy6UZlwsSxzg7i/GvTD7l2ZfJMHKmvzWLxl9fSbA3rbdVDOl2XhzklJtROjSXI5YrPAoCVcRJ1sWxCCB/8l57JNvD2tLOUA/mQwbkJaOpQHc/KPcFIQKKWZj/kfgJ0by+4+fFBvkqdmEV+aliCdXhgfxg0HwyquZsRQDXGealo9CkTRo7rliyfLsWmXUuMj2eEomdXcUqkgCXhjEOhc+FMhVCtrzkcysPSczksphcOGrGlKfKUjaZWmRyXRlKcu+3hCGZpiZCEWVS/Nit1rdqoLOq3+2rnmfCnpJkzEXrTZpZQyMOzG8NAMuUcXnm9N+/LWyU/D/lApegf0zVfEKAF+UvDvJ8ydW86pE+FoVvSoez1LVK4B8UfYeo+wVdHzG6l4B5IvCF1LjT6HyfQmNIIxtet6H/eLhMU+gCTg4v9VDvozfszy/yyB+/qPZzf9y6s49dR2JvtSB6uuKP9ezcnGZ9YiD1Ee//BnOSE2zIdN/SteBRf2Z+g0sdM9fj/gCTgNLm29VmViWAs9S3VgWiWfpK7AQvqgsj3EUWCI+Yy+BhfDZqj2f0UVgSfEN6z5hUNElHbpcmSC0iBTfLhBghGO4MCMBefJQL3fMMIackn4mp0Fmst+jFyM2s9kcaiSnxJwngkxZ36XbQu6HGYqLYRGQbhPtcw+qCwZfPCYoYWb4zyV07WzVteQfR1KweyyPlQBUkK5efIkOaMZLQD37TKeKSAz447LEH1Vc38k/eJrSzZ2oQ9ZwNf4HOfr4ya4M+XBOur3LLgY3vqOx+eK/1snhZJKyX1j/71xv7nZ2om7U3fHgrf39x4t3Z2185wcWX8t1V8pjs9uLOuSd7POUbXZ3Trrb+5bcm7udbdtgyRNdRQM65umqUks+nBMcn6y5mMiMJSOq2yRhfU5FmwwyxvoqaZMpF4mcqvUaAfHJGtzfRl7jByxlIYZWwXMKvQgTg33rjAxKYqEaW+MzZJ138jd6w6rUumaZYKsywGo44GwebKzEQafzdsh2tB11Nrrd3gYU2ORxFfpnbZo9eq1dwn+w0vMW97+qlHHmwOdaWTef3c8xE1qqNsn7udD5XXuYZlNe28MGsJWp/ApDxa/sPLYGAmj+VLOhzPgf+ISsIsmFln5xjYi2B1o/kzSBQnwsi40SD7KNMxXYAx/844qRgUxTOTUj2059RU4y5I2t+So/669JykV+2yZjGgNFBb8tUhssXesFHD6ck5nMX73KzPlPIYsBAuZtko5NqU250m2bcB9kRWCSvx9yIie5sYeSiHxMGVWMpEyTXEH+AOnPDKGEmYEKLLyJU50cnbcNVSeZnEjFCA+y6WiSQBfGegQ8oLmovixVtNrCUjU+X1R0dTtRt3qorhbUoGLXPUqWUQQCVfwmtYeoVcJ/Pjt8v4j6bZ5zijfNioxHaw7OyH6nF3V/J5oO19Q6plpNaHzNtC8ZpDBTgirCxRCKikC/CvwTxqdKyZjbunhmCOFSpMEOB0PdYO03JvVFee1keDi6Xo1+p7zHTPHIYN+ERcZimSVmOC6GqcVW0yEkZYF0yKEwAzSIdIs3wkIDBtDfN7jY+J0wEdOJyhFK1bZuhCbISCn7W88mPA6yw2xuAhRboT7NXTGhZEbWWDSMyD8Yu26TX3jG1Ihm1+uQw81vWDoj3kgDp1FGB1CzuEIJLgTL5q4qDkHwIYtcscCKrLmsCzuq/a2M//ocJO9GD/Gz4y6L5R3oobT7ixPn6czLXy68hDK4iwZeMYyO/YKYI4emwyHIAjvkh75r6BUwt+PeKORyewo08J973A7peTt0E0HVFL8rbCUv51xKuIozBs6s6g6zYwIEwXjz1mXAMzalaaraJAPmV230gdCE9GlKRcwytYQVvDLHKSB0eoxGhWGJohK0p35dXi965qzQSP4wsXUxAQNwMi2Dg8y14sk9Nca91M9TwTLa575mqxP/tR/mnwPmGCgNtEC+F22YmtSSv1xz5sINtVCyFSpwKy2IAM2Z5MApBEaeZ/GIa4adrQARXaMLheAfVWS7XoAiaEuROO15w+/vtUF4g3EMlq6Z6/zT+cm6+QNbDqTwoB+0eMHVLZQZeWv37XopT7Po//x7TtOZGuY0SyL8G+pp/z5l/RFLJ5sDeQkVddJNo++lLBkyM/RmCcFLpzszFY30+J//CQN5wMrEKJ7913pjtRRXPcpl4tXVxFf/bDm8lrhvjVNzWLgU6hVxCbRRKE3kS5KWqKBimRWaZWlxCn9OWOQF2mpAl+74RqnNelnZn88XroEdQPxsDegaVYMvmkkKm8+eWcof4TSF0zCcrentOdsjvmHRmOuMYX90I8M2B/R3YPP0u/iGXULi6WUAnLqMM2YMpn8eQXF2P20oWznDs/jkdiKVkRxHP5+EGP6rtr6nwlhHH84JdnAhvajbi3bbYVmTMjmslffTx6MlWmIz6HOw6g3ipGhwdwSaD15xcnXH0tQ3R9MSNeyOk0VJsDLNxGDuMLaiYe30eN0l2dvmFaXiFE2HJcFc54ichunJJC9fx9kJ7KDu7rhO1+rpsSjrT0dUX3J1abYAT9Ytr1d5vDD5q7x+evyvhjXawK5AnU5niZb/UGFnZbW+D0nGsOzYfAFT0p+ttMGypWOu+RDNH08Ltxie+5PKulQJ07wi8ZBv9Lkw34LnNx7yv5k/vvd03O12lyCjYbzLlTK/tSJlRlRMRTOrNvaJ6na6+9EyTGHGFyyLbphI5KqqpF/YoinzDngAgSAINbQumKD9dPGWQLHMWNQvmsnchcwglVQ3qrDnZhisnJBRMbS3pJ2oYzTubifq2Pon5k/SZ+6mYSyVJordsCysvffGqJjKjiiN9Wk0NqWYUmO4lgWpPUkl144oY6YzHiuyRrWm8TW5gUCcwqOJZe9uuZ61ySTjNzxlQ2YrCNvoC80yLKO83iZ8PKGxLkYNYynMGH5c89owg2HNUDYqCmCybVKhePMcJaBB/XKqOrDuRiLj3KC8XtNUd6Kd5ZaYiRueSWFGW+jW8zOt9UkI1n2LTsWM+KKOwCV2hdrkISsEd/c8Y2Z89QyWSLPxRGbPaXUuLET3LQxcE46pzpHQhqQJDwpKtUvntVur+On2xYIUXq2vHAz5964LScnjUZjOa+9/Pl4vDnuovqWh3bOnESwD8CcV11wMwUXdOpPTVpu03rGE5+MWcnPrRz4ctWAJjJlGbnpmUb349CMCJ6iqAxLi/Iq5NExVjLUVdWwVpxn4EBM24KJc2NaMUDxcWqOAi+AJroicCpag9kIFHaLv6e3pT+cX0YdsiI1nyBp8YYQn+XS+gR3xhRQbk0wOeGBqBS1f2mQ6kkYYcOXqVWtJRiydgNwHj7piMTCn0WxBThjtayJFcK+qGR0rQuNMKlScpzJLkzksKm6SSHClo6G8AZ/FhhVFwK51YYCXI4uxql2SFWoXftUbNQyof2SoB4LCHYIU+qdBc/LU02yScZlxbReCZGxIM4gjCETAwyhYU+LNNLGf+h4/5O1O5yB0P0K3maNKu/Q7b6K4MlpAiocD3sGgJWI2lnNIms1yW+lpr0p9K0NPJcdOGOmMpHI4tJ0YyMXZOTHCFG9yEj7kcBK6LndF6zpPERbn2uh4pM8FzbjRY843352+OynPJmyUel8m8AwcoDSdKSg3DMXQHZQSPPrXfs/+4iqmh43DMHxVYVcI83YbamD7e16I+LsyP0BHoasIhrEjjqgaMeX47fjkpw0mzKlRblFvxIyPLLel/c2bV9AyBQrQl65X+qy4Rvb3fnhvhYCYlyM1or2d3at1j97JjV1Uqotw2bDZbM297O6Oios11S6D4kiBfY2QHmG9RuuANqttXVnkSqcqCnowXdkWDXZE+DlOORPaEnTxWxCawkY1xwpkGqwq7tM3rLJN5YJ5bd3HtfPD9+sRRuqZeRS5odnMSP64sh1BPXB9NFFRCNYEXDt9aIRptiFEY+LKFQ0pDJcfvz8nIcaErJmhpjxNYpolyqrlpQQOVm+b+eqvQfXrhbUM36X/C7Rp9F0aH9bIvKFf/fJ96j3+X6J1o6qitnjvRgv3c2jXuNzqYbdG343RqFBt8uHT95Xe7NCf8Y6V9nvloSv+bNo0vjNMYaTCz5xNl0TiS3dmfNjGPRXxI/B8Bg0al0O7wtlLov6NNnIUUl9CS5cF0Hlw/30hoQsByxbpwd/rbHT2oAf/1uvuzuutg+V68BuE8D5qlRiBj2ERbLoHG519wKb7ervzurezHDZBr/VVN84+9F3kXcgPXunrWuP5KpZLtKYO8IH2/Su0VGF8xMUGqrA0NQ/E9qeg23zQDzywwMiCzfWNLTrZ6S18FRAQgdlW/wvQYV4T/RM7RNHhgWVQaru8aBjOsBhCuzs7W3veDE3YbfUefHEEFf9jkUWehxy4HPgf/kIjWDM1obExuEif67oW3uts7y/uNsk4TVfbv9amJuJU7g4UjhbPns2nGLhAQNAozUQc+qcH9mYaSpPDyk5GVGDr2TbhOojiRqtUW8+BBGMoNQoEXGNMJhjc7YcuOuHVCLuz8/bNm4OjveOTN287B/udg+Nu7+jocPHm9M49sXKBdlpOVC51MndAhDv/FwZBjuMxg6udsLg6Hr3OnUJ+kOSMiiE5gkb+JOX9jGaziJwz5m9Gh1yP8j5ELg1lSsVwcyg3+6nsbw5lN+pub6os3oxhgE1jo8P/oqH87mxra2/jbGun3mvHqN87uxtLiNtvvvv/19rx/6XL/yNW+9mYjA/r7P9NdvP/Rjr4f9td+7+aTv0bZubXpM/gqpqKeCQz/LgRuwhGez/zBp8pgfDvMPaR6yhkzyTzur9vcFcFcLOZpraZI7iZDaiNnnFIXhpJpQNBjXSiKffNGidUj9zDwYMNAJp/jtkkYzHcQmzATUDxIly7wCdezmOiwiVSleAz+EWaj9kfLo9+PngYx155eMyHGGf5mugsZ+XRkSKlYSVsFvsVfrhs4ps5qPv1gTAauNof5hksCk7WhN8CpDcrFD53J1ow6EPX9M6RDXGNus9UxIXSgbP0XhqB+wHfJe5dwhO3LeJU5kmxA47MRxcXkJEx0zShmjZvinf2VwzuiEuvQgBhYY/QJLmEBy7dkObJmCmFwWPhHilhDi9FfEyHQTXYogLJmG/Qfpx0e1uN8qNgkFMzAjk99uGJCK6jiGWP78ihWSl4SKZJyKgOIAN/hFA5XO9Z6saH71zuYA4HYBG6ePc0HiH//NIzLcC9lbkWZeNgtjGNR1ywyyAb+u7J7Ath+vSic4XRVpcLCLS731p01kkmQYotuHD28eXXLWPDQuu7e47So43jO7GQyPgaeNXKhWP3uWF74W+gd5jzMU0ZtI8GoYC/mR2uRjLTlyiZC33CHcc434aXCXOOTQ8WabiBLr9SEiJ4OkClKv9jE7ECgjW/0ki0OVMZibP8bCDpgg215KyVNxeb9OHT2Yag5Dty8eH4w2vyo5wa9WJMJ1gN4G81WEoHPbn7sCfz5TnxMh1BiBznmvO34Nsf8VPDIKdiIENutccCtLl0siZgUPN9I3vac+Pk6DzMLHa9GFXEYhXNxmlkn8PUOJqhT1VIsVG8WalmK30DxvmcPn9pSvXb3BB9KVNGxYLkHRQUgQScYtnr80oV9XOe1qesr6g/vVvd/eNu56C1GDgfzgnMEMbFNAMSy4Q17oO7YFE6YzoeLQ6MmwULUYqZ58DrvM8ywTSEAlg+/Hv4XcO4xe9e5yorUMWgJOTCu6Vq8dK9krUE9N08V6X4RCbNYmepzRxQYCLRrVRfXDNV3iDDHzrTR5mQT6fH9YnAZJ7Q+OmQKkasTyaTmsh/5GSuYNKcySpGyuMndAM25XSbGf/v//4/ylZIqoNkJfhfH31WBD9fjulkwsXQPtv664IbO8DJnm1jOqmDDIUr0Qf27OAOYGsG3pYAjBRLIUHl+aFwbosUegibEcnYJOUxVeUKm+TR3FyMO2cTJWySytm4YsI/fuJi3DkTg3NvkKdPjnIw8Jyp79ExHzqxH/beaZsV6sfPi+Paw9uek8XJ/dF/0TCu/bE4s73DoOmMLcYmSx2w7HZRld7OEBXR2Xeo9Rbj32QqrzndoLmWCVeQXFOg/x/4Kzm2v8xI+BwJvBr3Oogahgo1HAuHH3Ke69Q+F6EHrZxLs4TH0LmW7fW5HHgAgsJSzXPyuxzbc6Y7ofHIllQd0VJCsw0Msu3AGdejgq4JSXKso6BppvOJu2PDgThUbh5jLrX3eUK8+IRmdMy0QSyz+VWwbkyDuYNdo+EL87FtE3YBNMjKoCk0RFcYNXH6EZ+w7EV40oZQeki4KoEE6RlaAWWaSWgjzSeZTPJYL09ICMfxe9cOY1Rwj9td0z6YXUrTvlK+VtpaMPP6PVMHybpLzozv+htWj37AC4pkuYBKdVw0w5Fn6cNm//TTGRkZw35kzECYznIrQHIX0eM8q1wDlU3QObP+MmKwDQr8plR5FrfmOs31iAnt65BkREjtrbBUDgspdiaHkCuC2evivkue1D2eclG+wymhmcphhLnzkQ3hv4O+NsvzrlKZBf7nmJFvR0XxWcQPGvDwjmkK6jZNyCZRkAWZyXFUB1IOBoqV91oQJLUUZBeQZ5OabW/GtGklVuE35EJRpQitXikZA5uOn4pCZkVxRCwRZqgA4bt+b6RyqNqOUV8pnchcvzJcYv5mWfaqDB4Xk1yH3uUCHDgt76UKDIAJIpX1KtbKRUEmUVgRiCvIKbK5kBiCZePpyjX4MRUJC3vKicuv0n5yZavtWTnxlqcMLipx48C6VRdlpgyDDGhcKlj1eBaxAxJ2qyH6KwmKjGO23qwZFPfrk4HiBnRUwXlc9a0mEFxe4iVYgE/FsQaWUT6myKtwNekmuntRVg6Gm6gChlMmJ5kcZk+3c6t1JezwDWJrkNKhum8wv4tiJ70hFdC8Wqn3Xxp/pPUkcsm3kT0WLlMmhnpUwrThTrj0al8ms6g/Kxxnd97bVFoD3G8FFG5Nj3P9lfmmQ7XJT30FS+BBNiZruBlfWFfwMscOhemNXu6hDtG0IG7qsUzydLGQg9Kjd5LdsPolXKJrOp4sNLitcrXI6HgrFVGtsycNagjHLdjbuqUgfbAoW0FuaMbNblZkmnGtmTB2FY7wSpH/OP/wHtYGkn7NQZlkPKiz6Gr2BVcYkN1YxLZMbTIuZuEHqpgrt1wa1x5P1bALHo8nURDuuAQxTo/efQSfe9OQtVvkxYdES6U85PDhQ/5QDFkak/6RVxq+LGT5G1Yc5f25u7f4/g6vR9ifwo0Y1eYqKYmk6ei9Zxqz/XGQ+uBM/J6znOEmrM2RhMm3987hxoKomPpUxm6F4hKXDRcFy2HjhyJFPk7JM6XyMcsuy6L4QUtkzUsYr9xJKnTb/p4zCNAIQ+4eipsbzRemKvPrNR1c06X5VcsJjx9Hib+bie1A89f2EcjjBMXSWmo+/X7AiaydJG2CxZgpRYcNfs5rNnsKwl2zWRu7fBn9BJtpoF2Bv1vrQstAdM+FqZ/K+Lp2bpIH7FtLCyiCshbL8QQS3pN1nIIUU9RgGDGasEzV5obaqYtNfmgrrZpFQEBwUFvfXhWFGS0l2o4yQZcJ/Kf1b9ds9u+vyb8BHf+9Ff3l/wUAAP//C1WquA==" } diff --git a/filebeat/module/apache/access/config/access.yml b/filebeat/module/apache/access/config/access.yml index 6fcf0ab7a1f..2db4213af7b 100644 --- a/filebeat/module/apache/access/config/access.yml +++ b/filebeat/module/apache/access/config/access.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/apache/error/config/error.yml b/filebeat/module/apache/error/config/error.yml index cb319d01efe..2bd2a117d1c 100644 --- a/filebeat/module/apache/error/config/error.yml +++ b/filebeat/module/apache/error/config/error.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/auditd/_meta/fields.yml b/filebeat/module/auditd/_meta/fields.yml index e84497723a8..3f338418286 100644 --- a/filebeat/module/auditd/_meta/fields.yml +++ b/filebeat/module/auditd/_meta/fields.yml @@ -36,26 +36,6 @@ description: > Name of the group. - - name: effective - type: group - description: Effective user information. - fields: - - name: id - type: keyword - description: Effective user ID. - - name: name - type: keyword - description: Effective user name. - - name: group - type: group - description: Effective group information. - fields: - - name: id - type: keyword - description: Effective group ID. - - name: name - type: keyword - description: Effective group name. - name: filesystem type: group diff --git a/filebeat/module/auditd/fields.go b/filebeat/module/auditd/fields.go index ab6f0d1ad93..e9daa6a4a4b 100644 --- a/filebeat/module/auditd/fields.go +++ b/filebeat/module/auditd/fields.go @@ -32,5 +32,5 @@ func init() { // AssetAuditd returns asset data. // This is the base64 encoded gzipped contents of module/auditd. func AssetAuditd() string { - return "eJzsWk+P27YTve+nGOR3+fUQNaceXKBAgTRAgDQF2vTQ04ImRzKxFEchR/aqn74gJfmPTNkW10Eu68MCK5vz3hs+kjO038ITdisQrdKsHgBYs8EVvPk1PnjzAKDQS6cb1mRX8MsDAMDvpFqDUJKDRjivbTUEAEOVLx4A/IYcP0qypa5WwK7FB4BSo1F+9RBjvAUralxB69HFBwDcNbiCylHbDE9ORhyPYnS1tsLs3xhHP2G3I6eOnif4j68vQxQgB8wdKNxqiUAWdhstN8AbjPxAe2jQlRQ+XsXHtPbotqhASNZbzV1xTjLm5Izhsb5jjcfExghanTyeF3lFaHj9YTHorFvDujEIrdVfWwSt0LIuNToPVO4lF0k+4e8CRvgs6ibYSZg1Ol7G969goYgYaBuqtD0lmGQYs1vcM29/T/MUfR9oRKzglvCP7zxj/WNjBAefpPPXs1uYxSv8wutzzFJ5YJVwI5YlBq/iVUeeAP42DhtWgg3qRHivuGjiGQvPC72E+vF9kQh9lse84CFMKvw0LXPpmo3e+2MmY99q4U/hT1OXvZQvYvQZPHNcqQ32y+J1E/xWm2CK4OseOLcH0s7uqw14NeOrGb+nGb3Yono146sZv5cZT/oUNduEzSB8iMaE0lEdI086QEh4dwQ0VC0rQk91TZE/ads+9/ghdAGfiUEYM+CDcAiKZFujZVSwQYewRilaPykfN9j1H+6sqLUEYRVshetg3Q3hcYuWI+PL1e/RkWPUo2jPLHdl2j7sPR0RPfBG+9CGxt7TqIHOx/fB7GrvuVjPNk6Hf+ksaIwRo84sX9zdm6rF3Z5qAV9GmwTiUlhYY88/RdYJiVC23DrcR6aDyvAIdDS1dsP64w7kRtgKPfzf6KfpMoIw6xRbeEfEP6SzECbMo7/zfHn0XpP9BjN2X65hwg5cC/jIk4kC1gjiLGjUwTSZsHV3HCwpwePXFq1Mb3mGbLVM3MFi/VIdw4Nt6/XcsaAZ64VJDDh9yLCzxgCgLYghqfM4y2HCqH6LAW2VloLRDxdU8S1qedzdmViYKa8iEVX78VPaw7/o6O1aeFQ/g4CtMG08Lt5BjcJ60Dyao9TOcwya1sfcLTq5Sm31rPIv/0A7XMgd38O51tqwghtHlRO1h2lbvT/V3i1PdS9QuCqeFeN+0x/eIIUxM1BKuaRw3SzS/CfWxBjDoQ8pF3yiXZK1ofG2VTz80mRcQ2e11IXVdAOfJlZaF9aPuVcCPpEM/kXekXsa8zCDeT+ZPWpSZXq6pUwjC6PFdB9pBG/6W+5UZVfryome13BJfg7XzNSr82iNIxkSdz7yJrwXAOYhurMj7Bpgv8lSy5KycupQklOPASYLWcgAkAFcIZ2tiblrxXRheRxNkmVt0fJjwluX1RwUeWqdxKJCKq7GuyTxlFhr2XWP2tOjJHUXalcj3krOkBSJ6csgdSHSrWQcVprsnebvcrCbJ09zdy9DXQi1MEP3s9L1gHPUTj76v7ERXaOhHexCW2mJ+8MGQ7EGPxXPsG65f8+zNgbWGKsXalojGNVMQeHkZuG+tCHPRRinGWWowXM2p8UbfzzXZm5VbkE87zZvQszCEpnyYjvxEpGJnnoBcBZk6TPFHr6zeYni0mdKPoLPAsZM2fsvR1+iGjNFH8CzYHOnOt4/v0Rv7iT3wFmQlKk1fvHzEq2UqbUHzoKUVE9vC26twzM7DXxeWg2PgPiMsmWxNjmwiR/z3JzfmbG3wNZ+2iZeQ6zRe1HlSPROLsQa6pWhB86AVH5pk6rQs7b9LxVuw/0vAAD//zgi5vg=" + return "eJzsWk+P27YTvftTDPK7/HqImlMPLlCgQBEgQJoC7fbQ04ImRzKxFEchh/aqn74gJfmvZFtcB7nYhwAri/Pem3kkh3Tewwu2SxBBaVYLANZscAnvfk0P3i0AFHrpdMOa7BJ+WQAA/E4qGISSHDTCeW2rPgAYqnyxAPBrcvwsyZa6WgK7gAuAUqNRfrlIMd6DFTUuIXh06QEAtw0uoXIUmv7J0YjDUYyu1laY3RfD6Bdst+TUwfMR/sPnqY8C5IC5BYUbLRHIwnat5Rp4jYkfaA8NupLi61V6TCuPboMKhGS90dwW5yRTTs4YHuo71HhIbIig1dHjaZFXhMbPHxajzjoY1o1BCFZ/DQhaoWVdanQeqNxJLkb5xH9nMMJXUTfRTsKs0PE8vn9FCyXESNtQpe0xwVGGKbvFPfP292meku8jjYQV3RL/8K1nrH9sjODok/H8dexmZvEKv/j5krJU7lkVi3M7ltpgx/LhyW/lyTGCD0sOljzFpq3dLf7wMOPDjN/TjF5sUD3M+DDj9zLjUduoJnviCYSPyZhQOqpT5JOGHEa8OwAaqq76/oKuU+TP2obXDj+GLuALMQhjenwQDkGRDDVaRgVrdAgrlCL440TzGtvu5daKWksQVsFGuBZWbR8eN2g5MS5unKNk1LMIZ5a7UraPO08nRA+81j6eCtJRwKiezqffotnVznPp7NA4Hf+ks6ApRoo6MX1xe2+qFrc7qgU8DTaJxKWwsMKO/xhZJyRCGTg43EWmvcr4CHQytXb9/OMW5FrYCj383+iX02kEseqUTlSOiH8Yz0IsmEd/53p59F6T/QYVuy/XWLA91wI+8UmhgDWCOAuadDCdFGzVHgYbleDxa0Arx5c8Q7aaJ25vsW6qDuHBhno1tS1oxnpmEiNOFzKurCkAaAuiT+o0znyYOKpbYkBbpaVg9P19QfqKAg+rOxMLc8qrGImq/fCW9vAvOnq/Eh7VzyBgI0xI28UHqFFYD5oHc5TaeU5Bx/Uxt7N2rlJbPan86R8I/f3I4bWIC9bGGdw4qpyoPdDE3BAf5qe6EyhclfaKYb3pNm+QwpgJKKXcqHDdzNL8J9bEmMKhjykXfKRdkrUoOcqPm984GdfQWS91YTbdwKdJndaF+WPulYDPJKN/kbfkXoY8TGDeT2aHOqpyvNxSjiMLo8XpOtIIXneXjmOdXa0rJzpe/Z3lOVwz0a9OozWOZEzc+cib8N4AmIfozrawa4DdIkuBJWXl1KEkp54jTBaykBEgA7hCOpsT4w0wTDSWh9EkWdYWLT+PeOuymr0iT8FJLCqk4mq8SxKPiQXLrn3Wnp4lqbtQuxrxVnKGpBgpXwapC5FuJeOw0mTvVL/LwW4unub2Xoa6EGpmhu5npesBp6gdvfq/4SC6QkNb2MZjpSXuNhuMzRr8VLzCKnD3nWdtDKwwdS/UBCMY1URD4eR65rq0Js9FHKcZZezBcxan2Qt/2tcmblVuQTw/bd6EmIUlMuWl48RbRI6cqWcAZ0GWPlPs/jebtygufabkA/gsYMyUjWUZG+sNvkU1Zoreg2fB5pY63T+/RW9ukTvgLEjK1Jp++HmLVsrU2gFnQUqqT28Lbu3DM08a+Dq3Gx4A8RVlYLEyObAj/7fi5vxOjL0Ftvanx8RriDV6L6ocid7JmVh9v9KfgTMglZ97SFXoWdsU90bc/wIAAP//+a0+9A==" } diff --git a/filebeat/module/auditd/log/config/log.yml b/filebeat/module/auditd/log/config/log.yml index 6fcf0ab7a1f..2db4213af7b 100644 --- a/filebeat/module/auditd/log/config/log.yml +++ b/filebeat/module/auditd/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/auditd/log/ingest/gen-ecs-mappings.py b/filebeat/module/auditd/log/ingest/gen-ecs-mappings.py new file mode 100644 index 00000000000..55dba388085 --- /dev/null +++ b/filebeat/module/auditd/log/ingest/gen-ecs-mappings.py @@ -0,0 +1,176 @@ +#!/usr/bin/env python3 + +# This script generates auditd to ECS mappings from github.com/elastic/go-libaudit +# +# Usage: ./gen-ecs-mappings.py ~/go/src/github.com/elastic/go-libaudit +# +# It will output to stdout the `params` section for the script processor in the ingest pipeline. +import copy +import os +import sys +import yaml +from collections import defaultdict +from shlex import quote +from subprocess import check_call, call, check_output + + +def extract_object(name: str, source: dict) -> dict: + r = {} + for k, v in source.items(): + if k == 'primary' or k == 'secondary': + r[name + '.' + k] = v + elif k == 'what' or k == 'path_index' or k == 'how': + pass + else: + raise Exception('Unexpected object key: ' + k) + return r + + +def map_object(instance: dict, context: str, mappings: dict): + for k, v in instance.items(): + if k not in mappings: + raise Exception('Unexpected key "{}" while parsing {}'.format(k, context)) + mappings[k](k, v) + + +def convert_mappings(m: dict) -> dict: + event = {} + objects = { + # Default values for subject (actor), may be overridden. + 'subject.primary': ['auid'], + 'subject.secondary': ['uid'], + } + extra = {} # TODO: Unused (sets client.ip) + mappings = [] + has_fields = [] + + def store_condition(k: str, v: list): + nonlocal has_fields + has_fields = v + + def store_event(k: str, v: list): + if not isinstance(v, list): + v = [v] + event[k] = v + + def ignore(k, v): + pass + + def make_store_field(name: str): + def store(k: str, v: any): + extra[name] = v + return store + + def store_ecs(k: str, v: dict): + def store_mappings(k: str, v: list): + if not isinstance(v, list): + raise Exception('ecs.mappings must be a list, not ' + repr(v)) + nonlocal mappings + mappings = v + + map_object(v, 'ecs', { + 'type': store_event, + 'category': store_event, + 'mappings': store_mappings, + }) + + def store_entity(basek: str, basev: dict): + def save(k: str, v: any): + if not isinstance(v, list): + v = [v] + objects[basek + '.' + k] = v + + map_object(basev, basek, { + **dict.fromkeys(['primary', 'secondary'], save), + **dict.fromkeys(['what', 'path_index'], ignore) + }) + + map_object(m, 'mapping', { + 'action': store_event, + 'ecs': store_ecs, + 'source_ip': make_store_field('source.ip'), + 'has_fields': store_condition, + **dict.fromkeys(['object', 'subject'], store_entity), + **dict.fromkeys(['syscalls', 'record_types', 'how', 'description'], ignore), + }) + d = { + 'event': event, + } + + if len(mappings) > 0: + d['copy'] = [] + for mp in mappings: + ref = mp['from'] + if ref in objects: + source = objects[ref] + else: + parts = ref.split('.') + if len(parts) != 2: + raise Exception("Don't know how to apply ecs mapping for {}".format(ref)) + if parts[0] == 'uid' or parts[0] == 'data': + source = [parts[1]] + else: + raise Exception("Don't know how to apply ecs mapping for {}".format(ref)) + d['copy'].append({ + 'from': source, + 'to': mp['to'] + }) + + if len(has_fields) > 0: + d['has_fields'] = has_fields + return d + + +class DefaultDict(defaultdict): + def __init__(self, factory): + super(DefaultDict, self).__init__(factory) + + def append(self, keys, obj): + if isinstance(keys, str): + keys = [keys] + for key in keys: + self[key].append(copy.deepcopy(obj)) + + +if __name__ == '__main__': + if len(sys.argv) != 2: + print('Usage: {} '.format(sys.argv[0])) + sys.exit(1) + repo_path = sys.argv[1] + if not os.path.isdir(repo_path): + raise Exception('Path to go-libaudit is not a directory: ' + repo_path) + git_path = repo_path + "/.git" + if not os.path.isdir(git_path): + raise Exception('go-libaudit directory doesn\'t contain a git repository: ' + git_path) + norms_path = repo_path + "/aucoalesce/normalizations.yaml" + if not os.path.isfile(norms_path): + raise Exception('go-libaudit repository doesn\'t contain the normalizations file: ' + norms_path) + revision = check_output('git --work-tree={} --git-dir={} describe --tags'.format(quote(repo_path), + quote(git_path)), shell=True).decode('utf8').strip() + with open(norms_path, 'r') as f: + norms = yaml.full_load(f) + types = DefaultDict(list) + syscalls = DefaultDict(list) + for entry in norms['normalizations']: + proto = convert_mappings(entry) + # TODO: Correctly check for emptyness (condition field?) + if len(proto) == 0: + continue + if 'syscalls' in entry: + syscalls.append(entry['syscalls'], proto) + + if 'record_types' in entry: + types.append(entry['record_types'], proto) + +if 'SYSCALL' in types: + raise Exception('SYSCALL cannot be specified in record_types') + +print('# Auditd record type to ECS mappings') +print('# AUTOGENERATED FROM go-libaudit {}, DO NOT EDIT'.format(revision)) +yaml.safe_dump({ + 'params': { + 'types': dict(types), + 'syscalls': dict(syscalls), + } +}, sys.stdout) +print('# END OF AUTOGENERATED') diff --git a/filebeat/module/auditd/log/ingest/pipeline.yml b/filebeat/module/auditd/log/ingest/pipeline.yml index 13f91a4b38b..826761837d5 100644 --- a/filebeat/module/auditd/log/ingest/pipeline.yml +++ b/filebeat/module/auditd/log/ingest/pipeline.yml @@ -27,18 +27,13 @@ processors: target_field: auditd.log - kv: field: auditd.log.sub_kv - field_split: "\\s+" + field_split: "\\s+(?=[^\\s]+=)" value_split: "=" target_field: auditd.log ignore_missing: true -- remove: - field: auditd.log.kv - ignore_failure: true -- remove: - field: auditd.log.sub_kv - ignore_failure: true -- remove: +- rename: field: message + target_field: event.original ignore_failure: true - date: field: auditd.log.epoch @@ -46,9 +41,6 @@ processors: formats: - UNIX ignore_failure: true -- remove: - field: auditd.log.epoch - ignore_failure: true - rename: ignore_failure: true field: auditd.log.old-auid @@ -179,83 +171,1743 @@ processors: - script: lang: painless ignore_failure: true + # Auditd record type to ECS mappings + # AUTOGENERATED FROM go-libaudit v2.2.0, DO NOT EDIT params: - CONFIG_CHANGE: - category: - - configuration - type: - - change - DAEMON_CONFIG: - category: - - configuration - type: - - change - DAEMON_RECONFIG: - category: - - configuration - type: - - info - USYS_CONFIG: - category: - - configuration - type: - - change - NETFILTER_CFG: - category: - - configuration - type: - - change - FEATURE_CHANGE: - category: - - configuration - type: - - change - MAC_CONFIG_CHANGE: - category: - - configuration - type: - - change - MAC_POLICY_LOAD: - category: - - configuration - type: - - access - MAC_STATUS: - category: - - configuration - type: - - change - USER_MAC_CONFIG_CHANGE: - category: - - configuration - type: - - change - USER_MAC_POLICY_LOAD: - category: - - configuration - type: - - access - USER_AUTH: - category: - - authentication - type: - - info - KERN_MODULE: - category: - - driver - type: - - info - SOFTWARE_UPDATE: - category: - - package - type: - - info + syscalls: + '*': + - event: + category: + - process + type: + - info + accept: + - event: + action: + - accepted-connection-from + category: + - network + type: + - connection + - start + accept4: + - event: + action: + - accepted-connection-from + category: + - network + type: + - connection + - start + access: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + adjtimex: + - event: + action: + - changed-system-time + category: + - host + type: + - change + bind: + - event: + action: + - bound-socket + category: + - network + type: + - start + brk: + - event: + action: + - allocated-memory + category: + - process + type: + - info + chmod: + - event: + action: + - changed-file-permissions-of + category: + - file + type: + - change + chown: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + clock_settime: + - event: + action: + - changed-system-time + category: + - host + type: + - change + connect: + - event: + action: + - connected-to + category: + - network + type: + - connection + - start + creat: + - event: + action: + - opened-file + category: + - file + type: + - creation + delete_module: + - event: + action: + - unloaded-kernel-module + category: + - driver + type: + - end + execve: + - event: + action: + - executed + category: + - process + type: + - start + execveat: + - event: + action: + - executed + category: + - process + type: + - start + faccessat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + fallocate: + - event: + action: + - opened-file + category: + - file + type: + - change + fchmod: + - event: + action: + - changed-file-permissions-of + category: + - file + type: + - change + fchmodat: + - event: + action: + - changed-file-permissions-of + category: + - file + type: + - change + fchown: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + fchownat: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + fgetxattr: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + finit_module: + - event: + action: + - loaded-kernel-module + category: + - driver + type: + - start + fremovexattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + fsetxattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + fstat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + fstatat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + fstatfs: + - event: + action: + - checked-filesystem-metadata-of + category: + - file + type: + - info + ftruncate: + - event: + action: + - opened-file + category: + - file + type: + - change + futimens: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + futimesat: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + getxattr: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + init_module: + - event: + action: + - loaded-kernel-module + category: + - driver + type: + - start + kill: + - event: + action: + - killed-pid + category: + - process + type: + - end + lchown: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + lgetxattr: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + listen: + - event: + action: + - listen-for-connections + category: + - network + type: + - start + lremovexattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + lsetxattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + lstat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + mkdir: + - event: + action: + - created-directory + category: + - file + type: + - creation + mkdirat: + - event: + action: + - created-directory + category: + - file + type: + - creation + mknod: + - event: + action: + - make-device + category: + - file + type: + - creation + mknodat: + - event: + action: + - make-device + category: + - file + type: + - creation + mmap: + - event: + action: + - allocated-memory + category: + - process + type: + - info + mmap2: + - event: + action: + - allocated-memory + category: + - process + type: + - info + mount: + - event: + action: + - mounted + category: + - file + type: + - creation + newfstatat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + open: + - event: + action: + - opened-file + category: + - file + type: + - info + openat: + - event: + action: + - opened-file + category: + - file + type: + - info + read: + - event: + action: + - read-file + category: + - file + type: + - info + readlink: + - event: + action: + - opened-file + category: + - file + type: + - info + readlinkat: + - event: + action: + - opened-file + category: + - file + type: + - info + recv: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + recvfrom: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + recvmmsg: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + recvmsg: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + removexattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + rename: + - event: + action: + - renamed + category: + - file + type: + - change + renameat: + - event: + action: + - renamed + category: + - file + type: + - change + renameat2: + - event: + action: + - renamed + category: + - file + type: + - change + rmdir: + - event: + action: + - deleted + category: + - file + type: + - deletion + sched_setattr: + - event: + action: + - adjusted-scheduling-policy-of + category: + - process + type: + - change + sched_setparam: + - event: + action: + - adjusted-scheduling-policy-of + category: + - process + type: + - change + sched_setscheduler: + - event: + action: + - adjusted-scheduling-policy-of + category: + - process + type: + - change + send: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + sendmmsg: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + sendmsg: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + sendto: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + setdomainname: + - event: + action: + - changed-system-name + category: + - host + type: + - change + setegid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + seteuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setfsgid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setfsuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setgid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + sethostname: + - event: + action: + - changed-system-name + category: + - host + type: + - change + setregid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setresgid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setresuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setreuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + settimeofday: + - event: + action: + - changed-system-time + category: + - host + type: + - change + setuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setxattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + stat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + stat64: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + statfs: + - event: + action: + - checked-filesystem-metadata-of + category: + - file + type: + - info + stime: + - event: + action: + - changed-system-time + category: + - host + type: + - change + symlink: + - event: + action: + - symlinked + category: + - file + type: + - creation + symlinkat: + - event: + action: + - symlinked + category: + - file + type: + - creation + tgkill: + - event: + action: + - killed-pid + category: + - process + type: + - end + tkill: + - event: + action: + - killed-pid + category: + - process + type: + - end + truncate: + - event: + action: + - opened-file + category: + - file + type: + - change + umount: + - event: + action: + - unmounted + category: + - file + type: + - deletion + umount2: + - event: + action: + - unmounted + category: + - file + type: + - deletion + unlink: + - event: + action: + - deleted + category: + - file + type: + - deletion + unlinkat: + - event: + action: + - deleted + category: + - file + type: + - deletion + utime: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + utimensat: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + utimes: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + write: + - event: + action: + - wrote-to-file + category: + - file + type: + - change + types: + ACCT_LOCK: + - event: + action: + - locked-account + category: + - iam + type: + - user + - info + ACCT_UNLOCK: + - event: + action: + - unlocked-account + category: + - iam + type: + - user + - info + ADD_GROUP: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: group + event: + action: + - added-group-account-to + category: + - iam + type: + - group + - creation + ADD_USER: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: user.target + event: + action: + - added-user-account + category: + - iam + type: + - user + - creation + ANOM_ABEND: + - event: + action: + - crashed-program + category: + - process + type: + - end + ANOM_EXEC: + - event: + action: + - attempted-execution-of-forbidden-program + category: + - process + type: + - start + ANOM_LINK: + - event: + action: + - used-suspicious-link + ANOM_LOGIN_FAILURES: + - event: + action: + - failed-log-in-too-many-times-to + ANOM_LOGIN_LOCATION: + - event: + action: + - attempted-log-in-from-unusual-place-to + ANOM_LOGIN_SESSIONS: + - event: + action: + - opened-too-many-sessions-to + ANOM_LOGIN_TIME: + - event: + action: + - attempted-log-in-during-unusual-hour-to + ANOM_PROMISCUOUS: + - event: + action: + - changed-promiscuous-mode-on-device + ANOM_RBAC_INTEGRITY_FAIL: + - event: + action: + - tested-file-system-integrity-of + AVC: + - event: + action: + - violated-selinux-policy + has_fields: + - seresult + - event: + action: + - violated-apparmor-policy + has_fields: + - apparmor + CHGRP_ID: + - event: + action: + - changed-group + category: + - process + type: + - change + CHUSER_ID: + - event: + action: + - changed-user-id + category: + - process + type: + - change + CONFIG_CHANGE: + - event: + action: + - changed-audit-configuration + category: + - process + - configuration + type: + - change + CRED_ACQ: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - acquired-credentials + category: + - authentication + type: + - info + CRED_DISP: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - disposed-credentials + category: + - authentication + type: + - info + CRED_REFR: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - refreshed-credentials + category: + - authentication + type: + - info + CRYPTO_KEY_USER: + - event: + action: + - negotiated-crypto-key + category: + - process + type: + - info + CRYPTO_LOGIN: + - event: + action: + - crypto-officer-logged-in + CRYPTO_LOGOUT: + - event: + action: + - crypto-officer-logged-out + category: + - process + type: + - info + CRYPTO_SESSION: + - event: + action: + - started-crypto-session + category: + - process + type: + - info + DAC_CHECK: + - event: + action: + - access-result + DAEMON_ABORT: + - event: + action: + - aborted-auditd-startup + category: + - process + type: + - stop + DAEMON_ACCEPT: + - event: + action: + - remote-audit-connected + category: + - network + type: + - connection + - start + DAEMON_CLOSE: + - event: + action: + - remote-audit-disconnected + category: + - network + type: + - connection + - start + DAEMON_CONFIG: + - event: + action: + - changed-auditd-configuration + category: + - process + - configuration + type: + - change + DAEMON_END: + - event: + action: + - shutdown-audit + category: + - process + type: + - stop + DAEMON_ERR: + - event: + action: + - audit-error + category: + - process + type: + - info + DAEMON_RECONFIG: + - event: + action: + - reconfigured-auditd + category: + - process + - configuration + type: + - info + DAEMON_RESUME: + - event: + action: + - resumed-audit-logging + category: + - process + type: + - change + DAEMON_ROTATE: + - event: + action: + - rotated-audit-logs + category: + - process + type: + - change + DAEMON_START: + - event: + action: + - started-audit + category: + - process + type: + - start + DEL_GROUP: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: group + event: + action: + - deleted-group-account-from + category: + - iam + type: + - group + - deletion + DEL_USER: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: user.target + event: + action: + - deleted-user-account + category: + - iam + type: + - user + - deletion + FEATURE_CHANGE: + - event: + action: + - changed-audit-feature + category: + - configuration + type: + - change + FS_RELABEL: + - event: + action: + - relabeled-filesystem + GRP_AUTH: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + event: + action: + - authenticated-to-group + category: + - authentication + type: + - info + GRP_CHAUTHTOK: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - acct + - id + - uid + to: group + event: + action: + - changed-group-password + category: + - iam + type: + - group + - change + GRP_MGMT: + - copy: + - from: + - auid + to: user + - from: + - uid + to: group + - from: + - uid + to: user.effective + event: + action: + - modified-group-account + category: + - iam + type: + - group + - change + KERNEL: + - event: + action: + - initialized-audit-subsystem + category: + - process + type: + - info + KERN_MODULE: + - event: + action: + - loaded-kernel-module + category: + - driver + type: + - start + LABEL_LEVEL_CHANGE: + - event: + action: + - modified-level-of + LABEL_OVERRIDE: + - event: + action: + - overrode-label-of + LOGIN: + - copy: + - from: + - old_auid + - old-auid + to: user + - from: + - new-auid + - new_auid + - auid + to: user.effective + event: + action: + - changed-login-id-to + category: + - authentication + type: + - start + MAC_CHECK: + - event: + action: + - mac-permission + MAC_CONFIG_CHANGE: + - event: + action: + - changed-selinux-boolean + category: + - configuration + type: + - change + MAC_POLICY_LOAD: + - event: + action: + - loaded-selinux-policy + category: + - configuration + type: + - access + MAC_STATUS: + - event: + action: + - changed-selinux-enforcement + category: + - configuration + type: + - change + NETFILTER_CFG: + - event: + action: + - loaded-firewall-rule-to + category: + - configuration + type: + - change + ROLE_ASSIGN: + - event: + action: + - assigned-user-role-to + category: + - iam + type: + - user + - change + ROLE_MODIFY: + - event: + action: + - modified-role + category: + - iam + type: + - change + ROLE_REMOVE: + - event: + action: + - removed-user-role-from + category: + - iam + type: + - user + - change + SECCOMP: + - event: + action: + - violated-seccomp-policy + SELINUX_ERR: + - event: + action: + - caused-mac-policy-error + SERVICE_START: + - event: + action: + - started-service + category: + - process + type: + - start + SERVICE_STOP: + - event: + action: + - stopped-service + category: + - process + type: + - stop + SOFTWARE_UPDATE: + - event: + action: + - package-updated + category: + - package + type: + - info + SYSTEM_BOOT: + - event: + action: + - booted-system + category: + - host + type: + - start + SYSTEM_RUNLEVEL: + - event: + action: + - changed-to-runlevel + category: + - host + type: + - change + SYSTEM_SHUTDOWN: + - event: + action: + - shutdown-system + category: + - host + type: + - end + TEST: + - event: + action: + - sent-test + category: + - process + type: + - info + TRUSTED_APP: + - event: + action: + - unknown + category: + - process + type: + - info + TTY: + - event: + action: + - typed + USER: + - event: + action: + - sent-message + USER_ACCT: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - was-authorized + category: + - authentication + type: + - info + USER_AUTH: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - authenticated + category: + - authentication + type: + - info + USER_AVC: + - event: + action: + - access-permission + USER_CHAUTHTOK: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - acct + - id + - uid + to: user.target + event: + action: + - changed-password + category: + - iam + type: + - user + - change + USER_CMD: + - event: + action: + - ran-command + category: + - process + type: + - start + USER_END: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - ended-session + category: + - session + type: + - end + USER_ERR: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - error + category: + - authentication + type: + - info + USER_LOGIN: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - logged-in + category: + - authentication + type: + - start + USER_LOGOUT: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - logged-out + category: + - authentication + type: + - end + USER_MAC_CONFIG_CHANGE: + - event: + action: + - changed-mac-configuration + category: + - configuration + type: + - change + USER_MAC_POLICY_LOAD: + - event: + action: + - loaded-mac-policy + category: + - configuration + type: + - access + USER_MGMT: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.target + - from: + - uid + to: user.effective + event: + action: + - modified-user-account + category: + - iam + type: + - user + - change + USER_ROLE_CHANGE: + - event: + action: + - changed-role-to + USER_SELINUX_ERR: + - event: + action: + - access-error + USER_START: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - started-session + category: + - session + type: + - start + USER_TTY: + - event: + action: + - typed + USYS_CONFIG: + - event: + action: + - changed-configuration + category: + - configuration + type: + - change + VIRT_CONTROL: + - event: + action: + - issued-vm-control + category: + - host + type: + - info + VIRT_CREATE: + - event: + action: + - created-vm-image + category: + - host + type: + - info + VIRT_DESTROY: + - event: + action: + - deleted-vm-image + category: + - host + type: + - info + VIRT_INTEGRITY_CHECK: + - event: + action: + - checked-integrity-of + category: + - host + type: + - info + VIRT_MACHINE_ID: + - event: + action: + - assigned-vm-id + category: + - host + type: + - info + VIRT_MIGRATE_IN: + - event: + action: + - migrated-vm-from + category: + - host + type: + - info + VIRT_MIGRATE_OUT: + - event: + action: + - migrated-vm-to + category: + - host + type: + - info + VIRT_RESOURCE: + - event: + action: + - assigned-vm-resource + category: + - host + type: + - info + # END OF AUTOGENERATED source: >- - if (ctx?.auditd?.log.record_type == null) { + boolean hasFields(HashMap base, def list) { + if (list == null) return true; + for (int i=0; i ctx.event[k] = v); + HashMap base = ctx.auditd.log; + def acts = params.types.get(base.record_type); + if (acts == null && base.syscall != null) { + acts = params.syscalls.get(base?.syscall); + if (acts == null) acts = params.syscalls.get('*'); + } + if (acts == null) return; + def act = null; + for (int i=0; act == null && i ctx.event[k] = v); + } + if (act?.copy != null) { + List lst = new ArrayList(); + for(int i=0; i 0) { + ctx.auditd.log["copy"] = lst; + } + } +- foreach: + field: auditd.log.copy + ignore_missing: true + processor: + set: + field: "{{_ingest._value.target}}" + value: "{{_ingest._value.value}}" - set: if: "ctx.auditd.log?.record_type == 'SYSTEM_BOOT' || ctx.auditd.log?.record_type == 'SYSTEM_SHUTDOWN'" field: event.category @@ -499,6 +2151,14 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true +- remove: + field: + - auditd.log.kv + - auditd.log.sub_kv + - auditd.log.epoch + - auditd.log.copy + ignore_failure: true + ignore_missing: true on_failure: - set: field: error.message diff --git a/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json b/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json index c9d2b77a6e4..8debfbba37f 100644 --- a/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json @@ -5,15 +5,25 @@ "auditd.log.kernel": "3.10.0-1062.9.1.el7.x86_64", "auditd.log.node": "localhost.localdomain", "auditd.log.op": "start", + "auditd.log.record_type": "DAEMON_START", "auditd.log.sequence": 4686, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:auditd_t:s0", "auditd.log.ver": "2.8.5", - "event.action": "daemon_start", + "event.action": [ + "started-audit" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=DAEMON_START msg=audit(1594053514.588:4686): op=start ver=2.8.5 format=raw kernel=3.10.0-1062.9.1.el7.x86_64 auid=4294967295 pid=1643 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=success", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 0, @@ -27,16 +37,21 @@ "auditd.log.audit_backlog_limit": "8192", "auditd.log.node": "localhost.localdomain", "auditd.log.old": "64", + "auditd.log.record_type": "CONFIG_CHANGE", "auditd.log.sequence": 4, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:unconfined_service_t:s0", - "event.action": "config_change", + "event.action": [ + "changed-audit-configuration" + ], "event.category": [ + "process", "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=CONFIG_CHANGE msg=audit(1594053514.707:4): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1", "event.outcome": "1", "event.type": [ "change" @@ -52,16 +67,21 @@ "auditd.log.audit_failure": "1", "auditd.log.node": "localhost.localdomain", "auditd.log.old": "1", + "auditd.log.record_type": "CONFIG_CHANGE", "auditd.log.sequence": 5, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:unconfined_service_t:s0", - "event.action": "config_change", + "event.action": [ + "changed-audit-configuration" + ], "event.category": [ + "process", "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=CONFIG_CHANGE msg=audit(1594053514.707:5): audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1", "event.outcome": "1", "event.type": [ "change" @@ -75,15 +95,25 @@ { "@timestamp": "2020-07-06T16:38:34.709Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 6, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "auditd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.709:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 606, @@ -97,14 +127,18 @@ { "@timestamp": "2020-07-06T16:38:34.725Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SYSTEM_BOOT", "auditd.log.sequence": 7, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_boot", + "event.action": [ + "booted-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SYSTEM_BOOT msg=audit(1594053514.725:7): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -120,15 +154,25 @@ { "@timestamp": "2020-07-06T16:38:34.739Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 8, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-update-utmp", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.739:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1132, @@ -142,15 +186,25 @@ { "@timestamp": "2020-07-06T16:38:34.807Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 9, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "rngd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.807:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1401, @@ -164,15 +218,25 @@ { "@timestamp": "2020-07-06T16:38:34.843Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 10, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "irqbalance", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.843:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1655, @@ -186,15 +250,25 @@ { "@timestamp": "2020-07-06T16:38:34.850Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 11, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "abrtd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.850:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=abrtd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1916, @@ -208,15 +282,25 @@ { "@timestamp": "2020-07-06T16:38:34.857Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 12, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "abrt-xorg", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.857:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=abrt-xorg comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2172, diff --git a/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json b/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json index d3c3a6561ab..215c0bf11f9 100644 --- a/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json @@ -2,13 +2,24 @@ { "@timestamp": "2017-03-14T19:20:30.178Z", "auditd.log.op": "PAM:session_close", + "auditd.log.record_type": "USER_END", "auditd.log.sequence": 19600327, "auditd.log.ses": "11988", - "event.action": "user_end", + "auditd.log.uid": "0", + "event.action": [ + "ended-session" + ], + "event.category": [ + "session" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_END msg=audit(1489519230.178:19600327): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "end" + ], "fileset.name": "log", "input.type": "log", "log.offset": 0, @@ -16,19 +27,31 @@ "process.pid": 4121, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { "@timestamp": "2017-03-14T19:20:30.178Z", "auditd.log.op": "PAM:setcred", + "auditd.log.record_type": "CRED_DISP", "auditd.log.sequence": 19600328, "auditd.log.ses": "11988", - "event.action": "cred_disp", + "auditd.log.uid": "0", + "event.action": [ + "disposed-credentials" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRED_DISP msg=audit(1489519230.178:19600328): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 189, @@ -36,18 +59,29 @@ "process.pid": 4121, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { "@timestamp": "2017-03-14T19:20:56.192Z", + "auditd.log.record_type": "USER_CMD", "auditd.log.sequence": 19600329, "auditd.log.ses": "11988", - "event.action": "user_cmd", + "event.action": [ + "ran-command" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_CMD msg=audit(1489519256.192:19600329): user pid=4151 uid=497 auid=700 ses=11988 msg='cwd=\"/\" cmd=2F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F617374657269736B5F7369705F7065657273202D7020323032 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 373, @@ -66,13 +100,24 @@ { "@timestamp": "2017-03-14T19:20:56.193Z", "auditd.log.op": "PAM:setcred", + "auditd.log.record_type": "CRED_ACQ", "auditd.log.sequence": 19600330, "auditd.log.ses": "11988", - "event.action": "cred_acq", + "auditd.log.uid": "0", + "event.action": [ + "acquired-credentials" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRED_ACQ msg=audit(1489519256.193:19600330): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 620, @@ -80,19 +125,31 @@ "process.pid": 4151, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { "@timestamp": "2017-03-14T19:20:56.193Z", "auditd.log.op": "PAM:session_open", + "auditd.log.record_type": "USER_START", "auditd.log.sequence": 19600331, "auditd.log.ses": "11988", - "event.action": "user_start", + "auditd.log.uid": "0", + "event.action": [ + "started-session" + ], + "event.category": [ + "session" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_START msg=audit(1489519256.193:19600331): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 803, @@ -100,7 +157,8 @@ "process.pid": 4151, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { @@ -115,6 +173,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=MAC_IPSEC_EVENT msg=audit(1489519382.529:19600354): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=10.100.0.0 src_prefixlen=16 dst=10.100.4.0 dst_prefixlen=22", "event.outcome": "1", "fileset.name": "log", "input.type": "log", @@ -137,9 +196,16 @@ "auditd.log.syscall": "44", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1489519382.529:19600354): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564ee6d2a0 a2=b8 a3=0 items=0 ppid=1240 pid=1275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"charon\" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -167,17 +233,29 @@ "auditd.log.new_ses": "12286", "auditd.log.old_auid": "700", "auditd.log.old_ses": "6793", + "auditd.log.record_type": "LOGIN", "auditd.log.sequence": 19623791, - "event.action": "login", + "auditd.log.uid": "0", + "event.action": [ + "changed-login-id-to" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=LOGIN msg=audit(1489636960.072:19623791): pid=28281 uid=0 old auid=700 new auid=700 old ses=6793 new ses=12286", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1524, "process.pid": 28281, "service.type": "auditd", - "user.id": "0" + "user.effective.id": "700", + "user.id": "700" }, { "@timestamp": "2017-03-16T04:02:40.070Z", @@ -186,15 +264,25 @@ "auditd.log.laddr": "107.170.139.210", "auditd.log.lport": 50022, "auditd.log.op": "destroy", + "auditd.log.record_type": "CRYPTO_KEY_USER", "auditd.log.rport": 58994, "auditd.log.sequence": 19623788, "auditd.log.ses": "6793", "auditd.log.spid": "28282", - "event.action": "crypto_key_user", + "event.action": [ + "negotiated-crypto-key" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRYPTO_KEY_USER msg=audit(1489636960.070:19623788): user pid=28281 uid=0 auid=700 ses=6793 msg='op=destroy kind=session fp=? direction=both spid=28282 suid=74 rport=58994 laddr=107.170.139.210 lport=50022 exe=\"/usr/sbin/sshd\" hostname=? addr=96.241.146.97 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1640, @@ -220,15 +308,20 @@ { "@timestamp": "2017-03-16T04:02:40.072Z", "auditd.log.op": "success", + "auditd.log.record_type": "USER_AUTH", "auditd.log.sequence": 19623789, "auditd.log.ses": "6793", - "event.action": "user_auth", + "auditd.log.uid": "0", + "event.action": [ + "authenticated" + ], "event.category": [ "authentication" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_AUTH msg=audit(1489636960.072:19623789): user pid=28281 uid=0 auid=700 ses=6793 msg='op=success acct=\"admin\" exe=\"/usr/sbin/sshd\" hostname=? addr=96.241.146.97 terminal=ssh res=success'", "event.outcome": "success", "event.type": [ "info" @@ -252,22 +345,28 @@ "source.geo.region_name": "Virginia", "source.ip": "96.241.146.97", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "admin", + "user.id": "700", "user.name": "admin", "user.terminal": "ssh" }, { "@timestamp": "2017-03-16T04:02:57.804Z", "auditd.log.op": "PAM:authentication", + "auditd.log.record_type": "USER_AUTH", "auditd.log.sequence": 19623807, "auditd.log.ses": "12286", - "event.action": "user_auth", + "auditd.log.uid": "0", + "event.action": [ + "authenticated" + ], "event.category": [ "authentication" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_AUTH msg=audit(1489636977.804:19623807): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/su\" hostname=? addr=? terminal=pts/0 res=success'", "event.outcome": "success", "event.type": [ "info" @@ -279,20 +378,32 @@ "process.pid": 28395, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root", "user.terminal": "pts/0" }, { "@timestamp": "2017-03-16T04:02:57.805Z", "auditd.log.op": "PAM:accounting", + "auditd.log.record_type": "USER_ACCT", "auditd.log.sequence": 19623808, "auditd.log.ses": "12286", - "event.action": "user_acct", + "auditd.log.uid": "0", + "event.action": [ + "was-authorized" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_ACCT msg=audit(1489636977.805:19623808): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:accounting acct=\"root\" exe=\"/bin/su\" hostname=? addr=? terminal=pts/0 res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2312, @@ -300,7 +411,8 @@ "process.pid": 28395, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root", "user.terminal": "pts/0" } diff --git a/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json b/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json index 4d14263e10f..bd48d147b0c 100644 --- a/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json @@ -3,14 +3,24 @@ "@timestamp": "2016-12-07T02:16:23.819Z", "auditd.log.format": "raw", "auditd.log.kernel": "3.10.0-327.36.3.el7.x86_64", + "auditd.log.record_type": "DAEMON_START", "auditd.log.sequence": 7798, "auditd.log.subj": "system_u:system_r:auditd_t:s0", "auditd.log.ver": "2.4.1", - "event.action": "daemon_start", + "event.action": [ + "started-audit" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=DAEMON_START msg=audit(1481076983.819:7798): auditd start, ver=2.4.1 format=raw kernel=3.10.0-327.36.3.el7.x86_64 auid=4294967295 pid=251 subj=system_u:system_r:auditd_t:s0 res=success", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 0, @@ -20,15 +30,25 @@ }, { "@timestamp": "2016-12-07T02:16:23.864Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 6, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "auditd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076983.864:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 190, @@ -41,14 +61,18 @@ }, { "@timestamp": "2016-12-07T02:16:23.876Z", + "auditd.log.record_type": "SYSTEM_BOOT", "auditd.log.sequence": 7, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_boot", + "event.action": [ + "booted-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSTEM_BOOT msg=audit(1481076983.876:7): pid=273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -63,15 +87,25 @@ }, { "@timestamp": "2016-12-07T02:16:23.879Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 8, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-update-utmp", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076983.879:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 661, @@ -84,15 +118,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.075Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 9, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-hwdb-update", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.075:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 903, @@ -105,15 +149,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.088Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 10, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-update-done", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.088:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1145, @@ -126,15 +180,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.163Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 11, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-udev-trigger", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.163:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-udev-trigger comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1388, @@ -147,15 +211,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.212Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 12, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "irqbalance", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.212:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1632, @@ -168,15 +242,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.521Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 13, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "avahi-daemon", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.521:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=avahi-daemon comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1866, @@ -189,15 +273,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.521Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 14, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "dbus", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.521:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2102, @@ -210,15 +304,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.526Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 15, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "rsyslog", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.526:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2330, @@ -231,15 +335,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.534Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 16, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "irqbalance", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076984.534:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2561, @@ -254,15 +368,19 @@ "@timestamp": "2016-12-07T02:16:24.827Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 17, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.827:17): table=filter family=2 entries=0", "event.type": [ "change" ], @@ -285,9 +403,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.827:17): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=390 pid=391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -312,15 +437,19 @@ "@timestamp": "2016-12-07T02:16:24.858Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 18, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.858:18): table=raw family=2 entries=0", "event.type": [ "change" ], @@ -343,9 +472,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.858:18): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=395 pid=396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -370,15 +506,19 @@ "@timestamp": "2016-12-07T02:16:24.870Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 19, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.870:19): table=security family=2 entries=0", "event.type": [ "change" ], @@ -401,9 +541,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.870:19): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=398 pid=399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -428,15 +575,19 @@ "@timestamp": "2016-12-07T02:16:24.877Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 20, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.877:20): table=mangle family=2 entries=0", "event.type": [ "change" ], @@ -459,9 +610,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.877:20): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=401 pid=402 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -486,15 +644,19 @@ "@timestamp": "2016-12-07T02:16:24.931Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 21, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.931:21): table=nat family=2 entries=0", "event.type": [ "change" ], @@ -517,9 +679,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.931:21): arch=c000003e syscall=313 success=yes exit=0 a0=3 a1=41a15c a2=0 a3=3 items=0 ppid=406 pid=407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -542,15 +711,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.939Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 22, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "yum-cron", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.939:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=yum-cron comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 4785, @@ -563,15 +742,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.945Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 23, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "rhel-dmesg", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.945:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5017, @@ -584,15 +773,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.953Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 24, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "acpid", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.953:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=acpid comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5251, @@ -605,15 +804,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.954Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 25, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-user-sessions", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.954:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5480, @@ -626,15 +835,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.960Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 26, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "ntpd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.960:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5725, @@ -649,15 +868,19 @@ "@timestamp": "2016-12-07T02:16:24.982Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 27, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.982:27): table=filter family=10 entries=0", "event.type": [ "change" ], @@ -680,9 +903,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.982:27): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=422 pid=423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -705,15 +935,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.012Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 28, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-logind", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.012:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 6353, @@ -726,15 +966,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.031Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 29, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "crond", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.031:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 6591, @@ -747,15 +997,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.043Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 30, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "expand-root", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.043:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 6820, @@ -768,15 +1028,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.044Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 31, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "expand-root", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.044:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 7055, @@ -791,15 +1061,19 @@ "@timestamp": "2016-12-07T02:16:25.069Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 32, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.069:32): table=raw family=10 entries=0", "event.type": [ "change" ], @@ -822,9 +1096,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.069:32): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=439 pid=440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -847,15 +1128,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.104Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 33, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "sshd-keygen", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.104:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 7686, @@ -870,15 +1161,19 @@ "@timestamp": "2016-12-07T02:16:25.099Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 34, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.099:34): table=security family=10 entries=0", "event.type": [ "change" ], @@ -901,9 +1196,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.099:34): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=445 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -928,15 +1230,19 @@ "@timestamp": "2016-12-07T02:16:25.128Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 35, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.128:35): table=mangle family=10 entries=0", "event.type": [ "change" ], @@ -959,9 +1265,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.128:35): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=449 pid=450 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -984,15 +1297,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.164Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 36, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.164:36): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 8723, @@ -1005,15 +1328,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.166Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 37, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.166:37): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 8960, @@ -1026,15 +1359,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.167Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 38, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-start", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.167:38): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9196, @@ -1047,15 +1390,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.168Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 39, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-start", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.168:39): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9434, @@ -1068,15 +1421,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.170Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 40, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit-wait", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.170:40): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9671, @@ -1089,15 +1452,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.170Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 41, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit-wait", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.170:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9913, @@ -1110,15 +1483,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.180Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 42, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "serial-getty@ttyS0", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.180:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 10154, @@ -1131,15 +1514,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.187Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 43, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "getty@tty1", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.187:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 10396, @@ -1154,15 +1547,19 @@ "@timestamp": "2016-12-07T02:16:25.191Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 44, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.191:44): table=nat family=10 entries=0", "event.type": [ "change" ], @@ -1185,9 +1582,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.191:44): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=41a15c a2=0 a3=1 items=0 ppid=452 pid=453 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1210,15 +1614,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.511Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 45, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "firewalld", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.511:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=firewalld comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 11027, @@ -1233,15 +1647,19 @@ "@timestamp": "2016-12-07T02:16:25.528Z", "auditd.log.entries": 5, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 46, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.528:46): table=nat family=2 entries=5", "event.type": [ "change" ], @@ -1264,9 +1682,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.528:46): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25be720 items=0 ppid=296 pid=476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1291,15 +1716,19 @@ "@timestamp": "2016-12-07T02:16:25.532Z", "auditd.log.entries": 5, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 47, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.532:47): table=nat family=2 entries=5", "event.type": [ "change" ], @@ -1322,9 +1751,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.532:47): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1819720 items=0 ppid=296 pid=478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1349,15 +1785,19 @@ "@timestamp": "2016-12-07T02:16:25.534Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 48, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.534:48): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -1380,9 +1820,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.534:48): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13d0850 items=0 ppid=296 pid=479 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1407,15 +1854,19 @@ "@timestamp": "2016-12-07T02:16:25.537Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 49, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.537:49): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -1438,9 +1889,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.537:49): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1125850 items=0 ppid=296 pid=481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1465,15 +1923,19 @@ "@timestamp": "2016-12-07T02:16:25.538Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 50, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.538:50): table=security family=2 entries=4", "event.type": [ "change" ], @@ -1496,9 +1958,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.538:50): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=20a3600 items=0 ppid=296 pid=482 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1523,15 +1992,19 @@ "@timestamp": "2016-12-07T02:16:25.542Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 51, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.542:51): table=security family=2 entries=4", "event.type": [ "change" ], @@ -1554,9 +2027,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.542:51): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9f0600 items=0 ppid=296 pid=484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1581,15 +2061,19 @@ "@timestamp": "2016-12-07T02:16:25.543Z", "auditd.log.entries": 3, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 52, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.543:52): table=raw family=2 entries=3", "event.type": [ "change" ], @@ -1612,9 +2096,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.543:52): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=232e4d0 items=0 ppid=296 pid=485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1639,15 +2130,19 @@ "@timestamp": "2016-12-07T02:16:25.546Z", "auditd.log.entries": 3, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 53, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.546:53): table=raw family=2 entries=3", "event.type": [ "change" ], @@ -1670,9 +2165,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.546:53): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14404d0 items=0 ppid=296 pid=487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1697,15 +2199,19 @@ "@timestamp": "2016-12-07T02:16:25.548Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 54, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.548:54): table=filter family=2 entries=4", "event.type": [ "change" ], @@ -1728,9 +2234,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.548:54): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c31600 items=0 ppid=296 pid=488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1755,15 +2268,19 @@ "@timestamp": "2016-12-07T02:16:25.552Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 55, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.552:55): table=filter family=2 entries=4", "event.type": [ "change" ], @@ -1786,9 +2303,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.552:55): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=143a600 items=0 ppid=296 pid=490 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1813,15 +2337,19 @@ "@timestamp": "2016-12-07T02:16:25.553Z", "auditd.log.entries": 5, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 56, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.553:56): table=nat family=10 entries=5", "event.type": [ "change" ], @@ -1844,9 +2372,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.553:56): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=109b880 items=0 ppid=296 pid=491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1871,15 +2406,19 @@ "@timestamp": "2016-12-07T02:16:25.556Z", "auditd.log.entries": 5, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 57, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.556:57): table=nat family=10 entries=5", "event.type": [ "change" ], @@ -1902,9 +2441,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.556:57): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b53880 items=0 ppid=296 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1929,15 +2475,19 @@ "@timestamp": "2016-12-07T02:16:25.557Z", "auditd.log.entries": 6, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 58, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.557:58): table=mangle family=10 entries=6", "event.type": [ "change" ], @@ -1960,9 +2510,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.557:58): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17b09e0 items=0 ppid=296 pid=494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1987,15 +2544,19 @@ "@timestamp": "2016-12-07T02:16:25.560Z", "auditd.log.entries": 6, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 59, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.560:59): table=mangle family=10 entries=6", "event.type": [ "change" ], @@ -2018,9 +2579,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.560:59): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25cc9e0 items=0 ppid=296 pid=496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2045,15 +2613,19 @@ "@timestamp": "2016-12-07T02:16:25.562Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 60, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.562:60): table=security family=10 entries=4", "event.type": [ "change" ], @@ -2076,9 +2648,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.562:60): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14db720 items=0 ppid=296 pid=497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2103,15 +2682,19 @@ "@timestamp": "2016-12-07T02:16:25.566Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 61, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.566:61): table=security family=10 entries=4", "event.type": [ "change" ], @@ -2134,9 +2717,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.566:61): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9d2720 items=0 ppid=296 pid=499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2161,15 +2751,19 @@ "@timestamp": "2016-12-07T02:16:25.569Z", "auditd.log.entries": 3, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 62, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.569:62): table=raw family=10 entries=3", "event.type": [ "change" ], @@ -2192,9 +2786,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.569:62): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=fae5c0 items=0 ppid=296 pid=500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2219,15 +2820,19 @@ "@timestamp": "2016-12-07T02:16:25.573Z", "auditd.log.entries": 3, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 63, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.573:63): table=raw family=10 entries=3", "event.type": [ "change" ], @@ -2250,9 +2855,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.573:63): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19545c0 items=0 ppid=296 pid=502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2277,15 +2889,19 @@ "@timestamp": "2016-12-07T02:16:25.575Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 64, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.575:64): table=filter family=10 entries=4", "event.type": [ "change" ], @@ -2308,9 +2924,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.575:64): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23a3720 items=0 ppid=296 pid=503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2335,15 +2958,19 @@ "@timestamp": "2016-12-07T02:16:25.578Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 65, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.578:65): table=filter family=10 entries=4", "event.type": [ "change" ], @@ -2366,9 +2993,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.578:65): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=162d720 items=0 ppid=296 pid=505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2393,15 +3027,19 @@ "@timestamp": "2016-12-07T02:16:25.580Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 66, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.580:66): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2424,9 +3062,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.580:66): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14b0850 items=0 ppid=296 pid=506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2451,15 +3096,19 @@ "@timestamp": "2016-12-07T02:16:25.582Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 67, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.582:67): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2482,9 +3131,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.582:67): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2398850 items=0 ppid=296 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2509,15 +3165,19 @@ "@timestamp": "2016-12-07T02:16:25.583Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 68, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.583:68): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2540,9 +3200,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.583:68): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2679850 items=0 ppid=296 pid=508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2567,15 +3234,19 @@ "@timestamp": "2016-12-07T02:16:25.585Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 69, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.585:69): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2598,9 +3269,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.585:69): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1715850 items=0 ppid=296 pid=509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2625,15 +3303,19 @@ "@timestamp": "2016-12-07T02:16:25.587Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 70, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.587:70): table=mangle family=2 entries=6", "event.type": [ "change" ], diff --git a/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json b/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json index 3fb44f8934a..c888d8d3c73 100644 --- a/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json @@ -13,9 +13,16 @@ "auditd.log.syscall": "43", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1492752520.441:8832): arch=c000003e syscall=43 success=yes exit=5 a0=3 a1=7ffd0dc80040 a2=7ffd0dc7ffd0 a3=0 items=0 ppid=1 pid=1663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sshd\" exe=\"/usr/sbin/sshd\" key=\"key=net\"", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -45,6 +52,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SOCKADDR msg=audit(1492752520.441:8832): saddr=0200E31C4853E6640000000000000000", "fileset.name": "log", "input.type": "log", "log.offset": 300, @@ -58,6 +66,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1492752520.441:8832): proctitle=\"(sshd)\"", "fileset.name": "log", "input.type": "log", "log.offset": 385, @@ -77,9 +86,16 @@ "auditd.log.syscall": "42", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1492753107.096:9004): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc12ac3ab0 a2=10 a3=4 items=0 ppid=1 pid=1648 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"google_ip_forwa\" exe=\"/usr/bin/python3.5\" key=\"key=net\"", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -109,6 +125,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SOCKADDR msg=audit(1492753107.096:9004): saddr=02000050A9FEA9FE0000000000000000", "fileset.name": "log", "input.type": "log", "log.offset": 758, @@ -122,6 +139,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1492753107.096:9004): proctitle=\"(g_daemon)\"", "fileset.name": "log", "input.type": "log", "log.offset": 843, diff --git a/filebeat/module/auditd/log/test/avc.log b/filebeat/module/auditd/log/test/avc.log new file mode 100644 index 00000000000..04443e4c0ca --- /dev/null +++ b/filebeat/module/auditd/log/test/avc.log @@ -0,0 +1,3 @@ +type=AVC msg=audit(1226874073.147:96): avc: denied { getattr } for pid=2465 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=284133 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file +type=AVC msg=audit(1524662933.080:61207): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=5571 comm="metricbeat" requested_mask="trace" denied_mask="trace" peer="unconfined" +type=AVC msg=audit(1524662933.080:61207): seresult=1 diff --git a/filebeat/module/auditd/log/test/avc.log-expected.json b/filebeat/module/auditd/log/test/avc.log-expected.json new file mode 100644 index 00000000000..3179d7f8b09 --- /dev/null +++ b/filebeat/module/auditd/log/test/avc.log-expected.json @@ -0,0 +1,64 @@ +[ + { + "@timestamp": "2008-11-16T22:21:13.147Z", + "auditd.log.dev": "dm-0", + "auditd.log.ino": "284133", + "auditd.log.path": "/var/www/html/file1", + "auditd.log.scontext": "unconfined_u:system_r:httpd_t:s0", + "auditd.log.sequence": 96, + "auditd.log.tclass": "file", + "auditd.log.tcontext": "unconfined_u:object_r:samba_share_t:s0", + "event.action": "avc", + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=AVC msg=audit(1226874073.147:96): avc: denied { getattr } for pid=2465 comm=\"httpd\" path=\"/var/www/html/file1\" dev=dm-0 ino=284133 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file", + "fileset.name": "log", + "input.type": "log", + "log.offset": 0, + "process.name": "httpd", + "process.pid": 2465, + "service.type": "auditd" + }, + { + "@timestamp": "2018-04-25T13:28:53.080Z", + "auditd.log.apparmor": "DENIED", + "auditd.log.denied_mask": "trace", + "auditd.log.operation": "ptrace", + "auditd.log.peer": "unconfined", + "auditd.log.profile": "docker-default", + "auditd.log.record_type": "AVC", + "auditd.log.requested_mask": "trace", + "auditd.log.sequence": 61207, + "event.action": [ + "violated-apparmor-policy" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=AVC msg=audit(1524662933.080:61207): apparmor=\"DENIED\" operation=\"ptrace\" profile=\"docker-default\" pid=5571 comm=\"metricbeat\" requested_mask=\"trace\" denied_mask=\"trace\" peer=\"unconfined\"", + "fileset.name": "log", + "input.type": "log", + "log.offset": 241, + "process.name": "metricbeat", + "process.pid": 5571, + "service.type": "auditd" + }, + { + "@timestamp": "2018-04-25T13:28:53.080Z", + "auditd.log.record_type": "AVC", + "auditd.log.sequence": 61207, + "auditd.log.seresult": "1", + "event.action": [ + "violated-selinux-policy" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=AVC msg=audit(1524662933.080:61207): seresult=1", + "fileset.name": "log", + "input.type": "log", + "log.offset": 433, + "service.type": "auditd" + } +] \ No newline at end of file diff --git a/filebeat/module/auditd/log/test/test.log-expected.json b/filebeat/module/auditd/log/test/test.log-expected.json index 8eb1b61a43e..48caa4ae6c5 100644 --- a/filebeat/module/auditd/log/test/test.log-expected.json +++ b/filebeat/module/auditd/log/test/test.log-expected.json @@ -11,6 +11,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=MAC_IPSEC_EVENT msg=audit(1485893834.891:18877201): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.2.0 src_prefixlen=24 dst=192.168.0.0 dst_prefixlen=16", "event.outcome": "1", "fileset.name": "log", "input.type": "log", @@ -33,9 +34,16 @@ "auditd.log.syscall": "44", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1485893834.891:18877199): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564b2672a0 a2=b8 a3=0 items=0 ppid=1240 pid=1281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"charon\" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -59,13 +67,23 @@ }, { "@timestamp": "2017-03-14T19:20:56.192Z", + "auditd.log.record_type": "USER_CMD", "auditd.log.sequence": 19600329, "auditd.log.ses": "11988", - "event.action": "user_cmd", + "event.action": [ + "ran-command" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_CMD msg=audit(1489519256.192:19600329): user pid=4151 uid=497 auid=700 ses=11988 msg='cwd=\"/\" cmd=2F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F617374657269736B5F7369705F7065657273202D7020323032 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 536, @@ -90,16 +108,26 @@ "auditd.log.lport": 22, "auditd.log.op": "start", "auditd.log.pfs": "curve25519-sha256@libssh.org", + "auditd.log.record_type": "CRYPTO_SESSION", "auditd.log.rport": 63927, "auditd.log.sequence": 406, "auditd.log.ses": "4294967295", "auditd.log.spid": "1299", "auditd.log.subj": "system_u:system_r:sshd_t:s0-s0:c0.c1023", - "event.action": "crypto_session", + "event.action": [ + "started-crypto-session" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRYPTO_SESSION msg=audit(1481077041.515:406): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe=\"/usr/sbin/sshd\" hostname=? addr=96.241.146.97 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 783, @@ -127,12 +155,16 @@ "auditd.log.data": "eh^?^?echo test^Mvim /etc/pam.d/password-auth-ac^Mman pam_tty_audit^Mman pam.d^Mvim /etc^Asudo ^E/pamd.sy^?^?^?^?^?.^?m.d/sy^I-a^Ia^?-a^I^Mman pam^Mt^?grep sys^?^?^?/var/lo^Ig/me^Is^I | grep pam_tty^Mgrep pam_tty /var/log/mes^I^M^[[A^Asudo ^Msudo su^M", "auditd.log.major": "136", "auditd.log.minor": "0", + "auditd.log.record_type": "TTY", "auditd.log.sequence": 1065565, "auditd.log.ses": "762", - "event.action": "tty", + "event.action": [ + "typed" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=TTY msg=audit(1491924063.550:1065565): tty pid=27930 uid=1000 auid=1000 ses=762 major=136 minor=0 comm=\"bash\" data=65687F7F6563686F20746573740D76696D202F6574632F70616D2E642F70617373776F72642D617574682D61630D6D616E2070616D5F7474795F61756469740D6D616E2070616D2E640D76696D202F657463017375646F20052F70616D642E73797F7F7F7F7F2E7F6D2E642F7379092D6109617F2D61090D6D616E2070616D0D747F67726570207379737F7F7F2F7661722F6C6F09672F6D65097309207C20677265702070616D5F7474790D677265702070616D5F747479202F7661722F6C6F672F6D6573090D1B5B41017375646F200D7375646F2073750D", "fileset.name": "log", "input.type": "log", "log.offset": 1178, @@ -150,6 +182,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1451781471.394:194438): proctitle=\"bash\"", "fileset.name": "log", "input.type": "log", "log.offset": 1733, @@ -163,6 +196,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1451781471.394:194440): proctitle=737368643A206275726E205B707269765D", "fileset.name": "log", "input.type": "log", "log.offset": 1799, @@ -172,19 +206,23 @@ "@timestamp": "2019-11-15T19:01:24.309Z", "auditd.log.gpg_res": "1", "auditd.log.key_enforce": "0", + "auditd.log.record_type": "SOFTWARE_UPDATE", "auditd.log.root_dir": "/", "auditd.log.sequence": 785, "auditd.log.ses": "3", "auditd.log.subj": "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", "auditd.log.sw": "gcc-4.8.5-39.el7.x86_64", "auditd.log.sw_type": "rpm", - "event.action": "software_update", + "event.action": [ + "package-updated" + ], "event.category": [ "package" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SOFTWARE_UPDATE msg=audit(1573844484.309:785): pid=3157 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw=\"gcc-4.8.5-39.el7.x86_64\" sw_type=rpm key_enforce=0 gpg_res=1 root_dir=\"/\" comm=\"yum\" exe=\"/usr/bin/python2.7\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": [ "info" @@ -201,14 +239,18 @@ }, { "@timestamp": "2019-11-15T19:00:56.144Z", + "auditd.log.record_type": "SYSTEM_BOOT", "auditd.log.sequence": 5, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_boot", + "event.action": [ + "booted-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSTEM_BOOT msg=audit(1573844456.144:5): pid=678 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -223,14 +265,18 @@ }, { "@timestamp": "2019-11-15T19:01:57.054Z", + "auditd.log.record_type": "SYSTEM_SHUTDOWN", "auditd.log.sequence": 1163, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_shutdown", + "event.action": [ + "shutdown-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSTEM_SHUTDOWN msg=audit(1573844517.054:1163): pid=4440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -251,6 +297,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=EXECVE msg=audit(1581371984.206:579393): argc=1 a0=top", "fileset.name": "log", "input.type": "log", "log.offset": 2688, @@ -264,17 +311,21 @@ "auditd.log.a2": "0x1fd4640", "auditd.log.a3": "0x7ffc6939f360", "auditd.log.items": "2", + "auditd.log.record_type": "SYSCALL", "auditd.log.sequence": 579398, "auditd.log.ses": "2", "auditd.log.subj": "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", "auditd.log.success": "yes", "auditd.log.syscall": "execve", "auditd.log.tty": "pts0", - "event.action": "syscall", + "event.action": [ + "executed" + ], "event.category": "process", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1581371984.206:579398): arch=x86_64 syscall=execve success=yes exit=0 a0=0x1fd05c0 a1=0x1fd2730 a2=0x1fd4640 a3=0x7ffc6939f360 items=2 ppid=2563 pid=2614 auid=vagrant uid=vagrant gid=vagrant euid=vagrant suid=vagrant fsuid=vagrant egid=vagrant sgid=vagrant fsgid=vagrant tty=pts0 ses=2 comm=top exe=/usr/bin/top subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)", "event.type": "info", "fileset.name": "log", "host.architecture": "x86_64", @@ -299,16 +350,20 @@ { "@timestamp": "2020-02-10T21:59:44.206Z", "auditd.log.name": "mymodule", + "auditd.log.record_type": "KERN_MODULE", "auditd.log.sequence": 579397, - "event.action": "kern_module", + "event.action": [ + "loaded-kernel-module" + ], "event.category": [ "driver" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=KERN_MODULE msg=audit(1581371984.206:579397): name=mymodule", "event.type": [ - "info" + "start" ], "fileset.name": "log", "input.type": "log", @@ -319,14 +374,18 @@ "@timestamp": "2017-12-17T10:44:41.075Z", "auditd.log.op": "create", "auditd.log.reason": "api", + "auditd.log.record_type": "VIRT_CONTROL", "auditd.log.sequence": 145, "auditd.log.ses": "3", "auditd.log.subj": "system_u:system_r:container_runtime_t:s0", - "event.action": "virt_control", + "event.action": [ + "issued-vm-control" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=VIRT_CONTROL msg=audit(1513507481.075:145): pid=1431 uid=0 auid=100 ses=3 subj=system_u:system_r:container_runtime_t:s0 msg='user=root reason=api op=create vm=? vm-pid=? hostname=? exe=\"/usr/bin/dockerd-current\" addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "creation", "fileset.name": "log", @@ -343,6 +402,7 @@ "@timestamp": "2016-12-16T15:45:43.572Z", "auditd.log.img-ctx": "system_u:object_r:svirt_image_t:s0:c444,c977", "auditd.log.model": "selinux", + "auditd.log.record_type": "VIRT_MACHINE_ID", "auditd.log.sequence": 23118, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:virtd_t:s0-s0:c0.c1023", @@ -352,11 +412,14 @@ "auditd.log.vm-ctx": "system_u:system_r:svirt_t:s0:c444,c977", "container.name": "rhel-work3", "container.runtime": "kvm", - "event.action": "virt_machine_id", + "event.action": [ + "assigned-vm-id" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=VIRT_MACHINE_ID msg=audit(1481903143.572:23118): pid=5637 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm vm=\"rhel-work3\" uuid=5501263b-181d-47ed-ab03-a6066f3d26bf vm-ctx=system_u:system_r:svirt_t:s0:c444,c977 img-ctx=system_u:object_r:svirt_image_t:s0:c444,c977 model=selinux exe=\"/usr/sbin/libvirtd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "creation", "fileset.name": "log", diff --git a/filebeat/module/auditd/log/test/useradd.log b/filebeat/module/auditd/log/test/useradd.log new file mode 100644 index 00000000000..3f99f5e3b41 --- /dev/null +++ b/filebeat/module/auditd/log/test/useradd.log @@ -0,0 +1,8 @@ +type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe="/usr/sbin/useradd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe="/sbin/pam_tally2" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success' +type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct="charlie" exe="/usr/bin/passwd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' diff --git a/filebeat/module/auditd/log/test/useradd.log-expected.json b/filebeat/module/auditd/log/test/useradd.log-expected.json new file mode 100644 index 00000000000..3eb42fe0a86 --- /dev/null +++ b/filebeat/module/auditd/log/test/useradd.log-expected.json @@ -0,0 +1,300 @@ +[ + { + "@timestamp": "2021-01-17T17:12:33.686Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.op": "adding group to /etc/group", + "auditd.log.record_type": "ADD_GROUP", + "auditd.log.sequence": 584, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-group-account-to" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "log", + "group.id": "1004", + "input.type": "log", + "log.offset": 0, + "process.executable": "/usr/sbin/groupadd", + "process.pid": 2940, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.710Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.op": "adding group to /etc/gshadow", + "auditd.log.record_type": "ADD_GROUP", + "auditd.log.sequence": 586, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-group-account-to" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "log", + "group.id": "1004", + "input.type": "log", + "log.offset": 212, + "process.executable": "/usr/sbin/groupadd", + "process.pid": 2940, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.710Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.record_type": "ADD_GROUP", + "auditd.log.sequence": 587, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-group-account-to" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "log", + "group.id": "1004", + "input.type": "log", + "log.offset": 426, + "process.executable": "/usr/sbin/groupadd", + "process.pid": 2940, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.730Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.op": "adding user", + "auditd.log.record_type": "ADD_USER", + "auditd.log.sequence": 591, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-user-account" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe=\"/usr/sbin/useradd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "user", + "creation" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 612, + "process.executable": "/usr/sbin/useradd", + "process.pid": 2945, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.target.id": "1004", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.814Z", + "auditd.log.hostname": "localhost", + "auditd.log.record_type": "USER_ACCT", + "auditd.log.reset": "0", + "auditd.log.sequence": 593, + "auditd.log.ses": "14", + "auditd.log.uid": [ + "0", + "1004" + ], + "event.action": [ + "was-authorized" + ], + "event.category": [ + "authentication" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe=\"/sbin/pam_tally2\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 807, + "process.executable": "/sbin/pam_tally2", + "process.pid": 2948, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.id": "1000", + "user.terminal": "/dev/pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:38.174Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.op": "PAM:chauthtok", + "auditd.log.record_type": "USER_CHAUTHTOK", + "auditd.log.sequence": 594, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "changed-password" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct=\"charlie\" exe=\"/usr/bin/passwd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "user", + "change" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1008, + "process.executable": "/usr/bin/passwd", + "process.pid": 2953, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.name": "charlie", + "user.target.name": "charlie", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:38.178Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.op": "PAM:authentication", + "auditd.log.record_type": "USER_AUTH", + "auditd.log.sequence": 595, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "authenticated" + ], + "event.category": [ + "authentication" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1216, + "process.executable": "/usr/bin/chfn", + "process.pid": 2954, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "root", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:38.178Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.op": "PAM:accounting", + "auditd.log.record_type": "USER_ACCT", + "auditd.log.sequence": 596, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "was-authorized" + ], + "event.category": [ + "authentication" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1419, + "process.executable": "/usr/bin/chfn", + "process.pid": 2954, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "root", + "user.terminal": "pts/2" + } +] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/audit/_meta/fields.yml b/filebeat/module/elasticsearch/audit/_meta/fields.yml index ceb94c00dd5..38774e4f8b9 100644 --- a/filebeat/module/elasticsearch/audit/_meta/fields.yml +++ b/filebeat/module/elasticsearch/audit/_meta/fields.yml @@ -1,6 +1,5 @@ - name: audit type: group - description: > fields: - name: layer description: "The layer from which this event originated: rest, transport or ip_filter" @@ -26,6 +25,12 @@ description: "Roles to which the principal belongs" example: [ "kibana_admin", "beats_admin" ] type: keyword + - name: user.run_as.name + type: keyword + - name: user.run_as.realm + type: keyword + - name: component + type: keyword - name: action description: "The name of the action that was executed" example: "cluster:monitor/main" @@ -63,3 +68,5 @@ migration: true - name: message type: text + - name: invalidate.apikeys.owned_by_authenticated_user + type: boolean diff --git a/filebeat/module/elasticsearch/audit/config/audit.yml b/filebeat/module/elasticsearch/audit/config/audit.yml index 1f8b49a6c55..bdf1cf8696e 100644 --- a/filebeat/module/elasticsearch/audit/config/audit.yml +++ b/filebeat/module/elasticsearch/audit/config/audit.yml @@ -10,7 +10,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - if: regexp: message: "^{" diff --git a/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml b/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml index 93cf638b763..047942ef960 100644 --- a/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml +++ b/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml @@ -3,8 +3,6 @@ processors: - json: field: message target_field: elasticsearch.audit -- drop: - if: ctx.elasticsearch.audit?.type != null && ctx.elasticsearch.audit.type != 'audit' - remove: field: elasticsearch.audit.type ignore_missing: true @@ -16,6 +14,7 @@ processors: - yyyy-MM-dd'T'HH:mm:ss,SSS - yyyy-MM-dd'T'HH:mm:ss,SSSZ timezone: '{{ event.timezone }}' + ignore_failure: true - remove: if: ctx.elasticsearch.audit['@timestamp'] == null && ctx.event.timezone != null field: event.timezone @@ -80,6 +79,54 @@ processors: - rename: field: elasticsearch.audit.node target_field: elasticsearch.node +- rename: + field: elasticsearch.audit.change.disable.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.change.enable.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.delete.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.put.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.put.user.full_name + target_field: user.full_name + ignore_missing: true +- rename: + field: elasticsearch.audit.put.user.email + target_field: user.email + ignore_missing: true +- remove: + field: elasticsearch.audit.put + ignore_missing: true +- rename: + field: elasticsearch.audit.invalidate.apikeys.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.invalidate.apikeys.user.realm + target_field: elasticsearch.audit.user.realm + ignore_missing: true +- dot_expander: + field: user.run_as.name + path: elasticsearch.audit + ignore_failure: true +- dot_expander: + field: user.run_as.realm + path: elasticsearch.audit + ignore_failure: true +- convert: + field: elasticsearch.audit.user.run_as.name + target_field: user.effective.name + type: string + ignore_failure: true - dot_expander: field: user.name path: elasticsearch.audit @@ -87,6 +134,9 @@ processors: field: elasticsearch.audit.user.name target_field: user.name ignore_missing: true +- dot_expander: + field: user.email + path: elasticsearch.audit - dot_expander: field: request.method path: elasticsearch.audit @@ -104,10 +154,17 @@ processors: - dot_expander: field: cluster.name path: elasticsearch.audit +- dot_expander: + field: cluster.uuid + path: elasticsearch.audit - rename: field: elasticsearch.audit.cluster.name target_field: elasticsearch.cluster.name ignore_missing: true +- rename: + field: elasticsearch.audit.cluster.uuid + target_field: elasticsearch.cluster.uuid + ignore_missing: true - rename: field: elasticsearch.audit.level target_field: log.level diff --git a/filebeat/module/elasticsearch/audit/ingest/pipeline.yml b/filebeat/module/elasticsearch/audit/ingest/pipeline.yml index ec3873d2b9f..1ae5da8dbb7 100644 --- a/filebeat/module/elasticsearch/audit/ingest/pipeline.yml +++ b/filebeat/module/elasticsearch/audit/ingest/pipeline.yml @@ -55,6 +55,10 @@ processors: field: related.user value: "{{user.name}}" if: "ctx?.user?.name != null" +- append: + field: related.user + value: "{{user.effective.name}}" + if: "ctx?.user?.effective?.name != null" - remove: field: elasticsearch.audit.@timestamp - remove: diff --git a/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json index f8127900e70..66f14a2381c 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json @@ -23,6 +23,27 @@ "source.port": 40380, "url.original": "/" }, + { + "@timestamp": "2019-06-11T15:03:32.777Z", + "elasticsearch.audit.component": "o.e.x.s.a.AuthenticationService", + "elasticsearch.audit.message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", + "elasticsearch.cluster.name": "docker-cluster", + "elasticsearch.cluster.uuid": "xEiKc6ipRiyzU8_8czXrJw", + "elasticsearch.node.id": "Xaq2BFVcQ1OhyMrjL8gNOg", + "elasticsearch.node.name": "dff7befc418f", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "Xaq2BFVcQ1OhyMrjL8gNOg", + "input.type": "log", + "log.level": "INFO", + "log.offset": 299, + "message": "{\"type\": \"server\", \"timestamp\": \"2019-06-11T15:03:32,777+0000\", \"level\": \"INFO\", \"component\": \"o.e.x.s.a.AuthenticationService\", \"cluster.name\": \"docker-cluster\", \"node.name\": \"dff7befc418f\", \"cluster.uuid\": \"xEiKc6ipRiyzU8_8czXrJw\", \"node.id\": \"Xaq2BFVcQ1OhyMrjL8gNOg\", \"message\": \"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]\" }", + "service.type": "elasticsearch" + }, { "@timestamp": "2019-06-11T15:03:32.778Z", "elasticsearch.audit.layer": "rest", diff --git a/filebeat/module/elasticsearch/audit/test/test-audit.log b/filebeat/module/elasticsearch/audit/test/test-audit.log index 4937ec8ef76..e775723f5bb 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit.log +++ b/filebeat/module/elasticsearch/audit/test/test-audit.log @@ -5,3 +5,10 @@ {"@timestamp":"2018-10-31T09:35:12,303", "node.id":"DSiWcTyeThWtUXLB9J0BMw", "event.type":"transport", "event.action":"access_granted", "user.name":"elastic", "user.realm":"reserved", "user.roles":["superuser"], "origin.type":"rest","origin.address":"[::1]:61711", "action":"cluster:admin/xpack/security/user/change_password", "request.name":"ChangePasswordRequest"} {"@timestamp":"2018-10-31T09:35:12,314", "node.id":"DSiWcTyeThWtUXLB9J0BMw", "event.type":"transport", "event.action":"access_granted", "user.name":"_xpack_security", "user.realm":"__attach", "user.roles":["superuser"], "origin.type":"local_node", "origin.address":"127.0.0.1:9300", "action":"indices:admin/create", "request.name":"CreateIndexRequest", "indices":[".security-6"]} {"@timestamp":"2019-01-27T20:15:10,380", "node.name":"node-0", "node.id":"y8fa3M5zSSGo1M_KJRMUXw", "event.type":"rest", "event.action":"authentication_success", "user.name":"elastic-admin", "origin.type":"rest", "origin.address":"[::1]:58955", "realm":"default_file", "url.path":"/_search", "request.method":"GET", "request.body":"\n{\n \"query\" : {\n \"term\" : { \"user\" : \"kimchy\" }\n }\n}\n", "request.id":"WzL_kb6VSvOhAq0twPvHOQ"} +{"type":"audit", "timestamp":"2020-12-30T23:17:28,308+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"change_disable_user", "request.id":"qvLIgw_eTvyK3cgV-GaLVg", "change":{"disable":{"user":{"name":"user1"}}}} +{"type":"audit", "timestamp":"2020-12-30T23:17:34,843+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"change_enable_user", "request.id":"BO3QU3qeTb-Ei0G0rUOalQ", "change":{"enable":{"user":{"name":"user1"}}}} +{"type":"audit", "timestamp":"2020-12-30T22:19:41,345+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"delete_user", "request.id":"au5a1Cc3RrebDMitMGGNCw", "delete":{"user":{"name":"jacknich"}}} +{"type":"audit", "timestamp":"2020-12-31T00:36:30,247+0200", "node.id":"9clhpgjJRR-iKzOw20xBNQ", "event.type":"security_config_change", "event.action":"invalidate_apikeys", "request.id":"7lyIQU9QTFqSrTxD0CqnTQ", "invalidate":{"apikeys":{"owned_by_authenticated_user":false,"user":{"name":"myuser","realm":"native1"}}}} +{"type":"audit", "timestamp":"2020-12-30T22:10:09,749+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"put_user", "request.id":"VIiSvhp4Riim_tpkQCVSQA", "put":{"user":{"name":"user1","enabled":false,"roles":["admin","other_role1"],"full_name":"Jack Sparrow","email":"jack@blackpearl.com","has_password":true,"metadata":{"cunning":10}}}} +{"type":"audit", "timestamp":"2020-12-30T22:49:34,859+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"transport", "event.action":"run_as_denied", "user.name":"user1", "user.run_as.name":"user1", "user.realm":"default_native", "user.run_as.realm":"default_native", "user.roles":["test_role"], "origin.type":"rest", "origin.address":"[::1]:52662", "request.id":"RcaSt872RG-R_WJBEGfYXA", "action":"indices:data/read/search", "request.name":"SearchRequest", "indices":["alias1"]} +{"type":"audit", "timestamp":"2020-12-30T22:44:42,068+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"transport", "event.action":"run_as_granted", "user.name":"elastic", "user.run_as.name":"user1", "user.realm":"reserved", "user.run_as.realm":"default_native", "user.roles":["superuser"], "origin.type":"rest", "origin.address":"[::1]:52623", "request.id":"dGqPTdEQSX2TAPS3cvc1qA", "action":"indices:data/read/search", "request.name":"SearchRequest", "indices":["alias1"]} diff --git a/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json index 96795c1550c..ce89459bd51 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json @@ -216,5 +216,197 @@ "source.port": 58955, "url.original": "/_search", "user.name": "elastic-admin" + }, + { + "@timestamp": "2020-12-30T21:17:28.308Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "qvLIgw_eTvyK3cgV-GaLVg", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "change_disable_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 2509, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T23:17:28,308+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"change_disable_user\", \"request.id\":\"qvLIgw_eTvyK3cgV-GaLVg\", \"change\":{\"disable\":{\"user\":{\"name\":\"user1\"}}}}", + "related.user": [ + "user1" + ], + "service.type": "elasticsearch", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T21:17:34.843Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "BO3QU3qeTb-Ei0G0rUOalQ", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "change_enable_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 2770, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T23:17:34,843+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"change_enable_user\", \"request.id\":\"BO3QU3qeTb-Ei0G0rUOalQ\", \"change\":{\"enable\":{\"user\":{\"name\":\"user1\"}}}}", + "related.user": [ + "user1" + ], + "service.type": "elasticsearch", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T20:19:41.345Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "au5a1Cc3RrebDMitMGGNCw", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "delete_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 3029, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:19:41,345+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"delete_user\", \"request.id\":\"au5a1Cc3RrebDMitMGGNCw\", \"delete\":{\"user\":{\"name\":\"jacknich\"}}}", + "related.user": [ + "jacknich" + ], + "service.type": "elasticsearch", + "user.name": "jacknich" + }, + { + "@timestamp": "2020-12-30T22:36:30.247Z", + "elasticsearch.audit.invalidate.apikeys.owned_by_authenticated_user": false, + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "7lyIQU9QTFqSrTxD0CqnTQ", + "elasticsearch.audit.user.realm": "native1", + "elasticsearch.node.id": "9clhpgjJRR-iKzOw20xBNQ", + "event.action": "invalidate_apikeys", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "9clhpgjJRR-iKzOw20xBNQ", + "input.type": "log", + "log.offset": 3273, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-31T00:36:30,247+0200\", \"node.id\":\"9clhpgjJRR-iKzOw20xBNQ\", \"event.type\":\"security_config_change\", \"event.action\":\"invalidate_apikeys\", \"request.id\":\"7lyIQU9QTFqSrTxD0CqnTQ\", \"invalidate\":{\"apikeys\":{\"owned_by_authenticated_user\":false,\"user\":{\"name\":\"myuser\",\"realm\":\"native1\"}}}}", + "related.user": [ + "myuser" + ], + "service.type": "elasticsearch", + "user.name": "myuser" + }, + { + "@timestamp": "2020-12-30T20:10:09.749Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "VIiSvhp4Riim_tpkQCVSQA", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "put_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 3592, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:10:09,749+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"put_user\", \"request.id\":\"VIiSvhp4Riim_tpkQCVSQA\", \"put\":{\"user\":{\"name\":\"user1\",\"enabled\":false,\"roles\":[\"admin\",\"other_role1\"],\"full_name\":\"Jack Sparrow\",\"email\":\"jack@blackpearl.com\",\"has_password\":true,\"metadata\":{\"cunning\":10}}}}", + "related.user": [ + "user1" + ], + "service.type": "elasticsearch", + "user.email": "jack@blackpearl.com", + "user.full_name": "Jack Sparrow", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T20:49:34.859Z", + "elasticsearch.audit.action": "indices:data/read/search", + "elasticsearch.audit.indices": [ + "alias1" + ], + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin.type": "rest", + "elasticsearch.audit.request.id": "RcaSt872RG-R_WJBEGfYXA", + "elasticsearch.audit.request.name": "SearchRequest", + "elasticsearch.audit.user.realm": "default_native", + "elasticsearch.audit.user.roles": [ + "test_role" + ], + "elasticsearch.audit.user.run_as.name": "user1", + "elasticsearch.audit.user.run_as.realm": "default_native", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "run_as_denied", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 3978, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:49:34,859+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"transport\", \"event.action\":\"run_as_denied\", \"user.name\":\"user1\", \"user.run_as.name\":\"user1\", \"user.realm\":\"default_native\", \"user.run_as.realm\":\"default_native\", \"user.roles\":[\"test_role\"], \"origin.type\":\"rest\", \"origin.address\":\"[::1]:52662\", \"request.id\":\"RcaSt872RG-R_WJBEGfYXA\", \"action\":\"indices:data/read/search\", \"request.name\":\"SearchRequest\", \"indices\":[\"alias1\"]}", + "related.user": [ + "user1", + "user1" + ], + "service.type": "elasticsearch", + "source.address": "[::1]:52662", + "source.ip": "::1", + "source.port": 52662, + "user.effective.name": "user1", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T20:44:42.068Z", + "elasticsearch.audit.action": "indices:data/read/search", + "elasticsearch.audit.indices": [ + "alias1" + ], + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin.type": "rest", + "elasticsearch.audit.request.id": "dGqPTdEQSX2TAPS3cvc1qA", + "elasticsearch.audit.request.name": "SearchRequest", + "elasticsearch.audit.user.realm": "reserved", + "elasticsearch.audit.user.roles": [ + "superuser" + ], + "elasticsearch.audit.user.run_as.name": "user1", + "elasticsearch.audit.user.run_as.realm": "default_native", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "run_as_granted", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "success", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 4463, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:44:42,068+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"transport\", \"event.action\":\"run_as_granted\", \"user.name\":\"elastic\", \"user.run_as.name\":\"user1\", \"user.realm\":\"reserved\", \"user.run_as.realm\":\"default_native\", \"user.roles\":[\"superuser\"], \"origin.type\":\"rest\", \"origin.address\":\"[::1]:52623\", \"request.id\":\"dGqPTdEQSX2TAPS3cvc1qA\", \"action\":\"indices:data/read/search\", \"request.name\":\"SearchRequest\", \"indices\":[\"alias1\"]}", + "related.user": [ + "elastic", + "user1" + ], + "service.type": "elasticsearch", + "source.address": "[::1]:52623", + "source.ip": "::1", + "source.port": 52623, + "user.effective.name": "user1", + "user.name": "elastic" } ] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/deprecation/config/log.yml b/filebeat/module/elasticsearch/deprecation/config/log.yml index 7730827c5b4..62e291e30de 100644 --- a/filebeat/module/elasticsearch/deprecation/config/log.yml +++ b/filebeat/module/elasticsearch/deprecation/config/log.yml @@ -15,4 +15,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/elasticsearch/fields.go b/filebeat/module/elasticsearch/fields.go index 4f44e586a19..66aae291f49 100644 --- a/filebeat/module/elasticsearch/fields.go +++ b/filebeat/module/elasticsearch/fields.go @@ -32,5 +32,5 @@ func init() { // AssetElasticsearch returns asset data. // This is the base64 encoded gzipped contents of module/elasticsearch. func AssetElasticsearch() string { - return "eJzUmltv2zj2wN/7KQi//GeARH/nMtmJgR1g6qZJil7SOEm34wbCMXUksaZIhaTseIp+9wUp2ZFlSb5s2+36JZF4Ob9z4eGhpH0yxlmPIAdtGNUIisbPCDHMcOyRzln5fucZIQFqqlhqmBQ98sczQsjyWPJGBhnHZ4SEDHmge67LPhGQ4KoY+zOzFHskUjJLizs1MpanK09JZZJKgcIsWioTLOvw1J+ESiZkGqNCYmIkXEYEJ7ZBKhYxAQaDTmlSfIQkdUaRHnrUS7w3aOAFGOgrBIOXIsDHAaoJo1gel+s3xtlUqmAVn2faoPKyjAWNGtzeXr4gMnSYxYB6svNkokYX/O0NG9x9ZFfh7+PH6DTansZeNdK8hQQ3ogkkHaPar+nTTiFkgF6LOZ6MYXvWy34xYB/ozQxv4g/m9l+vn5++6j5/M92SYWMzNHNMPrx9pf862lwws2HULtlFmuteLzNkHEcIZt+gNvtMpJnZVn6b9Z101rA24N159GI6ur0O+3e//ePPAX0Y9aMt7K5jUEGr+GBudNe1nqK7uUDIAmZWepfT0QrDH6WGaloqT81hhmqpparMjc07ttc8GTEaExMzvZKJekShNnvEKBA6lcq2EZb6IeOVtbVsCTuq2lpvkDK5k+7bfmvxbSfrkRzYxGCIpDRTyjKDkGKWyEz7QClq7QcoGAZ7BDITozCMgp3KD4Fxd7vSK7+MFAhjr6kUAqkbUXdvPsxAkqLCwFf4kDmrqUz4UJqouM4HNBtvWf72Zszd562144fFJlQQrzie/LLakscMkOuzwQ358+pyPvjXcpQsxk1BE4UU2QQDIoWT9tSNxiAE8l/3CJcUuG8TGvkl3xYpcJfgCNM6w6DM+Wuz7Z7m2d5uCoEnayNvOYbyQQ6u0mA1nwBngTMaRMDE6poowDt228IQMm7s0tqBPdOovM0UsF3/T9fqsUdYWG5ojNKOC1PDJugHTCE1Us12hZYcdSv0te1BjFwkKiSpYoKyFDgZIZci0o0RMSSdMRuBAB+ChInOHunYTUoXl+R+a2pwy36tmUVpo86H5GnKxgU+Is2ardsjnaJ66SVSMCPV/yfAxA4GVtxLQUGyxsB2Kd9eXxLXFw2qZnt2vliv2en/+RnoWDAaH37t1EpnImB0jW8v8z5FzsWAjGaFtdo8Gkq5f9g9OPW6B1732Pp06c7Ryp2TXRxdZJvlsmBVhVvBHjIkeXlYjGk234e/X/vj0cndYPIu/vOha6ZXk4t373dJVjlcpWRbxSvvlvOsvEUg9jmCGlAlOb+u121jVn8kg1ntYOAMqnGSgol7JDYm9ea62vEelcIsn7vsL2GRglxjozJs2Rd9CAKFuipuHYiWmaLosXQHwZliW0qzC7fYcvkOAhfpcVuxevUUtqnMBLWGqDoyl2jw0ayUwAGmCvPd59sVwvPJI7r7nISc94ndhjWaQoC3Ye2dxqDrTVCVvobA/l46QUSnSFnIqN0Bz/u5CK/SuY6pzFXjU9K6dDcCtL/yefS8T6jkPK+L60FL7s/ykPI10ka0kEuoLvUNwfoVkoVAu9dIFTARWYta7lcwATJhymTASQI0ZqIFXFOVjXw9S0aS+wZGHH3DEvxeepAryDQSK4IwQTRSKQJNKEcQVocsJTkLcSx6LbhRTEQ/AHwDboeylnuKMPYVhtpPlbRlguP/juQ3llmn9mT5JNFhEIUhKhS2ZHlSqhndFlScI/cVagriR1GX7J2AGlt6ziZI5OgzUqNtIc2RQJryefnPNNFGpikGzcpQDlr7meASgh+lSS7NxYvIbH3oIDa0Pk0zx9nIWJeUN2S8ygOD9K9u8xgv4gVVKFVigZ9SYQ1ic8omlQNSg5HJWkNvqIj9VZSQmdEsyB8NjFEJ5HUKlBLLTP8XKJmoQpJWSnvC/RGYN9IAJ8ghtfFagTbSvQrgaHLy0n7pnqtoA8r1CplgOvZqq4zPk8RXmWhYgs2KrFHAnRQsqiN5dfemoMnS0mrbI6AJ5NPbKE8lE4aILBmhqqc1sUIItG+sXXybZZqSx87k56BGEC1Zs5BKnFSX2wo31CWNRSDbFOh2lznztzaxRTBSjq2Lc6iCs5XLQFR/Xqkv3dZZq0+4jKJ8640aRMYI1cy4cyF7gZAS4FwWmw2IYO4X9vfWtawd449HjUmdCYPRyhPwDTDJYvFa5Z0cG/hjxuVoZtoqFLszfTekW5tGHFEzzOKIywM/wurDqZ0d944HJEKBReEsKc1SEHT283vQOU+G1iBlDX4CdzbadL13ZzIT0bf070c74f+4h2dVHX4CH7fYtZ5uYTdUkyWhy8/yBq7ZfTNQfU1QHwOrfnra6oCOjQK6XB2X5HV6ZGA7EdfLglN7jJYhQaWkWt6Q3PvbHgmBLz3/qH0cU9Uq34+WHys2hXTbwxcXCW0LoJP75bzf/Liz/uFm3dKqXwKLRCxWTx3LLFVJbRRzDi5XFFyUCFP5IwQu9JugihECX+NDq8kH+JDZ83JRIjZa/uj4+PT09LDW/I0UT/WeP3+6461517F8Sj7v79k/CeOcFRVYI+HBSbe7YR24sNLILmjYDtBlN1erWiMXL71Kle0UdDExBlvQ/74R/SI9cDnlMmrORHl7/v5d5yeGla+2ViA6w8Puwe/73ZP9w9Obg26ve9I7ON47PTq6H16+ffmO3A/z70DyKbwCwnvIUM3uyXDi372KP9/dk2GCRjHqvjY58Y687r6d1+ueeIcn98PuvSuxh8feb4m+33MXfm6k4bG7tgeRmBk9PDg9PvrN3pqlqIf3ezYtmvwfh+A+Rhi+vz27/ujfXJy99V+e3fQvFnO4b0H08MD2d+8Hhl8+dRztp07vy6dOAobGPnCeX46k1OZTp3fgdb9+/Xq/95/kb1vBV7anZQ+9dh1Wvtcpe6PW2CGaZe81nzUWuUfKcQuJW3LMLM49xUsnd/51xmriO+p2E70linVkG4ttb5K3nSgXKi2iBrY992ijRNd6sKXcp8hsk55/d2h7NQmvhvWWGC7gfefANg4up+1e3mLJbEeIj0aBn3O2EJ7ZboU6hIlQqgRWX0DvGiVPyaYtKvNTJzNNgXJ8uIPQPDutFWuNzzDIP2xrAjjcDkDJzLDKpl39qMP1aDKy7h5c/HX4/vn49PP0ODIRvDRiO8NX3tovSb8Mvo1v25fgTcvaCyTdZbk1Sxvk8StDEkiaJYuv4my14PI8Bi3y/h0AAP//rvZIEA==" + return "eJzUmt1v2zgSwN/7VxB+uV0g0Tkfm9sYuAO2bpqk6EcaJ+l13UAYUyOJNUUqJGXHW/R/P5CSHVmW5I9re728tLJIzm+Gw+EMxX0yxlmPIAdtGNUIisbPCDHMcOyRzln5984zQgLUVLHUMCl65F/PCCHLfckbGWQcnxESMuSB7rkm+0RAgqti7J+ZpdgjkZJZWvxSI2N5uPKQVCapFCjM4k1lgGUdntqTUMmETGNUSEyMhMuI4MS+kIpFTIDBoFMaFB8hSZ1RpIce9RLvDRp4AQb6CsHgpQjwcYBqwiiW++X6jXE2lSpYxeeZNqi8LGNBowa3t5cviAwdZtGhnuw8majRBX97wwZ3H9lV+Pv4MTqNtqexT400byHBjWgCSceo9mvatFMIGaDXYo4nY9iW9bJfDNgHejPDm/iDuf336+enr7rP30y3ZNjYDM0ckw9vX+k/jzYXzKwbtUt2nuaa18sMGccRgtk3qM0+E2lmtpXfZn0nnTWsDXh3Hr2Yjm6vw/7db//4Y0AfRv1oC7vrGFTQKj6YG901rafobi4QsoCZldblcERqok95BA4zVEtvqsw3NrzYVvOYw2hMTMz0SsDpEYXa7BGjQOhUKvuOsNQPGa8soWWFba/q23q9y+ROum/brcW3jazhc2ATgyGS0kwpywxCilkiM+0Dpai1H6BgGOwRyEyMwjAKdig/BMbdz5VW+WOkQBj7TKUQSF2Put/m3QwkKSoMfIUPmbOayoQPpYGK57xDs/GW5W9vxnz6vLV2/LDYawrilYknv6y+yX0GyPXZ4Ib8cXU57/xr2UsW/aagiUKKbIIBkcJJe2pGYxAC+a97hEsK3Ldxi/yS734UuItjhGmdYVDm/LXZdk/jbG83hcCTtZ637EN5JwdXeWE1nwBngTMaRMDE6poowDt2d8IQMm7s0tqBPdOovM0UsE3/pmv12CMsLL9o9NKOc1PDJugHTCE1Us12hZYcdSv0tW1BjFwEKiSpYoKyFDgZIZci0o0eMSSdMRuBAB+ChInOHunYvUgXj+R+R2q3lKv74vYD1E3Z+hHqkszNeoKLWWt9RJSSibxLHmOtU+Mj0qzZNXqkU2RYvUQKZqT6ewJM7OAdinspKEjWeIeNQ7fXl8S1RYOq2Rk6X6zt7fD//Ax0LBiND792aqUzETC6xjEv8zbFhoEBGc0Ka7W5Yyjl/mH34NTrHnjdY+uQS78crfxysouXFqFyOXVZVeFWsIcMSZ7CFn2azffhr9f+eHRyN5i8i/946Jrp1eTi3ftdIm0OV7N8mrf6+ZayhSP2OYIaUCU5v67XbWNWfySDWW1n4AyqfpKCiXskNib15rra/h6Vwqwu24RFCnKNjcqwZVP3IQgU6qq4dSBaZoqix9IdBGeKbSnNLtwiX+A7CFzE9m3F6tVKcVOZCWoNUX0oN/hoGkLEfH/3IGVjnGlPTgUG/mjmL22ivkWrHXskJUcQK1VAgKnCfGdeWwvUHk+QliOKiO4+JiHnfWJTFI2mEOBtWJekMeh6C1elryGwfy+dIKJTpCxk1GYH5/1chFdpXMdU5qpxGdIaGTYCtH/lkvy8T6jkPK8Z6kFL05/lHutrpI1oIZdQjSQbgvUrJAuBdiuTKmAisha13K9gAmTClMmAkwRozEQLuKYqG/l6lowk9w2MOPqGJfi99CBXkGkkVgRhgmikUgSaULumrA5ZSnIW4lj0WnCjmIh+APgG3A5lLfcUYewrDLWfKmmzEMf/HclvLLNObdX9JNFhEIUhKhQ2I3pSqhnd5mucI/cVagriR1GX7J2AGlt6ziZI5OgzUqNtkcGRQJryeWnENNFGpikGzcpQDlr7meASgh+lSS7N+YvIbPrpIDa0Pk0zx9nIWBeUN2S8yh2D9K9ucx8v/AVVKFVigZ9CYQ1ic8gmlSqqwchkraE3VMT+VZSQmdEsyI9NxqgE8joFSoFlpv8HlExUIUkrpS1DfwTmjTTACXJIrb9WoI10hS1Hk5OX9kt35qQNKNcqZILp2KvNMj5PEl9lomEJNiuyRgFXiFhUR/Lq7k1Bk6Wl1bZHQBPIh7denkomDBFZMkJVT2tihRBo31i7+DbKNAWPncnPQY0gWrJmIZU4qS62FdNQFzQWjmxDoNtd5szf2sQWwUg5tlOcQxWcrVwGovpyqD51W2etPuEyivKtN2oQGSNUI+POiewFQkqAc1lsNiCC+bywv7bOZW0ffzxqDOpMGIxWapENMMli8VrlnRzr+GPG5Whm2jIUuzN9N6RbG0YcUTPMooLmgR9h9exr54l7xwMSocAicZaUZikIOvv5Z9BNngytQcoa/ATT2WjT9bM7k5mIvuX8frQD/p/P8Kyqw08wxy12radb2A3VZEno8lHhwL121yaqn1A2/Yb6tNUBHRsFdDk7Lsnr9MjANiKulQWntoyWIUGlpFrekNwn7B4JgS+df9Qex1S1yvej5VPLJpduO3xxntC2ADr5vJz3m09T689O65ZW/RJYBGKxWnUss1QltVHMObhcUXCRIkzljxC40G+CKkYIfI0PrSYf4ENm6+UiRWy0/NHx8enp6WGt+RspnvI9f3664635lLJcJZ/39+w/CeOcFRlYI+HBSbe7YR64sNLILmjYDtBFN5erWiMXHwRLme0UdDEwBlvQ/74R/SI8cDnlMmqORPn7/G6CziuGlYtrKxCd4WH34Pf97sn+4enNQbfXPekdHO+dHh3dDy/fvnxH7of5VZh8CK+A8B4yVLN7Mpz4d6/iz3f3ZJigUYy6Czcn3pHX3bfjet0T7/Dkfti9dyn28Nj7LdH3e+7Bz400PHbPthCJmdHDg9Pjo9/sT7MU9fB+z4ZFk//HIbiLGsP3t2fXH/2bi7O3/suzm/7FYgx3HUYPD2x79/lh+OVTx9F+6vS+fOokYGjsA+f540hKbT51egde9+vXr/d7/038thl8ZXtanqHXrsHKlaXybNQaO0SzPHvNtcYi9kg5biFxS46ZRd1TfNNy9a8zVhPfUbeb6C1R7ES2sdj3TfK2E+VcpUXUwL7PZ7RRont7sKXcJ89sk55fvbStmoRX3XpLDOfwvpvANg4up+2zvMWS2Y4QH40CP+dsITyzzQp1CBOhVAmsft/e1Uuegk2bV+ZVJzNNjnJ8uIPQPDqtFWuNzzDI7/Y1ARxuB6BkZlhl065eeHEtmoysuwcXfx6+fz4+/Tw9jkwEL43YzvCVSwFL0i+DbzO37UvwpmXtBZLustyapQ1y/5UhCSTNksWNQZstuDiPQYu8/wQAAP//1SGPzg==" } diff --git a/filebeat/module/elasticsearch/gc/config/gc.yml b/filebeat/module/elasticsearch/gc/config/gc.yml index 67967e20abc..ba6d4dceefd 100644 --- a/filebeat/module/elasticsearch/gc/config/gc.yml +++ b/filebeat/module/elasticsearch/gc/config/gc.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/elasticsearch/server/config/log.yml b/filebeat/module/elasticsearch/server/config/log.yml index c784b5996fe..1723c9c86b6 100644 --- a/filebeat/module/elasticsearch/server/config/log.yml +++ b/filebeat/module/elasticsearch/server/config/log.yml @@ -15,4 +15,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml index 010a828ce8e..6b57b280a25 100644 --- a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml +++ b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/haproxy/log/config/file.yml b/filebeat/module/haproxy/log/config/file.yml index 19f230a3247..1fc1e5a33c7 100644 --- a/filebeat/module/haproxy/log/config/file.yml +++ b/filebeat/module/haproxy/log/config/file.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/haproxy/log/config/syslog.yml b/filebeat/module/haproxy/log/config/syslog.yml index fcad82506aa..cf755c53a96 100644 --- a/filebeat/module/haproxy/log/config/syslog.yml +++ b/filebeat/module/haproxy/log/config/syslog.yml @@ -6,4 +6,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/icinga/debug/config/debug.yml b/filebeat/module/icinga/debug/config/debug.yml index cbc9eb1477b..34bdcef7fa8 100644 --- a/filebeat/module/icinga/debug/config/debug.yml +++ b/filebeat/module/icinga/debug/config/debug.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/icinga/main/config/main.yml b/filebeat/module/icinga/main/config/main.yml index cbc9eb1477b..34bdcef7fa8 100644 --- a/filebeat/module/icinga/main/config/main.yml +++ b/filebeat/module/icinga/main/config/main.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/icinga/startup/config/startup.yml b/filebeat/module/icinga/startup/config/startup.yml index cd175ad6523..81a45be7e91 100644 --- a/filebeat/module/icinga/startup/config/startup.yml +++ b/filebeat/module/icinga/startup/config/startup.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/iis/access/config/iis-access.yml b/filebeat/module/iis/access/config/iis-access.yml index 0ca1a0c5437..aadbabb01ed 100644 --- a/filebeat/module/iis/access/config/iis-access.yml +++ b/filebeat/module/iis/access/config/iis-access.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/iis/error/config/iis-error.yml b/filebeat/module/iis/error/config/iis-error.yml index 0ca1a0c5437..aadbabb01ed 100644 --- a/filebeat/module/iis/error/config/iis-error.yml +++ b/filebeat/module/iis/error/config/iis-error.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/kafka/log/config/log.yml b/filebeat/module/kafka/log/config/log.yml index be425d89b1f..87f38b44128 100644 --- a/filebeat/module/kafka/log/config/log.yml +++ b/filebeat/module/kafka/log/config/log.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/kibana/log/config/log.yml b/filebeat/module/kibana/log/config/log.yml index bcf49873fb3..a1c113f53a8 100644 --- a/filebeat/module/kibana/log/config/log.yml +++ b/filebeat/module/kibana/log/config/log.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/logstash/log/config/log.yml b/filebeat/module/logstash/log/config/log.yml index 8c094e3c6ad..a90a5be8d96 100644 --- a/filebeat/module/logstash/log/config/log.yml +++ b/filebeat/module/logstash/log/config/log.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/logstash/slowlog/config/slowlog.yml b/filebeat/module/logstash/slowlog/config/slowlog.yml index 8de436195b5..f391047702d 100644 --- a/filebeat/module/logstash/slowlog/config/slowlog.yml +++ b/filebeat/module/logstash/slowlog/config/slowlog.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/mongodb/log/config/log.yml b/filebeat/module/mongodb/log/config/log.yml index 6fcf0ab7a1f..2db4213af7b 100644 --- a/filebeat/module/mongodb/log/config/log.yml +++ b/filebeat/module/mongodb/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/mysql/error/config/error.yml b/filebeat/module/mysql/error/config/error.yml index 513287f28f8..2bf22a084ec 100644 --- a/filebeat/module/mysql/error/config/error.yml +++ b/filebeat/module/mysql/error/config/error.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/mysql/slowlog/config/slowlog.yml b/filebeat/module/mysql/slowlog/config/slowlog.yml index 557a49be46f..6b83b522706 100644 --- a/filebeat/module/mysql/slowlog/config/slowlog.yml +++ b/filebeat/module/mysql/slowlog/config/slowlog.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nats/log/config/log.yml b/filebeat/module/nats/log/config/log.yml index 6fcf0ab7a1f..2db4213af7b 100644 --- a/filebeat/module/nats/log/config/log.yml +++ b/filebeat/module/nats/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nginx/access/config/nginx-access.yml b/filebeat/module/nginx/access/config/nginx-access.yml index cb319d01efe..2bd2a117d1c 100644 --- a/filebeat/module/nginx/access/config/nginx-access.yml +++ b/filebeat/module/nginx/access/config/nginx-access.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nginx/error/config/nginx-error.yml b/filebeat/module/nginx/error/config/nginx-error.yml index 680f826ce4e..bc547d46f36 100644 --- a/filebeat/module/nginx/error/config/nginx-error.yml +++ b/filebeat/module/nginx/error/config/nginx-error.yml @@ -14,4 +14,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml index cb319d01efe..2bd2a117d1c 100644 --- a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml +++ b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/osquery/result/config/result.yml b/filebeat/module/osquery/result/config/result.yml index 2dd7593f42d..cd17ae39bdf 100644 --- a/filebeat/module/osquery/result/config/result.yml +++ b/filebeat/module/osquery/result/config/result.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/postgresql/log/config/log.yml b/filebeat/module/postgresql/log/config/log.yml index 9d11854bf57..c33a4ad8de4 100644 --- a/filebeat/module/postgresql/log/config/log.yml +++ b/filebeat/module/postgresql/log/config/log.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/redis/log/config/log.yml b/filebeat/module/redis/log/config/log.yml index a24f976513f..e9de5bfce49 100644 --- a/filebeat/module/redis/log/config/log.yml +++ b/filebeat/module/redis/log/config/log.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/santa/log/config/file.yml b/filebeat/module/santa/log/config/file.yml index 6fcf0ab7a1f..2db4213af7b 100644 --- a/filebeat/module/santa/log/config/file.yml +++ b/filebeat/module/santa/log/config/file.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml index d1d5c593506..429067177d1 100644 --- a/filebeat/module/system/auth/config/auth.yml +++ b/filebeat/module/system/auth/config/auth.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/system/auth/ingest/pipeline.yml b/filebeat/module/system/auth/ingest/pipeline.yml index 54ab0dbf8f5..48d5ecb490d 100644 --- a/filebeat/module/system/auth/ingest/pipeline.yml +++ b/filebeat/module/system/auth/ingest/pipeline.yml @@ -36,6 +36,44 @@ processors: field: system.auth.message target_field: message ignore_missing: true + if: ctx?.system?.auth?.message != null && ctx?.system?.auth?.message != "" +- grok: + field: message + ignore_missing: true + ignore_failure: true + patterns: + - 'for user \"?%{DATA:_temp.foruser}\"? by \"?%{DATA:_temp.byuser}\"?(?:\(uid=%{NUMBER:_temp.byuid}\))?$' + - 'for user \"?%{DATA:_temp.foruser}\"?$' + - 'by user \"?%{DATA:_temp.byuser}\"?$' + if: ctx?.message != null && ctx?.message != "" +- rename: + field: _temp.byuser + target_field: user.name + ignore_missing: true + ignore_failure: true +- rename: + field: _temp.byuid + target_field: user.id + ignore_missing: true + ignore_failure: true +- rename: + field: _temp.foruser + target_field: user.name + ignore_missing: true + ignore_failure: true + if: ctx?.user?.name == null || ctx?.user?.name == "" +- rename: + field: _temp.foruser + target_field: user.effective.name + ignore_missing: true + ignore_failure: true + if: ctx?.user?.name != null +- convert: + field: system.auth.sudo.user + target_field: user.effective.name + type: string + ignore_failure: true + if: ctx?.system?.auth?.sudo?.user != null - set: field: source.ip value: '{{system.auth.ssh.dropped_ip}}' @@ -96,7 +134,7 @@ processors: source: >- if (ctx.system.auth.ssh.event == "Accepted") { ctx.event.type = ["authentication_success", "info"]; - ctx.event.category = ["authentication"]; + ctx.event.category = ["authentication","session"]; ctx.event.action = "ssh_login"; ctx.event.outcome = "success"; } else if (ctx.system.auth.ssh.event == "Invalid" || ctx.system.auth.ssh.event == "Failed") { @@ -137,16 +175,23 @@ processors: - append: field: related.user value: "{{user.name}}" - if: "ctx?.user?.name != null" + allow_duplicates: false + if: "ctx?.user?.name != null && ctx.user?.name != ''" +- append: + field: related.user + value: "{{user.effective.name}}" + allow_duplicates: false + if: "ctx?.user?.effective?.name != null && ctx.user?.effective?.name != ''" - append: field: related.ip value: "{{source.ip}}" - if: "ctx?.source?.ip != null" + allow_duplicates: false + if: "ctx?.source?.ip != null && ctx.source?.ip != ''" - append: field: related.hosts value: "{{host.hostname}}" - if: "ctx.host?.hostname != null && ctx.host?.hostname != ''" allow_duplicates: false + if: "ctx.host?.hostname != null && ctx.host?.hostname != ''" on_failure: - set: field: error.message diff --git a/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json b/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json index cff887d76e8..52501ff2a7c 100644 --- a/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json +++ b/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json @@ -14,7 +14,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -30,13 +34,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-lhspyyxxlfzpytwsebjoegenjxyjombo; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675177.72-26828938879074/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675177.72-26828938879074/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -53,7 +59,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -69,7 +82,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -86,7 +103,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -102,13 +123,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-xspkubktopzqiwiofvdhqaglconkrgwp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675181.24-158548606882799/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675181.24-158548606882799/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -125,7 +148,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -141,7 +171,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -158,7 +192,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -174,13 +212,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-vxcrqvczsrjrrsjcokculalhrgfsxqzl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675202.4-199750250589919/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675202.4-199750250589919/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -197,7 +237,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -213,7 +260,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -230,7 +281,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -246,13 +301,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-gruorqbeefuuhfprfoqzsftalatgwwvf; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675203.3-59927285912173/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675203.3-59927285912173/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -269,7 +326,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -285,7 +349,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -302,7 +370,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -318,13 +390,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-fnthqelgspkbnpnxlsknzcbyxbqqxpmt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675204.07-135388534337396/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675204.07-135388534337396/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -341,7 +415,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -357,7 +438,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -374,7 +459,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -403,13 +492,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-wagdvfiuqxtryvmyrqlfcwoxeqqrxejt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/async_wrapper 321853834469 45 /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/command /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -426,7 +517,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -442,7 +540,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -459,7 +561,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -475,13 +581,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-lkgydmrwiywdfvxfoxmgntufiumtzpmq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675212.66-81790186240643/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675212.66-81790186240643/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -498,7 +606,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -514,7 +629,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -531,7 +650,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -547,13 +670,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-mjsapklbglujaoktlsyytirwygexdily; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675218.96-234174787135180/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675218.96-234174787135180/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -570,7 +695,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -586,7 +718,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -603,7 +739,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -619,13 +759,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-kvmafqtdnnvnyfyqlnoovickcavkqwdy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675219.83-99205535237718/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675219.83-99205535237718/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -642,7 +784,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -658,7 +807,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -675,7 +828,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -691,13 +848,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-nhrnwbdpypmsmvcstuihfqfbcvpxrmys; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675224.58-12467498973476/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675224.58-12467498973476/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -714,7 +873,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -730,7 +896,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -747,7 +917,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -763,13 +937,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-buzartmsbrirxgcoibjpsqjkldihhexh; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675228.25-195852789001210/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675228.25-195852789001210/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -786,7 +962,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -802,7 +985,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -819,7 +1006,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -835,13 +1026,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-swwkpvmnxhcuduxerfbgclhsmgbhwzie; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675247.78-128146395950020/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675247.78-128146395950020/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -858,7 +1051,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -874,7 +1074,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -891,7 +1095,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -907,13 +1115,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-raffykohamlcbnpxzipksbvfpjbfpagy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675250.82-190689706060358/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675250.82-190689706060358/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -930,7 +1140,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -946,7 +1163,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -963,7 +1184,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -979,13 +1204,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-dfoxiractbmtavfiwfnhzfkftipjumph; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675251.6-137767038423665/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675251.6-137767038423665/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1002,7 +1229,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1018,7 +1252,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1035,7 +1273,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1051,13 +1293,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-jveaoynmhsmeodakzfhhaodihyroxobu; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675261.29-208287411335817/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675261.29-208287411335817/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1074,7 +1318,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1090,7 +1341,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1106,13 +1361,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-lwzhcvorajmjyxsrqydafzapoeescwaf; rc=flag; [ -r /etc/metricbeat/metricbeat.yml ] || rc=2; [ -f /etc/metricbeat/metricbeat.yml ] || rc=1; [ -d /etc/metricbeat/metricbeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x\"$rc\" != \"xflag\" ] && echo \"${rc} \"/etc/metricbeat/metricbeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open(\"'/etc/metricbeat/metricbeat.yml'\", \"rb\")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open(\"'/etc/metricbeat/metricbeat.yml'\", \"rb\")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 ", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1145,7 +1402,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1161,7 +1425,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1178,7 +1446,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1195,7 +1467,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1211,13 +1487,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-yesyhegdrhiolusidthffdemrxphqdfm; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675262.15-83340738940485/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675262.15-83340738940485/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1234,7 +1512,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1250,7 +1535,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1267,7 +1556,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1283,13 +1576,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-vqbyiylfjufyxlwvxcwusklrtmiekpia; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675263.16-15325827909434/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675263.16-15325827909434/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1306,7 +1601,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1322,7 +1624,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1339,7 +1645,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1355,13 +1665,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-osrbplljwskuafamtjuanhwfxqdxmfbj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675264.47-179299683847940/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675264.47-179299683847940/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1378,7 +1690,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1394,7 +1713,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1411,7 +1734,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1427,13 +1754,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-xqypdfdxashhaekghbfnpdlcgsmfarmy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675265.39-273766954542007/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675265.39-273766954542007/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1450,7 +1779,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1466,7 +1802,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1483,7 +1823,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1499,13 +1843,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-ktkmpxhjivossxngupfgrqfobhopruzp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675266.58-47565152594552/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675266.58-47565152594552/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1522,7 +1868,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1538,7 +1891,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1555,7 +1912,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1571,13 +1932,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-erpqyqrmifxazcclvbqytjwxgdplhtpy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675275.74-155140815824587/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675275.74-155140815824587/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1594,7 +1957,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1610,7 +1980,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1627,7 +2001,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1643,13 +2021,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-cfqjebskszjdqpksprlbjpbttastwzyp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675276.62-248748589735433/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675276.62-248748589735433/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1666,7 +2046,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1682,7 +2069,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1699,7 +2090,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1715,13 +2110,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-oxbowrzvfhsebemuiblilqwvdxvnwztv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675280.28-272460786101534/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675280.28-272460786101534/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1738,7 +2135,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1754,7 +2158,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1771,7 +2179,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1787,13 +2199,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-ohlhhhazvtawqawluadjlxglowwenmyc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675302.51-201837201796085/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675302.51-201837201796085/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" } ] \ No newline at end of file diff --git a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json index 50134594bfc..d6319b0e82a 100644 --- a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json +++ b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json @@ -59,7 +59,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -121,7 +125,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -251,7 +259,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -313,7 +325,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -375,7 +391,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -437,7 +457,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -499,7 +523,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -629,7 +657,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -663,7 +695,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -725,7 +761,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -787,7 +827,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -849,7 +893,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -911,7 +959,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -973,7 +1025,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1114,7 +1170,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1244,7 +1304,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1306,7 +1370,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1368,7 +1436,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1430,7 +1502,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1492,7 +1568,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1622,7 +1702,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1684,7 +1768,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1746,7 +1834,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1808,7 +1900,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1870,7 +1966,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2000,7 +2100,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2062,7 +2166,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2124,7 +2232,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2237,7 +2349,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2299,7 +2415,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2361,7 +2481,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2423,7 +2547,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2485,7 +2613,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2615,7 +2747,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2677,6 +2813,10 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" } ] \ No newline at end of file diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index dc677ebb58c..25f2b8608b5 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -2,7 +2,8 @@ { "event.action": "ssh_login", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "system.auth", "event.kind": "event", @@ -39,7 +40,8 @@ { "event.action": "ssh_login", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "system.auth", "event.kind": "event", @@ -165,13 +167,15 @@ "localhost" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/ls", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -219,13 +223,15 @@ "localhost" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/cat /var/log/secure", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/1", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -242,7 +248,8 @@ "precise32" ], "related.user": [ - "tsg" + "tsg", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/ls", @@ -250,6 +257,7 @@ "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/1", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "tsg" }, { diff --git a/filebeat/module/system/auth/test/timestamp.log-expected.json b/filebeat/module/system/auth/test/timestamp.log-expected.json index 4d428b4d1cc..ccbaedf2039 100644 --- a/filebeat/module/system/auth/test/timestamp.log-expected.json +++ b/filebeat/module/system/auth/test/timestamp.log-expected.json @@ -15,7 +15,14 @@ "related.hosts": [ "localhost" ], - "service.type": "system" + "related.user": [ + "userauth3", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "0", + "user.name": "userauth3" }, { "@timestamp": "2019-06-14T09:31:15.412-02:00", diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml index d1d5c593506..429067177d1 100644 --- a/filebeat/module/system/syslog/config/syslog.yml +++ b/filebeat/module/system/syslog/config/syslog.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/traefik/access/config/traefik-access.yml b/filebeat/module/traefik/access/config/traefik-access.yml index 6fcf0ab7a1f..2db4213af7b 100644 --- a/filebeat/module/traefik/access/config/traefik-access.yml +++ b/filebeat/module/traefik/access/config/traefik-access.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/go.mod b/go.mod index 7d5c452cc38..f5407a2e375 100644 --- a/go.mod +++ b/go.mod @@ -59,17 +59,17 @@ require ( github.com/dustin/go-humanize v1.0.0 github.com/eapache/go-resiliency v1.2.0 github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 - github.com/elastic/ecs v1.6.0 + github.com/elastic/ecs v1.0.0-beta2.0.20210202203518-638aa2bb5271 github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a github.com/elastic/go-concert v0.1.0 - github.com/elastic/go-libaudit/v2 v2.1.0 + github.com/elastic/go-libaudit/v2 v2.2.0 github.com/elastic/go-licenser v0.3.1 github.com/elastic/go-lookslike v0.3.0 github.com/elastic/go-lumber v0.1.0 github.com/elastic/go-perf v0.0.0-20191212140718-9c656876f595 github.com/elastic/go-seccomp-bpf v1.1.0 github.com/elastic/go-structform v0.0.7 - github.com/elastic/go-sysinfo v1.3.0 + github.com/elastic/go-sysinfo v1.5.0 github.com/elastic/go-txfile v0.0.7 github.com/elastic/go-ucfg v0.8.3 github.com/elastic/go-windows v1.0.1 // indirect diff --git a/go.sum b/go.sum index 118df228463..b7b9053d30b 100644 --- a/go.sum +++ b/go.sum @@ -247,16 +247,16 @@ github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 h1:DW6W github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7joQ8SYLhZwfeOo6Ts= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 h1:lnDkqiRFKm0rxdljqrj3lotWinO9+jFmeDXIC4gvIQs= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3/go.mod h1:aPqzac6AYkipvp4hufTyMj5PDIphF3+At8zr7r51xjY= -github.com/elastic/ecs v1.6.0 h1:8NmgfnsjmKXh9hVsK3H2tZtfUptepNc3msJOAynhtmc= -github.com/elastic/ecs v1.6.0/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4= +github.com/elastic/ecs v1.0.0-beta2.0.20210202203518-638aa2bb5271 h1:lEqA6OOU2w/7cce5M2v6ZAaOqsTw2Q3ZFqSgbH0bMyQ= +github.com/elastic/ecs v1.0.0-beta2.0.20210202203518-638aa2bb5271/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4= github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a h1:2NHgf1RUw+f240lpTnLrCp1aBNvq2wDi0E1A423/S1k= github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a/go.mod h1:uh/Gj9a0XEbYoM4NYz4LvaBVARz3QXLmlNjsrKY9fTc= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng= github.com/elastic/go-concert v0.1.0 h1:gz/yvA3bseuHzoF/lNMltkL30XdPqMo+bg5o2mBx2EE= github.com/elastic/go-concert v0.1.0/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM= -github.com/elastic/go-libaudit/v2 v2.1.0 h1:yWSKoGaoWLGFPjqWrQ4gwtuM77pTk7K4CsPxXss8he4= -github.com/elastic/go-libaudit/v2 v2.1.0/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= +github.com/elastic/go-libaudit/v2 v2.2.0 h1:TY3FDpG4Zr9Qnv6KYW6olYr/U+nfu0rD2QAbv75VxMQ= +github.com/elastic/go-libaudit/v2 v2.2.0/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= github.com/elastic/go-lookslike v0.3.0 h1:HDI/DQ65V85ZqM7D/sbxcK2wFFnh3+7iFvBk2v2FTHs= @@ -272,8 +272,8 @@ github.com/elastic/go-seccomp-bpf v1.1.0/go.mod h1:l+89Vy5BzjVcaX8USZRMOwmwwDScE github.com/elastic/go-structform v0.0.7 h1:ihszOJQryNuIIHE2ZgsbiDq+agKO6V4yK0JYAI3tjzc= github.com/elastic/go-structform v0.0.7/go.mod h1:QrMyP3oM9Sjk92EVGLgRaL2lKt0Qx7ZNDRWDxB6khVs= github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= -github.com/elastic/go-sysinfo v1.3.0 h1:eb2XFGTMlSwG/yyU9Y8jVAYLIzU2sFzWXwo2gmetyrE= -github.com/elastic/go-sysinfo v1.3.0/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= +github.com/elastic/go-sysinfo v1.5.0 h1:6DBn+WmxLz+IJ9MY+MzX2rWQNd04vSRB3TSuXu/2JjU= +github.com/elastic/go-sysinfo v1.5.0/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= github.com/elastic/go-txfile v0.0.7 h1:Yn28gclW7X0Qy09nSMSsx0uOAvAGMsp6XHydbiLVe2s= github.com/elastic/go-txfile v0.0.7/go.mod h1:H0nCoFae0a4ga57apgxFsgmRjevNCsEaT6g56JoeKAE= github.com/elastic/go-ucfg v0.7.0/go.mod h1:iaiY0NBIYeasNgycLyTvhJftQlQEUO2hpF+FX0JKxzo= diff --git a/heartbeat/cmd/root.go b/heartbeat/cmd/root.go index d7b499afdca..bfbfa22d1b4 100644 --- a/heartbeat/cmd/root.go +++ b/heartbeat/cmd/root.go @@ -41,7 +41,7 @@ const ( Name = "heartbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd to handle beats cli diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc index f574c6400c4..1588c1596e1 100644 --- a/heartbeat/docs/fields.asciidoc +++ b/heartbeat/docs/fields.asciidoc @@ -2186,7 +2186,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2239,7 +2239,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3430,6 +3430,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -4504,6 +4517,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -4674,6 +4700,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -7825,6 +7864,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -8000,6 +8040,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -8010,6 +8163,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -8113,6 +8379,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8229,6 +8608,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/heartbeat/include/fields.go b/heartbeat/include/fields.go index d224f8a0045..8c5c30dcb6b 100644 --- a/heartbeat/include/fields.go +++ b/heartbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9j72uU2ciTB//MUCHbEWZqjSqS+5Yu+CVmSp3Xjr7Xk7t2dnqDAKpBEqwhUF1CS2XcXca9xr3dPcoFMAIX6oETKoiW75ejdEckqIDORSGQm8mNNrdsf7aBmwBIWvKtBXvRKV30mKyDTWYMefymlgKMLBN9ROzg4Fq0dRGisC6wAYVtkapZPSceP1zHyA061YFgHhagBriLgL/uztRKt8Gaua2p5WNgRbR9aaotSqNoUIR7WA3JemQDtZ8DCjhjUqQEj9LdCIFPAfRU6C+3bbYOVpBVSN4YcgQg2y4gRjnWT+hiH33QoVK/E0OtFk4QoNqVC8xhvjz7DGUsFYZ8x/LFbEeoce+OPitQ8ds0NuvwPVl4oG0RZDu00Sleac3fmfo6RMZzdmAJFqDtI0N9pbyqV5mlKGHrfsIYNNtU0NnXgewWCjXjQRpJmWS6znFPN0tkyxjU6g1elOAHX49FnF8Z7nwEHL2CmQz4uZKHSGXIzvOOlPFyzKp+/nnIFfYrPPnQJde428BAXgn8mSho+iQj5j5KyNL2hM4X+9uqRTW8cTI7vLyP7xSWSrKqjCaNFlTfLSeHqYIEnO+LZpQHlMkKwLrskYRkDpz2RVmcgUgSORHOc1iJ8qIpEYZSEBdZlXpCPLcuD4xCaQpfkskUKLbQUcioL5fryA93Lrz2ArjU4DrR2dP5uvVEIBwKUaTwpPU1ISowQZS0n9G5/77COc+iGedoFFxYPK3of4NQebvd3KccpI2/eHFfo0RKts0iEaPhatQYjxOVA8RbowBPIe8sSKKKbS3VQ7VCNjH0HZPe69EdocPyqU3rMZBRzPVtVGcBjrmftq/NWCp2zWhNfAEcKzQUTKytN+K5SktBO1oDvncz1hBxBhAltAbIQOp8NuJItRYUehnQ4BTk7fw8ZCA0Ij4/mgrWq1bQgtS7oMRU0aVLKNZG/A5wxkwMwztvmfSPFmOsiwfM6pRo+NB2+/5N0Uik6L8nG/na019852O51SSeluvOS7OxGu73dw/4B+d8vGkCu0Inz4pNi+YY7j2sOTup77HcJRZcDamFyRMY5FUVK87D4qJ6wGYmh9ppROyul0Oy5qatOI56jRhUzgRcLkEKQSgyfGrK8LFvlVNvyhELwUpJNZoqbP9Cx2CWx29ZhcNo7qQ2dzIOogYPCag6+KRyQYyYdtk3vxlAqLcVGEjfWJmdjLsUqd9pHmOG2jbbxb8fz4FrRVrMwte60fyvYkFUJVb/GbMDQfoVZRi34ts54VqydfbjeMfrW2YfrvfXqmTGl8QoQfnt03A5LvYa6jr7gzvbFhbEdrTUFySWh9j+khmnfHV14o9oWWuNW3So3oiRZzq+pZuTk7X+uB4psdQOAiZZKmpAhTamIYQsGd34yJ7kszM6saaoGz0wulMSxVLJESABImXu6JECzdAlVrdEBmun7KWa1rJ7GMnxhRpEl+zwWx9BMlrNk0KYSPmCHcQibHE+Y0sGkjkY4dxcQyTKWeJCLodMk/ZK/LhMyukHIMQxnzciRzElnJGVkn4tiOe0Qrkgn/KJevhsvR20gVcKwqCKUWGMxV8ZQsi0xwXRN+ZVNWcKLP1WMRvyzHxGeWZtonb3c3MRH8AljIK1H5AJDmbREq/8zn3ov83BGFJ9m6YxoelWuK5q6KVWa6BtJUjpkqUKrWkgNISpYRNRgf/HmRPko5U4so+Kq0zwIA2pUuMKTfZXc4CcBpvdKyqgwu/n3gqZYRTYIxHFhE4HSUIbFYCgK+xyzDJUbCJKA1/AOr8oqlt0jQs4EoSSjueaBH4w0IADhYQtEm/+zv9vQCq9JgcpTpDZNNKaidISRKl91AwrYfq6qidCQpfKmnc3b90R134S07dzc3ESMKh1NZ3YEZAzcGVTpTuRHPLOlsHGUCS3rzCKuGF7vpikj4juqGG5Fqhj2K5uvW2HiErxKZVLX1bYco9PFPSck0TnlqdkyGcu5bCmUbRDwzHbHTYGW2QDQ+ApSj41GDKqjm1kto1js19jFm5P1Lt7lXQl5I5wTtwIWscKl6/zkIAQMyzpeCTZJ1BSQ9Xn9sEFum1kl4INvWzKCVJwnFMuVWEw8wvcVvikUy6PVskzoMShT2HzEXXD5SORo3rFIBXlzcvTBiKwjxPjEDxXyyosmdmxKeboi5Ix5SmACp343wxYjIz0fOJH/0RyHBuEXqjwQwAC+JSIkHbJck1MulGaWxSq0gXuAR2NAvApeOQcikiu7Bp9f6t5eddubcPCYb7oAzBZGRThX6M4JVwInawKxyuoollIgdyBqXMugZ3wYM4Oh/SigBKFCitmU/xEEVSIJ/cdP2CaHj8glYAG94nP7wWB36ZWBWIoRrlU9TkckLfqVMQPbmOrOQg0Pw0p2tWDKJhAP5795NIl2PjEWpbDVplM55qKJdCDSKIi0Jilyma4sj9n3WwOGhJmcxxMKTVh450byXvEhFXRAkykXnS7p5Ay0aDEeQDu0u8J7w+ANV10siN5wX92aFMXc241YAB3+htHM4HEoQxQTqqmF8IYqEss0ZTEU07DfXkyY8gNDGslMFmTERYKbym/xVI6V3du+EYWbG9LpMBxmiatqlk3YlOU0XWEvk1M3R2NjcuXBX+MjSB3GrmjrjVZeCWwT8CxhVIFy/TZyBsVJFDYzubQDgghLJFNG72yqkgd0Z7Tb640qxFiJTGpp5eJDlITAIB6E2Nl4jiRcQXWfnKtAcMsRJskJmTDr0a+gXF6i+wobwDCggCes2SPNW3uNPiwhMDajf0qvmCJck0wqxYdYZsPzZ2lSGD41DDllOucx8iwkhte4tppqZjYMGP5xkdIc4PVDsinXru9QPcjzndQ2soNjTpxgtg0gY+ULCvdlBQzwScgK2UvLOIghwdQMVEWoJpfmPXsummMSPhrqg6JIW4zhZHuf7bLhiPUo24t3Dve3kiE7HPX6+zu0v7e9PxwebO3sj/Yq/Lii64WKRumYDUNvAukE1KpF0oqWF6FXid2ZIN8hodDyC01TeYPLn3Clcz4swtQOO4bN0ckLyFryfg3IWqvqOOh3cQFRSlMoLAB+63KHCO+uCcA/w29jqgCDU2Od8thm8lV2kVN3Qg8IOowLpX30CAmM+1eMatU2CJrI9liCJkSZr37iHzULeVkqZph9OjIbA31sQQunFidLiMeG3W5VJpIJW+kdp+Mm6lkCpqzJmYAT9I1EWeRZyYzgXnZS0an95jfYpkHMd1gZCMoBQJwNpkt2g0VwqHuxWF5RDl3jKT+oPU48ZC411o22GC/VRHIAQpOjagCYZ3HNgwDgKqNaHowMCGZ6l2Ja2cmSKfHiRalfQn1CG/AA3lhAzs/WrXlnZe6AtAmFYSXFUo+VsKO5GBdcTfyqlZsStrQ5L0iRVY56e85JZUAloblg68NYugim3P2TFwnl8DUpVOWaUsA47lknGygVPI0tUlMqMGpUsRY1wc230bP/+lUJrYJU9AcNtsD6Bjh+DdeqHbOiWiGg8rqkhKXPCXixVn8TjfkWfbaiJ/gTOlDMHSbBJKdugc5GOIjM/Rg0ZzXo6jt0jui9cZrTZUWqXt4hdSvL0Rry/jAr8nO14qtbEB83W7EtmqtSymAtSSrllTHBqE2VZRo7itZsi6DIrJfuTWpsR1vRTmhnQXhtxcwqv7nFysKnnB3k8ocbsdZEMbg/QinmwqltrPEmXhxHbZaVYYwg+NkwBq3GY3ftvXOYQQFxtlYghpe6CFUFiDA2vax9ESIVBHjfEdod3svb+O4Sp3kRzMEssRSKJ9grc8JARYImnkFxLQzf/Ys/UjH2GTyiooq3mjehI0OVmI7Xw1D9s8DGx/sVP7azjGIa5n7a2HaAt8yxIOg+wOIM7c85KngsMS/Lk/tpBnJb+j4Hcj8Hcj8Hcj+RQG7ck67YYSn2HjGaG0F6juZ+juZ+GJCeo7kXp9lzNPdzNPe3FM2NZ8XTiOYGWFYczW0RviOKmabWZCi3ovQBzq2RzEFWsLFpwCgW4ycf2T2XHNEX0uMJRnYvrql9xfDuFp5/9PDuUH98Du9+Du9+Du9+Du9+Du9+Du9+Du9+Du9+MCCew7sfhAGfw7ufw7ufw7ufw7ufw7tvpVmlvx+ibsMOLspv5ocddGx3MLPZUqoUH81cvCiFvgpQfZzGscSSe1DYE+cimn6WQk5nv1oIf/VKjkH47dnFx1NydHHxX47/AT03RzmdMujk8KtoRCaYPW3wrUBSDmzhwIt2b7Xw3Jc5R5/O2cl5l7z7++tfulAQfN2FklESy+nUyFoLclQODRE7gFCkaax5HP0VIPKNP8JS7hM+nljt1pftlM5MM2OU4yJEv3b4NKOx/rWzHlWmYvEE9nP015AMjUnhTrgc9IoLcFeAskrjCZTN9HWzwfetMQIG5+nCgsWxnGYpVxjqOZY0RejKcX/tBFXXhRF+xuDCkBcDOvZHXSRowK/yVzimLB/6Kctux0WO7YtdvXG8cHF8VdHkcdHhd78oPkYd9qKnZkRe+6nsWLxyKUSc2eJ71EIALFQaFWNfs54wY+NgMzNNuBgzpUFYoOOQ6VyqDI2HwEeg6XiM6LlChTVhEu64qgGKfL0yJadjGJujHw2pWeFJR7z/sF1YCsUIbciHXz2iv9pRuhWTkayxz5EvBUy1pvFVNOU6Z1AKGF9RmxdHvV5va5Osd+rkwV/aCLNCrapT4VcXUbgokUKaNOTplxOpSaNq/6gamVZdExvYyE8CTSGeELHC4ZuEW3SUKl39IfBVtqaXbl+6O91Ay5HTvaU2L/q93cMW7oPv51DoO7HRO5VEkqVXJFyGkLtXtSLHcjqlNhHvHLEQY4zcynLm8kGaq/VIomJheoZ0bDL76ui5+LtzCKuK4deSGuBHQtERzvqlkjgc68vI2+v15wmRqLd4F485xH3SAme+TFlyqW4VK6teqg/yhuXnE5amX7hWjyNuFiZ1SN7243XlpF7u/QVdDrYCufM32PYby3Qip9CQKKyYX/EMjGRcKOcjLdt7uFr6hGvF0hGcThw690K9/3RG6LXk0NhsI2GZnvjeB6VhhyB8jnZ7h3bUmOU2Dh+SAdgSvdBjnk1W1uLuHLtGc5GAsWkbWeCUyHZJkfuvbepUQNKGgHxzPjg9PvnpdPDx/Gjwy9nFT4Oj0/NBf+tgcPzqeHD+09HW7t6iG9LWEQxotyIqfDh9u+F6nitNRbJBUylYZdUkJEX6JmIWNrhV9DsQHCaYgjItsGXCBvscp4Xi1yBAL5soDeIJ5eKSKC5iezkYtsQleKWKufu+Gn/KVdPf9/bsLIoW7tA4D5JVezJDWgeTN7IaK9QvXSATSLmYvxb3WoMyUc2tAtX2qria9D/iudIVtnAZzBMfNV71wOKidLrE/bVExzyEc0LVJJomuytamOOKZBJjo3xzoYO2Nm9PdknCwY8kR+Tk9KNfv2pKHlRQWGDLvMY0WMWVZiK2N+62tSlVE9tJOIyz8Bf35Wrg7UnZsr/IMpZD2jDQq74Svdf7e8f7r7eOd3dfvT7ZPzk4PXh18Hrn1etXr3vHh6fH91kTNaH9R1uU85+O+t/8qhyebh9unxxu97cPDg4OTrYODrb29o63Tg77u1v9nZP+Sf/4+PTV1tE9V6c8ah5lfbZ299pXyNMwSAL98hUqR8WVeph9s3ew/3pvb++ot7tz+rq/f9Q7ON16vdXf2zo9erVz/Oq4d7K1t3vaP9k/2N99dbq/8+r19vF+f+v46HDr5Oj1wu3+LI5cqWJlus5JmVTPktCm+Y3FPv4IIXCfQIVrPYhsu57GKjWcHO9+tBnV5KOUmhwfdcn7Tz+eiVFOlc6LGG5iLhiddsnJ8Y8+6uDk+EcXy7g4+X6j26s6vu21OVSCKVPvcF5bJsTo0hMM8ZuRjOWG1QyLnZ+/2Sz1a0ImVCRqQq+aUSPJDtsd9g+SveHubrzf39rfOjjc3trqx4d7Q7q1syw3CakHdKQXYqikXNwq01DNNi84hGx6HflmwoTLjq0oA4oICWHNLA/ShMOdyZOmlrDV2+pv9Mx/F73eS/gv6vV6/7mspmDwHUKljq+IsFWJFka2f7jfewhkMSP5gcOrau2/lSQxhcxtw8bvzqxM1SxNKw3IMLnWtWo3tmez16KlHleEYtdge+NtjSmiZUR+wcxrL7bNw5VumCjH/bhjZiifcZsDHEbn2yzgBv0hchZrLESxXJbmKCsfUz43JHIpiT1Z7pTI0xn+BqL4pNKk9IEksSoyvN0doC298gARO0277lAx4vGbCUtT2WawzLHgt3b3Bn8/fmss+O2DHWPPlA+eHp/c9qhfl8697J/Pu73DiKaQUKP5NYMtvyp6vuGorTmuC+a1Yexr50fv1iMMFTDzmL2azwy929QE7L7O9QxjBAK2hfvaYaFt9AgmQ0GcWJlvZrS4k3fnJMSYkDUz1A1Pk5jmiVrvwtCVWFTWvL9/8ddg299rCVAzihDcVcpdtwY2rAYEwdrxO+iGaYAwnBxS0tO4gbTTvIwyTn7i4wk5UqrIqbHxbfeu42WNiyotINV35XTAhOK143VIvVR1ND8t3Jq4BYcklLqrXNYW8b52cp9VPf7x03mXvPd69ZmIQZDD0VbmAHRD3buFA/x+eghOgBTgMgl5VazgpnGy6M16nThvDbMYKfIzZzdfgFBYEmPFSIVTKbL2/gs2+pmIHwhnmg4KwVel6rShTlNiZjQU+HQPEtS4/wvIAJXRBjIfQKDZ6i6+/FmLldhy4ubzJ+1Fl5xD2NqHBp8f05SPZC44vQ+mD2EZgo1EdVCNeAFTcI5VtNXb6m309jf6e6S3/bK/+3L78L+CaXRf5L7YDLwTu7rdNxez/uFG7wAw67/c6b3c2r0/ZphjNbhiswFNx2YfTKYrM/7s+G398X1C2BVrbsSP5/c6SALc4iK/XtWmu8B7vOvwUpkRlqbmgdj+VGJHPJ2bV13+J1/VrkELwZXOdrcWDpeYQxD2OZOizKO/T1WqUzuEX86E5fy6sZj+DmkB5PZ2d7f3HfFFwj7Xwyjuh6zifyyy+PMQhYRk/oePCw3WUmU0hhurIW+J8N3q7RzcB3TFck7TwcJ1w74gPQWnchXB4LgqLd3WU7LuNC+NUVfQpfS0pNmEigJqGXWrtdZKp/kN1xMJRltqlBVjeXkPuh86ntCcxlCgoU7k3d3Xr14dHu+fnL563Ts86B2e9LeOj4/uJTEUHwuqC0O9FQvDs2qGWUhqD0QoKX5hJGfGfGOGPirMb8WjfSQLCKsgf5fkDRVjcpzPMi1Jyoc5zWcROWfMh5WMuZ4UQ6PUbI5lSsV4cyw3h6kcbo5lP+rvbKo83oxhgE1DGPh/0Vj+8GZ7e3/jzfbudmMZ8HZm456i2joHHscUVt4WdmDUkVMTmrMkGqdySFOvE5Y9Ju+J62OYug9j6TocnoKpWxdVztGERaPm2LrnFz+W+m6XvPnxnAry2lixXMUysIW7xgKKwPJdCRc8GTO3QoAvweix7dx5m7iyoA+F4BMwamv43gulP4GBaiMDVqtVBWWvzaRWzWmw4vbCCKzQbpkTqFhaMj71HToL4HVIFy8uaQalctvqFCgWZ1u7e/nCFgpTmg5TEOwLYDqUMmVUtCH0Cn8io5RW0LKFeS7enBPBxlJzvJe6oVDmI2ZKjYrUKJ5epYJi0Nw8ZeNeBWEC9CHzuRCCpQtvN8E+64ELgf2qS+njbocMvgK4WRKRD7biEYa1kKDoCxT6PXp3ZAsKGb3B6Yw3NzcRp4JCGDJVRkudMqHVpk7VBmBiON/gsIHjzv0h+jzR0/QHmmZiw8G4wRO1XguFwsplgdGQyhvIElVNrjNQbvajhZkuZ6qYrpThuKoFSwPD2XkhNdpja9jrMyo4dS5dmM1sf+4nGdlrYVs2sreJ0mNF9s6DZEUkXmVkb7gW91qDpxnZa+H8biJ73TJ9y5G94Zp8H5G9j7kqDx3ZW1ud7ySyd8EVKkf9BiN7LY4rjew9XyqGtxG7W54RCGvDlPsqMbx28t/o9sqCxdqDeHHiBwvi3T7c2dnp0+He7v7uDtva6u0P+6w/3NndH27v7fSTJenxUFe1StNp1ohptQGcTyGIN8D3QW5vl0H4qwfxWmRXG1B6vnDoaE0gtwiARnDRygTAc7zj48U7hkvwZ493bKXFNxbv2ILDU7gE+sbiHVuo+GQugu4V79iC0GPfA6083vEOnJ/A1dBXiXdsIcN3ep0UYvrdxTvWkft+4h1DzL63eMc5uP154x3nEOT7jHecg+y3EO8Ygv4c7/gV4x0rhH+Od/x68Y4Vwn/n8Y7tuH5b8Y5tODwFU/fbiXdso+CTMXPvFe/YhtFj27kPGu94F4JPwKhdNt6xDaU/gYH6TcY7Vq/jH7wZAapmle5o7lo5o7mycVnwvcz5mBvmwyi0lgubaGthJ7hbixWHAb4z1E/5HyzBUDm4qvZRgHCIhGjehaIrGDoXQc92GRWuunEbTk2M5uDT2mKo2UHHzOd6hcDnWGKlfiMmdE5j5tsJHeHDObMXU3CPLzNjhkNInms4AhGfFOL0yn6FlOTs9wK6PUhCBYQP2HFtsw3YuRRaXQ8NsX8vWD6zLYZK7h+NDunB4UF/uB/HyS79ywIkRSy+Ik3rZIPPWEc1aO9oe81gF7+SZDYgbciMSUm0HDNDqmq3QTuy7QTlCDuhIknRBPOTQD/fDRs4yRJHa1Wn685wdLg12t7d3x9u7yR0j27H7HDrMOmxHtvZ396rktPB+pWJ6qZdmF/Dd2xLR9cb1zcShZYmU0ZVkVuLEpjYM6VlYE/ykI3dIVEjZq836u3tU9ob0sPe1nA/IF6Ro8CyhYM/fXwDH+cXDv708Y0rCWw7qxBbvQeNP2mmtOch9lY1ryi8hrRPOuAN/sOcQUtHksgbYdhDEhVP2JR1ff/VjOqJfV8SFza7SC3g1fbLO8Fudq4JVp4GzVCrdaPCvppngigJHWIVM1LI0HNKZ1jS2sajn30w2G4aEhq6YjO+dNb1/gVab+gpoAHomS2HZcbGDqBBM/YbcFeMpWtOfWlrXiHlmk0wW0pf+ah+F/i9KtJCzXvoEOsb5GLUqRFTbvKW89zuBU8WWBQIek1cPFrKaILspivdThujc0Xg3l0xTbjZzjb2uGsWWEht5GU+gwLkEzhPqu/XBnfTYhNbMi2UhkGGvrlx0tLAFb1P8PCQkU4mxkF9KPN6JzLfBXO9k9qG7d5gdTSLFygIlW6+HlJF1pz9p2kejf9Y7wLmfkzfZFWKMILO9sVKyFpn/Eeni/DgCJ31Jj9l1s0TdKcaTxfz2t6Lhz6UDZDt/iRwp4PM/8NlsFu1zDq19br84RIvaar9dh3QtU6DoyJ9QL3v0TqinI2w04QR2NADjU+NALJ90GaygCLnpXiZBdygtAwjobggl0WeQlPXS0gsgvhMEE+4s7kCL6DAiCCWoAUFipwLJgeNxA8ZtrFvKadflVcvd3a2NxWjeTz52+8/2u/x8w9aZpXVc+LjO1jBF5/EVCbYvtxLRWB9RRRjokJZT9EW6cEFEUyjLiIF19JYESiU5BC0jMQfXUNm27ebb2Ctc0ZVyAoUMrFIKscKxzCvQgsAzQT5zcg3r8XbiFw49ev9qD3n+OZ8/jU/LFVGVt9Q5QHtVrQSIXVTON2Licxoc36u8FdGlQq45sGTduzwZUMFOASjGgx6Ve1iP1A9qc0dyFZLoE4NHJkveV2H3oeX1p5thUOWcroBx85O082/s7NdAQoMvFWqNDCBZWL8dchQs8FfbFJcGw5+Hxia1pitcXb9Dc4u1HtCv0c4S2SkPaqfXscS0rwLOzQvZQ/GKgSww6vwDPaENvMNC+2f6gaTIbKoOfkRsWm8IGya6RIeAB2fvLRv2xaO/lKWQ0KA0JxqRoZM3zBWzW/UNxI169oBjSmPLGfJV2j870y6clIQwc6cMfhmGfP7VRVD/GleS21kBj+W7aJtrK3OSMowrKcDnfzDL77djv5mKaGrv5rX1n+xZv71qCfv2AIrc1V8cA6jzxeLcODUFXe8nr982ap6Irxzjq4qZo6hVsnkfhKQ5VbRRjVgRn4vaIpKSNDy3Rk6pRwo2wdblzn7HLMMj/KJVLbddCESq7U3dnEE9jR1nobAZqlDAM487nrVMvc7towtnS/aNVuDmZtdxssd0w0o4AVoA6EhSzE7pLmB23d7VSKEtEWfAlU6ms7sCMjyuOep0p2o9DLYNv44SsXuA1yVvWzxMsnxpSqGW5Eqhv2KWOlWtmcJHkp3awS4APVyjA56LMzBoHPK09IAbtmmVC1896hlNgA0voIwZ6MRtv81s1pGsdivsYs3J+tdTEy+EvJGuIbbNe8MCsWuc/mBeAu3drBJWpwA9Xn9sGFrslhOgQ++bZkP8n6euC9XYjHBD99X+KZQLF/hvf4nO3yLIh5CgO5L6291n+c7XIELwa9u3a5OcyRcoFJsBAQdygIFJzyKNhz0d2PX1BvR1vVnG+DbL20rOMMfE3rNwMvDIM5C5oG7SOicM2XVRpgExIqEduxUwGs8cZLC+YapIBQy3q1ViSdAICinduEe358btodGl6vMZyVJQdWdMogtk6N5uhoV5M3J0QdDuiNk1hM/VLjNq+oppOeskCur+T9Rw3f1wNEuj+b+MLi+UOUJ3jVHvu8J0TAAj9IhyzU55UJpxquNtoETo8fiOJh9pSyH+K2sbW3z2sxXHALUbCNJbMO/maVUG1kWtYC4QoEd0h8nq8wfJJM/+NJ/8q1KbVkB6G2SYzPMimQfwS00iiBBqJBiNuV/BK5WJJz/+EmxUZEaxr80L0U8uTSsgR8MYpdeU4ulGOEK0bR6moikRfk1ZniNi+r8E5dpBQ/JO86Hr1y2qS/A1GCO+0LwaDLrfCJza+nInKRyHNwpqpbsWgpCq+rdkOnKUl59vRq82jczEYqahubl9rEqRQ3WF//sXPEhFXRAkykXnS7p5AxsGjEemAHvrAITKk4DOnb3AYH6RMpvF1CicAynSgkIqoHk2ilDPxklw1zeBGEMfmtdTNjMeqzVRN4QI6AFuWFDdzcP/m0zlFGAvdPNRuUUHlTn8FpC72Fm+K8lCe1s9bXkHyZSsDt230oAKknXjNSmI5rzClBP/janJusC/hhU+KOO61v5B09Turkb9cgarsZ/I8cfPtmVIe/PSX9r0EcD7i2NzRf/vk6Osixlv7DhP7je3OvtRv2ov+vBW/vHTxdv33Txnb+z+Equu7i/zf5W1CNv5ZCnbLO/e9rfObDk3tzr7dhqbJ7oKhrRKU9X5T5/f05wfLLm7L6cJROquyRhQ05Fl4xyxoYq6ZIbLhJ5o9ab/fLgyQbc38fd7XuMexNjq1M5/VeEwQ++zk4O8fOoFzb4DFnnrfyNXrM6ta5YLtiqTJUGDjibBxvD9ujNvB2yE+1EvY1+f2sDsvF4XIf+OzFz5qy1iw4KVnre4v57nTJOA/9aK+vms/s5ZkJL1SXFsBC6uG0P0/yGN/bwakOLG8Avyo/9XtSvS8rVghrEbN9xchrpHuhX16mVjFaz+vnN0btFdCrznNOmaF5e1VnlfUYOeltR/3ei6XhNreMdQUbjK6Z90KhCFx9VhIsxhKpBxRL8E8anSsmY28wIM4Rwd/tgE4HRZLDWLteD+rRMOxlKvLIPv33uHYY4RAb7NixyFss8McNxMU4ttpqO4TYBYiEKiCiCEqFu8SYYIWMA/X2Di43fCRMxzVSBUKquNenaICOVsAU9y3gcXGtYpxpE1FIfn6GYUDInaywaR+Q/Gbvqkl94ztSE5lfrEHzAr1k6I17zBuM7pyPIWq1RggvB8rmrikMQfMgiVy6wImvOXWhHtb9V8V+fg+Tt6CF+dtxlsbwFvUqPUAj4cxfOxtpOEm45y8FT4RXD6FgxijlyaDoegyywQ74fupJuAXM77o1CLrcVe1v4zz1uh/S8HZrsEO7nd4WN5XaGfsJVnDNwLNR3mB0TIAjGm7cuI56zG5qmqktyYH7VRbOVJmRIUypilqslTJuVOaAAobMT1BSxuajLBfbUb8rr243Rr2L5vM9sZhRgAH6BZXCQhVY8uSPL3Ev9IhUsp0Pus/ac+G/8MP8cMMdAZaAFLipoy9SkcWvhynOXvoVFWMrsxrFcbSQPlOeSI6cQGHmexxOuGdY2A0R0gy4UbrBUeU17MWGKuRg6pxJt+P29Ngr9vCdgvpi5zj+dn66bP7DoRAoP+kHLF1zmiszJa7tv1ysXjGUF8N8Lms7UuKB5EuHfkFH9+w0bTliabY7kAEJB080rIW9SloyZGXqzguDAkp4zFU309J//BgN5wKrEKJ/913prmJ8Le3ZXSM0bvhf/7Di8lmqUaw4Ld/e/Ii6BQhqViXxSWoUKKpZ5qVlWFqc00sPoRCisAnXa42ulNpuJhT+fL5wFHUD8ZK2iBlWDL9pJCpvPnlnKH+E0hdMwnK3t7TnbI75m0ZTrnGGFfCPDNkf0d2Dz9If4mg3gxnQQAKcGcc6oZsk/jyE9308bylbO8Cw+/ZxJZSTH8c+nIYb/aqzvmSBTGr8/J1jDh2xF/a1orxvG41XJYSN+P344XqIoOoNKF6veIE6KBp7+oDkFV7csTXNztC1Ry+44XZQEK9NMDOYOYysa1s5O1l10iC1fUomqajssCV7SR+QsvFcnRfXyxE5gB3V3cE261k+PRVn/ZkL1gKuB2QI8Wbe8XudxP3qD189O/tWyRhtYF6rX6y3R9AFCQ1eW7X1Ecobx8vMFTEV/ttIGE9emXPMxmj+eFm4xPPcntXWpE6Z9ReIx3xhyYb4Fd1485n8zf/zo6bjX7y9BRsN4g5Uyv7UiZU5UTEU7q7ZWCuv3+gfRMkxhxhcsj66ZSOSq8uQvbLTfvAMeQCAIQgOtCyboMF28KFQscxYNy3JCtyEzSiXVrSrsuRkGQ35yKsb26qsX9YzG3e9FPRu4Z/50HWYmjEyl0kSxa5aHSSOvjIqp7IjSWJ9GY1OKKTWFuzaQ2lkquXZEmTKd81iRNao1ja/INYQrlFGGmK/xmetZl2Q5v+YpGzObQ2pvwjXLMZF2vUv4NKOxLkcN77XNGH5c89o4h2HNUDYyBGCyhXIhfXeOEtCifjlVHVh3I5FxYVBeb2iqu9HuckvMxDXPJXThWegq6yut9WkI1l2LTsWM+Gwk4BK7Ql1ynxWCC1meM+hM9ASWSLNpJvOntDoXFqK7FgbufqZUF0hoQ9KEB5HQ3cp57dYqfrh9sSCFV+srB0P+natDU/F4lKbz2rufT9bLwx7CxjUU/PY0gmUA/qTiiosxuKg7b+QNNLthCS+mHeTmzk98POnAEhgzjVxvmUX14tOPCJyg6g5IrLju59IwVTnWdtSz4ccz8CEmbMRFNSPTjFA+XFmjgIvgCa6IvBEsQe2FCjpG39Prs4/nF9H7fIylh8gafGGEJ/l0voE9EYSE3l8jHphaQdGfLrmZSCMMuHKJ1lqSCUszkPvgUVcsBuY0mi3ICaN9ZVIEl2Wa0akiNM6lQsX5RuZpModFxXUSCa50NJbX4LPYsKII2LUpDPByZDFWtUuyQu3Cr3qrhgGBu4Z6ICjcIUihgh6Up089zbKcy5xruxAkZ2Oaw+VwIALuR8GGEm+mif3Ud/ghP+/2DkP3I9QbOq4VzL/1JoorowWkeDjgHQxaImZjOYek2Syfa10NVKVyaeip5FgLJZ2RVI7HthYH9HAzwhRvchI+5nASujqHZfFCTxEWF9roeGTIBc250WPON9+evT2tziZskO5QJvAMHKA0nSnIk4UsfgelBI/+ld+zv7hU/7B0HIYSKqwLYt7uQvK2nnhyUE0uzQ9QU+oygmHsiBOqJkw5fgubKlUKaeasjK7FZIVL8+YlFM2BygmV65UhI5nMCgNX4u/98N4KAQkaFl2ue/ROr+2iUl2GLlZaj9Xdy+7uqLxYU90qKI4UWNkK6REmGlkHtFlt68oilzpVUVCF69IW6bAjws9BU9LLJW5BnvtXPEr/ij97z4pvtU/Fc28K++++K/5kCnXeqx/Fn6UHxZ+478T33Wviu+sv8X31lPje+kg8946oEuH77Bfx7fWIeO4L8dX6Qjz3gviKvSC+9/4P32rPh+c+D1+w2k/GZLxfb4fvsp/Dd9LD4fvu2/DN9GrYMDO/JEMGV9VUxBOZ48eN2EUw2vuZV/hMBYT/DmMfu1JY9kwyr/v7BndVADebaWqrkIKb2YDa6hmH5KWJVDoQ1EgnmnJfZTSjeuIeDh5sAdD8O2FZzmK4hdiAm4DyRbh2gU+8msdEhUukqsBn8Is0n7I/XHL0fPAwjr328JSPMc7yJdF5waqjI0Uqw8qwBTh+GLTxzRzU/fpAGA1c7Y+LHBYFJ2vDbwHSmxUKn7sVLRj0vmt668iGuEbdZyriQunAWXonjcD9gO8S9y7hidsWcSqLpNwBx+ajiwvIyZRpmlBN2zfFW/srBnfElVchgLC0R2iSDOCBgRvSPBkzpTB4LNwjFczhpYhP6ZiVVV3KohFTvkGHcdLf2m6VHyWDnJkRyNmJD09EcB1FLHv8QI7MSsFDMk1CRnUAGfgjhMrhesdStz5863IHczgAy9DF26fxCPnnl55pAe6tzbUoGwezTWk84YLBHl9oMvtCFLyw6FxhtNVgAYF2+1uLzprlEqTYggtnH19+3XI2LrW+2+eoPNo6vhMLiYyvgFetXDhxn1u2F/4Geoc5H9MUW6CAUMDfzA5XE5nrAUrmUp9wxzHOt+Flwpxj04NFWm6gq69UhAieDlA1yP/YRqyAYO2vtBJtzlRG4iw/G0i6YEMtOWvtzcUmvf90tpIt+YFcvD95/5L8JG+MejGlmRGyiv2tAUvloCe3H/ZkvjwnXqYjCJHjXHP+lnz7E35qGeRMjGTIrfZYgPqsTtYEDGq+b2VPe26cHp+HmcWuiKiKWKyi2TSN7HOYGkdz9KkKKTbKN2tluqSvHDqf0+cvTaWWlhtiKGXKqFiQvKOSIpCAUy57c16pomHB0+aUzRX1p3enf3DS7x12FgPn/TmBGcK4mHZAYpmw1n1wGyxK50zHk8WBcbNgMT4x8xx4VQxZLpiGUADLh/8Iv2sZt/zd61xVBaoclIRceLtULV+6U7JWgL6d5+oUz2TSLnaW2swBBTKJbqXm4pqpihYZft+ZPsiEfDo7aU4EJnNG44dDqhyxOZlMGiL/CydzVXDmTFYzUr58QjdgW063mfH//Z//q2zZmyZIVoL/9YvPiuDnwZRmGRdj+2znrwtu7AAne7ZNadYEGYoIog/sycEdwNYOvK3rFimWQoLK00Ph3Fae8xC2I5KzLOUxVUw/7PYpx52ziRKWpXI2rZnwXz5xOe6cicG5NyrSB0c5GHjO1HfomPed2A9757TtCvWXz4vj2sPbnpPlyf3Bf9Eyrv2xPLO9w6DtjC3HJksdsOzzoiq9nSEqo7NvUestxr/JVF5xukELLROuILmmRP9/4K/kxP4yI+FzJPBq3Okgahkq1HAsHH7Iea5T+1yEHrRqLs0SHkPnWrbX53LkAQgKS7XPyW9zbM+Z7pTGE1snE9vq+YRmGxhk69gzDg3FfG2apMA6CprmusjcHRsOhN1SpphL7X2e2rYGplOmDWK5za+CdWMazB0sdw5fmI9dm7ALoEFWBk2hkr/CqImzD/iEZS/Cky6E0kPCVQUkSM/QCijTTkIbaZ7lMilivTwhIRzH7107jFHBPW63TXtvdqlM+0L5Wmlrwczrd0wdJOsuOTO+629YPfoBLyiSF0KYheaiHQ7XE3Xp2T99fEMm0O/DmIEwneVWgOQ2osdFXrsGqpqgc2b9xffVc/jdUOVZ3JrrtNATJrSvQ4I90Lxju3a307Ep/BNGcw3XN7YBXKcmu+aIHfv0XOE992ICZrVvVy8j5kv8wMk5b71umdOtm5sUN2OrjfNgk1RWp+5PaimdUsM3rF8SgtPyA2QP/cHyl9h1o0Vl+FIDsYIWFN3/TQ5t0S0XA+jZKHpERJOiUsuEtDJmA9kLqWkatD8kmindNtZtiBSqFY0g9q517hN3QHFBpjzOpWKxFIlq0XTDPlbkDr2nyNOo8UJd35kDUnXtj2xb4SJPXWuqSuLgpY6zyy5kRZn/mWhtPppjD/5Wly0bLfDkLYJIrR3OPRH5yVnkcuQLeaMiYFfeaAHHKMYhZVWMwZPlnuXVBfYvGeY/+9CCJc8aOPK5PFjzNH64FcqzEKoqJM7v0K2MBxl7PLtsa7acMyXTa5YQnvke0v5OsMhz0NCk0i0YGhupwvc2cz9prMt9nNlYcBHbeTnJHUPMJcSDu9hpRwktoYhY2QSkaTlNWHw1qIuCe4B2RLS8YsKprNiRnRthRwWThUpnhItrecUS1wVjhJMrrH5a1g6FHqpl852zD+gth4fdqe6Kkp68O7elgJqowX14RpuCz5BpAHnmC4p6PmW2QgFoNxlmDVsHFmjdoDtj2Tu88MS/AWZQS+Apo0QzkQQPw9e+bRr7rEGeJEXKEnw5+ovTVVQxnVIIOXTKylvLAPaXBXWUchxyt47S+VDtSgydqjB0hU05xPda44NaeLFHkudNXOGgk1KSSS5sJ3Fb9QlXnesJuZzKBMReehl17lB/WhgWCmiwfPEDvLTrPGCYaquKOGYsCW5HytvFmyZHPdzEI8pTlvhFt4IoWHQjskkq5VWRLbjg5RgLLHgJajBR5epp/oo82SPsoc+h8kgoRHkrOObXTMw7FnLdJM2tCphXgtz5gTVxYSkJhVRicJi4wy16LJ3MiaeZ0BOmeRy4xTrn/kuMdFtURIVjtdNrzgIFE2INgGRB3l3ImPI+Ohpf0TEbVB0Fd78HqS1fJjzOzBDYMgM5DwotYtdBo7HLPEG54mMMq+sNcpwrOItd9ZMmerNU0qZ91HD3Y/2upF7K34e6pXLYGAQKQczmIYu/YgmFOhjhsIMpX94uNe/4uotmFGLD1qrjK82a0qG+V2/bYjXLlsy33+YxBpnLHKX3pMgFm31tOJPW5+fxO8tzma8GxOZSh3FPSlVvARZATWkaX81/xQWOaJ2Fh/HFxYclXUR2hHZyzDuKzTTLybPSj0cWOIqDPjDkvgexu44zRrFzgFjSNEVMo6LRfZhjKJNZ64rVB5k3UGVdyoZ3zQHbuO1Ogrh/P1E1qfRXdsgDAt6+9kmwYB25ZxQqxhiKHdPUVqeJWgmSM+yk2H7EtyNxBwIuYcAPTUYyTeUNwkpzyPyEMHdfZVjoiLwxdgKH8uDWcOAYIKStq9gcXXCn0ZjREMUNZN5QE3kj2vGdMJqw2s00mX9ckflH1kK0APc+FVLgQuDkbmVLj4Pdrbh+Lay/rCZY03fN6CmdQUM6o37qnGdo6y6qAjpXwcJ7pwLO/2rQxeuGQ6ZvGBM2WX0403DSWnpAQzmrmt/kxnaEXouN0crdAY/a6ySUJxZymUfBpFB3TQpC05zRhkQgQepFszRSoKm7f9iMno/KyVxHejO8AQk4VObYMYOSLGfQ4VpPeH3juX/W3Eskw5GwU3zOMmtdY6tro79BX0FRNT1ryyQBEHgHBMiSgq5hAJDbjACyvHOWtLDaYClZvSi/yXCRqnYSxep9Fa9Yy6GD/5CMz5xAVsgJZsuzgRUD9+KEW/lAWb+arX6XpUyziuRpkRhNSYES5A6J8YSJ7Dh8gIfTw5AZ3Z9udzkZHxLcezHDLw3xW4Q7HgNmbwanBHgyKuemlf5mPcqVa27cmuz/dlfOaU73dM9U1wgEg845u2aJDwawXlwAhVhYonZgQAA9uLQOwXNBIo5RiM6pUFjUOiLnhp9Q820Mhy52Dm2bL44/VPqHac2mmY7IqUis3gyVhkr53Rgt4dbPXjkgnvJZ8FS42BrEOg7tYbMgoJsuaAzj22QZW9hM4fa2VYOXMowzmS/jpK49/kWWMVT+dyX+H9ou8KS/t1lgd9L99n3TWmrd90xpOky5mhBa371L6PGlC/6p7IYV2Fm3ULTUe80npVlWUo99xsobNfI+FUK52wIZX6nd8Kbg/fE/znfNufB54YtMN0Y7UefdEAQT1UTHyztEx5fu0DfnT2uHNpSGcHcGO/OaU0c285C9sLxFGfMbNRhEywrpnwo/+nMsDe+tzFIxAcWSoDHAMkdauvSlVcAYSx1lQRGdgZB6ADKhWouQVIIeKnzqykC8JPvRgS/53qRcWS+CCzKi1xhiWi8IHZVlEC8jckrzlBs9XzfrGnqWeKEqtcghyKNS1fAuTMMyknfhNIcI90QUZr6MyBuqHxDLR5cvEyoSNaFXD3ZiNSTMiAsjXgyofrIFrLjGwE/vYKvPU+laO5+INRbUEP7RKNQf1ti4HdFbK+/UgZl3rTG37s4cuG+vwFP+a9TiCcdrqcrjhDOPp6GVcXb89sOC0ti+2U7/eVVAPmCE12JC2Ho0VGOll7rWf2frM46IQY6cxhP50Q4MTpWHsBf8yORj4IX5yDJjdFYlxoLy4qFjSf5/AAAA///hv5ds" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3tU2N5EiD3/dXKJiIa9gzhc07fTG3QQO9wy3dzdPQM8/z7GyAXCXbGsqSp6QCPHcXcX/j/t79kgtlSirVi6EMuKF76NgXbFdJmalUKjOVLymPpx3UTFAjwPttd+oa6wl29lxnP6bcjlnR2j70q1mf58WpFfkX71HLakunPH8hsh/cMTLzkRGeRnAkqOJMQFsoOAw4U62Og7LArB8LvW4X/9uWdosNhTsPmiqvkYxdc1VVHfrMYA28A84OW02qjlp0D04+tgIoHJpIZ8U3dxhJ+/Y5s8gJG3CBtzh4QQP+J/ObINQbD7EUwi7PwCvqaPKQjA1pBt5UxcA8UZ3geVz/Psf7VpSng1TewDVblhQW03uZkfODUzsq9plVHkyELWb8uojK4YJrTlNy9h8foZsU08tqxf5oBzUDFrDgXQ3yole6qjNZAZlOa/T4SyEFHF0g+I7awcGxaO0gQmOdYwUI2yJTs2xMlvx4S0Z+wKkWDOugEBXAVQT8ZX+2VqIV3sx1TS0OCzui7UNLbVEKVZkixMN6QM5KE6D9DFjYEYM6NWCE/pYLZAq4r0JnoX27abCCtELq2pADEMFmGTHCsWpSH+Dwaw6F8pUYer1okhDFxlRoHuPt0S2csVQQdovhj52SUOcKPGWDPDWPXXODruvoDHa7QZRl0E6jcKU5d2fm5xgYw9mNKVCEuoME/Z32plJpnqaEofcNa9hgU01jUwe+VyDYgAdtJOlkkslJxqlm6XQe4xqdwYtSnIDr8eizC+O9z4CDFzDjPh/mMlfpFLkZ3vFSHq5Zlc9fT7mCPsXHpx1CnbsNPMS54LdEScMnESH/UVCWpjd0qtDfXj6y6Y2DyfH9ZWS/sP28yzqaMFpUcbOc5K4OFniyIz65NKBcRgjWZYckbMLAaU+k1RmIFIEj0RynlQgfqiKRGyWhxbrMCvKxZXlwHEJT6JJctEihuZZCjmWurChAuhdfewBdC3kcaHn/7ONKrRAOBCjTeFR4mpCUGCHKGk7ord72XhXn0A3zsgsutA8r+hTg1Bxu93cphykjJycHJXo0ROu0iRANXyvXYIS4HCjeAh14AnlvWQJFdH2pdssdqpGx74HsQZf+CA2OX3ZKD5mMYq6niyoDeMD1tHl1PkihM1Zp4gvgSKG5YGJhpQk/lkoS2slq8H2UmR6RfYgwoQ1A5kJn0wuuZENRoachHU5Bjs8+QQZCDcKD/ZlgLWo1LUiNC3pABU3qlHJN5O8BZ8jkBRjnTfOeSDHkOk/wvE6phg91h+//JEupFEtvyerORrTd29zd6HbIUkr10luyuRVtdbf2ervkf7+pAblAJ86bL4plq+48rjg4qe+x3yEUXQ6ohckBGWZU5CnNwuKjesSmJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXyqz7KibJVTbYsTCsFLyWQ0Vdz8gY7FDondtg6D0z5KbehkHkQNHBRWc/CN4YAcMumwrXs3+lJpKVaTuLY2GRtyKRa50z7DDHdttNV/O5gF14K2moWpcaf9W876rEyo6jVmDYbmK8wiasG3dcazYvn49HrT6FvHp9fbK+UzY0zjBSD8Yf+gGZZqDXUdPeLO9s25sR2tNQXJJaH236eGaT/un3uj2hZa41bdKjaiJJOMX1PNyOGH/1wJFNnyBgATLZU0IX2aUhHDFgzu/GRGMpmbnVnRVA2eE9kqiWOuZImQAJAy93JJgGbpHKparQM00w9TzCpZPbVleGRGkSX7LBbH0EyWseSiSSV8wg7jEDY5HDGlg0kdjXDuDiAymbDEg5z3nSbpl/x9kZDRCUKOYThrRg5kRpYGUkb2uSiW4yXCFVkKv6iW78bLURtIlTAsqggl1ljMlTGUbEtMMF1TfmVTlvDiT+WDAb/1I8IzyyOtJ2/X1vARfMIYSCsROcdQJi3R6r/lY+9l7k+J4uNJOiWaXhXriqZuSpUm+kaSlPZZqtCqFlJDiAoWETXYn58cKh+lvBTLKL9aqh+EATVKXOHJvkhu8JMA03slZZCb3fx7TlOsIhsE4riwiUBpKMJiMBSF3cZsgsoNBEnAa3iHV2YVy+4RIceCUDKhmeaBH4zUIADhYQtEm//a321ohdekQOXJU5smGlNROMJIma86AQVsP1dVR6jPUnnTzObNe6K8b0LaLt3c3ESMKh2Np3YEZAzcGVTppciPeGxLYeMoI1rUmUVcMbzeTVNExC+pvL8eqbzfK22+TomJC/BKlUldV9tijKUO7jkhic4oT82WmbCMy4ZC2QYBz2z33BRoObkANL6C1GODAYPq6GZWyygW+2V2fnK40sG7vCshb4Rz4pbAIla4dJyfHISAYVnHK8EmieoCsjqvHzbIbTOrBHzwbUtGkIqzhGKxEu3EI3xf4ptcsSxaLMuEHoMihc1H3AWXj0QOZh2LVJCTw/1TI7L2EeNDP1TIK2/q2LEx5emCkDPmKYEJnPpdD1uMjPR84kT+Z3McGoTfqOJAAAP4joiQtM8yTY64UJpZFivRBu4Bno0B8Sp44RyISC7sGnx2qXt71W1vwsFjvuYCMBsYFeFcoDsnXAmcrA7EIqujWEqB3IGocS2DnvFhzAyG9qOAEoQKKaZj/kcQVIkk9B+/YJscPiCXgAX0is/sB4PdpVcGYikGuFbVOB2RNOhXxgxsYqp7CzU8DSvZ1YIp60A8nf/m2STa2chYlMJWm07lkIs60oFIoyDS6qTIZLqwPGbfbw0YEmZyHk8oNGHhnRnJe8X7VNALmoy5WOqQpYyBFi2GF9AO7b7w3jB4w1UXC6I33Fd3JkUx93YtFkCHv2E0M3gcihDFhGpqIbyhisQyTVkMxTTst+cjpvzAkEYylTkZcJHgpvJbPJVDZfe2b0Th5oZ0OgyHmeOqmk1GbMwymi6wl8mRm6O2Mbny4C/zAaQOY1e0lVorrwS2CXiWMKpAuX4bGYPiJAqbmVzaAUGEJZIpo3fWVcldujnY6nYHJWIsRCY1tHLxIUpCYBAPQuxsPEcSrqC6T8ZVILjlAJPkhEyY9eiXUC4u0X2FDWAYUMATVu+R5q29Wh+WEBib0T+mV0wRrslEKsX7WGbD82dhUhg+NQw5ZjrjMfIsJIZXuLacamY2DBj+cZ7SDOD1Q7Ix167vUDXI86PUNrKDY06cYLYNIGPFCwr3ZQkM8EnIEtkLyziIIcHUDFRFqCaX5j17LppjEj4a6oOiSBuM4WRjh22x/oB1KduON/d21pM+2xt0ezubtLe9sdPv765v7gy2S/y4oOuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNU3mDy59wpTPez8PUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8ZvY6oAgyNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPt3jGrVNAiayPZYgiZEE1/9xD9qFvKyUMww+3RgNgb62IIWTg1OlhCPVbvdykwkE7bQO07HTdSzBExZkTMBJ+gbibLIs5IZwb3spKJT+81vsE2DmO+wMhCUA4A4G0yX7ASL4FD3YrG4ouy7xlN+UHuceMhcaqwbrR0vVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx5k2hX0J9QhvwAN5YQM7P1ql4Z2XmgLQJhWElxUKPlbCjuRjmXI38qhWbEra0OS9IPikd9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzQlZRKngaW6TGVGDUqGINaoKbb7Vr//XKEloFqehPGmyB9Q1w/AquZTtmQbVCQOV1SQlznxPwYqX+JhrzDfpsSU/wJ3SgmDtMgkmO3AIdD3AQmfkxaMYq0FV36AzRe+M0p8uSVL28R+qWlqMx5P1pVuTncsVXtyA+brZkW9RXpZDBWpJUyitjglGbKss0dhSt2BZBkVkv3evU2IjWo83QzoLw2pKZVXxzh5WFTzk7yOUP12KtiWJwf4RSzIVT21jjNbw4jposK8MYQfCzYQxajsfu2HvnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwvie0O7yXt/HdBU6zIpiDWWIpFE+wV+aIgYoETTyD4loYvvsXf6Ri7DN4REUZbzVrQkeGMjEdr4eh+seBjY/3K35sZxnFNMz9tLHtAG+RY0HQfYDFGZqfc1TwWGJelif3ywzktvR9DeR+DeR+DeR+IYHcuCddscNC7D1jNDeC9BrN/RrN/TQgvUZzt6fZazT3azT3txTNjWfFy4jmBlgWHM1tEb4nipmm1mQotqL0Ac6NkcxBVrCxacAoFsMXH9k9kxzRI+nxAiO722tqXzG8u4Hnnz28O9QfX8O7X8O7X8O7X8O7X8O7X8O7X8O7X8O7nwyI1/DuJ2HA1/Du1/Du1/Du1/Du1/DuO2lW6u+HqNuwg/Pim9lhB0u2O5jZbClVig+mLl6UQl8FqD5O41hiyT0o7IlzEU1vpZDj6a8Wwl+9kmMQ/nB8/vmI7J+f/5eDf0DPzUFGxww6OfwqapEJZk8bfEuQFANbOPCi3VstPPNlztGnc3x41iEf//7+lw4UBF9xoWSUxHI8NrLWghwVQ0PEDiAUaRprHkd/BYh844+wlPuID0dWu/VlO6Uz08wYxbgI0a9LfDyhsf51aSUqTcXiEezn6K8hGWqTwp1wMegVF+CuAGWVxiMom+nrZoPvW2MEDM7TgQWLYzmepFxhqOdQ0hShK8b9dSmoui6M8DMGF4a8GNCxP2qboAG/yl/hmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoRee+nsmPx0qUQcWaL71ELAbBQaVQMfc16woyNg83MNOFiyJQGYYGOQ6YzqSZoPAQ+Ak2HQ0TPFSqsCJNwx5UNUOTrhSk5S4axOfrRkJolnnTE+w/bhSVXjNCafPjVI/qrHaVTMhnJMruNfClgqjWNr6Ix1xmDUsD4ilo73+92u+trZGWpSh78pYkwC9Sqlkr86iIK2xIppElNnj6eSHUalftHVci06JrYwEZ+EmgK8YKIFQ5fJ1zbUcp09YfAV9maXro9dne6geYjp3tLrZ33ult7DdwH38+g0Hdioy+VEknmXpFwGULuXtSKHMjxmNpEvDPEQgwxcmuSMZcPUl+tZxIVrekZ0rHO7IujZ/t3ZxBW5f2vJTXAj4SiI5z1sZI4HOtx5O12e7OESNRt38VjBnFftMCZLVPmXKo7xcqil+pU3rDsbMTS9JFr9TzipjWpQ/I2H68LJ/V877d0OdgK5M7fYNtvzNOJnEJDorBifskzMJBxrpyPtGjv4WrpE64VSwdwOnHo3Av1/tMpodeSQ2Oz1YRN9Mj3PigMOwThNtrq7tlRY5bZOHxIBmBz9EKP+WS0sBZ3Z9g1mosEjE3byAKnRLZL8sx/bVOnApLWBOTJ2cXRweFPRxefz/Yvfjk+/+li/+jsore+e3Hw7uDi7Kf99a3tthvS1hEMaLcgKpwefVh1Pc+VpiJZpakUrLRqEpIifRMxCxvcKvodCA4TTEEZ59gyYZXdxmmu+DUI0Ms6ShfxiHJxSRQXsb0cDFviErxSxdx9X40/5aru7/twfBxFrTs0zoJk0Z7MkNbB5LWsxhL1CxfICFIuZq/Fg9agSFRzq0C1vSouJ/0PeKZ0iS1cBvPIR42XPbC4KEsd4v6ao2MewjmiahSNk60FLcxBSTKJoVG+udBBW5sPh1sk4eBHkgNyePTZr185JQ8qKLTYMu8xDVZxpZmI7Y27bW1K1ch2Eg7jLPzFfbEaeHtStOzPJxOWQdow0Ku6Et33O9sHO+/XD7a23r0/3DncPdp9t/t+8937d++7B3tHBw9ZEzWivWdblLOf9nvf/KrsHW3sbRzubfQ2dnd3dw/Xd3fXt7cP1g/3elvrvc3D3mHv4ODo3fr+A1enOGqeZX3Wt7abV8jTMEgCffwKFaPiSj3Nvtne3Xm/vb29393aPHrf29nv7h6tv1/vba8f7b/bPHh30D1c39466h3u7O5svTva2Xz3fuNgp7d+sL+3frj/vnW7P4sjVypfmK5zWCTVsyS0aX5jsY8/QgjcJ1DhGg8i266ntko1J8fHH21GNfkspSYH+x3y6cuPx2KQUaWzPIabmHNGxx1yePCjjzo4PPjRxTK2J99vdGNRx7e9NodKMEXqHc5ry4QYXXqEIX5TMmGZYTXDYmdnJ2uFfk3IiIpEjehVPWok2WRb/d5ust3f2op3eus767t7G+vrvXhvu0/XN+flJiH1BR3oVgyVFItbZhqq2do5h5BNryPfjJhw2bElZUARISGsmWVBmnC4M3lS1xLWu+u91a75z3m3+xb+E3W73f+cV1Mw+PahUsdXRNiqRK2R7e3tdJ8CWcxIfuLwqkr7byVJTCFz27Dxx2MrUzVL01IDMkyuda3aje1Z77VoqccVodg12N54W2OKaBmRXzDz2ott83CpGybKcT/ukBnKT7jNAQ6j820WcI3+EDmLNRaiWM5Lc5SVzymfaxK5kMSeLPdK5PEUfwNRfFhqUvpEkljlE7zdvUBbeuEBInaaZt2hZMTjNyOWprLJYJlhwa9vbV/8/eCDseA3djeNPVM8eHRweNejfl2WHmT/3G519yKaQkKN5tcMtvyi6HnCUVtzXBfMa8PYl8/2P65EGCpg5jF7NZsaejepCdh9nespxggEbAv3tf1c2+gRTIaCOLEi38xocYcfz0iIMSHLZqgbniYxzRK10oGhS7GorH5//+avwbZ/0BKgZhQhuIuUu24NbFgNCILlg4/QDdMAYTg5pKSncQ1pp3kZZZz8xIcjsq9UnlFj49vuXQfzGhdlWkCq78LpgAnFywcrkHqpqmh+ad2auAGHJJS6i1zWBvG+fPiQVT348ctZh3zyevWxiEGQw9FW5AB0Qt27gQP8fnoKToAU4CIJeVGs4KZxsuhkpUqcD4ZZjBT5mbObRyAUlsRYMFLhVIosf3rERj8W8RPhTNOLXPBFqTpNqNOUmBkNBb48gAQV7n8EGaAy2oXMLiDQbHEXX/6sxUpsGXHz+ZP2vEPOIGzttMbnBzTlA5kJTh+C6VNYhmAjUR1UI25hCs6wita7693V7s5qb5t0N972tt5u7P1XMI0eityjzcB7savafTMx6+2tdncBs97bze7b9a2HY4Y5VhdXbHpB06HZB6Pxwow/O35Tf3yfEHbF6hvx89mDDpIAtzjPrhe16c7xHu86vFRmhKWpeSC2PxXYEU/n+lWX/8lXtavRQnClJ1vrrcMlZhCE3U6kKPLoH1KV6sgO4ZczYRm/ri2mv0Nqgdz21tbGjiO+SNhtNYziYcgq/kebxZ+FKCQk8z98XGiwlmpCY7ix6vOGCN/17ubuQ0BXLOM0vWhdN+wR6Sk4lasIBsdVYek2npJVp3lhjLqCLoWnJZ2MqMihllGnXGutcJrfcD2SYLSlRlkxlpf3oPuh4xHNaAwFGqpE3tp6/+7d3sHO4dG799293e7eYW/94GD/QRJD8aGgOjfUW7AwPC5nmIWk9kCEkuIXRjJmzDdm6KPC/FY82gcyh7AK8ndJTqgYkoNsOtGSpLyf0WwakTPGfFjJkOtR3jdKzdpQplQM14ZyrZ/K/tpQ9qLe5prK4rUYBlgzhIH/iYbyh5ONjZ3Vk42tjdoy4O3M6gNFtXUOPI8prLwt7MCoIqdGNGNJNExln6ZeJyx6TD4Q1+cwdZ/G0nU4vARTtyqqnKMJi0bNsHXPzn8s9N0OOfnxjAry3lixXMUysIU7xgKKwPJdCBe8GDO3RIDHYPTcdu6sTVxa0KdC8AUYtRV8H4TSn8BAtZEBi9WqgrLXZlKr5tRYcaM1Agu0W2YEKhaWjE99h84CeB3SwYtLOoFSuU11ChSLJ+tb21lrC4UpTfspCPYWmPalTBkVTQi9w5/IIKUltGxhnvOTMyLYUGqO91I3FMp8xEypQZ4axdOrVFAMmpunbNyrIEyAPmQ+50KwtPV2E+xWX7gQ2K+6lD7uts/gK4CbJRE5tRWPMKyFBEVfoNDv/sd9W1DI6A1OZ7y5uYk4FRTCkKkyWuqYCa3WdKpWARPD+QaHVRx35g/R7UiP0x9oOhGrDsZVnqiVSigUVi4LjIZU3kCWqKpznYFyrRe1ZrqMqXy8UIbjqhIsDQxn54XUaI+tYa9bVHCqXNqazWx/7hcZ2Wthmzeyt47Sc0X2zoJkQSReZGRvuBYPWoOXGdlr4fxuInvdMn3Lkb3hmnwfkb3PuSpPHdlbWZ3vJLK35QoVo36Dkb0Wx4VG9p7NFcNbi90tzgiEtWbKfZUYXjv5b3RjYcFizUG8OPGTBfFu7G1ubvZof3trZ2uTra93d/o91utvbu30N7Y3e8mc9Hiqq1ql6XhSi2m1AZwvIYg3wPdJbm/nQfirB/FaZBcbUHrWOnS0IpAbBEAtuGhhAuA13vH54h3DJfizxzs20uIbi3dswOElXAJ9Y/GODVR8MRdBD4p3bEDoue+BFh7veA/OL+Bq6KvEOzaQ4Tu9Tgox/e7iHavIfT/xjiFm31u84wzc/rzxjjMI8n3GO85A9luIdwxBf413/IrxjiXCv8Y7fr14xxLhv/N4x2Zcv614xyYcXoKp++3EOzZR8MWYuQ+Kd2zC6Lnt3CeNd7wPwRdg1M4b79iE0p/AQP0m4x3L1/FP3owAVbNSdzR3rTyhmbJxWfC9zPiQG+bDKLSGC5tovbUT3K3FgsMAPxrqp/wPlmCoHFxV+yhAOERCNO9D0RUMnYmgZ7sJFa66cRNOdYxm4NPYYqjeQcfM53qFwOdYYqV+IyZ0RmPm2wnt48MZsxdTcI8vJ8YMh5A813AEIj4pxOkV/QopydjvOXR7kIQKCB+w49pmG7BzKbS67hti/56zbGpbDBXcPxjs0d293V5/J46TLfqXFiRFLL4iTatkg89YRzVo72h7zWAXv4JkNiCtz4xJSbQcMkOqcrdBO7LtBOUIO6IiSdEE85NAP99VGzjJEkdrVaXrZn+wtz7Y2NrZ6W9sJnSbbsRsb30v6bIu29zZ2C6T08H6lYnqpm3Nr+E7tqWj643rG4lCS5MxoyrPrEUJTOyZ0jKwJ3nIxu6QqBCz2x10t3co7fbpXne9vxMQL89QYNnCwV8+n8DH2YWDv3w+cSWBbWcVYqv3oPEnzZT2PMTequYVhdeQ9kkHvMG/nzFo6UgSeSMMe0ii4hEbs47vvzqhemTfl8SFzbapBbzYfnmH2M3ONcHK0qAZarluVNhX81gQJaFDrGJGChl6jukUS1rbePTjU4PtmiGhoSs240unHe9foNWGngIagB7bclhmbOwAGjRjvwF3xVC65tSXtuYVUi6EEBEygBXtaUnKNctoCs3b/ZhMxKm0jsLLf17CGl3+65IsHx+dvyef3x/4Qdd3NtZXEKbwwcIX4vwpEOXbZ67rUuICSx24fkQEu9a7s6Fil09GcPHqi+IIKNUPjW094TBY1khXN3mDGmK3sEcNeAlidRMXRpcymuAu0aUmrbXRuSIQLqCYJtxIIRsy3TF8KaQ2Yj6bQt30ERyD5fcrg7tpsfcuGedKwyB935M5aeg7i04zeLjPyNJEDIOyVub1pch8F8z1UWobbXyDRd0sXqDXlJoQe0gVWXZmq6ZZNPxjpQOY+zF9b1gpwsA/z1jLS8M/ljoID46wtFLnp4n1TgVNtYbjds7mB/HQadG32YoVAldRuAl+uAyEjJaTpcp6Xf5wiXdL5TbBDuhKg8RBnj6huvpsjVyOB9ggw5wz0LqNj43ctO3bpjKH2uyFVJwG3KC0DAO4uCCXeZZCL9pLyIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6u3m5saaYjSLR3/7/Uf7PX7+QctJafWc+PgOVvDNFzGWCXZd91IRWF8RxZgoUdZTtEF6cEEE06hCScG1NMYPCiXZB+Uo8Sdun9mu8+YbWOuMURWyAoUEMpLKoer4MxE6F2gmyG9GvnnjwwYSg7JSbaPtOcf3FPSv+WGpMrL6hioPaKekTAmp68LpQUxkRpvxc4m/JlSpgGuePNfIDl/0gYBDMKrAoBfV5faU6lFl7kC2WgItVcCR2Zy3jOg0eWvN8EY4ZCGna3BsbtZvJzY3N0pAgV26SJUGJrBMjL/2GWo2+IvN5WvCwe8DQ9MKs9XOrr/B2YV6T+iuCWeJjLSnZeVUSPMu7NCskD0YYhHAHlnNNsP7PJivn2v/VCeYDJFFzcmPiL3uBWHjiS7gAdDxyUv7tu086e+SOeQxCM2pZqTP9A1j5bRMfSPRIKgc0JipyTKWXCzWljkPLNFiUhDBzgoz+E4mzO9Xlffxp1mdwJEZ/Fi2+bcxEpcGUobRSEtmQZbCL6oSFDVKS9eEaZaNuWCJOXljrlhqk0AoJARaF0Zxu63ywYDf+hHhGch9fbu2ho/gE5HMhisROc+mrr/uZJLJWz7GuA6ujJ2j+HiSTokGq7WubJqlTGmfpYrc8DQFVQzOoxuWpoD9+cmhKgRNLKP8aqku2qvBWt4fB8bxovjgDEafLRbhwKkq7hhVcPm2UfVEeGccXWXMHEMtksn9JCDLraKNasCU/J7TFJWQoFO9M3QKOVB0PbaefnYbswke5SOpbJfsXCRWa6/t4gjcANQ5SAKbpQoB+CC5a7HL3O/Y6bbwGWnXIw5mrjdHL3ZMJ6BAYd1XEeqzFJNa6hu4ebeXJUJIW3SFUKWj8dSOgCyPe54qvRRVXQ92lJLdB7gqe0fkZZLjS5X31yOV93slsdIpbc8CPJTu1ghwcfXFGEvoaDEHg84oTwsDuGGbUtX6ylTLyQWg8RWEORsMsGuxmdUyisV+mZ2fHK500NNyJeSNcH3CK04lFIod56kE8RZu7WCTNDgBqvMWjpugo1osx8AH37bMB3k/S9wXK9FO8MP3Jb7JFcsWGI7wxQ7foIiHEMCrzk3sPs/2EwMXwnWA9RY7zZFwgUqxERC0L3MUnPAo2nDQlo5dU29EW4+l7dtvv7Qd7Ax/jOg1Ay8Pg/AQmQXuIqEzzpRVG2ESECsSushTAa/xxEkK59KmglBI1LdWJZ4AgaAc24Vr1ZJuRMWQqWixuz7sbo0eY5lNC9KCyjtmEBonB7N0NirIyeH+qSHhPjLtoR8q3O7tS6Jb3CEBaYEMXM5wal8vyYJnDs8nDvlZZJtRg/EbVRz5HaMj+N4XNYtxP+2zTJMjLpRmXMxLHODuZ+NemP252RdJsLAmv/VLRl+fCbC3bTfVVGk2XpukVBsROjeXIxYLPErCVcTJ5gUxSOB/ch774tvD2lIO0E8mwwakpWNpADf/KDcFoUKK6Zj/EfiJkfz+4xfFBnlqNuGleSniyaXhQfxgELz0amYsxQDXmablo1AkDZp7rlgyP7tWGTUusj2ekkndHYUqkoBbg1jnwocCuUhBezaSmbXnZEZSOQwufFVD6jMFSTsvLTKZLixl2dcbwtAMMxOhqHJpXuxWq1tV0Hnzz6Ur3qeCXtBkzMVShyxlDIw7MbwwA85Rxee70378tbJT8P+UCl6B/QtV8QoAX5W8O8nzJ1bzqkT4VhW9Kh4vUtUrgHxV9h6j7BV0fMHqXgHkq8IXUuNPofI9h0YQxja97MO+fXjME2gCDs7v9ZAv4/ciz+8yiF//aHbzv566M09dR6LnOlB9XfGXela2l1mPOEh99Muf4YzUNBsy/ad0HVjUX6jfwEL38vWIZ3AaWNp8r8rEvBR4kerGvEi8SF+BhfBVZXmMo8AS8QV7CSyEL1bt+YouAkuK71j3CYOKLujQ5coEoUWk+LZFgBGO4cKMBOTJQ73cMcMYckr6mbwJMpP9Hj0fsanN5lAjeUPMeSLIDeu7dFvI/TBDcTEsAtJton3uQXXB4O1jghJmhv9aQtfOVl1LfjqSgt1jeSwEoIJ09eJLdEAzXgLqxWc6VURiwB8XJf6o4vpB/sHTlK5tRV2yjKvx38jB6Re7MuTTGemtX/QwuPEDjc0X/75C9ieTlP3C+v/gem27uxX1ot6WB2/5Hz+dfzjp4Dt/Z/GVXHGlPNZ661GXfJB9nrK13tZRb3PXknttu7tpGyx5oqtoQMc8XVRqyaczguOTZRcTmbFkRHWHJKzPqeiQQcZYXyUdcsNFIm/USo2A+GQN7u8jr/ETlrIQQ6vgOYVehInBvnVGBiWxUI2t8Rmyzgf5G71mVWpdsUywRRlgNRxwNg82VuKgN7N2yGa0GXVXe731VSiwyeMq9C/aNHv0WruE/2ClZy3uv1cp48yBr7Wybj67n2MmtFQdkvdzofO79jDNbnhtDxvAFqbyKwwVv7Tz2BoIoPlTzYYy43/gE7KKJBda+sU1ItoeaP1M0gQK8bEsNko8yDbOVGAPfPKPK0YGMk3ljRnZduorcpIhb2zZV/lZeUtSLvLbDhnTGCgq+G2R2mDpWi/g8OmMTGX+5k1mzn8KWQwQMG+TdGxKbcqV7tiE+yArApP8/ZATOcmNPZRE5DRlVDGSMk1yBfkDpD81hBJmBiqw8CZOdXRw1jFUnWRyIhUjPMimo0kCXRjrEfCAZlt9WaposYWlanzeVnT1ulGveqguFtSgYtc9SpZRBAJV/Dq1h6hVwn8+2f/YRv02zznFm2ZFxqM1B6dkt7se9X4nmg6X1QqmWk1ofMW0LxmkMFOCKsLFEIqKQL8K/BPGp0rJmNu6eGYI4VKkwQ4HQ91g7Tcm9UV57WR4OLpejX6nfMRM8chg34RFxmKZJWY4LoapxVbTISRlgXTIoTADNIh0izfCQgMG0N9XuVj9nTAR04nKEUrVsW6EJshIKftbTyc8DrLDbG4CFFuhPs1dMaFkRpZZNIzIfzJ21SG/8IypEc2uViCHm1+zdEq8kQZOo4wOoGZxhRJcCJbNXFUcguBDFrligRVZdlkXdlT7Wxn/lRlI3o0e4mfHnRfLO9BDafcXJ87TqZe/XHgJZXAXDbxiGB37BTFHDk2HQ5AFdshPfdfQK2Bux71RyOX2FGjgP/e4HdLzdugmgqopflfYSl7OuZRwFWcMnFnVHWbHBAiC8Waty4Bn7IamqeqQDJhfddAHQhPSpykVMcvUHFbwwhyngNDxIRoVhiWKStCe+nV53fbMWaCR/Gli62ICBuBkmgcHmWvFk3tqjHupn6eCZbTPfc1WJ/5rP8w+B8wxUBqoRb4XbZia1JK/XHPmwg3VKtkKFbiFFkSA5kxy4BQCI8+zeMQ1w85WgIiu0YVC8I8qsl3PQRG0pUic9rzq9/fyILzBOARL18x19uXsaMX8gS0HUnjQD1q84OoWyoy8t/t2pZSnWfR//j2n6VQNc5olEf4N9bR/v2H9EUsnawN5ARV10jWj76UsGTIz9FoJwQunOzMVjfT4n/8GA3nAysQonv3XSmO1FFc9ymXi1dXEN/9ccnjNcd8ap+awcCnUC+ISaKNQmsiXJC1RQcUyKzTL0uIU/pywyAu01YAu3fG1Umv1srI/n7WugR1A/GIN6BpVgy+aSQqbz55Zyh/hNIXTMJyt6e0Z2yO+ZtGY64xhf3Qjw9YG9Hdg8/SH+JpdQOLpRQCcuogzZgymfx5AcXY/bShbOcOz+Oh2IpWRHAc/H4UY/qu2vsfCWEefzgh2cCHrUW892u6EZU3K5LBW3ufTgzlaYjPoc7DoDeKkaHB3BJoPXnFydcfS1DdH0xI17I6jtiRYmGZiMHcYW9GwfHy44pLsbfOKUnGKpsOSYK5zRI7D9GSSl6/j7AR2UHd3XKdr9fRoy/o3I6ovuLowW4AnK5bXqzxemPxVXj8+/FfDGq1iV6ButztHy3+osLOwWt/7JGNYdmy2gCnpz1baYNnSMdd8iOaPp4VbDM/9SWVdqoRpXpF4yFf7XJhvwfMbD/nfzB8/ejpu93pzkNEw3sVCmd9akTIjKqaimVUb+0T1ur3daB6mMOMLlkXXTCRyUVXSz23RlFkHPIBAEIQaWudM0H7aviVQLDMW9YtmMnchM0gl1Y0q7JkZBisnZFQM7S1pN+oajbvXjbq2/on5k/SZu2kYS6WJYtcsC2vvvTMqprIjSmN9Go1NKabUGK5lQWpPUsm1I8qY6YzHiixTrWl8Ra4hEKfwaGLZu1uupx0yyfg1T9mQ2QrCNvpCswzLKK90CB9PaKyLUcNYCjOGH9e8NsxgWDOUjYoCmGybVCjePEMJaFC/nKoOrLuayDg3KK/UNNWtaGu+JWbimmdSmNFa3Xp+pbU+CsG6b9GpmBJf1BG4xK5QhzxkheDunmfMjK9ewBJpNp7I7CWtzrmF6L6FgWvCMdU5EtqQNOFBQalO6bx2axU/3b5oSeHF+srBkP/oupCUPB6F6bz88efDleKwh+pbGto9exrBMgB/UnHFxRBc1Esn8mapQ5Y+sITn4yXk5qWf+HC0BEtgzDRyvW4W1YtPPyJwgqo6ICHOr5hLw1TFWBtR11ZxmoIPMWEDLsqFbc0IxcOlNQq4CJ7gisgbwRLUXqigQ/Q9vT/+fHYefcqG2HiGLMMXRniSL2er2BFfSLE6yeSAB6ZW0PKlQ25G0ggDrly9ai3JiKUTkPvgUVcsBuY0mi3ICaN9TaQI7lU1o2NFaJxJhYrzjczSZAaLiuskElzpaCivwWexakURsGtdGODlSDtWtUuyQO3Cr3qjhgH1jwz1QFC4Q5BC/zRoTp56mk0yLjOu7UKQjA1pBnEEgQh4GAVrSryZJvZT3+OHvN3q7oXuR+g2c1Bpl37nTRRXRgtI8XDAOxi0RMzGcg5Js1luKz3tValvZeip5NgJI52SVA6HthMDOT85I0aY4k1OwoccTkLX5a5oXecpwuJcGx2P9LmgGTd6zNnah+MPR+XZhI1S78sEnoEDlKZTBeWGoRi6g1KCR//K79lfXMX0sHEYhq8q7Aph3u5ADWx/zwsRf5fmB+godBnBMHbEEVUjphy/HR59XmXCnBrlFvVGzPjIclva37x5CS1ToAB96Xqlz4prZH/vh/dWCIh5OVIjur61fbni0Tu6totKdREuGzabrbmX3d1RcbGmOmVQHCmwrxHSI6zXaB3QZrWtK4tc6lRFQQ+mS9uiwY4IP8cpZ0Jbgra/BaEpbFRzrECmwaLiPn3DKttULpjX1n1cPtv/uBJhpJ6ZR5Frmk2N5I8r2xHUA9dHExWFYE3AtdOHRphmG0I0Jq5c0ZDCcPnhxzMSYkzIshnqhqdJTLNEWbW8lMDB6m0z3/w1qH7dWsvwXfqfoU2j79L4sEbmDf3q5+9T7/F/jtaNqopa+96NFu6X0K5xvtXDbo2+G6NRoTrk05cfK73ZoT/jHSvt98pDV/zFtGn8YJjCSIWfObuZE4nn7sz4sI17LOJH4PkCGjTOh3aFs+dE/Ttt5CikvoCWLi3QeXD/fSGhCwHL2vTgX++udnegB//G297W2429+XrwG4TwPmqRGIGPoQ02vb3V7i5g03u72X27vjUfNkGv9UU3zt73XeRdyA9e6eta4/kqlnO0pg7wgfb9C7RUYXzExQaqsDQ1D8T2p6DbfNAPPLDASMvm+sYWnWytt74KCIjAbKv/FnSY1UT/yA5RdHhgGZTaLi8ahjO0Q2h7a2tjx5uhCbut3oO3R1DxP9os8izkwOXA//AXGsGaqQmNjcFF+lzXtfD17uZue7dJxmm62P61NjURp3J3oHC0ePZsPsXABQKCRmkm4tA/PbA301CaHFZ2MqICW892CNdBFDdapdp6DiQYQ6lRIOAaYzLB4G4/dNEJr0bYra33797tHewcHr17393b7e4d9tYPDvbbN6d37omFC7TjcqJyqZO5AyLc+b8wCHIcjxlc7YTF1fHode4U8ndJTqgYkgNo5E9S3s9oNo3IGWP+ZnTI9SjvQ+TSUKZUDNeGcq2fyv7aUPai3uaayuK1GAZYMzY6/E80lD+cbGzsrJ5sbNV77Rj1e2t7dQ5x+913//9WO/6/dvl/xGq/GJPxYZ39v8tu/t9JB//vu2v/N9Opf9XM/Jb0GVxVUxGPZIYfV2MXwWjvZ97hMyUQ/juMfeA6Ctkzybzu7xvcVQHcbKapbeYIbmYDaqNnHJKXRlLpQFAjnWjKfbPGCdUj93DwYAOA5t8hm2QshluIVbgJKF6Eaxf4xMt5TFS4RKoSfAa/SPMx+8Pl0c8GD+PYKw+P+RDjLN8SneWsPDpSpDSshM1iv8IPF018MwN1vz4QRgNX+8M8g0XByZrwa0F6s0Lhc3eiBYM+dE3vHNkQ16j7TEVcKB04S++lEbgf8F3i3iU8cdsiTmWeFDvgwHx0cQEZGTNNE6pp86b4YH/F4I649CoEEBb2CE2SC3jgwg1pnoyZUhg8Fu6REubwUsTHdBhUgy0qkIz5Ku3HSW99o1F+FAxybEYgx4c+PBHBdRSx7PED2TcrBQ/JNAkZ1QFk4I8QKofrPUvd+PCdyx3M4QAsQhfvnsYj5J+fe6YW3FuZqy0bB7ONaTzigl0E2dB3T2ZfCNOn284VRltdtBBod7/VdtZJJkGKtVw4+/j865axYaH13T1H6dHG8Z1YSGR8Bbxq5cKh+9ywvfA30DvM+ZimDNpHg1DA38wOVyOZ6QuUzIU+4Y5jnG/Vy4QZx6YHizTcQJdfKQkRPB2gUpX/sYlYAcGaX2kk2oypjMSZfzaQdMGGmnPWypvtJn34dLYhKPmBnH86/PSW/CRvjHoxphOsBvC3Giylg57cfdiT2fKceJmOIESOc835W/DtT/ipYZBjMZAht9pjAdpcOlkTMKj5vpE97blxdHAWZha7XowqYrGKpuM0ss9hahzN0KcqpFgt3qxUs5W+AeNsTp+9NKX6bW6IvpQpo6IleQcFRSABp1j2+rxSRf2cp/Up6yvqT++l3u5hr7u31A6cT2cEZgjjYpoBiWXCGvfBXbAonTEdj9oD42bBQpRi6jnwKu+zTDANoQCWD/8RftcwbvG717nKClQxKAm58G6pWrx0r2QtAX03z1UpPpFJs9iZazMHFJhIdCvVF9dMlTfI8IfOdCoT8uX4sD4RmMwTGj8dUsWI9clkUhP5j5zMFUyaMVnFSHn8hG7AppxuM+P/+z//V9kKSXWQrAT/66PPiuDnizGdTLgY2meX/tpyYwc42bNtTCd1kKFwJfrAXhzcAWzNwNsSgJFiKSSovDwUzmyRQg9hMyIZm6Q8pqpcYZM8mpuLcWdsooRNUjkdV0z4x09cjDtjYnDuDfL0yVEOBp4x9T065kMn9sPeO22zQv34eXFce3jbc7I4uU/9Fw3j2h+LM9s7DJrO2GJsMtcBy27bqvR2hqiIzr5DrbcY/yZTecXpKs21TLiC5JoC/f+Bv5JD+8uUhM+RwKtxr4OoYahQw7Fw+CFnuU7tcxF60Mq5NHN4DJ1r2V6fy4EHICgs1Twnv8uxPWO6IxqPbEnVES0lNNvAINsOnHE9KuiakCTHOgqaZjqfuDs2HIhD5eYx5lJ7nyfEi09oRsdMG8Qym18F68Y0mDvYNRq+MB87NmEXQIOsDJpCQ3SFURPHp/iEZS/Ckw6E0kPCVQkkSM/QCijTTEIbaT7JZJLHen5CQjiO37t2GKOCe9zumvbB7FKa9o3ytdKWg5lX7pk6SNadc2Z819+wevQDXlAkywVUquOiGY48Sx82+5fPJ2RkDPuRMQNhOsutAMldRI/zrHINVDZBZ8z6y4jBNijwu6HKs7g112muR0xoX4ckI0Jqb4VV73aWbAr/iNFMw/XNWAquZbZUkV0zxI59eqbwnnkxAbPat8uXEbMlfuDknLVed8zp1s1Nipux0cZ5sklKq1P1JzWUTqngG9YvCcFp+AGyh/5g2VuiIDWqjthjDcQSWtBw4jfZt0W3XAygZ6PoGRFN8lItE9LImDVkz6WmqUMQMm+Z0k1j3YVIrhrRCGLvGuc+dAcUF2TM40wqFkuRqAZNNx6x1q7MPEuj2gtVfWcGSOW138dcHDOiBaGcOHip48llB7KizP+NtDYfzbEHf6vLho0WePLaIFJqO/JgRH5yFrkc+JrvqAjYlTdawAGKcUhZFUPwZLlneXmB/UuG+Y9PG7DkkxqOfCYPVjyNp3dCeRxCVYbE+R06pfEgY49PXPXb2F0OYw6ckuk1SwifuMSr4k4wzzLQ0GRQSr9sfJX43mbuJ7V1eYgzGwsuyswsgpPcMcRcQjy4i512lNASiogVDXDqltOIxVcXVVHwAND2iZZXTDiVFTIvFTfCjgomc5VOCRfX8oolrnvLACdXWP20qB16A9WcXDVNcnyK3nJ42J3qrijp4cczWwqojhrch09oXfAZMl1AnnlLUc/HzFYoAO1mglnD1oEFWjfozlj2Di888W+AGdQSeMoo0UwkwcPwtVPZBLvVIE+SPGUJvhz9xekqKh+PKYQcOmXlg2UA+0tLHaUYh9yvoyydZkxZMwLqJVOlbegKG3OI77XGB7XwgtFQ8CausF9MJpKJ5EKrDqy6Clad6xG5HMsExF56GS3do/40MCwU0GBZ+wO8sOs8YJhqq/I4ZiwJbkeK28WbOkc93cQDylOW+EW3gihYdCOySSrlVT5pueDFGC0WvAA1mKh09TR7RV7sEfbU51BxJOSiuBUc8msmZh0Lma6T5k4FzCtB7vzAmriwlIRCKjE4TNzhFj2XTubE01ToEdM8DtxiS2f+S4x0ayuiwrGa6TVjgYIJsQZA0pJ3WxlT3kdH4ys6ZBdlR8H970Fqy+OEx7EZArurIOdBoUVQ0EFjl1mCcsXHGJbXG+Q4V3AWu+ondfSmqaR1+6jm7sf6XUm164MPdUtlvzYIFIKYzkIWf8USClUwwmEvxnx+u9S84+sumlGIDVsrj680q0uH6l69a4tVLFsy236bxRhkJnMU3pM8E2z6teFMGp+fxe8sy2S2GBDrSx3GPSlVvgVogZrSNL6a/YoLHNF6Eh7G5+enc7qI7AjN5Jh1FJtp5pNnhR+PtDiKg5ZB5KEHsbuOM0axc4BY0tRFTK2i0UOYoy+TaeOKVQeZNVBpXYomi/UBm7jtXoK4fz9RNXIqPjiKHPKAgLevfRIsWEfuGWW7liToxExtdZqokSAZwx6hzUd8MxL3IOASBvzQtnULwkozyPyEMHdfZVjoiJwYO4FDefCi0YrT9798PoGjC+40ajMaoriBzBtqJG9EM74jRhNWuZkms48rMvvIakULcO9TIQUuBE7uVrbwONjdiuvXwPrzaoIVfdeMntIp9C406qfO+ARt3bYqoHMVtN47JXD+V40uXjfsM33DmLDJ6v2phpPW0gN6D1rV/CYztiP096yNVuwOeNReJ6E8sZDLLAomhbprUhCaZozWJAIJUi/qpZECTd39+yi1OekGxWSuZ5AZ3oAEHCoz7JhBySRjA37bAb2qUQAQZ+4lkuFIRgxAuw5rXUPzSdDfoAWlKJuelWWSAAj2XTICZE5BVzMAyF1GAJnfOUsaWO1iLlndlt9kuEhlO4li9b6SV6zh0MF/SMZXTiAL5ASz5dmFFQMP4oQ7+UBZv5qtfjdJmWYlydMgMeqSAiXIPRLjBRPZcfgFHk5PQ2Z0f7rd5WR8SHDvxQy/NMRvEO54DJi9GZwS4MkonZtW+pv1KFauvnErsv/bXTmnOT3QPVNeIxAMOuPsmiU+GMB6cQEUYmGJmoEBAfTk0joEzwWJOEYhOqNCYVHriJwZfkLNtzYcutg5tAo/Pzgt9Q/Tmo0nOiJHIrF6M1QaKuR3bbSEWz976YB4yWfBS+FiaxDrOLSHzYKAbtrSGMa3yTy2sJnC7W2rBs9lGE9kNo+TuvL4oyxjqPzvSvw/tV3gSf9gs8DupIft+7q11LjvmdK0n3I1IrS6e+fQ4wsX/EvZDQuws+6gaKH3mk9Ks0lBPXaLlTcq5H0phHK3BTK+UlvhTcGng3+cbZlz4bb1RaYbo5mos24IgokqouPtPaLjsTv05Oxl7dCa0hDuzmBnXnPqyGYesheWdyhjfqMGg2hZIv1L4Ud/jqXhvZVZKiagWBI0BpjnSEvnvrQKGGOuoywoonMhpL4AmVCuRUhKQQ8lPnVlIN6SnWjXl3yvU66oF8EFGdBrDDGtFoSOijKIlxE5olnKjZ6v63UNPUu8UaVa5BDkUapqeB+mYRnJ+3CaQYQHIgozX0bkhOonxPLZ5cuIikSN6NWTnVg1CTPgwogXA6qfrIUVVxv45R1s1XlKXWtnE7HCghrCP2qF+sMaG3cjemflnSows641ZtbdmQH33RV4in+1WjzheA1VeZxw5vE4tDKODz6ctpTG9s1m+s+qAnKKEV7thLD1aKjaSs91rf/R1mccEIMcOYpH8rMdGJwqT2Ev+JHJ58AL85lNjNFZlhgt5cVTx5L8/wAAAP//XfMLPw==" } diff --git a/journalbeat/_meta/fields.common.yml b/journalbeat/_meta/fields.common.yml index e03a20eb691..113b2a4e5f4 100644 --- a/journalbeat/_meta/fields.common.yml +++ b/journalbeat/_meta/fields.common.yml @@ -43,19 +43,19 @@ example: 3 description: > The audit session of the object process. - - name: cmd + - name: process.command_line type: keyword required: false example: "/lib/systemd/systemd --user" description: > The command line of the process. - - name: name + - name: process.name type: keyword required: false example: "/lib/systemd/systemd" description: > Name of the executable. - - name: executable + - name: process.executable type: keyword required: false description: > @@ -176,7 +176,7 @@ example: 3 description: > The audit session of the source process. - - name: cmd + - name: command_line type: keyword required: false example: "/lib/systemd/systemd --user" diff --git a/journalbeat/cmd/root.go b/journalbeat/cmd/root.go index 7f5b973cb7c..50ded0ee692 100644 --- a/journalbeat/cmd/root.go +++ b/journalbeat/cmd/root.go @@ -35,7 +35,7 @@ const ( Name = "journalbeat" // ecsVersion specifies the version of ECS that Winlogbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/journalbeat/docs/fields.asciidoc b/journalbeat/docs/fields.asciidoc index 969c69c0cab..7ca5f4bc775 100644 --- a/journalbeat/docs/fields.asciidoc +++ b/journalbeat/docs/fields.asciidoc @@ -251,7 +251,7 @@ required: False -- -*`journald.object.cmd`*:: +*`journald.object.process.command_line`*:: + -- The command line of the process. @@ -265,7 +265,7 @@ required: False -- -*`journald.object.name`*:: +*`journald.object.process.name`*:: + -- Name of the executable. @@ -279,7 +279,7 @@ required: False -- -*`journald.object.executable`*:: +*`journald.object.process.executable`*:: + -- Path to the the executable. @@ -542,7 +542,7 @@ required: False -- -*`journald.process.cmd`*:: +*`journald.process.command_line`*:: + -- The command line of the process. @@ -2738,7 +2738,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2791,7 +2791,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3982,6 +3982,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -5056,6 +5069,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -5226,6 +5252,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -8377,6 +8416,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -8552,6 +8592,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -8562,6 +8715,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -8665,6 +8931,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8781,6 +9160,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/journalbeat/include/fields.go b/journalbeat/include/fields.go index 05719a08b72..1046b7624e3 100644 --- a/journalbeat/include/fields.go +++ b/journalbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9j72uVGbiTB//sUCDriWpqjSiT13Re+CbWkHmunv9ZSj3d3vEGBVSAJqwjQBZTY9MVF3Gvc692TXCATQKE+KJGSqFa31eHdEckqIDORSGQm8mNDbdof7aBmwAIWvKtBXvRKV3UmKyDTeY0e/1JIAUcXCL6jdnBwLFo7iNBY51gBwrbI1CybkJYfr2XkB5xqwbAOClEBXEXAX/ZnayVa4c1c19TisLAj2j601BalUJUpQjysB+SiNAHaz4CFHTGoUwNG6G+5QKaA+yp0Ftq3mwYrSCukrg05BBFslhEjHKsm9QkOv+1QKF+JodeLJglRbEKF5jHeHn2BM5YKwr5g+GO7JNQ59sYf5ql57IYbdPkfrLhQNoiyDNppFK405+7M/BxDYzi7MQWKUHeQoL/T3lQqzdOUMPS+YQ0bbKppbOrA9woEG/KgjSSdTjM5zTjVLJ2vYlyjM3hdihNwPR59dmG89xlw8AJmMuCjXOYqnSM3wzteysM1q/L56ylX0Kf4/FObUOduAw9xLvgXoqThk4iQ/ygoS9MZnSv0t5ePbDpzMDm+v4rsF1dIsrKOJowWVdwsJ7mrgwWe7IhPrwwoVxGCddUmCZsycNoTaXUGIkXgSDTHaSXCh6pI5EZJWGJdFgX52LI8OA6hKXRJLlqk0FxLIScyV64vP9C9+NoD6FqD40AbxxcfNmuFcCBAmcbjwtOEpMQIUdZwQu9194+qOIdumOddcGH5sKKPAU7N4XZ/k3KUMvLu3UmJHg3ROstEiIavlWswQlwOFG+BDjyBvLcsgSK6vlSH5Q7VyNh3QHavS3+EBscvO6VHTEYx1/N1lQE84XrevDrvpdAZqzTxBXCk0FwwsbbShB9KJQntZDX4PshMj8kxRJjQBiBzobN5nyvZUFTocUiHU5Dzi4+QgVCD8OR4IVjrWk0LUuOCnlBBkzqlXBP5O8AZMdkH47xp3ndSjLjOEzyvU6rhQ93h+79IK5Wi9ZpsHexE+93dw51Om7RSqluvye5etNfZO+oekv/9qgbkGp04rz4rlm2587ji4KS+x36bUHQ5oBYmh2SUUZGnNAuLj+oxm5MYaq8ZtbNUCs2em7rsNOIZalQxE3ixACkEqcTwqQHLirJVTrUtTigELyXT8Vxx8wc6Ftskdts6DE77ILWhk3kQNXBQWM3BN4EDcsSkw7bu3RhIpaXYSuLa2mRsxKVY5077GWa4baNt/dvJIrjWtNUsTI077d9yNmBlQlWvMWswNF9hFlELvq0znhUb559udo2+df7pZn+zfGZMaLwGhN8fnzTDUq2hrqMH3Nm+ujS2o7WmILkk1P4H1DDth+NLb1TbQmvcqlvFRpRkmvEbqhk5ff+fm4EiW94AYKKlkiZkQFMqYtiCwZ2fzEgmc7MzK5qqwXMql0riWClZIiQApMw9XxKgWbqCqlbrAM30/RSzSlZPbRkemFFkyb6IxTE0k2Us6TephI/YYRzCJkdjpnQwqaMRzt0GRKZTlniQ84HTJP2Svy0SMtpByDEMZ83IocxIayhlZJ+LYjlpEa5IK/yiWr4bL0dtIFXCsKgilFhjMVfGULItMcF0Tfm1TVnCiz+VD4f8ix8RntkYaz19vb2Nj+ATxkDajMglhjJpiVb/Fz7xXubBnCg+maZzoul1sa5o6qZUaaJnkqR0wFKFVrWQGkJUsIiowf7y3anyUcqtWEb5dat+EAbUKHGFJ/s6ucFPAkzvlZRhbnbz7zlNsYpsEIjjwiYCpaEIi8FQFPYlZlNUbiBIAl7DO7wyq1h2jwg5F4SSKc00D/xgpAYBCA9bINr8n/3dhlZ4TQpUnjy1aaIxFYUjjJT5qh1QwPZzVXWEBiyVs2Y2b94T5X0T0rY1m80iRpWOJnM7AjIG7gyqdCvyI57bUtg4ypgWdWYRVwyvd9MUEfEtlQ96kcoH3dLma5eYuACvVJnUdbUtxmi1cc8JSXRGeWq2zJRlXDYUyjYIeGa746ZAy2kf0HgCqceGQwbV0c2sllEs9hvs8t3pZhvv8q6FnAnnxC2BRaxwaTs/OQgBw7KOV4JNEtUFZHVeP2yQ22ZWCfjg25aMIBUXCcViJZYTj/B9iW9yxbJovSwTegyKFDYfcRdcPhI5XHQsUkHenR5/MiLrGDE+9UOFvPKqjh2bUJ6uCTljnhKYwKnf9bDFyEjPR07k/2qOQ4PwK1UcCGAA3xIRkg5YpskZF0ozy2Il2sA9wFdjQLwKXjsHIpJruwZfXOreXnXbm3DwmG+7AMwGRkU41+jOCVcCJ6sDsc7qKJZSIHcgalzLoGd8GDODof0ooAShQor5hP8RBFUiCf3Hz9gmhw/JFWABveIz+8Fgd+WVgViKIa5VNU5HJA36lTEDm5jqzkINj8NKdrVgyjoQj+e/+WoS7WJsLEphq02ncsRFHelApFEQaXVSZDJdWx6z77cGDAkzOY8nFJqw8C6M5L3mAyponyYTLlpt0soYaNFi1Id2aHeF94bBG666WBC94b66NSmKubdrsQA6/A2jmcHjUIQoJlRTC+GMKhLLNGUxFNOw316OmfIDQxrJXOZkyEWCm8pv8VSOlN3bvhGFmxvS6TAcZoWrajYdswnLaLrGXiZnbo7axuTKg7/Bh5A6jF3RNmutvBLYJuBZwqgC5fptZAyKkyhsZnJlBwQRlkimjN5ZVyUP6e5wr9MZloixFpnU0MrFhygJgUE8CLGz8RxJuILqPhlXgeCWQ0ySEzJh1qNfQrm4RPcVNoBhQAFPWL1Hmrf2an1YQmBsRv+EXjNFuCZTqRQfYJkNz5+FSWH41DDkhOmMx8izkBhe4dpyqpnZMGD4x3lKM4DXD8kmXLu+Q9Ugzw9S28gOjjlxgtk2gIwVLyjclyUwwCchS2QvLOMghgRTM1AVoZpcmffsuWiOSfhoqA+KIm0whpOdA7bHBkPWoWw/3j066CUDdjTsdA92aXd/52AwOOztHgz3S/y4puuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNUznD5U+40hkf5GFqhx3D5uhkOWQteb8GZK2VdRz0u7iAKKUpFBYAv3WxQ4R31wTgn+O3MVWAwZmxTnlsM/lKu8ipO6EHBB3GudI+eoQExv0bRrVqGgRNZHssQROiqa9+4h81C3lVKGaYfTo0GwN9bEELpwYnS4jHlt1uZSaSCVvrHafjJupZAqasyJmAE/RMoizyrGRGcC87qejUfvMbbNMg5jusDATlACDOBtMl28EiONS9WCyuKAeu8ZQf1B4nHjKXGutGW46XKiI5AKHOURUAzLO45kEAcJlRLQ9GBgQzvUsxLe1kyZR49arQL6E+oQ14AG8sIOdna1e8szJzQNqEwrCSYqHHStjRXIxyrsZ+1YpNCVvanBckn5aOenvOSWVAJaG5YOvDWLoIptz9kxcJxfAVKVTmmkLAOO7ZJFsoFTyNLVITKjBqVLEGNcHNt9Wx/7plCa2CVPRHDbbA+gY4fgXXsh2zplohoPK6pISVzwl4sVJ/E435Bn22pCf4EzpQzB0mwSRnboHOhziIzPwYNGMV6Ko7dIHonTnN6aokVa/ukLql5WgMeX+cFflHueKrWxAfN1uyLeqrUshgLUkq5bUxwahNlWUaO4pWbIugyKyX7nVq7ES9aDe0syC8tmRmFd/cYmXhU84OcvnDtVhrohjcH6EUc+HUNtZ4Gy+OoybLyjBGEPxsGIOW47Hb9t45zKCAOFsrEMNLXYSqBEQYm17UvgiRCgK87wjtDu/lbXx3gdOiCOZgllgKxRPslTlmoCJBE8+guBaG7/6LP1Ix9hk8oqKMt1o0oSNDmZiO18NQ/fPAxsf7FT+2s4xiGuZ+2th2gLfIsSDoPsDiDM3POSp4LDEvy5P7eQZyW/q+BHK/BHK/BHI/k0Bu3JOu2GEh9r5iNDeC9BLN/RLN/TggvURzL0+zl2jul2jubymaG8+K5xHNDbCsOZrbInxHFDNNrclQbEXpA5wbI5mDrGBj04BRLEbPPrJ7ITmiB9LjGUZ2L6+pPWF4dwPPf/Xw7lB/fAnvfgnvfgnvfgnvfgnvfgnvfgnvfgnvfjQgXsK7H4UBX8K7X8K7X8K7X8K7X8K7b6VZqb8fom7DDi6LbxaHHbRsdzCz2VKqFB/OXbwohb4KUH2cxrHEkntQ2BPnIpp+kUJO5r9aCH/1So5B+P355c9n5Pjy8r+d/B16bg4zOmHQyeFXUYtMMHva4FuCpBjYwoEX7d5q4Zkvc44+nfPTizb58Le3v7ShIPimCyWjJJaTiZG1FuSoGBoidgChSNNY8zj6C0DkG3+EpdzHfDS22q0v2ymdmWbGKMZFiH5t8cmUxvrX1mZUmorFY9jP0V9CMtQmhTvhYtBrLsBdAcoqjcdQNtPXzQbft8YIGJynDQsWx3IyTbnCUM+RpClCV4z7ayuoui6M8DMGF4a8GNCxP+oyQQN+lZ/gmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoReeunsmPx0qUQcWaL71ELAbBQaVSMfM16woyNg83MNOFixJQGYYGOQ6YzqaZoPAQ+Ak1HI0TPFSqsCJNwx5UNUOTrtSk5LcPYHP1oSM0STzri/YftwpIrRmhNPvzqEf3VjtIumYxkg32JfClgqjWNr6MJ1xmDUsD4itq+PO50Or1tstmqkgd/aSLMGrWqVolfXUThskQKaVKTpw8nUp1G5f5RFTKtuyY2sJGfBJpCPCNihcPXCbfsKGW6+kPgSbaml24P3Z1uoNXI6d5S25fdzt5RA/fB9wso9J3Y6K1SIsnKKxIuQ8jd61qREzmZUJuId4FYiBFGbk0z5vJB6qv1lUTF0vQM6Vhn9vXRc/l3FxBW5YOnkhrgR0LREc76UEkcjvUw8nY63UVCJOos38VjAXGftcBZLFNWXKpbxcq6l+qTnLHsYszS9IFr9XXEzdKkDsnbfLyundSrvb+ky8FWIHf+Btt+Y5VO5BQaEoUV80uegaGMc+V8pEV7D1dLn3CtWDqE04lD516o95/OCb2RHBqbbSVsqse+90Fh2CEIX6K9zpEdNWaZjcOHZAC2Qi/0mE/Ha2txd4Fdo7lIwNi0jSxwSmS7JM/81zZ1KiBpTUC+u+ifnZz+dNb/+eK4/8v55U/947OLfrd32D95c9K/+Om4t7e/7Ia0dQQD2q2JCp/O3m+5nudKU5Fs0VQKVlo1CUmRvomYhQ1uFf0OBIcJpqBMcmyZsMW+xGmu+A0I0Ks6Sv14TLm4IoqL2F4Ohi1xCV6pYu6+r8afclX3970/P4+ipTs0LoJk3Z7MkNbB5LWsxhL1CxfIGFIuFq/FvdagSFRzq0C1vSouJ/0PeaZ0iS1cBvPYR42XPbC4KK02cX+t0DEP4RxTNY4myd6aFuakJJnEyCjfXOigrc370z2ScPAjySE5PfvZr185JQ8qKCyxZd5iGqziSjMR2xt329qUqrHtJBzGWfiL+2I18PakaNmfT6csg7RhoFd1JTpvD/ZPDt72Tvb23rw9PTg9PDt8c/h2983bN287J0dnJ/dZEzWm3a+2KBc/HXe/+VU5Ots52jk92unuHB4eHp72Dg97+/snvdOj7l6vu3vaPe2enJy96R3fc3WKo+arrE9vb795hTwNgyTQh69QMSqu1OPsm/3Dg7f7+/vHnb3ds7fdg+PO4Vnvba+73zs7frN78uakc9rb3zvrnh4cHuy9OTvYffN25+Sg2zs5PuqdHr9dut2fxZErla9N1zktkupZEto0v7HYxx8hBO4TqHCNB5Ft11NbpZqT48OPNqOa/CylJifHbfLx84/nYphRpbM8hpuYS0YnbXJ68qOPOjg9+dHFMi5Pvt/ozrqOb3ttDpVgitQ7nNeWCTG69BhD/OZkyjLDaobFLi7ebRf6NSFjKhI1ptf1qJFkl+0NuofJ/mBvLz7o9g56h0c7vV43Ptof0N7uqtwkpO7ToV6KoZJicctMQzXbvuQQsul15NmYCZcdW1IGFBESwppZFqQJhzuTJ3Utodfpdbc65r/LTuc1/Bd1Op3/XFVTMPgOoFLHEyJsVaKlke0eHXQeA1nMSH7k8KpK+28lSUwhc9uw8YdzK1M1S9NSAzJMrnWt2o3tWe+1aKnHFaHYNdjeeFtjimgZkV8w89qLbfNwqRsmynE/7ogZyk+5zQEOo/NtFnCN/hA5izUWoliuSnOUlV9TPtckciGJPVnulMiTOf4Govi01KT0kSSxyqd4u9tHW3rtASJ2mmbdoWTE4zdjlqayyWBZYMH39vb7fzt5byz4ncNdY88UD56dnN72qF+X1r3sny97naOIppBQo/kNgy2/Lnq+46itOa4L5rVh7BsXxx82IwwVMPOYvZrNDb2b1ATsvs71HGMEAraF+9pBrm30CCZDQZxYkW9mtLjTDxckxJiQDTPUjKdJTLNEbbZh6FIsKqvf37/6S7Dt77UEqBlFCO465a5bAxtWA4Jg4+QDdMM0QBhODinpaVxD2mleRhknP/HRmBwrlWfU2Pi2e9fJqsZFmRaQ6rt2OmBC8cbJJqReqiqan5duTdyAQxJK3XUua4N43zi9z6qe/Pj5ok0+er36XMQgyOFoK3IA2qHu3cABfj89BidACnCRhLwuVnDTOFn0brNKnPeGWYwU+QdnswcgFJbEWDNS4VSKbHx8wEY/F/Ej4UzTfi74ulSdJtRpSsyMhgKf70GCCvc/gAxQGa0vsz4Emq3v4suftViJLSNuPn/SXrbJBYStfarx+QlN+VBmgtP7YPoYliHYSFQH1YiXMAUXWEW9Tq+z1TnY6u6Tzs7r7t7rnaP/DqbRfZF7sBl4J3ZVu28hZt2jrc4hYNZ9vdt53du7P2aYY9W/ZvM+TUdmH4wnazP+7PhN/fF9Qtg1q2/Eny/udZAEuMV5drOuTXeJ93g34aUyIyxNzQOx/anAjng616+6/E++ql2NFoIrPd3rLR0usYAg7MtUiiKP/j5Vqc7sEH45E5bxm9pi+jukJZDb39vbOXDEFwn7Ug2juB+yiv+xzOIvQhQSkvkfPi40WEs1pTHcWA14Q4Rvr7N7eB/QFcs4TftL1w17QHoKTuUqgsFxVVi6jadk1WleGKOuoEvhaUmnYypyqGXULtdaK5zmM67HEoy21CgrxvLyHnQ/dDymGY2hQEOVyHt7b9+8OTo5OD1787ZzdNg5Ou32Tk6O7yUxFB8JqnNDvTULw/NyhllIag9EKCl+YSRjxnxjhj4qzG/Fo30ocwirIH+T5B0VI3KSzadakpQPMprNI3LBmA8rGXE9zgdGqdkeyZSK0fZIbg9SOdgeyW7U3d1WWbwdwwDbhjDw/6KR/OHdzs7B1rudvZ3aMuDtzNY9RbV1DnwdU1h5W9iBUUVOjWnGkmiUygFNvU5Y9Ji8J65fw9R9HEvX4fAcTN2qqHKOJiwatcDWvbj8sdB32+TdjxdUkLfGiuUqloEt3DYWUASW71q44NmYuSUCPASjr23nLtrEpQV9LASfgVFbwfdeKP0JDFQbGbBerSooe20mtWpOjRV3lkZgjXbLgkDFwpLxqe/QWQCvQ9p4cUmnUCq3qU6BYvG0t7efLW2hMKXpIAXBvgSmAylTRkUTQm/wJzJMaQktW5jn8t0FEWwkNcd7qRmFMh8xU2qYp0bx9CoVFIPm5ikb9yoIE6APmc+5ECxdersJ9kX3XQjsky6lj7sdMPgK4GZJRD7ZikcY1kKCoi9Q6Pf4w7EtKGT0BqczzmaziFNBIQyZKqOlTpjQalunagswMZxvcNjCcRf+EH0Z60n6A02nYsvBuMUTtVkJhcLKZYHRkMoZZImqOtcZKLe70dJMlzGVT9bKcFxVgqWB4ey8kBrtsTXs9QUVnCqXLs1mtj/3s4zstbCtGtlbR+lrRfYugmRNJF5nZG+4Fvdag+cZ2Wvh/G4ie90yfcuRveGafB+RvV9zVR47sreyOt9JZO+SK1SM+g1G9loc1xrZe7FSDG8tdrc4IxDWmin3JDG8dvLf6M7agsWag3hx4kcL4t052t3d7dLB/t7B3i7r9ToHgy7rDnb3DgY7+7vdZEV6PNZVrdJ0Mq3FtNoAzucQxBvg+yi3t6sg/ORBvBbZ9QaUXiwdOloRyA0CoBZctDYB8BLv+PXiHcMl+LPHOzbS4huLd2zA4TlcAn1j8Y4NVHw2F0H3indsQOhr3wOtPd7xDpyfwdXQk8Q7NpDhO71OCjH97uIdq8h9P/GOIWbfW7zjAtz+vPGOCwjyfcY7LkD2W4h3DEF/iXd8wnjHEuFf4h2fLt6xRPjvPN6xGddvK96xCYfnYOp+O/GOTRR8NmbuveIdmzD62nbuo8Y73oXgMzBqV413bELpT2CgfpPxjuXr+EdvRoCqWak7mrtWntJM2bgs+F5mfMQN82EUWsOFTdRb2gnu1mLNYYAfDPVT/gdLMFQOrqp9FCAcIiGad6HoCoYuRNCz3ZQKV924Cac6RgvwaWwxVO+gY+ZzvULgcyyxUr8REzqjMfPthI7x4YzZiym4x5dTY4ZDSJ5rOAIRnxTi9Ip+hZRk7Pccuj1IQgWED9hxbbMN2LkUWl0PDLF/z1k2ty2GCu4fDo/o4dFhd3AQx8ke/ZclSIpYPCFNq2SDz1hHNWjvaHvNYBe/gmQ2IG3AjElJtBwxQ6pyt0E7su0E5Qg7piJJ0QTzk0A/3y0bOMkSR2tVpevuYHjUG+7sHRwMdnYTuk93YnbUO0o6rMN2D3b2y+R0sD4xUd20S/Nr+I5t6eh64/pGotDSZMKoyjNrUQITe6a0DOxJHrKxOyQqxOx0hp39A0o7A3rU6Q0OAuLlGQosWzj488/v4OPiwsGff37nSgLbzirEVu9B40+aKe15iL1VzSsKryHtkw54g/8gY9DSkSRyJgx7SKLiMZuwtu+/OqV6bN+XxIXNLlMLeL398k6xm51rgpWlQTPUct2osK/muSBKQodYxYwUMvSc0DmWtLbx6OefDLbbhoSGrtiML523vX+BVht6CmgAem7LYZmxsQNo0Ix9Bu6KkXTNqa9szSukXL0JZkPpKx/V7wK/10VaqHkPHWJ9g1yMOjViyk3ecJ7bveDJAosCQa+Ji0dLGU2Q3XSp22ltdK4I3Lsrpgk329nGHrfNAgupjbzM5lCAfAznSfn9yuBuWmxiSya50jDIwDc3ThoauKL3CR4eMNKailFQH8q83orMd8FcH6S2YbszrI5m8QIFodTN10OqyIaz/zTNotEfm23A3I/pm6xKEUbQ2b5YCdlojf5otREeHKG1WeenqXXzBN2pRpPlvLb34qFPRQNkuz8J3Okg8/9wFexWLaetynpd/XCFlzTlfrsO6EqnwWGePqLe99U6opwPsdOEEdjQA41PjACyfdDmMoci54V4mQfcoLQMI6G4IFd5lkJT1ytILIL4TBBPuLO5Ai+gwIgglqAFBYqcCyYHjcQPGbaxbyinX5ZXr3d3d7YVo1k8/uvvP9rv8fMPWk5Lq+fEx3ewgq8+i4lMsH25l4rA+oooxkSJsp6iDdKDCyKYRl1ECq6lsSJQKMkBaBmJP7oGzLZvN9/AWmeMqpAVKGRikVSOFI5hXoUWAJoJ8puRb16LtxG5cOpX+1F7zvHN+fxrfliqjKyeUeUBbZe0EiF1XTjdi4nMaAt+LvHXlCoVcM2jJ+3Y4YuGCnAIRhUY9LraxX6ielyZO5CtlkCtCjgyW/G6Dr0Pr6092wiHLOR0DY7d3bqbf3d3pwQUGHjrVGlgAsvE+OuAoWaDv9ikuCYc/D4wNK0wW+3s+iucXaj3hH6PcJbISHtUP72OJaR5F3ZoVsgejFUIYIdX4RnsCW3mG+TaP9UOJkNkUXPyI2LTeEHYZKoLeAB0fPLKvm1bOPpLWQ4JAUJzqhkZMD1jrJzfqGcSNevKAY0pjyxjyRM0/ncmXTEpiGBnzhh8p1Pm96vKB/jTopbayAx+LNtF21hbraGUYVhPCzr5h198ux39zVJCV3+1qK3/cs38q1FP3rEFVua6+OACRl8sFuHAqSrueD1/9bpR9UR4FxxdZcwcQ62Tyf0kIMutoo1qwJz8ntMUlZCg5bszdAo5ULQPti5z9iVmUzzKx1LZdtO5SKzWXtvFEdjT1HkaApulCgE487jrVcvc79gytnC+aNdsDWaudxkvdkw7oIAXoDWEBizF7JD6Bm7e7WWJENIWfQpU6WgytyMgy+Oep0q3osLLYNv44ygluw9wVfayxcskx5cqH/QilQ+6JbHSLm3PAjyU7tYIcAHqxRgt9FiYg0FnlKeFAdywTala+u5Ry2kf0HgCYc6GQ2z/a2a1jGKx32CX704325iYfC3kTLiG2xXvDArFtnP5gXgLt3awSRqcANV5/bBha7JYToAPvm2ZD/J+kbgvVmI5wQ/fl/gmVyxb473+Zzt8gyIeQoDuS+tvdZ8XO1yBC8Gvbt2uTnMkXKBSbAQEHcgcBSc8ijYc9HdjN9Qb0db1Zxvg2y9tKzjDH2N6w8DLwyDOQmaBu0jojDNl1UaYBMSKhHbsVMBrPHGSwvmGqSAUMt6tVYknQCAoJ3bhvr4/N2wPjS5Xmc0LkoKqO2EQWyaHi3Q1Ksi70+NPhnTHyKynfqhwm5fVU0jPWSNXlvN/oprv6pGjXb6a+8Pg+koVJ3jbHPm+J0TNADxOByzT5IwLpRkvN9oGToy+FsfB7GtlOcRvbW1r69dmvuIQoGYbSWIb/u1pSrWRZVEDiGsU2CH9cbLS/EEy+aMv/WffqtSWFYDeJhk2wyxJ9iHcQqMIEoQKKeYT/kfgakXC+Y+fFRvmqWH8K/NSxJMrwxr4wSB25TW1WIohrhBNy6eJSBqUX2OGV7ioyj9xkVbwmLzjfPjKZZv6Akw15rgvBF9NZl2MZWYtHZmRVI6CO0XVkF1LQWiVvRsyXVvKq69Xg1f7ZiZCUdPQvNg+VqWowPrqn61rPqCC9mky4aLVJq2MgU0jRn0z4J1VYELFqU9H7j4gUJ9I8e0SShSO4VQpAUE1kFw7Yegno2SQyVkQxuC31uWYza3HWo3ljBgBLciMDdzdPPi3zVBGAfZONxuVk3tQncNrBb2HmeGfShLa2apryT+NpWB37L61AFSQrh6pTYc04yWgnv1tTkXWBfzRL/FHFdf38g+epnR7L+qQDVyN/0FOPn22K0M+XpBur99FA+49jc0X/75JjqfTlP3CBn/nenu/sxd1o+6eB2/j7z9dvn/Xxnf+xuJrueni/ra7vahD3ssBT9l2d++su3toyb2939m11dg80VU0pBOerst9/vGC4Phkw9l9GUvGVLdJwgacijYZZowNVNImMy4SOVOb9X558GQN7u/j7vYjxr2JkdWpnP4rwuAHX2cng/h51AtrfIas817+Rm9YlVrXLBNsXaZKDQeczYONYXt0tmiH7Ea7UWer2+1tQTYej6vQfydmzoK1dtFBwUovWtx/r1LGaeBPtbJuPrufYya0VG2SD3Kh89v2MM1mvLaH1xtaXAN+WX7sdqJuVVKuF9QgZvuOk9NI90C/ukmtZLSa1T/eHX9YRqcyzzltimbFVZ1V3ufksNOLur8TTUcbahPvCKY0vmbaB40qdPFRRbgYQagaVCzBP2F8qpSMuc2MMEMId7cPNhEYTQZr7XI9qE/LtJOhxCv68NvnPmCIQ2Swb8IiY7HMEjMcF6PUYqvpCG4TIBYih4giKBHqFm+METIG0N+3uNj6nTAR06nKEUrVtiZdE2SkFLag51MeB9ca1qkGEbXUx2coJpTMyAaLRhH5T8au2+QXnjE1ptn1JgQf8BuWzonXvMH4zugQslYrlOBCsGzhquIQBB+yyBULrMiGcxfaUe1vZfw3FyB5O3qInx13VSxvQa/UIxQC/tyFs7G2k4RbznLwlHjFMDpWjGKOHJqORiAL7JAfB66kW8DcjnujkMttxd4G/nOP2yE9b4cmO4T7+V1hY7mdoZ9wFWcMHAvVHWbHBAiC8Raty5BnbEbTVLVJBsyv2mi20oQMaEpFzDK1gmmzNgcUIHR+ipoiNhd1ucCe+nV5fbsx+iSWz8epzYwCDMAvsAoOMteKJ3dkmXupn6eCZXTAfdaeE/+1HxafA+YYKA20xEUFbZia1G4tXHnuwrewDEuZ3TiS643kgfJccugUAiPPs3jMNcPaZoCIrtGFwg2WKq5pL8dMMRdD51SiLb+/N4ahn/cUzBcz18Xni7NN8wcWnUjhQT9o8YLLXJEZeWv37WbpgrGoAP57TtO5GuU0SyL8GzKqf5+xwZil0+2h7EMoaLp9LeQsZcmImaG3Swj2Lek5U9FYT/75bzCQB6xMjOLZ/9psDPNzYc/uCql+w/fqny2H10qNcs1h4e7+18QlUEijNJFPSitRQcUyKzTL0uIURnoYnQiFVaBOe3yj1HY9sfAfF0tnQQcQP1urqEbV4ItmksLms2eW8kc4TeE0DGdrenvB9ohvWDThOmNYId/IsO0h/R3YPP0hvmF9uDHtB8CpfpwxqlnyzxNIz/fThrKVMzyLz75MpTKS4+QfZyGG/1Vb33NBJjT+eEGwhg/pRd1etN8O4/HK5LARvz9/OlmhKDqDShfr3iBOigae/qA5BVe3LE19czQtUcPuOFuWBGvTTAzmDmMrGjbOTzdddIgtX1KKqmo6LAle0kfkPLxXJ3n58sROYAd1d3B1ulZPj2VZfzamus9V32wBnmxaXq/yuB+9xuvnp//VsEZbWBeq0+ms0PQBQkPXlu19TDKG8fKLBUxJf7bSBhPXJlzzEZo/nhZuMTz3J5V1qRKmeUXiEd8acGG+BXdePOJ/NX/86Om43+2uQEbDeP21Mr+1ImVGVExFM6s2VgrrdrqH0SpMYcYXLItumEjkuvLkL22036IDHkAgCEINrUsm6CBdvihULDMWDYpyQrchM0wl1Y0q7IUZBkN+MipG9uqrE3WMxt3tRB0buGf+dB1mxoxMpNJEsRuWhUkjb4yKqeyI0lifRmNTiik1gbs2kNrTVHLtiDJhOuOxIhtUaxpfkxsIVyiiDDFf4wvX8zaZZvyGp2zEbA6pvQnXLMNE2s024ZMpjXUxanivbcbw45rXRhkMa4aykSEAky2UC+m7C5SABvXLqerAuluJjHOD8mZNU92L9lZbYiZueCahC89SV1lPtNZnIVh3LToVc+KzkYBL7Aq1yX1WCC5kecagM9EzWCLNJlOZPafVubQQ3bUwcPczoTpHQhuSJjyIhG6Xzmu3VvHj7YslKbxeXzkY8h9cHZqSx6MwnTc+/ON0szjsIWxcQ8FvTyNYBuBPKq65GIGLuvVOzqDZDUt4PmkhN7d+4qNxC5bAmGnkpmcW1YtPPyJwgqo6ILHiup9Lw1TFWDtRx4Yfz8GHmLAhF+WMTDNC8XBpjQIugie4InImWILaCxV0hL6nt+c/X1xGH7MRlh4iG/CFEZ7k88UW9kQQEnp/DXlgagVFf9pkNpZGGHDlEq21JGOWTkHug0ddsRiY02i2ICeM9jWVIrgs04xOFKFxJhUqzjOZpckCFhU3SSS40tFI3oDPYsuKImDXujDAy5HlWNUuyRq1C7/qjRoGBO4a6oGgcIcghQp6UJ4+9TSbZlxmXNuFIBkb0QwuhwMRcD8K1pR4M03sp77DD/llr3MUuh+h3tBJpWD+rTdRXBktIMXDAe9g0BIxG8s5JM1m+VLpaqBKlUtDTyXHWijpnKRyNLK1OKCHmxGmeJOT8BGHk9DVOSyKF3qKsDjXRscjAy5oxo0ec7H9/vz9WXk2YYN0BzKBZ+AApelcQZ4sZPE7KCV49K/9nv3FpfqHpeMwlFBhXRDzdhuSt/XYk4NqcmV+gJpSVxEMY0ccUzVmyvFb2FSpVEgzY0V0LSYrXJk3r6BoDlROKF2vDBiZymlu4Er8vR/eWyEgQcOiq02P3tmNXVSqi9DFUuuxqnvZ3R0VF2uqXQbFkQIrWyE9wkQj64A2q21dWeRKpyoKqnBd2SIddkT4OWhKerXCLchL/4qv0r/iz96z4lvtU/HSm8L+u++KP5tCnffqR/Fn6UHxJ+478X33mvju+kt8Xz0lvrc+Ei+9I8pE+D77RXx7PSJe+kI8WV+Il14QT9gL4nvv//Ct9nx46fPwgNV+Nibj/Xo7fJf9HL6THg7fd9+Gb6ZXw5aZ+TUZMLiqpiIeyww/bsUugtHez7zBZ0og/E8Y+8SVwrJnknnd3ze4qwK42UxTW4UU3MwG1EbPOCQvjaXSgaBGOtGU+yqjU6rH7uHgwQYAzb9TNs1YDLcQW3ATULwI1y7wiZfzmKhwiVQl+Ax+keYT9odLjl4MHsaxVx6e8BHGWb4mOstZeXSkSGlYGbYAxw/9Jr5ZgLpfHwijgav9UZ7BouBkTfgtQXqzQuFzt6IFg953TW8d2RDXqPtMRVwoHThL76QRuB/wXeLeJTxx2yJOZZ4UO+DEfHRxARmZME0Tqmnzpnhvf8Xgjrj0KgQQFvYITZI+PNB3Q5onY6YUBo+Fe6SEObwU8QkdsaKqS1E0YsK36CBOur2dRvlRMMi5GYGcn/rwRATXUcSyxw/k2KwUPCTTJGRUB5CBP0KoHK53LHXjw7cudzCHA7AIXbx9Go+Qf37lmZbg3spcy7JxMNuExmMuGOzxpSazL0TBC8vOFUZb9ZcQaLe/teys00yCFFty4ezjq69bxkaF1nf7HKVHG8d3YiGR8TXwqpULp+5zw/bC30DvMOdjmmILFBAK+JvZ4WosM91HyVzoE+44xvm2vExYcGx6sEjDDXT5lZIQwdMBqgb5H5uIFRCs+ZVGoi2Yykic1WcDSRdsqBVnrby53KT3n85WsiU/kMuPpx9fk5/kzKgXEzo1Qlaxv9ZgKR305PbDniyW58TLdAQhcpxrzt+Cb3/CTw2DnIuhDLnVHgtQn9XJmoBBzfeN7GnPjbOTizCz2BURVRGLVTSfpJF9DlPjaIY+VSHFVvFmpUyX9JVDF3P64qUp1dJyQwykTBkVS5J3WFAEEnCKZa/PK1U0yHlan7K+ov70bnUPT7udo9Zy4Hy8IDBDGBfTDEgsE9a4D26DRemM6Xi8PDBuFizGJ+aeA6/zAcsE0xAKYPnw7+F3DeMWv3udq6xAFYOSkAtvl6rFS3dK1hLQt/NcleJTmTSLnZU2c0CBqUS3Un1xzVR5gwy/70yfZEI+n5/WJwKTeUrjx0OqGLE+mUxqIv+Bk7kqOAsmqxgpD5/QDdiU021m/H//5/8qW/amDpKV4H958FkR/Nyf0OmUi5F9tvWXJTd2gJM92yZ0WgcZigiiD+zZwR3A1gy8resWKZZCgsrzQ+HCVp7zEDYjkrFpymOqmH7c7VOMu2ATJWyayvmkYsI/fOJi3AUTg3NvmKePjnIw8IKp79Ax7zuxH/bOaZsV6ofPi+Paw9uek8XJ/cl/0TCu/bE4s73DoOmMLcYmKx2w7MuyKr2dISqis29R6y3Gv8lUXnO6RXMtE64guaZA/1/xV3Jqf5mT8DkSeDXudBA1DBVqOBYOP+Qi16l9LkIPWjmXZgWPoXMt2+tzOfQABIWlmufktzm2F0x3RuOxrZOJbfV8QrMNDLJ17BmHhmK+Nk2SYx0FTTOdT90dGw6E3VImmEvtfZ7atgamE6YNYpnNr4J1YxrMHSx3Dl+Yj22bsAugQVYGTaGSv8KoifNP+IRlL8KTNoTSQ8JVCSRIz9AKKNNMQhtpPs1kksd6dUJCOI7fu3YYo4J73G6b9t7sUpr2lfK10jaCmTfvmDpI1l1xZnzX37B69ANeUCTLhTALzUUzHK4n6sqzf/75HRlDvw9jBsJ0llsBktuIHudZ5RqobIIumPUX31fP4TejyrO4NddprsdMaF+HBHugecd25W6nZVP4/1XmmaDpgFHdWu6u5wHXPLHMWJJPpgtF/sKzynYvcCFnWEcl2XIDuhKSY5ZOi6zyRQdIcHW6aPlvBYaQ40CnlEMyYUrRUXGKQuCsBU2htLclhOAONapDpFjW/xpgwf1QAFTBssAWyb1XKqwm5ga7a11qSnZ92jsI4KfXkqQSisMN2JimQzwUfGcxA94oo5MoeLsKVQgZzZPS2iwG7k4AYZ3McG4jyWG5rPZt8IQwQQ3xftn8L8MWRP6F/2yCdVKtS1r8C0ql+XjalRC03XChyvnn81MnqXGBvVq2EDWbebdGxHbujxXwggNxGcy89JtUl2rRFr8bmcJRt53ywbaVh+5/ydYWlF1fjS8vbTqlUVpSLorA0NuQqhg/68RqRXTC2uKFAdCMRaOB8DBc7oAO2mnadO/bIFyNKP48qUmFhRvnQVgsubd9q48nAutvq4E1fSKwPq0Gll3hxzt2Lqx0eODBI2fCaCvrOHiWFMEh281EofDVYb3rJGne2Y8KbAGrk84WqMVQVzTBJwdZBKLTAW1gugXiBgX2eYDtFNy60l0qck+ek7qJvTme6igypLP2E04MUCyQSfkAKfsVgPNz3wIfItBX80nKxbV6KiiPi+pwdmobZTqVXGjbKbHouoIXUlyQ7YTd3IqIebAfdPV+EnqHQE5922+u3A9LAf6YeuG9GNi2iFdjOVO2i0+wAjpjzPZtNapUXToEWQjkQbLBe6kS5tL+XH2n2vF7m1AY8kfUTgulMoowXUZmbBsrAGVRfA/LoSR8sYKigZjMoGKpRnOQcOVTH5Nm/hnmItb1I/sxUP1NDvqpHPWVpjpXfeseeSCuDl7rt/bYeZTtNM3YGjvrcXTPoOVD1bhdAiOw9wrfv2fYpZFqvtQhz+lUfbZOnG/Kh2P39nfow7kNsxcfzuNg9eLDWdqH82heiUISrM5Lxb53l514IthaaVCk8rbz7dE8Po+DBHalRRSyXKi798ajedIeBwEwZ1eBP6ZTDNpnVWPowSp30ak9mKRR4DR7tFa/VPKtOO68SuLiRuJFaH+p+MjFxCi27uHuXmfY3T/oJWx/dz8+PIyT7s4OpUmyO+wlB50l47qgMLwHL8zByXIBzVbjeZwWbTEF1+E+g6vfQiHjosF0qeozD8F6G9rTqpTHDP7c6vZ2du1ne4Bu9SIoqLwCAWIpdCZTuyHByOSi5LgZc5bRLB7P6/g1OSAbd+Vi/O4AD2YoaT1VdxLUNV/kz1usA62+EndAuoR30UOT8qUCeJfhigonrLDyHkzz3gLPHHgTHw7ukpDAmt4KznIX88vQTYy4+BLZiNMVqHa3R/Y+oQTrXekV3bE6o0JNZbYa4BC61wS3mqtUjpYEF/J0yqYtyNmMxYzfNEUxLJWWssR55lJK7jrQBlLqxzvKkuQwPjrYpSoZdrrJgPXYsLefHAzNF7393XjZJBSzzAay8BSDz46YzYdVoA+kcvRQ8t3pWVuYqYF1kuf3P0Yalbo76OVmdeA7/ZkcW3pAfWyqedhmrb5dhjQu94l5EuDdrA8EvmgF9EgMrfJVtK+ietHqaHglK1faVzpE0AVT2of3NUO9ALLjbMB1RjPfVC9sL29VaVZN2s8YTfqQCq9pJaZuUVUC26vK/nJrSq2Pqly4PRdtq2JLN7/X9G74vqZVy+o2C/6uCAVz4Ngi+dDB1UUHu9S9/x8AAP//VeJIAw==" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H37k2N5Mji6P/7KRRMxG3YawrbvPvG3A0a6B3O9usM9M45Z2fDyFWyremy5CmpAM+NG3G/xv16v0/yC2VKKtXDUAbc0D107APbVVJmKpXKTOUj5fG8g5oJagR4v+1OXWM9wc5e6uzHlNspK1rbh3416/McfLIif/AWtay2dMrzZyL7wR0jMx8Z4WkER4IqzgS0hYLDgDPV6jgoC8z6sdDrdvG/bWm32lC4i6Cp8hbJ2BVXVdVhyAzWwDvg7LDVpOqoRXfg5GMrgMKhiXRefHOLkXRknzOLnLARF3iLgxc04H8yvwlCvfEQSyHs8oy8oo4mD8nYmGbgTVUMzBPVCZ7H9R9yvG9FeTpK5TVcs2VJYTG9lRm5OP5kR8U+s8qDibDFjF8VUTlccM1pSs7/+wN0k2J6XW3YH+2gZsACFryrQV70Sld1Jisg03mNHn8ppICjCwTfUTs4OBatHURorHOsAGFbZGqWTcmaH2/NyA841YJhHRSiAriKgL/sz9ZKtMKbua6pxWFhR7R9aKktSqEqU4R4WA/IeWkCtJ8BCztiUKcGjNDfcoFMAfdV6Cy0bzcNVpBWSF0bcgQi2CwjRjhWTepjHH7LoVC+EkOvF00SotiUCs1jvD26gTOWCsJuMPyxUxLqXIGnbJSn5rErbtB1HZ3BbjeIsgzaaRSuNOfuzPwcI2M4uzEFilB3kKC/095UKs3TlDD0vmENG2yqaWzqwPcKBBvxoI0knc0yOcs41SydL2NcozN4VYoTcD0efXZhvPcZcPACZjrk41zmKp0jN8M7XsrDNavy+espV9Cn+OxTh1DnbgMPcS74DVHS8ElEyH8XlKXpNZ0r9LeXj2x67WByfH8Z2S9sP++yjiaMFlXcLCe5q4MFnuyIzy4NKJcRgnXZIQmbMXDaE2l1BiJF4Eg0x2klwoeqSORGSWixLouCfGxZHhyH0BS6JBctUmiupZBTmSsrCpDuxdceQNdCHgdaPzr/sFErhAMByjSeFJ4mJCVGiLKGE3q3t3dYxTl0wzzvggvtw4o+Bjg1h9v9Xcpxysi7d8clejRE67SJEA1fK9dghLgcKN4CHXgCeW9ZAkV0fakOyh2qkbHvgOxel/4IDY5fdkqPmYxiruerKgN4zPW8eXXeS6EzVmniC+BIoblgYmWlCT+UShLayWrwfZCZnpAjiDChDUDmQmfzAVeyoajQ45AOpyBn5x8hA6EG4fHRQrBWtZoWpMYFPaaCJnVKuSbyd4AzZnIAxnnTvO+kGHOdJ3hep1TDh7rD9/8ha6kUa6/J5v52tNfbOdjudshaSvXaa7KzG+12dw97B+T/fVUDcoVOnFefFcs23XlccXBS32O/Qyi6HFALkyMyzqjIU5qFxUf1hM1JDLXXjNpZKoVmz01ddhrxDDWqmAm8WIAUglRi+NSQZUXZKqfaFicUgpeS2WSuuPkDHYsdErttHQanfZDa0Mk8iBo4KKzm4JvCATlm0mFb924MpdJSbCZxbW0yNuZSrHKn/Qwz3LbRNv/zeBFcK9pqFqbGnfafORuyMqGq15g1GJqvMIuoBd/WGc+K9bNPVztG3zr7dLW3UT4zpjReAcLvj46bYanWUNfRA+5sX10Y29FaU5BcEmr/Q2qY9sPRhTeqbaE1btWtYiNKMsv4FdWMnLz/n41AkS1vADDRUkkTMqQpFTFsweDOT2Ykk7nZmRVN1eA5k62SOJZKlggJAClzz5cEaJYuoarVOkAzfT/FrJLVU1uGB2YUWbIvYnEMzWQZSwZNKuEjdhiHsMnxhCkdTOpohHN3AJHZjCUe5HzoNEm/5G+LhIxOEHIMw1kzciQzsjaSMrLPRbGcrhGuyFr4RbV8N16O2kCqhGFRRSixxmKujKFkW2KC6ZryLzZlCS/+VD4a8Rs/IjyzPtF69nprCx/BJ4yBtBGRCwxl0hKt/hs+9V7m4ZwoPp2lc6Lpl2Jd0dRNqdJEX0uS0iFLFVrVQmoIUcEiogb7i3cnykcpr8Uyyr+s1Q/CgBolrvBkXyU3+EmA6b2SMsrNbv49pylWkQ0CcVzYRKA0FGExGIrCbmI2Q+UGgiTgNbzDK7OKZfeIkDNBKJnRTPPAD0ZqEIDwsAWizX/t7za0wmtSoPLkqU0TjakoHGGkzFedgAK2n6uqIzRkqbxuZvPmPVHeNyFt166vryNGlY6mczsCMgbuDKr0WuRHPLOlsHGUCS3qzCKuGF7vpiki4tdUPuxHKh/2SpuvU2LiArxSZVLX1bYYY62De05IojPKU7NlZizjsqFQtkHAM9sdNwVazgaAxleQemw0YlAd3cxqGcViv84u3p1sdPAu74uQ18I5cUtgEStcOs5PDkLAsKzjlWCTRHUBWZ3XDxvktplVAj74tiUjSMVFQrFYiXbiEb4v8U2uWBatlmVCj0GRwuYj7oLLRyJHi45FKsi7k6NPRmQdIcYnfqiQV17VsWNTytMVIWfMUwITOPW7HrYYGen5yIn8T+Y4NAi/UsWBAAbwLREh6ZBlmpxyoTSzLFaiDdwDPBkD4lXwyjkQkVzZNfjiUvf2qtvehIPHfMsFYDYwKsK5QndOuBI4WR2IVVZHsZQCuQNR41oGPePDmBkM7UcBJQgVUsyn/I8gqBJJ6D9+xjY5fEQuAQvoFZ/ZDwa7S68MxFKMcK2qcToiadCvjBnYxFR3Fmp4HFayqwVT1oF4PP/Nk0m084mxKIWtNp3KMRd1pAORRkGk1UmRyXRlecy+3xowJMzkPJ5QaMLCuzCS9wsfUkEHNJlysdYhaxkDLVqMB9AO7a7w3jB4w1UXC6I33Fe3JkUx93YtFkCHv2E0M3gcihDFhGpqIbymisQyTVkMxTTstxcTpvzAkEYylzkZcZHgpvJbPJVjZfe2b0Th5oZ0OgyHWeKqms0mbMoymq6wl8mpm6O2Mbny4K/zEaQOY1e0jVorrwS2CXiWMKpAuX4bGYPiJAqbmVzaAUGEJZIpo3fWVckDujPa7XZHJWKsRCY1tHLxIUpCYBAPQuxsPEcSrqC6T8ZVILjlCJPkhEyY9eiXUC4u0X2FDWAYUMATVu+R5q29Wh+WEBib0T+lX5giXJOZVIoPscyG58/CpDB8ahhyynTGY+RZSAyvcG051cxsGDD84zylGcDrh2RTrl3foWqQ5wepbWQHx5w4wWwbQMaKFxTuyxIY4JOQJbIXlnEQQ4KpGaiKUE0uzXv2XDTHJHw01AdFkTYYw8n2PttlwxHrUrYX7xzu95MhOxx1e/s7tLe3vT8cHvR39kd7JX5c0fVCSaN0zIahN4F0AmpVImlFw4vQq8TuTJDvkFBo+YWmqbzG5U+40hkf5mFqhx3D5uhkOWQteb8GZK2VdRz0u7iAKKUpFBYAv3WxQ4R31wTgn+G3MVWAwamxTnlsM/lKu8ipO6EHBB3GudI+eoQExv0bRrVqGgRNZHssQROima9+4h81C3lZKGaYfToyGwN9bEELpwYnS4jHpt1uZSaSCVvpHafjJupZAqasyJmAE/S1RFnkWcmM4F52UtGp/eY32KZBzHdYGQjKAUCcDaZLdoJFcKh7sVhcUQ5d4yk/qD1OPGQuNdaN1o6XKiI5AKHOURUAzLO45kEAcJlRLQ9GBgQzvUsxLe1kyZR49arQL6E+oQ14AG8sIOdn61S8szJzQNqEwrCSYqHHStjRXIxzriZ+1YpNCVvanBckn5WOenvOSWVAJaG5YOvDWLoIptz9kxcJxfAVKVTmmkLAOO7ZIJsoFTyNLVJTKjBqVLEGNcHNt9m1/3plCa2CVPRHDbbA+gY4fgXXsh2zolohoPK6pISlzwl4sVJ/E435Bn22pCf4EzpQzB0mwSSnboHORjiIzPwYNGMV6Ko7dIHovXaa02VJql7eIXVLy9EY8v44K/LPcsVXtyA+brZkW9RXpZDBWpJUyi/GBKM2VZZp7ChasS2CIrNeutepsR31o53QzoLw2pKZVXxzi5WFTzk7yOUP12KtiWJwf4RSzIVT21jjLbw4jposK8MYQfCzYQxajsfu2HvnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwviO0O7yXt/HdBU6LIpiDWWIpFE+wV+aEgYoETTyD4loYvvsXf6Ri7DN4REUZb7VoQkeGMjEdr4eh+meBjY/3K35sZxnFNMz9tLHtAG+RY0HQfYDFGZqfc1TwWGJelif38wzktvR9CeR+CeR+CeR+JoHcuCddscNC7D1hNDeC9BLN/RLN/TggvURzt6fZSzT3SzT3txTNjWfF84jmBlhWHM1tEb4jipmm1mQotqL0Ac6NkcxBVrCxacAoFuNnH9m9kBzRA+nxDCO722tqXzG8u4Hnnzy8O9QfX8K7X8K7X8K7X8K7X8K7X8K7X8K7X8K7Hw2Il/DuR2HAl/Dul/Dul/Dul/Dul/DuW2lW6u+HqNuwg4vim8VhB2u2O5jZbClVio/mLl6UQl8FqD5O41hiyT0o7IlzEU1vpJDT+a8Wwl+9kmMQfn928fMpObq4+D+O/wE9N0cZnTLo5PCrqEUmmD1t8C1BUgxs4cCLdm+18MyXOUefztnJeYd8+PvbXzpQEHzDhZJREsvp1MhaC3JUDA0RO4BQpGmseRz9FSDyjT/CUu4TPp5Y7daX7ZTOTDNjFOMiRL+u8emMxvrXtY2oNBWLJ7Cfo7+GZKhNCnfCxaBfuAB3BSirNJ5A2UxfNxt83xojYHCeDixYHMvpLOUKQz3HkqYIXTHur2tB1XVhhJ8xuDDkxYCO/VHbBA34Vf4Kx5TlQz9l0e04z7B9sas3jhcujq9KmjwuOvzuF8XHqMNe9NSMyFs/lR2Lly6FiDNbfI9aCICFSqNi7GvWE2ZsHGxmpgkXY6Y0CAt0HDKdSTVD4yHwEWg6HiN6rlBhRZiEO65sgCJfr0zJWTOMzdGPhtQs8aQj3n/bLiy5YoTW5MOvHtFf7SidkslI1tlN5EsBU61p/CWacp0xKAWMr6iti6Nut9vfIhtrVfLgL02EWaFWtVbiVxdR2JZIIU1q8vThRKrTqNw/qkKmVdfEBjbyk0BTiGdErHD4OuHajlKmqz8EvsrW9NLtobvTDbQcOd1bauui1909bOA++H4Bhb4TG32tlEiy9IqEyxBy96pW5FhOp9Qm4p0jFmKMkVuzjLl8kPpqPZGoaE3PkI51Zl8dPdu/u4CwKh9+LakBfiQUHeGsD5XE4VgPI2+321skRKJu+y4eC4j7rAXOYpmy5FLdKlZWvVSf5DXLzicsTR+4Vk8jblqTOiRv8/G6clIv935Ll4OtQO78Dbb9xjKdyCk0JAor5pc8AyMZ58r5SIv2Hq6WPuFasXQEpxOHzr1Q7z+dE3olOTQ220zYTE9874PCsEMQbqLd7qEdNWaZjcOHZAC2RC/0mM8mK2txd45do7lIwNi0jSxwSmS7JM/81zZ1KiBpTUC+Ox+cHp/8dDr4+fxo8MvZxU+Do9PzQa9/MDh+czw4/+mov7vXdkPaOoIB7VZEhU+n7zddz3OlqUg2aSoFK62ahKRI30TMwga3in4HgsMEU1CmObZM2GQ3cZorfgUC9LKO0iCeUC4uieIitpeDYUtcgleqmLvvq/GnXNX9fe/PzqKodYfGRZCs2pMZ0jqYvJbVWKJ+4QKZQMrF4rW41xoUiWpuFai2V8XlpP8Rz5QusYXLYJ74qPGyBxYXZa1D3F9LdMxDOCdUTaJpsruihTkuSSYxNso3Fzpoa/P+ZJckHPxIckROTn/261dOyYMKCi22zFtMg1VcaSZie+NuW5tSNbGdhMM4C39xX6wG3p4ULfvz2YxlkDYM9KquRPft/t7x/tv+8e7um7cn+ycHpwdvDt7uvHn75m33+PD0+D5roia092SLcv7TUe+bX5XD0+3D7ZPD7d72wcHBwUn/4KC/t3fcPzns7fZ7Oye9k97x8emb/tE9V6c4ap5kffq7e80r5GkYJIE+fIWKUXGlHmff7B3sv93b2zvq7u6cvu3tH3UPTvtv+729/unRm53jN8fdk/7e7mnvZP9gf/fN6f7Om7fbx/u9/vHRYf/k6G3rdn8WR65UvjJd56RIqmdJaNP8xmIff4QQuE+gwjUeRLZdT22Vak6ODz/ajGrys5SaHB91yMfPP56JUUaVzvIYbmIuGJ12yMnxjz7q4OT4RxfL2J58v9HtVR3f9tocKsEUqXc4ry0TYnTpCYb4zcmMZYbVDIudn7/bKvRrQiZUJGpCv9SjRpIdtjvsHSR7w93deL/X3+8fHG73+734cG9I+zvLcpOQekBHuhVDJcXilpmGarZ1wSFk0+vI1xMmXHZsSRlQREgIa2ZZkCYc7kye1LWEfrff2+ya/1x0u6/hP1G32/2fZTUFg+8QKnV8RYStStQa2d7hfvcxkMWM5EcOr6q0/1aSxBQytw0bfzizMlWzNC01IMPkWteq3die9V6LlnpcEYpdg+2NtzWmiJYR+QUzr73YNg+XumGiHPfjjpmh/IzbHOAwOt9mAdfoD5GzWGMhiuWyNEdZ+ZTyuSaRC0nsyXKnRJ7O8TcQxSelJqWPJIlVPsPb3QHa0isPELHTNOsOJSMev5mwNJVNBssCC76/uzf4+/F7Y8FvH+wYe6Z48PT45LZH/bqs3cv+udntHkY0hYQaza8YbPlV0fMdR23NcV0wrw1jXz8/+rARYaiAmcfs1Wxu6N2kJmD3da7nGCMQsC3c1w5zbaNHMBkK4sSKfDOjxZ18OCchxoSsm6GueZrENEvURgeGLsWisvr9/au/Btv+XkuAmlGE4K5S7ro1sGE1IAjWjz9AN0wDhOHkkJKexjWkneZllHHyEx9PyJFSeUaNjW+7dx0va1yUaQGpviunAyYUrx9vQOqlqqL5uXVr4gYcklDqrnJZG8T7+sl9VvX4x8/nHfLR69VnIgZBDkdbkQPQCXXvBg7w++kxOAFSgIsk5FWxgpvGyaJ3G1XivDfMYqTIPzm7fgBCYUmMFSMVTqXI+scHbPQzET8SzjQd5IKvStVpQp2mxMxoKPD5HiSocP8DyACV0QYyG0Cg2eouvvxZi5XYMuLm8yftRYecQ9japxqfH9OUj2QmOL0Ppo9hGYKNRHVQjbiFKbjAKup3+93N7v5mb490t1/3dl9vH/6fYBrdF7kHm4F3Yle1+xZi1jvc7B4AZr3XO93X/d37Y4Y5VoMvbD6g6djsg8l0ZcafHb+pP75PCPvC6hvx5/N7HSQBbnGeXa1q013gPd5VeKnMCEtT80BsfyqwI57O9asu/5OvalejheBKz3b7rcMlFhCE3cykKPLo71OV6tQO4ZczYRm/qi2mv0Nqgdze7u72viO+SNhNNYzifsgq/kebxV+EKCQk8z98XGiwlmpGY7ixGvKGCN9+d+fgPqArlnGaDlrXDXtAegpO5SqCwXFVWLqNp2TVaV4Yo66gS+FpSWcTKnKoZdQp11ornObXXE8kGG2pUVaM5eU96H7oeEIzGkOBhiqRd3ffvnlzeLx/cvrmbffwoHt40usfHx/dS2IoPhZU54Z6KxaGZ+UMs5DUHohQUvzCSMaM+cYMfVSY34pH+0jmEFZB/i7JOyrG5Dibz7QkKR9mNJtH5JwxH1Yy5nqSD41SszWWKRXjrbHcGqZyuDWWvai3s6WyeCuGAbYMYeB/orH84d329v7mu+3d7doy4O3M5j1FtXUOPI0prLwt7MCoIqcmNGNJNE7lkKZeJyx6TN4T16cwdR/H0nU4PAdTtyqqnKMJi0YtsHXPL34s9N0OeffjORXkrbFiuYplYAt3jAUUgeW7Ei54NmZuiQAPweip7dxFm7i0oI+F4DMwaiv43gulP4GBaiMDVqtVBWWvzaRWzamx4nZrBFZotywIVCwsGZ/6Dp0F8DqkgxeXdAalcpvqFCgWz/q7e1lrC4UpTYcpCPYWmA6lTBkVTQi9wZ/IKKUltGxhnot350SwsdQc76WuKZT5iJlSozw1iqdXqaAYNDdP2bhXQZgAfch8zoVgaevtJtiNHrgQ2K+6lD7udsjgK4CbJRH5ZCseYVgLCYq+QKHfow9HtqCQ0Rucznh9fR1xKiiEIVNltNQpE1pt6VRtAiaG8w0Omzjuwh+im4mepj/QdCY2HYybPFEblVAorFwWGA2pvIYsUVXnOgPlVi9qzXQZU/l0pQzHVSVYGhjOzgup0R5bw143qOBUubQ1m9n+3M8ystfCtmxkbx2lp4rsXQTJiki8ysjecC3utQbPM7LXwvndRPa6ZfqWI3vDNfk+InufclUeO7K3sjrfSWRvyxUqRv0GI3stjiuN7D1fKoa3FrtbnBEIa82U+yoxvHby3+j2yoLFmoN4ceJHC+LdPtzZ2enR4d7u/u4O6/e7+8Me6w13dveH23s7vWRJejzWVa3SdDqrxbTaAM7nEMQb4Psot7fLIPzVg3gtsqsNKD1vHTpaEcgNAqAWXLQyAfAS7/h08Y7hEvzZ4x0bafGNxTs24PAcLoG+sXjHBio+m4uge8U7NiD01PdAK493vAPnZ3A19FXiHRvI8J1eJ4WYfnfxjlXkvp94xxCz7y3ecQFuf954xwUE+T7jHRcg+y3EO4agv8Q7fsV4xxLhX+Idv168Y4nw33m8YzOu31a8YxMOz8HU/XbiHZso+GzM3HvFOzZh9NR27qPGO96F4DMwapeNd2xC6U9goH6T8Y7l6/hHb0aAqlmpO5q7Vp7RTNm4LPheZnzMDfNhFFrDhU3Ub+0Ed2ux4jDAD4b6Kf+DJRgqB1fVPgoQDpEQzbtQdAVDFyLo2W5Ghatu3IRTHaMF+DS2GKp30DHzuV4h8DmWWKnfiAmd0Zj5dkJH+HDG7MUU3OPLmTHDISTPNRyBiE8KcXpFv0JKMvZ7Dt0eJKECwgfsuLbZBuxcCq2uh4bYv+csm9sWQwX3j0aH9ODwoDfcj+Nkl/6lBUkRi69I0yrZ4DPWUQ3aO9peM9jFryCZDUgbMmNSEi3HzJCq3G3Qjmw7QTnCTqhIUjTB/CTQz3fTBk6yxNFaVem6Mxwd9kfbu/v7w+2dhO7R7Zgd9g+TLuuynf3tvTI5Haxfmahu2tb8Gr5jWzq63ri+kSi0NJkyqvLMWpTAxJ4pLQN7kods7A6JCjG73VF3b5/S7pAedvvD/YB4eYYCyxYO/vzzO/i4uHDw55/fuZLAtrMKsdV70PiTZkp7HmJvVfOKwmtI+6QD3uA/zBi0dCSJvBaGPSRR8YRNWcf3X51RPbHvS+LCZtvUAl5tv7wT7GbnmmBladAMtVw3KuyreSaIktAhVjEjhQw9p3SOJa1tPPrZJ4PtliGhoSs240vnHe9foNWGngIagJ7ZclhmbOwAGjRjvwZ3xVi65tSXtuYVUi6EEBEygBXtaUnKNctoCs3b/ZhMxKm0jsLLf13CGl3++5Ksn51evCU/vz32g/b3t/sbCFP4YOELcf4UiPIdMtd1KXGBpQ5cPyKCXevd2VCxyycjuHj1VXEElOqHxraecBgsa6Srm7xBDbFb2KMGvASxuokLo0sZTXCX6FKT1troXBEIF1BME26kkA2Z7hi+FFIbMZ/NoW76BI7B8vuVwd202HuXTHOlYZCh78mcNPSdRacZPDxkZG0mxkFZK/P6WmS+C+b6ILWNNr7Gom4WL9BrSk2IPaSKrDuzVdMsGv+x0QHM/Zi+N6wUYeCfZ6z1tfEfax2EB0dY26jz08x6p4KmWuNpO2fzvXjoU9G32YoVAldRuAl+uAyEjJaztcp6Xf5wiXdL5TbBDuhKg8RRnj6iuvpkjVzORtggw5wz0LqNT43ctO3b5jKH2uyFVJwH3KC0DAO4uCCXeZZCL9pLyIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6vXOzvaWYjSLJ3/7/Uf7PX7+QctZafWc+PgOVvDVZzGVCXZd91IRWF8RxZgoUdZTtEF6cEEE06hCScG1NMYPCiU5BOUo8SfukNmu8+YbWOuMURWyAoUEMpLKser4MxE6F2gmyG9GvnnjwwYSg7JSbaPtOcf3FPSv+WGpMrL6mioPaKekTAmp68LpXkxkRlvwc4m/ZlSpgGsePdfIDl/0gYBDMKrAoFfV5fYT1ZPK3IFstQRaq4AjsyVvGdFp8tqa4Y1wyEJO1+DY2anfTuzsbJeAArt0lSoNTGCZGH8dMtRs8Beby9eEg98HhqYVZqudXX+Dswv1ntBdE84SGWlPy8qpkOZd2KFZIXswxCKAPbKabYb3eTDfMNf+qU4wGSKLmpMfEXvdC8KmM13AA6Djk5f2bdt50t8lc8hjEJpTzciQ6WvGymmZ+lqiQVA5oDFTk2UsGazWlrkILNFiUhDBzgoz+M5mzO9XlQ/xp0WdwJEZ/Fi2+bcxEtdGUobRSGtmQdbCL6oSFDVKS9eEaZZNuWCJOXljrlhqk0AoJARaF0Zxu63y0Yjf+BHhGch9fb21hY/gE5HMxhsRucjmrr/ubJbJGz7FuA6ujJ2j+HSWzokGq7WubJqlTOmQpYpc8zQFVQzOo2uWpoD9xbsTVQiaWEb5l7W6aK8Ga3l/HBjHq+KDcxh9sViEA6equGNUweXrRtUT4V1wdJUxcwy1Sib3k4Ast4o2qgFz8ntOU1RCgk71ztAp5EDR9dh6+tlNzGZ4lE+ksl2yc5FYrb22iyNwA1DnIAlslioE4IPkrsUuc79jp9vCZ6RdjziYud4cvdgxnYAChXVfRWjIUkxqqW/g5t1elgghbdEVQpWOpnM7ArI87nmq9FpUdT3YUUp2H+Cq7B2Rl0mOL1U+7EcqH/ZKYqVT2p4FeCjdrRHg4uqLMdbQ0WIOBp1RnhYGcMM2par1lamWswGg8RWEORuNsGuxmdUyisV+nV28O9nooKfli5DXwvUJrziVUCh2nKcSxFu4tYNN0uAEqM5bOG6CjmqxnAIffNsyH+T9InFfrEQ7wQ/fl/gmVyxbYTjCZzt8gyIeQgCvOjex+7zYTwxcCNcB1lvsNEfCBSrFRkDQocxRcMKjaMNBWzp2Rb0RbT2Wtm+//dJ2sDP8MaFXDLw8DMJDZBa4i4TOOFNWbYRJQKxI6CJPBbzGEycpnEubCkIhUd9alXgCBIJyaheuVUu6CRVjpqLV7vqwuzV6jGU2L0gLKu+UQWicHC3S2agg706OPhkSHiHTnvihwu3eviS6xR0SkFbIwOUMp/b1kix45vB85JCfVbYZNRi/UsWR3zE6gu99UbMYj9IhyzQ55UJpxsWyxAHufjLuhdmfmn2RBCtr8lu/ZPT1mQB723ZTzZVm061ZSrURoUtzOWKxwqMkXEWcbFkQgwT+R+exz749rC3lAP1kMmxAWjqWRnDzj3JTECqkmE/5H4GfGMnvP35WbJSnZhNempcinlwaHsQPBsFLr2bGUoxwnWlaPgpF0qC554oly7NrlVHjItvjMZnU3VGoIgm4NYh1LrwvkKsUtOcTmVl7TmYklePgwlc1pD5TkLTL0iKT6cpSln29IQzNMDMRiiqX5sVutbpVBZ1X/1r7wodU0AFNplysdchaxsC4E+OBGXCJKj7fnfbjr5Wdgv+nVPAK7J+pilcA+KLk3UqeP7GaVyXCt6roVfF4lqpeAeSLsvcQZa+g4zNW9wogXxS+kBp/CpXvKTSCMLbpeR/27cNjHkETcHB+r4d8Gb9neX6XQfz6R7Ob/+XUXXjqOhI91YHq64o/17Oyvcx6wEHqo1/+DGekptmY6T+l68Ci/kz9Bha6569HPIHTwNLme1UmlqXAs1Q3lkXiWfoKLIQvKstDHAWWiM/YS2AhfLZqz1d0EVhSfMe6TxhUNKBjlysThBaR4tsWAUY4hgszEpAnD/VypwxjyCkZZvI6yEz2e/RiwuY2m0NN5DUx54kg12zo0m0h98MMxcW4CEi3ifa5B9UFg7ePCUqYGf5rCV07W3Ut+aeJFOwOy2MlABWkqxdfoiOa8RJQzz7TqSISA/4YlPijiut7+QdPU7q1G3XJOq7G/0WOP322K0M+npNef9DD4Mb3NDZf/NcGOZrNUvYLG/6D66297m7Ui3q7Hrz1f/x08f5dB9/5O4u/yA1XymOr14+65L0c8pRt9XZPezsHltxbe90d22DJE11FIzrl6apSSz6eExyfrLuYyIwlE6o7JGFDTkWHjDLGhirpkGsuEnmtNmoExCdrcH8feY0fsZSFGFsFzyn0IkwM9q0zMiiJhWpsjc+Qdd7L3+gVq1LrC8sEW5UBVsMBZ/NgYyUOer1oh+xEO1F3s9frb0KBTR5XoX/WptmD19ol/AcrvWhx/6tKGWcOfK2VdfPZ/RwzoaXqkHyYC53ftodpds1re9gAtjKVX2Go+KWdx9ZAAM2fajaWGf8Dn5BVJLnQ0i+uEdH2QBtmkiZQiI9lsVHiQbZxpgJ74KN/XDEykmkqr83ItlNfkZMMeWPrvsrPxmuScpHfdMiUxkBRwW+K1AZL13oBh4/nZC7zV68yc/5TyGKAgHmbpGNTalOudMcm3AdZEZjk74ecyVlu7KEkIp9SRhUjKdMkV5A/QIZzQyhhZqACC2/iVKfH5x1D1VkmZ1IxwoNsOpok0IWxHgEPaLbVl6WKVltYqsbnbUVXrxv1qofqakENKnbdoWQZRSBQxa9Se4haJfyf744+tFG/zXNO8aZZkfFozcE5Oej2o97vRNPxutrAVKsZjb8w7UsGKcyUoIpwMYaiItCvAv+E8alSMua2Lp4ZQrgUabDDwVA3WPuNSX1RXjsZHo6uV6PfKR8wUzwy2DdhkbFYZokZjotxarHVdAxJWSAdcijMAA0i3eJNsNCAAfT3TS42fydMxHSmcoRSdawboQkyUsr+1vMZj4PsMJubAMVWqE9zV0womZF1Fo0j8j+MfemQX3jG1IRmXzYgh5tfsXROvJEGTqOMjqBmcYUSXAiWLVxVHILgQxa5YoEVWXdZF3ZU+1sZ/40FSN6OHuJnx10Wy1vQQ2n3FyfO07mXv1x4CWVwFw28Yhgd+wUxRw5Nx2OQBXbIj0PX0Ctgbse9Ucjl9hRo4D/3uB3S83boJoKqKX5X2EpezrmUcBVnDJxZ1R1mxwQIgvEWrcuIZ+yapqnqkAyYX3XQB0ITMqQpFTHL1BJW8Mocp4DQ2QkaFYYlikrQnvp1ed32zFmhkfxxZutiAgbgZFoGB5lrxZM7aox7qZ+ngmV0yH3NVif+az8sPgfMMVAaqEW+F22YmtSSv1xz5sIN1SrZChW4lRZEgOZMcuQUAiPPs3jCNcPOVoCIrtGFQvCPKrJdL0ARtKVInPa86ff3+ii8wTgBS9fMdf75/HTD/IEtB1J40A9avODqFsqMvLX7dqOUp1n0f/49p+lcjXOaJRH+DfW0f79mwwlLZ1sjOYCKOumW0fdSloyZGXqrhODA6c5MRRM9/dd/wkAesDIximf/vdFYLcVVj3KZeHU18dW/1hxeS9y3xqk5LFwK9Yq4BNoolCbyJUlLVFCxzArNsrQ4hT8nLPICbTWgS3d8pdRWvazsP89b18AOIH62BnSNqsEXzSSFzWfPLOWPcJrCaRjO1vT2gu0RX7FoynXGsD+6kWFbI/o7sHn6Q3zFBpB4OgiAU4M4Y8Zg+tcxFGf304aylTM8i09vZlIZyXH8z9MQw3/X1vdMGOvo4znBDi6kH/X60V4nLGtSJoe18n7+dLxES2wGfQ5WvUGcFA3ujkDzwStOrm5ZmvrmaFqiht1x2pYEK9NMDOYOYysa1s9ONlySvW1eUSpO0XRYEsx1jshZmJ5M8vJ1nJ3ADurujut0rZ4ebVn/ekL1gKuB2QI82bC8XuXxwuSv8vrZyb8b1mgTuwJ1u90lWv5DhZ2V1fo+IhnDsmOLBUxJf7bSBsuWTrnmYzR/PC3cYnjuTyrrUiVM84rEY7455MJ8C57feMz/Zv740dNxr9dbgoyG8QYrZX5rRcqMqJiKZlZt7BPV6/YOomWYwowvWBZdMZHIVVVJv7BFUxYd8AACQRBqaF0wQYdp+5ZAscxYNCyaydyGzCiVVDeqsOdmGKyckFExtrek3ahrNO5eN+ra+ifmTzJk7qZhKpUmil2xLKy998aomMqOKI31aTQ2pZhSU7iWBak9SyXXjihTpjMeK7JOtabxF3IFgTiFRxPL3t1wPe+QWcaveMrGzFYQttEXmmVYRnmjQ/h0RmNdjBrGUpgx/LjmtXEGw5qhbFQUwGTbpELx5gVKQIP65VR1YN3NRMa5QXmjpqnuRrvLLTETVzyTwozW6tbzK631aQjWXYtOxZz4oo7AJXaFOuQ+KwR39zxjZnz1DJZIs+lMZs9pdS4sRHctDFwTTqnOkdCGpAkPCkp1Sue1W6v48fZFSwqv1lcOhvwH14Wk5PEoTOf1D/882SgOe6i+paHds6cRLAPwJxVfuBiDi3rtnbxe65C19yzh+XQNuXntJz6erMESGDONXPXNonrx6UcETlBVByTE+RVzaZiqGGs76toqTnPwISZsxEW5sK0ZoXi4tEYBF8ETXBF5LViC2gsVdIy+p7dnP59fRB+zMTaeIevwhRGe5PP5JnbEF1JszjI54oGpFbR86ZDriTTCgCtXr1pLMmHpDOQ+eNQVi4E5jWYLcsJoXzMpgntVzehUERpnUqHifC2zNFnAouIqiQRXOhrLK/BZbFpRBOxaFwZ4OdKOVe2SrFC78KveqGFA/SNDPRAU7hCk0D8NmpOnnmazjMuMa7sQJGNjmkEcQSAC7kfBmhJvpon91Hf4IW92u4eh+xG6zRxX2qXfehPFldECUjwc8A4GLRGzsZxD0myWm0pPe1XqWxl6Kjl2wkjnJJXjse3EQC7enRMjTPEmJ+FjDieh63JXtK7zFGFxro2OR4Zc0IwbPeZ86/3Z+9PybMJGqQ9lAs/AAUrTuYJyw1AM3UEpwaP/xe/ZX1zF9LBxGIavKuwKYd7uQA1sf88LEX+X5gfoKHQZwTB2xAlVE6Ycv52c/rzJhDk1yi3qjZjxkeW2tL958xJapkAB+tL1ypAV18j+3g/vrRAQ83KkJrS/u3e54dE7vbKLSnURLhs2m625l93dUXGxpjplUBwpsK8R0iOs12gd0Ga1rSuLXOpURUEPpkvbosGOCD/HKWdCW4K2vwWhKWxUc6xApsGq4j59wyrbVC6Y19Z9XD8/+rARYaSemUeRK5rNjeSPK9sR1APXRxMVhWBNwLUzhEaYZhtCNCauXNGQwnD5yYdzEmJMyLoZ6pqnSUyzRFm1vJTAweptM1/9Nah+3VrL8F36n6BNo+/SeL9G5g396pfvU+/xf4rWjaqKWvvejRbu59CucbnVw26NvhujUaE65OPnHyu92aE/4y0r7ffKfVf82bRpfG+YwkiFf3J2vSQST92Z8X4b90zED8DzGTRoXA7tCmcvifp32shRSD2Ali4t0Ll3/30hoQsBy9r04O93N7v70IN/+3Vv9/X24XI9+A1CeB+1SozAx9AGm97hZvcAsOm93um+7u8uh03Qa33VjbOPfBd5F/KDV/q61ni+iuUSrakDfKB9/wotVRgfcbGBKixNzQOx/SnoNh/0Aw8sMNKyub6xRWe7/dZXAQERmG3134IOi5ron9ohig4PLINS2+VFw3CGdgjt7e5u73szNGE31Xvw9ggq/kebRV6EHLgc+B/+QiNYMzWjsTG4yJDruhbe7+4ctHebZJymq+1fa1MTcSp3BwpHi2fP5lMMXCAgaJRmIg790yN7Mw2lyWFlZxMqsPVsh3AdRHGjVaqt50CCMZQaBQKuMWYzDO72Qxed8GqE3d19++bN4fH+yembt93Dg+7hSa9/fHzUvjm9c0+sXKCdlROVS53MHRDhzv+FQZDjdMrgaicsro5Hr3OnkL9L8o6KMTmGRv4k5cOMZvOInDPmb0bHXE/yIUQujWVKxXhrLLeGqRxujWUv6u1sqSzeimGALWOjw/9EY/nDu+3t/c1327v1XjtG/d7d21xC3H733f+/1Y7/L13+H7Daz8ZkvF9n/++ym/930sH/++7a/8106t80M78mQwZX1VTEE5nhx83YRTDa+5k3+EwJhP8bxj52HYXsmWRe9/cN7qoAbjbT1DZzBDezAbXRMw7JSxOpdCCokU405b5Z44zqiXs4eLABQPPvhM0yFsMtxCbcBBQvwrULfOLlPCYqXCJVCT6DX6T5lP3h8ugXg4dx7JWHp3yMcZavic5yVh4dKVIaVsJmsV/hh0ET3yxA3a8PhNHA1f44z2BRcLIm/FqQ3qxQ+NytaMGg913TW0c2xDXqPlMRF0oHztI7aQTuB3yXuHcJT9y2iFOZJ8UOODYfXVxARqZM04Rq2rwp3ttfMbgjLr0KAYSFPUKTZAAPDNyQ5smYKYXBY+EeKWEOL0V8SsdBNdiiAsmUb9JhnPT6243yo2CQMzMCOTvx4YkIrqOIZY8fyJFZKXhIpknIqA4gA3+EUDlc71jqxodvXe5gDgdgEbp4+zQeIf/80jO14N7KXG3ZOJhtSuMJF2wQZEPfPpl9IUyfbjtXGG01aCHQbn+r7ayzTIIUa7lw9vHl1y1j40Lru32O0qON4zuxkMj4C/CqlQsn7nPD9sLfQO8w52OaMmgfDUIBfzM7XE1kpgcomQt9wh3HON+mlwkLjk0PFmm4gS6/UhIieDpApSr/YxOxAoI1v9JItAVTGYmz/Gwg6YINteSslTfbTXr/6WxDUPIDufh48vE1+UleG/ViSmdYDeBvNVhKBz25/bAni+U58TIdQYgc55rzt+Dbn/BTwyBnYiRDbrXHArS5dLImYFDzfSN72nPj9Pg8zCx2vRhVxGIVzadpZJ/D1DiaoU9VSLFZvFmpZit9A8bFnL54aUr129wQQylTRkVL8o4KikACTrHs9XmlioY5T+tT1lfUn95rvYOTXvdwrR04H88JzBDGxTQDEsuENe6D22BROmM6nrQHxs2ChSjF3HPgl3zIMsE0hAJYPvxH+F3DuMXvXucqK1DFoCTkwtulavHSnZK1BPTtPFel+EwmzWJnqc0cUGAm0a1UX1wzVd4gw+870yeZkM9nJ/WJwGSe0fjxkCpGrE8mk5rIf+BkrmDSgskqRsrDJ3QDNuV0mxn/1//3/ytbIakOkpXgf33wWRH8PJjS2YyLsX127a8tN3aAkz3bpnRWBxkKV6IP7NnBHcDWDLwtARgplkKCyvND4dwWKfQQNiOSsVnKY6rKFTbJg7m5GHfBJkrYLJXzacWEf/jExbgLJgbn3ihPHx3lYOAFU9+hY953Yj/sndM2K9QPnxfHtYe3PSeLk/uT/6JhXPtjcWZ7h0HTGVuMTZY6YNlNW5XezhAV0dm3qPUW499kKr9wuklzLROuILmmQP8/8FdyYn+Zk/A5Eng17nQQNQwVajgWDj/kItepfS5CD1o5l2YJj6FzLdvrcznyAASFpZrn5Lc5thdMd0rjiS2pOqGlhGYbGGTbgTOuJwVdE5LkWEdB00znM3fHhgNxqNw8xVxq7/OEePEZzeiUaYNYZvOrYN2YBnMHu0bDF+ZjxybsAmiQlUFTaIiuMGri7BM+YdmL8KQDofSQcFUCCdIztALKNJPQRprPMpnksV6ekBCO4/euHcao4B6326a9N7uUpn2lfK209WDmjTumDpJ1l5wZ3/U3rB79gBcUyXIBleq4aIYjz9L7zf7553dkYgz7iTEDYTrLrQDJbUSP86xyDVQ2QRfM+suEwTYo8LumyrO4NddpridMaF+HJCNCam+FVe921mwK/3/IPBM0HTKq19rd9TzgmieWGUvy6WyhyF94Vtkm8C7kDOuoJJtuQFdtdMLSWZFVvugACa5OFy3/rcAQchTolHJEpkwpOi5OUQictaAplPa2hBDcoUZ1iBTLBk8BFtwPBUAVLAtskdx7pcJqYm6wu9alpmTXp72DAH56LUkqoTjckE1oOsJDIeEjKB8BdR3GGZ1GwdtVqELIaJ6U1mYxcHcCCOtkhnMbSY7KFdhvgyeECQrSD8rmfxm2IPIv/GcTrJNqCdviX1AqzcfTLoUgCkosmf/57MRJalxgr5YtRM1m3q0Qse37YwW84EBsg1lF34WIMSqSQcpFFcZFe/5u7ArP3VbKh1tWQLr/J5ubULJ/OUa9sPmVRosxwPpI0TZYVqyiVWK3JFphffrCMrgdm0YL4mE43QHlJ6onLh/8NkiXI44/cGpiY+HOehAWLTe/A2v8lcD6+3Jgzb4SWJ+WA8uu8OOdS+dWWjzwZJLXwqgzqziZWsrokO2uRaER1mG966hp3tmPCmwBq5PWFqjFUFdUxa8OsghEqAPawHQLxA0a7vMA22nAda281DCBPCd9FPu8fK2jyJDOGlg4MUCxQCblQ6TsEwDn574FPkRgoObTlIsv6mtBeVSUj7NT2zDUmeQC6ljbo94RWCZgWG8l7OpWRMyDgxnVk69J7xBIMzfuKa7cD60Af0z98F4MDLXoIZPnWtmOUMEK6IwxMmSpvCZGlapLhyBNgTxINng3VsJcXqArAFU7fm8TCiP+iNppoVRGEebTyIxtYYmgLIrvYUmUhC+WWDQQk2soaarRXiRc+dzIpJl/RrmIdf3IfgxUf5PDQSrHA6WpztXA+k8eiKuD1zq2PXYeZTtNM7YLjcSldc+gJ0TV+m2BEdh/xeWAZ9jWSDXf+pDndKo+Wy/PN+XksXv7O3Ty3IZZcSp8z86d78Op8705cx7NPVGIhOV5qRAA7loUjwZbVQ3KWd520D2a6+dxkMC+y4hClgt19954NJfa4yAAdu0y8Md0huH9rGoVPVj3ZtARg1+xcJJGgdPs2lr++sk37bjz0omLK4lXpoNWkZSLiVFs3YOd3e6ot7ffT9jezl58cBAnve1tSpNkZ9RP9rstI8CghLwHL8zWyXIBHXzjeZwWvVYF1+E+g0viQjPjosGGqSo2D8F6C7oiq5THDP7c7PW3d+xne5Ju9iMovbwEAWIpdCZTuyHB2uSi5MGZcJbRLJ7M6/g1eSIbd+Vi/O4AD2YoqT9VvxJUQF/k2FusDC2/EndA2sLN6KFJeatQ3zZcUeGEJVbeg2neW+CiA7fiw8FtCQms6a3gtLvCb0M3MebiJrKxqUtQ7W7X7H2CDla70kv6ZXVGhZrJbDnAIcivCW41V6kctwQXMnrKNi7I2YzFjF81xTu0SmBpcZ655JO7DrShlPrxjrIkOYgP93eoSkbdXjJkfTbq7yX7I/NFf28nbpuuYpbZQBaeYvDZEbP5sAr0gVSOH0q+O11sC3M6sKLy/P7HSKNSdwe93KwOfKc/kyNLD6ikTTUPG7LVt8uIxuWOMl8FeDfrA4EvmgY9EkOrfBntq6hztDwaXsnKlfY1ERF0wZT2gYDNUC+A7Cgbcp3RzLffi+XUsDJEc1lVmlXT+zNGkwEkzWtaib5bVL/AdrWyv9yafOvjLxduz0XbqtjSze81vRu+r2nVsrrNgr8rVMEcOLacPvR6dXHELsnvfwcAAP//sXHMsg==" } diff --git a/journalbeat/pkg/journalfield/conv.go b/journalbeat/pkg/journalfield/conv.go index 47214c3f91d..703a1c677f6 100644 --- a/journalbeat/pkg/journalfield/conv.go +++ b/journalbeat/pkg/journalfield/conv.go @@ -19,6 +19,7 @@ package journalfield import ( "fmt" + "regexp" "strconv" "strings" @@ -84,7 +85,7 @@ func (c *Converter) Convert(entryFields map[string]string) common.MapStr { fields.Put("journald.custom", custom) } - return fields + return withECSEnrichment(fields) } func convertValue(fc Conversion, value string) (interface{}, error) { @@ -106,6 +107,91 @@ func convertValue(fc Conversion, value string) (interface{}, error) { return value, nil } +func withECSEnrichment(fields common.MapStr) common.MapStr { + // from https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html + // we see journald.object fields are populated by systemd on behalf of a different program + // so we want them to favor their use in root fields as they are the from the effective program + // performing the action. + setGidUidFields("journald", fields) + setGidUidFields("journald.object", fields) + setProcessFields("journald", fields) + setProcessFields("journald.object", fields) + return fields +} + +func setGidUidFields(prefix string, fields common.MapStr) { + var auditLoginUid string + if found, _ := fields.HasKey(prefix + ".audit.login_uid"); found { + auditLoginUid = fmt.Sprint(getIntegerFromFields(prefix+".audit.login_uid", fields)) + fields.Put("user.id", auditLoginUid) + } + + if found, _ := fields.HasKey(prefix + ".uid"); !found { + return + } + + uid := fmt.Sprint(getIntegerFromFields(prefix+".uid", fields)) + gid := fmt.Sprint(getIntegerFromFields(prefix+".gid", fields)) + if auditLoginUid != "" && auditLoginUid != uid { + putStringIfNotEmtpy("user.effective.id", uid, fields) + putStringIfNotEmtpy("user.effective.group.id", gid, fields) + } else { + putStringIfNotEmtpy("user.id", uid, fields) + putStringIfNotEmtpy("user.group.id", gid, fields) + } +} + +var cmdlineRegexp = regexp.MustCompile(`"(\\"|[^"])*?"|[^\s]+`) + +func setProcessFields(prefix string, fields common.MapStr) { + if found, _ := fields.HasKey(prefix + ".pid"); found { + pid := getIntegerFromFields(prefix+".pid", fields) + fields.Put("process.pid", pid) + } + + name := getStringFromFields(prefix+".name", fields) + if name != "" { + fields.Put("process.name", name) + } + + executable := getStringFromFields(prefix+".executable", fields) + if executable != "" { + fields.Put("process.executable", executable) + } + + cmdline := getStringFromFields(prefix+".process.command_line", fields) + if cmdline == "" { + return + } + + fields.Put("process.command_line", cmdline) + + args := cmdlineRegexp.FindAllString(cmdline, -1) + if len(args) > 0 { + fields.Put("process.args", args) + fields.Put("process.args_count", len(args)) + } +} + +func getStringFromFields(key string, fields common.MapStr) string { + value, _ := fields.GetValue(key) + str, _ := value.(string) + return str +} + +func getIntegerFromFields(key string, fields common.MapStr) int64 { + value, _ := fields.GetValue(key) + i, _ := value.(int64) + return i +} + +func putStringIfNotEmtpy(k, v string, fields common.MapStr) { + if v == "" { + return + } + fields.Put(k, v) +} + // helpers for creating a field conversion table. var ignoredField = Conversion{Dropped: true} diff --git a/journalbeat/pkg/journalfield/conv_test.go b/journalbeat/pkg/journalfield/conv_test.go index a6514a95545..6625d8e1dc1 100644 --- a/journalbeat/pkg/journalfield/conv_test.go +++ b/journalbeat/pkg/journalfield/conv_test.go @@ -39,8 +39,10 @@ func TestConversion(t *testing.T) { sdjournal.SD_JOURNAL_FIELD_BOOT_ID: "123456", }, want: common.MapStr{ - "host": common.MapStr{ - "boot_id": "123456", + "journald": common.MapStr{ + "host": common.MapStr{ + "boot_id": "123456", + }, }, }, }, diff --git a/journalbeat/pkg/journalfield/default.go b/journalbeat/pkg/journalfield/default.go index a8b3860e956..7c852a44c53 100644 --- a/journalbeat/pkg/journalfield/default.go +++ b/journalbeat/pkg/journalfield/default.go @@ -28,9 +28,9 @@ var journaldEventFields = FieldConversion{ "COREDUMP_USER_UNIT": text("journald.coredump.user_unit"), "OBJECT_AUDIT_LOGINUID": integer("journald.object.audit.login_uid"), "OBJECT_AUDIT_SESSION": integer("journald.object.audit.session"), - "OBJECT_CMDLINE": text("journald.object.cmd"), - "OBJECT_COMM": text("journald.object.name"), - "OBJECT_EXE": text("journald.object.executable"), + "OBJECT_CMDLINE": text("journald.object.process.command_line"), + "OBJECT_COMM": text("journald.object.process.name"), + "OBJECT_EXE": text("journald.object.process.executable"), "OBJECT_GID": integer("journald.object.gid"), "OBJECT_PID": integer("journald.object.pid"), "OBJECT_SYSTEMD_OWNER_UID": integer("journald.object.systemd.owner_uid"), @@ -45,21 +45,21 @@ var journaldEventFields = FieldConversion{ "_UDEV_DEVLINK": text("journald.kernel.device_symlinks"), "_UDEV_DEVNODE": text("journald.kernel.device_node_path"), "_UDEV_SYSNAME": text("journald.kernel.device_name"), - sdjournal.SD_JOURNAL_FIELD_AUDIT_LOGINUID: integer("process.audit.login_uid"), - sdjournal.SD_JOURNAL_FIELD_AUDIT_SESSION: text("process.audit.session"), - sdjournal.SD_JOURNAL_FIELD_BOOT_ID: text("host.boot_id"), - sdjournal.SD_JOURNAL_FIELD_CAP_EFFECTIVE: text("process.capabilites"), - sdjournal.SD_JOURNAL_FIELD_CMDLINE: text("process.cmd"), + sdjournal.SD_JOURNAL_FIELD_AUDIT_LOGINUID: integer("journald.audit.login_uid"), + sdjournal.SD_JOURNAL_FIELD_AUDIT_SESSION: text("journald.audit.session"), + sdjournal.SD_JOURNAL_FIELD_BOOT_ID: text("journald.host.boot_id"), + sdjournal.SD_JOURNAL_FIELD_CAP_EFFECTIVE: text("journald.process.capabilites"), + sdjournal.SD_JOURNAL_FIELD_CMDLINE: text("journald.process.command_line"), sdjournal.SD_JOURNAL_FIELD_CODE_FILE: text("journald.code.file"), sdjournal.SD_JOURNAL_FIELD_CODE_FUNC: text("journald.code.func"), sdjournal.SD_JOURNAL_FIELD_CODE_LINE: integer("journald.code.line"), - sdjournal.SD_JOURNAL_FIELD_COMM: text("process.name"), - sdjournal.SD_JOURNAL_FIELD_EXE: text("process.executable"), - sdjournal.SD_JOURNAL_FIELD_GID: integer("process.uid"), + sdjournal.SD_JOURNAL_FIELD_COMM: text("journald.process.name"), + sdjournal.SD_JOURNAL_FIELD_EXE: text("journald.process.executable"), + sdjournal.SD_JOURNAL_FIELD_GID: integer("journald.gid"), sdjournal.SD_JOURNAL_FIELD_HOSTNAME: text("host.hostname"), sdjournal.SD_JOURNAL_FIELD_MACHINE_ID: text("host.id"), sdjournal.SD_JOURNAL_FIELD_MESSAGE: text("message"), - sdjournal.SD_JOURNAL_FIELD_PID: integer("process.pid"), + sdjournal.SD_JOURNAL_FIELD_PID: integer("journald.pid"), sdjournal.SD_JOURNAL_FIELD_PRIORITY: integer("syslog.priority", "log.syslog.priority"), sdjournal.SD_JOURNAL_FIELD_SYSLOG_FACILITY: integer("syslog.facility", "log.syslog.facility.name"), sdjournal.SD_JOURNAL_FIELD_SYSLOG_IDENTIFIER: text("syslog.identifier"), @@ -71,7 +71,7 @@ var journaldEventFields = FieldConversion{ sdjournal.SD_JOURNAL_FIELD_SYSTEMD_UNIT: text("systemd.unit"), sdjournal.SD_JOURNAL_FIELD_SYSTEMD_USER_UNIT: text("systemd.user_unit"), sdjournal.SD_JOURNAL_FIELD_TRANSPORT: text("systemd.transport"), - sdjournal.SD_JOURNAL_FIELD_UID: integer("process.uid"), + sdjournal.SD_JOURNAL_FIELD_UID: integer("journald.uid"), // docker journald fields from: https://docs.docker.com/config/containers/logging/journald/ "CONTAINER_ID": text("container.id_truncated"), diff --git a/journalbeat/pkg/journalfield/default_other.go b/journalbeat/pkg/journalfield/default_other.go index ca3d26c9266..5e25ccbf134 100644 --- a/journalbeat/pkg/journalfield/default_other.go +++ b/journalbeat/pkg/journalfield/default_other.go @@ -26,9 +26,9 @@ var journaldEventFields = FieldConversion{ "COREDUMP_USER_UNIT": text("journald.coredump.user_unit"), "OBJECT_AUDIT_LOGINUID": integer("journald.object.audit.login_uid"), "OBJECT_AUDIT_SESSION": integer("journald.object.audit.session"), - "OBJECT_CMDLINE": text("journald.object.cmd"), - "OBJECT_COMM": text("journald.object.name"), - "OBJECT_EXE": text("journald.object.executable"), + "OBJECT_CMDLINE": text("journald.object.process.command_line"), + "OBJECT_COMM": text("journald.object.process.name"), + "OBJECT_EXE": text("journald.object.process.executable"), "OBJECT_GID": integer("journald.object.gid"), "OBJECT_PID": integer("journald.object.pid"), "OBJECT_SYSTEMD_OWNER_UID": integer("journald.object.systemd.owner_uid"), diff --git a/libbeat/_meta/fields.ecs.yml b/libbeat/_meta/fields.ecs.yml index e3bfd964a51..d3e0aeda3b6 100644 --- a/libbeat/_meta/fields.ecs.yml +++ b/libbeat/_meta/fields.ecs.yml @@ -1,5 +1,5 @@ # WARNING! Do not edit this file directly, it was generated by the ECS project, -# based on ECS version 1.7.0. +# based on ECS version 1.8.0-dev. # Please visit https://github.com/elastic/ecs to suggest changes to ECS fields. - key: ecs @@ -1356,7 +1356,8 @@ description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and + index this field, consider using the wildcard data type.' example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 index: false @@ -1413,7 +1414,7 @@ ignore_above: 1024 description: 'Reference URL linking to additional information about this event. - This URL links to a static definition of the this event. Alert events, indicated + This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field.' example: https://system.example.com/event/#0001234 default_field: false @@ -2214,6 +2215,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: os.type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: os.version level: extended type: keyword @@ -2973,6 +2989,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: os.type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: os.version level: extended type: keyword @@ -3081,6 +3112,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: version level: extended type: keyword @@ -5296,7 +5342,11 @@ description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain - name. In this case, the IP address would go to the `domain` field.' + name. In this case, the IP address would go to the `domain` field. + + If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC + 2732), the `[` and `]` characters should also be captured in the `domain` + field.' example: www.elastic.co - name: extension level: extended @@ -5437,6 +5487,85 @@ provide an array that includes all of them.' type: group fields: + - name: changes.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the user is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: changes.email + level: extended + type: keyword + ignore_above: 1024 + description: User email address. + default_field: false + - name: changes.full_name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: User's full name, if available. + example: Albert Einstein + default_field: false + - name: changes.group.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the group is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: changes.group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: changes.group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false + - name: changes.hash + level: extended + type: keyword + ignore_above: 1024 + description: 'Unique user hash to correlate information for a user in anonymized + form. + + Useful if `user.id` or `user.name` contain confidential information and cannot + be used.' + default_field: false + - name: changes.id + level: core + type: keyword + ignore_above: 1024 + description: Unique identifier of the user. + default_field: false + - name: changes.name + level: core + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Short name or login of the user. + example: albert + default_field: false + - name: changes.roles + level: extended + type: keyword + ignore_above: 1024 + description: Array of user roles at the time of the event. + example: '["kibana_admin", "reporting_user"]' + default_field: false - name: domain level: extended type: keyword @@ -5444,6 +5573,85 @@ description: 'Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name.' + - name: effective.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the user is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: effective.email + level: extended + type: keyword + ignore_above: 1024 + description: User email address. + default_field: false + - name: effective.full_name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: User's full name, if available. + example: Albert Einstein + default_field: false + - name: effective.group.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the group is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: effective.group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: effective.group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false + - name: effective.hash + level: extended + type: keyword + ignore_above: 1024 + description: 'Unique user hash to correlate information for a user in anonymized + form. + + Useful if `user.id` or `user.name` contain confidential information and cannot + be used.' + default_field: false + - name: effective.id + level: core + type: keyword + ignore_above: 1024 + description: Unique identifier of the user. + default_field: false + - name: effective.name + level: core + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Short name or login of the user. + example: albert + default_field: false + - name: effective.roles + level: extended + type: keyword + ignore_above: 1024 + description: Array of user roles at the time of the event. + example: '["kibana_admin", "reporting_user"]' + default_field: false - name: email level: extended type: keyword @@ -5509,6 +5717,85 @@ description: Array of user roles at the time of the event. example: '["kibana_admin", "reporting_user"]' default_field: false + - name: target.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the user is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: target.email + level: extended + type: keyword + ignore_above: 1024 + description: User email address. + default_field: false + - name: target.full_name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: User's full name, if available. + example: Albert Einstein + default_field: false + - name: target.group.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the group is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: target.group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: target.group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false + - name: target.hash + level: extended + type: keyword + ignore_above: 1024 + description: 'Unique user hash to correlate information for a user in anonymized + form. + + Useful if `user.id` or `user.name` contain confidential information and cannot + be used.' + default_field: false + - name: target.id + level: core + type: keyword + ignore_above: 1024 + description: Unique identifier of the user. + default_field: false + - name: target.name + level: core + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Short name or login of the user. + example: albert + default_field: false + - name: target.roles + level: extended + type: keyword + ignore_above: 1024 + description: Array of user roles at the time of the event. + example: '["kibana_admin", "reporting_user"]' + default_field: false - name: user_agent title: User agent group: 2 @@ -5580,6 +5867,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: os.type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: os.version level: extended type: keyword diff --git a/libbeat/metric/system/host/host.go b/libbeat/metric/system/host/host.go index 0d143ed2499..6f5c9c15849 100644 --- a/libbeat/metric/system/host/host.go +++ b/libbeat/metric/system/host/host.go @@ -53,7 +53,9 @@ func MapHostInfo(info types.HostInfo) common.MapStr { if info.OS.Build != "" { data.Put("host.os.build", info.OS.Build) } - + if info.OS.Type != "" { + data.Put("host.os.type", info.OS.Type) + } return data } diff --git a/libbeat/processors/add_host_metadata/add_host_metadata_test.go b/libbeat/processors/add_host_metadata/add_host_metadata_test.go index c41c7696635..6120269395c 100644 --- a/libbeat/processors/add_host_metadata/add_host_metadata_test.go +++ b/libbeat/processors/add_host_metadata/add_host_metadata_test.go @@ -75,6 +75,10 @@ func TestConfigDefault(t *testing.T) { v, err = newEvent.GetValue("host.mac") assert.NoError(t, err) assert.NotNil(t, v) + + v, err = newEvent.GetValue("host.os.type") + assert.NoError(t, err) + assert.NotNil(t, v) } func TestConfigNetInfoDisabled(t *testing.T) { @@ -118,6 +122,10 @@ func TestConfigNetInfoDisabled(t *testing.T) { v, err = newEvent.GetValue("host.mac") assert.Error(t, err) assert.Nil(t, v) + + v, err = newEvent.GetValue("host.os.type") + assert.NoError(t, err) + assert.NotNil(t, v) } func TestConfigName(t *testing.T) { diff --git a/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc b/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc index 21d308b23c1..c2a3b52994e 100644 --- a/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc +++ b/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc @@ -57,6 +57,7 @@ The fields added to the event look like the following: "id":"", "os":{ "family":"darwin", + "type":"macos", "build":"16G1212", "platform":"darwin", "version":"10.12.6", diff --git a/metricbeat/cmd/root.go b/metricbeat/cmd/root.go index 2681a2a381d..8da887270bb 100644 --- a/metricbeat/cmd/root.go +++ b/metricbeat/cmd/root.go @@ -43,7 +43,7 @@ const ( Name = "metricbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd to handle beats cli diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index d67075d4adc..96dff72d890 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -11734,7 +11734,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -11787,7 +11787,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -12978,6 +12978,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -14052,6 +14065,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -14222,6 +14248,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -17373,6 +17412,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -17548,6 +17588,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -17558,6 +17711,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -17661,6 +17927,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -17777,6 +18156,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/packetbeat/cmd/root.go b/packetbeat/cmd/root.go index f05e2bb9d36..e2fbb373d2f 100644 --- a/packetbeat/cmd/root.go +++ b/packetbeat/cmd/root.go @@ -37,7 +37,7 @@ const ( Name = "packetbeat" // ecsVersion specifies the version of ECS that Packetbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc index d024fa12917..3475f2c6e91 100644 --- a/packetbeat/docs/fields.asciidoc +++ b/packetbeat/docs/fields.asciidoc @@ -3952,7 +3952,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -4005,7 +4005,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -5196,6 +5196,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -6270,6 +6283,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -6440,6 +6466,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -9591,6 +9630,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -9766,6 +9806,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -9776,6 +9929,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -9879,6 +10145,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -9995,6 +10374,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/packetbeat/include/fields.go b/packetbeat/include/fields.go index 1f2b1015f55..323eff798ee 100644 --- a/packetbeat/include/fields.go +++ b/packetbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h71+VGbmRB+P95CgQd8bU0H1UidVdveCfUlNrWjvoyLbV9zhmfoMAqkIRVBOgCSmx6YyP2Nfb19kk2kAmgUBdKpFrsVrfl8HhEsgrITCQSmYm8bKhN+6Md1AxYwIJ3NciLXumqzmQFZDqv0ePfCing6ALBd9QODo5FawcRGuscK0DYFpmaZRPS8uO1jPyAUy0Y1kEhKoCrCPjL/mytRCu8meuaWhwWdkTbh5baohSqMkWIh/WAXJYmQPsZsLAjBnVqwAj9PRfIFHBfhc5C+3bTYAVphdS1IYcggs0yYoRj1aTu4fDbDoXylRh6vWiSEMUmVGge4+3RJzhjqSDsE4Y/tktCnWNv/GGemsduuUGX/8mKC2WDKMugnUbhSnPuzszPMTSGsxtToAh1Bwn6O+1NpdI8TQlD7xvWsMGmmsamDnyvQLAhD9pI0uk0k9OMU83S+SrGNTqD16U4Adfj0WcXxnufAQcvYCYDPsplrtI5cjO846U8XLMqn7+ecgV9is/ftwl17jbwEOeCfyJKGj6JCPmPgrI0ndG5Qn97+cimMweT4/vryH5xjSQr62jCaFHFzXKSuzpY4MmO+PTagHIdIVjXbZKwKQOnPZFWZyBSBI5Ec5xWInyoikRulIQl1mVRkI8ty4PjEJpCl+SiRQrNtRRyInPl+vID3YuvPYCuNTgOtHFy+XazVggHApRpPC48TUhKjBBlDSf0fvfguIpz6IZ52gUXlg8rehfg1Bxu95OUo5SRi4teiR4N0TrLRIiGr5VrMEJcDhRvgQ48gby3LIEiur5UR+UO1cjY90D2oEt/hAbHLzulR0xGMdfzdZUB7HE9b16dN1LojFWa+AI4UmgumFhbacK3pZKEdrIafG9lpsfkBCJMaAOQudDZvM+VbCgq9DikwynI+eU7yECoQdg7WQjWulbTgtS4oD0qaFKnlGsifw84Iyb7YJw3zXshxYjrPMHzOqUaPtQdvv+TtFIpWi/J1uFudNDdO9rttEkrpbr1kuztR/ud/ePuEflfL2pArtGJ8+KjYtmWO48rDk7qe+y3CUWXA2phckhGGRV5SrOw+KgeszmJofaaUTtLpdDsuanLTiOeoUYVM4EXC5BCkEoMnxqwrChb5VTb4oRC8FIyHc8VN3+gY7FNYretw+C0t1IbOpkHUQMHhdUcfBM4IEdMOmzr3o2BVFqKrSSurU3GRlyKde60DzDDXRtt65+9RXCtaatZmBp32j9zNmBlQlWvMWswNF9hFlELvq0znhUb5+9v94y+df7+9mCzfGZMaLwGhN+c9JphqdZQ19Fn3Nm+uDK2o7WmILkk1P4H1DDt25Mrb1TbQmvcqlvFRpRkmvFbqhk5ffOfm4EiW94AYKKlkiZkQFMqYtiCwZ2fzEgmc7MzK5qqwXMql0riWClZIiQApMw9XRKgWbqCqlbrAM30wxSzSlZPbRk+M6PIkn0Ri2NoJstY0m9SCR+xwziETY7GTOlgUkcjnLsNiEynLPEg5wOnSfolf10kZLSDkGMYzpqRQ5mR1lDKyD4XxXLSIlyRVvhFtXw3Xo7aQKqEYVFFKLHGYq6MoWRbYoLpmvIbm7KEF38qHw75Jz8iPLMx1nr6cnsbH8EnjIG0GZErDGXSEq3+T3zivcyDOVF8Mk3nRNObYl3R1E2p0kTPJEnpgKUKrWohNYSoYBFRg/3VxanyUcqtWEb5Tat+EAbUKHGFJ/s6ucFPAkzvlZRhbnbzHzlNsYpsEIjjwiYCpaEIi8FQFPYpZlNUbiBIAl7DO7wyq1h2jwg5F4SSKc00D/xgpAYBCA9bINr8z/5uQyu8JgUqT57aNNGYisIRRsp81Q4oYPu5qjpCA5bKWTObN++J8r4JaduazWYRo0pHk7kdARkDdwZVuhX5Ec9tKWwcZUyLOrOIK4bXu2mKiPiWygc7kcoH3dLma5eYuACvVJnUdbUtxmi1cc8JSXRGeWq2zJRlXDYUyjYIeGa756ZAy2kf0PgCUo8Nhwyqo5tZLaNY7DfY1cXpZhvv8m6EnAnnxC2BRaxwaTs/OQgBw7KOV4JNEtUFZHVeP2yQ22ZWCfjg25aMIBUXCcViJZYTj/B9iW9yxbJovSwTegyKFDYfcRdcPhI5XHQsUkEuTk/eG5F1ghif+qFCXnlRx45NKE/XhJwxTwlM4NTvethiZKTnIyfyfzXHoUH4hSoOBDCA74gISQcs0+SMC6WZZbESbeAe4KsxIF4Fr50DEcm1XYMvLnVvr7rtTTh4zLddAGYDoyKca3TnhCuBk9WBWGd1FEspkDsQNa5l0DM+jJnB0H4UUIJQIcV8wv8MgiqRhP7jR2yTw4fkGrCAXvGZ/WCwu/bKQCzFENeqGqcjkgb9ypiBTUx1b6GGx2Elu1owZR2Ix/PffDWJdjk2FqWw1aZTOeKijnQg0iiItDopMpmuLY/Z91sDhoSZnMcTCk1YeBdG8t7wARW0T5MJF602aWUMtGgx6kM7tPvCe8PgDVddLIjecF/dmRTF3Nu1WAAd/obRzOBxKEIUE6qphXBGFYllmrIYimnYb6/GTPmBIY1kLnMy5CLBTeW3eCpHyu5t34jCzQ3pdBgOs8JVNZuO2YRlNF1jL5MzN0dtY3Llwd/gQ0gdxq5om7VWXglsE/AsYVSBcv02MgbFSRQ2M7m2A4IISyRTRu+sq5JHdG+43+kMS8RYi0xqaOXiQ5SEwCAehNjZeI4kXEF1n4yrQHDLISbJCZkw69EvoVxcovsKG8AwoIAnrN4jzVt7tT4sITA2o39Cb5giXJOpVIoPsMyG58/CpDB8ahhywnTGY+RZSAyvcG051cxsGDD84zylGcDrh2QTrl3foWqQ51upbWQHx5w4wWwbQMaKFxTuyxIY4JOQJbIXlnEQQ4KpGaiKUE2uzXv2XDTHJHw01AdFkTYYw8nuIdtngyHrUHYQ7x0f7iQDdjzsdA/3aPdg93AwONrZOxwelPhxTdcLJY3SMRuG3gTSCahViaQVDS9CrxK7M0G+Q0Kh5ReapnKGy59wpTM+yMPUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8dvY6oAgzNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPtXjGrVNAiayPZYgiZEU1/9xD9qFvK6UMww+3RoNgb62IIWTg1OlhCPLbvdykwkE7bWO07HTdSzBExZkTMBJ+iZRFnkWcmM4F52UtGp/eY32KZBzHdYGQjKAUCcDaZLtoNFcKh7sVhcUQ5c4yk/qD1OPGQuNdaNthwvVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx4kWhX0J9QhvwAN5YQM7P1q54Z2XmgLQJhWElxUKPlbCjuRjlXI39qhWbEra0OS9IPi0d9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzSbZQKngaW6QmVGDUqGINaoKbb6tj/+mWJbQKUtEfNdgC6xvg+BVcy3bMmmqFgMrrkhJWPifgxUr9TTTmG/TZkp7gT+hAMXeYBJOcuQU6H+IgMvNj0IxVoKvu0AWid+Y0p+uSVL2+R+qWlqMx5P1xVuSXcsVXtyA+brZkW9RXpZDBWpJUyhtjglGbKss0dhSt2BZBkVkv3evU2I12or3QzoLw2pKZVXxzh5WFTzk7yOUP12KtiWJwf4RSzIVT21jjbbw4jposK8MYQfCzYQxajsdu23vnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwvie0O7yXt/HdBU6LIpiDWWIpFE+wV+aYgYoETTyD4loYvvtv/kjF2GfwiIoy3mrRhI4MZWI6Xg9D9c8DGx/vV/zYzjKKaZj7aWPbAd4ix4Kg+wCLMzQ/56jgscS8LE/upxnIben7HMj9HMj9HMj9RAK5cU+6YoeF2PuK0dwI0nM093M09+OA9BzNvTzNnqO5n6O5v6VobjwrnkY0N8Cy5mhui/A9Ucw0tSZDsRWlD3BujGQOsoKNTQNGsRg9+cjuheSIPpMeTzCye3lN7QuGdzfw/FcP7w71x+fw7ufw7ufw7ufw7ufw7ufw7ufw7ufw7kcD4jm8+1EY8Dm8+zm8+zm8+zm8+zm8+06alfr7Ieo27OCq+GZx2EHLdgczmy2lSvHh3MWLUuirANXHaRxLLLkHhT1xLqLpJynkZP6bhfA3r+QYhN+cX304IydXV/9f7x/Qc3OY0QmDTg6/iVpkgtnTBt8SJMXAFg68aPdWC898mXP06ZyfXrbJ259e/9qGguCbLpSMklhOJkbWWpCjYmiI2AGEIk1jzePobwCRb/wRlnIf89HYare+bKd0ZpoZoxgXIfqtxSdTGuvfWptRaSoWj2E/R38LyVCbFO6Ei0FvuAB3BSirNB5D2UxfNxt83xojYHCeNixYHMvJNOUKQz1HkqYIXTHub62g6rowws8YXBjyYkDH/qjLBA34Vf4Cx5TlQz9l0e04z7B9sas3jhcujq9KmjwuOvzuF8XHqMNe9NSMyGs/lR2Lly6FiDNbfI9aCICFSqNi5GvWE2ZsHGxmpgkXI6Y0CAt0HDKdSTVF4yHwEWg6GiF6rlBhRZiEO65sgCJfr03JaRnG5uhHQ2qWeNIR7z9sF5ZcMUJr8uE3j+hvdpR2yWQkG+xT5EsBU61pfBNNuM4YlALGV9T21Umn09nZJputKnnwlybCrFGrapX41UUULkukkCY1efr5RKrTqNw/qkKmddfEBjbyk0BTiCdErHD4OuGWHaVMV38IfJGt6aXb5+5ON9Bq5HRvqe2rbmf/uIH74PsFFPpObPRWKZFk5RUJlyHk7nWtSE9OJtQm4l0iFmKEkVvTjLl8kPpqfSVRsTQ9QzrWmX199Fz+3QWEVfngS0kN8COh6Ahn/VxJHI71eeTtdLqLhEjUWb6LxwLiPmmBs1imrLhUd4qVdS/Vezlj2eWYpelnrtXXETdLkzokb/PxunZSr/b+ki4HW4Hc+Rts+41VOpFTaEgUVswveQaGMs6V85EW7T1cLX3CtWLpEE4nDp17od5/Oif0VnJobLaVsKke+94HhWGHIHyK9jvHdtSYZTYOH5IB2Aq90GM+Ha+txd0ldo3mIgFj0zaywCmR7ZI881/b1KmApDUBeXHZP+ud/nzW/3B50v/1/Orn/snZZb+7c9Tvver1L38+2dk/WHZD2jqCAe3WRIX3Z2+2XM9zpalItmgqBSutmoSkSN9EzMIGt4p+B4LDBFNQJjm2TNhin+I0V/wWBOh1HaV+PKZcXBPFRWwvB8OWuASvVDF331fjT7mq+/venJ9H0dIdGhdBsm5PZkjrYPJaVmOJ+oULZAwpF4vX4kFrUCSquVWg2l4Vl5P+hzxTusQWLoN57KPGyx5YXJRWm7i/VuiYh3COqRpHk2R/TQvTK0kmMTLKNxc6aGvz5nSfJBz8SHJITs8++PUrp+RBBYUltsxrTINVXGkmYnvjblubUjW2nYTDOAt/cV+sBt6eFC378+mUZZA2DPSqrkTn9eFB7/D1Tm9//9Xr08PTo7OjV0ev9169fvW60zs+6z1kTdSYdr/aolz+fNL95lfl+Gz3ePf0eLe7e3R0dHS6c3S0c3DQ2zk97u7vdPdOu6fdXu/s1c7JA1enOGq+yvrs7B80r5CnYZAE+vkrVIyKK/U4++bg6PD1wcHBSWd/7+x19/Ckc3S283qne7BzdvJqr/eq1zndOdg/654eHh3uvzo73Hv1erd32N3pnRzvnJ68Xrrdn8WRK5WvTdc5LZLqWRLaNL+z2McfIQTuE6hwjQeRbddTW6Wak+PtjzajmnyQUpPeSZu8+/jjuRhmVOksj+Em5orRSZuc9n70UQenvR9dLOPy5Pud7q7r+LbX5lAJpki9w3ltmRCjS48xxG9OpiwzrGZY7PLyYrvQrwkZU5GoMb2pR40ke2x/0D1KDgb7+/Fhd+dw5+h4d2enGx8fDOjO3qrcJKTu06FeiqGSYnHLTEM1277iELLpdeTZmAmXHVtSBhQREsKaWRakCYc7kyd1LWGns9Pd6ph/rzqdl/Bv1Ol0/nNVTcHgO4BKHV8QYasSLY1s9/iw8xjIYkbyI4dXVdp/K0liCpnbho3fnluZqlmalhqQYXKta9VubM96r0VLPa4Ixa7B9sbbGlNEy4j8ipnXXmybh0vdMFGO+3FHzFB+ym0OcBidb7OAa/SHyFmssRDFclWao6z8mvK5JpELSezJcq9EnszxNxDFp6UmpY8kiVU+xdvdPtrSaw8QsdM06w4lIx6/GbM0lU0GywILfmf/oP9T742x4HeP9ow9Uzx41ju961G/Lq0H2T+f9jvHEU0hoUbzWwZbfl30vOCorTmuC+a1YewblydvNyMMFTDzmL2azQ29m9QE7L7O9RxjBAK2hfvaQa5t9AgmQ0GcWJFvZrS407eXJMSYkA0z1IynSUyzRG22YehSLCqr39+/+Fuw7R+0BKgZRQjuOuWuWwMbVgOCYKP3FrphGiAMJ4eU9DSuIe00L6OMk5/5aExOlMozamx8272rt6pxUaYFpPqunQ6YULzR24TUS1VF8+PSrYkbcEhCqbvOZW0Q7xunD1nV3o8fL9vknderz0UMghyOtiIHoB3q3g0c4PfTY3ACpAAXScjrYgU3jZNFF5tV4rwxzGKkyC+czT4DobAkxpqRCqdSZOPdZ2z0cxE/Es407eeCr0vVaUKdpsTMaCjw8QEkqHD/Z5ABKqP1ZdaHQLP1XXz5sxYrsWXEzedP2qs2uYSwtfc1Pu/RlA9lJjh9CKaPYRmCjUR1UI14CVNwgVW009npbHUOt7oHpLP7srv/cvf4/wfT6KHIfbYZeC92VbtvIWbd463OEWDWfbnXebmz/3DMMMeqf8PmfZqOzD4YT9Zm/Nnxm/rj+4SwG1bfiB8uH3SQBLjFeXa7rk13hfd4t+GlMiMsTc0Dsf2pwI54OtevuvxPvqpdjRaCKz3d31k6XGIBQdinqRRFHv1DqlKd2SH8ciYs47e1xfR3SEsgd7C/v3voiC8S9qkaRvEwZBX/c5nFX4QoJCTzP31caLCWakpjuLEa8IYI353O3tFDQFcs4zTtL1037DPSU3AqVxEMjqvC0m08JatO88IYdQVdCk9LOh1TkUMto3a51lrhNJ9xPZZgtKVGWTGWl/eg+6HjMc1oDAUaqkTe33/96tVx7/D07NXrzvFR5/i0u9PrnTxIYig+ElTnhnprFobn5QyzkNQeiFBS/MpIxoz5xgx9VJjfikf7UOYQVkF+kuSCihHpZfOpliTlg4xm84hcMubDSkZcj/OBUWq2RzKlYrQ9ktuDVA62R7Ibdfe2VRZvxzDAtiEM/CcayR8udncPty5293dry4C3M1sPFNXWOfB1TGHlbWEHRhU5NaYZS6JRKgc09Tph0WPygbh+DVP3cSxdh8NTMHWroso5mrBo1AJb9/Lqx0LfbZOLHy+pIK+NFctVLANbuG0soAgs37VwwZMxc0sE+ByMvradu2gTlxb0sRB8AkZtBd8HofQXMFBtZMB6taqg7LWZ1Ko5NVbcXRqBNdotCwIVC0vGp75DZwG8DmnjxSWdQqncpjoFisXTnf2DbGkLhSlNBykI9iUwHUiZMiqaEHqFP5FhSkto2cI8VxeXRLCR1BzvpWYUynzETKlhnhrF06tUUAyam6ds3KsgTIA+ZD7nQrB06e0m2CfddyGwX3QpfdztgMFXADdLIvLeVjzCsBYSFH2BQr8nb09sQSGjNzidcTabRZwKCmHIVBktdcKEVts6VVuAieF8g8MWjrvwh+jTWE/SH2g6FVsOxi2eqM1KKBRWLguMhlTOIEtU1bnOQLndjZZmuoypfLJWhuOqEiwNDGfnhdRoj61hr0+o4FS5dGk2s/25n2Rkr4Vt1cjeOkpfK7J3ESRrIvE6I3vDtXjQGjzNyF4L53cT2euW6VuO7A3X5PuI7P2aq/LYkb2V1flOInuXXKFi1G8wstfiuNbI3suVYnhrsbvFGYGw1ky5LxLDayf/ne6uLVisOYgXJ360IN7d4729vS4dHOwf7u+xnZ3O4aDLuoO9/cPB7sFeN1mRHo91Vas0nUxrMa02gPMpBPEG+D7K7e0qCH/xIF6L7HoDSi+XDh2tCOQGAVALLlqbAHiOd/x68Y7hEvzV4x0bafGNxTs24PAULoG+sXjHBio+mYugB8U7NiD0te+B1h7veA/OT+Bq6IvEOzaQ4Tu9Tgox/e7iHavIfT/xjiFm31u84wLc/rrxjgsI8n3GOy5A9luIdwxBf453/ILxjiXCP8c7frl4xxLhv/N4x2Zcv614xyYcnoKp++3EOzZR8MmYuQ+Kd2zC6GvbuY8a73gfgk/AqF013rEJpb+AgfpNxjuWr+MfvRkBqmal7mjuWnlKM2XjsuB7mfERN8yHUWgNFzbRztJOcLcWaw4DfGuon/I/WYKhcnBV7aMA4RAJ0bwPRVcwdCGCnu2mVLjqxk041TFagE9ji6F6Bx0zn+sVAp9jiZX6jZjQGY2Zbyd0gg9nzF5MwT2+nBozHELyXMMRiPikEKdX9CukJGN/5NDtQRIqIHzAjmubbcDOpdDqemCI/UfOsrltMVRw/3B4TI+Oj7qDwzhO9um/LUFSxOIL0rRKNviMdVSD9o621wx28StIZgPSBsyYlETLETOkKncbtCPbTlCOsGMqkhRNMD8J9PPdsoGTLHG0VlW67g2GxzvD3f3Dw8HuXkIP6G7MjneOkw7rsL3D3YMyOR2sX5iobtql+TV8x7Z0dL1xfSNRaGkyYVTlmbUogYk9U1oG9iQP2dgdEhVidjrDzsEhpZ0BPe7sDA4D4uUZCixbOPjjhwv4uLhw8McPF64ksO2sQmz1HjT+pJnSnofYW9W8ovAa0j7pgDf4DzIGLR1JImfCsIckKh6zCWv7/qtTqsf2fUlc2OwytYDX2y/vFLvZuSZYWRo0Qy3XjQr7ap4LoiR0iFXMSCFDzwmdY0lrG49+/t5gu21IaOiKzfjSedv7F2i1oaeABqDnthyWGRs7gAbN2GfgrhhJ15z62ta8QsrVm2A2lL7yUf0u8HtdpIWa99Ah1jfIxahTI6bc5A3nud0LniywKBD0mrh4tJTRBNlNl7qd1kbnisC9u2KacLOdbexx2yywkNrIy2wOBcjHcJ6U368M7qbFJrZkkisNgwx8c+OkoYErep/g4QEjrakYBfWhzOutyHwXzPVWahu2O8PqaBYvUBBK3Xw9pIpsOPtP0ywa/bnZBsz9mL7JqhRhBJ3ti5WQjdboz1Yb4cERWpt1fppaN0/QnWo0Wc5r+yAeel80QLb7k8CdDjL/D9fBbtVy2qqs1/UP13hJU+6364CudBoc5ukj6n1frSPK+RA7TRiBDT3Q+MQIINsHbS5zKHJeiJd5wA1KyzASigtynWcpNHW9hsQiiM8E8YQ7myvwAgqMCGIJWlCgyLlgctBI/JBhG/uGcvplefVyb293WzGaxeO///Gj/R4//6DltLR6Tnx8Byv44qOYyATbl3upCKyviGJMlCjrKdogPbgggmnURaTgWhorAoWSHICWkfija8Bs+3bzDax1xqgKWYFCJhZJ5UjhGOZVaAGgmSC/G/nmtXgbkQunfrUftecc35zPv+aHpcrI6hlVHtB2SSsRUteF04OYyIy24OcSf02pUgHXPHrSjh2+aKgAh2BUgUGvq13se6rHlbkD2WoJ1KqAI7MVr+vQ+/DS2rONcMhCTtfg2Nuru/n39nZLQIGBt06VBiawTIy/DhhqNviLTYprwsHvA0PTCrPVzq6/w9mFek/o9whniYy0R/XT61hCmndhh2aF7MFYhQB2eBWewZ7QZr5Brv1T7WAyRBY1Jz8iNo0XhE2muoAHQMcnr+3btoWjv5TlkBAgNKeakQHTM8bK+Y16JlGzrhzQmPLIMpZ8gcb/zqQrJgUR7MwZg+90yvx+VfkAf1rUUhuZwY9lu2gba6s1lDIM62lBJ//wi2+3o79ZSujqrxa19V+umX816sk7tsDKXBcfXMLoi8UiHDhVxR2v569fNqqeCO+Co6uMmWOodTK5nwRkuVW0UQ2Ykz9ymqISErR8d4ZOIQeK9sHWZc4+xWyKR/lYKttuOheJ1dpruzgCe5o6T0Ngs1QhAGced71qmfsdW8YWzhftmq3BzPUu48WOaQcU8AK0htCApZgdUt/Azbu9LBFC2qJPgSodTeZ2BGR53PNU6VZUeBlsG38cpWT3Aa7KXrZ4meT4UuWDnUjlg25JrLRL27MAD6W7NQJcgHoxRgs9FuZg0BnlaWEAN2xTqpa+e9Ry2gc0voAwZ8Mhtv81s1pGsdhvsKuL0802JibfCDkTruF2xTuDQrHtXH4g3sKtHWySBidAdV4/bNiaLJYT4INvW+aDvF8k7ouVWE7ww/clvskVy9Z4r//RDt+giIcQoPvS+lvd58UOV+BC8Ktbt6vTHAkXqBQbAUEHMkfBCY+iDQf93dgt9Ua0df3ZBvj2S9sKzvDHmN4y8PIwiLOQWeAuEjrjTFm1ESYBsSKhHTsV8BpPnKRwvmEqCIWMd2tV4gkQCMqJXbiv788N20Ojy1Vm84KkoOpOGMSWyeEiXY0KcnF68t6Q7gSZ9dQPFW7zsnoK6Tlr5Mpy/k9U8109crTLV3N/GFxfqOIEb5sj3/eEqBmAJ+mAZZqccaE04+VG28CJ0dfiOJh9rSyH+K2tbW392sxXHALUbCNJbMO/PU2pNrIsagBxjQI7pD9OVpo/SCZ/9KX/6FuV2rIC0Nskw2aYJck+hFtoFEGCUCHFfML/DFytSDj/8aNiwzw1jH9tXop4cm1YAz8YxK69phZLMcQVomn5NBFJg/JrzPAKF1X5Jy7SCh6Td5wPX7lsU1+AqcYcD4Xgq8msy7HMrKUjM5LKUXCnqBqyaykIrbJ3Q6ZrS3n19Wrwat/MRChqGpoX28eqFBVYX/yrdcMHVNA+TSZctNqklTGwacSobwa8twpMqDj16cjdBwTqEym+XUKJwjGcKiUgqAaSaycM/WSUDDI5C8IY/Na6GrO59VirsZwRI6AFmbGBu5sH/7YZyijA3ulmo3JyD6pzeK2g9zAz/JeShHa26lry92Mp2D27by0AFaSrR2rTIc14Cagnf5tTkXUBf/RL/FHF9Y38k6cp3d6POmQDV+O/kd77j3ZlyLtL0t3pd9GAe0Nj88W/b5KT6TRlv7LBP7jePujsR92ou+/B2/jHz1dvLtr4zk8svpGbLu5vu7sTdcgbOeAp2+7un3X3jiy5tw86e7Yamye6ioZ0wtN1uc/fXRIcn2w4uy9jyZjqNknYgFPRJsOMsYFK2mTGRSJnarPeLw+erMH9fdzdvsO4NzGyOpXTf0UY/ODr7GQQP496YY3PkHXeyN/pLatS64Zlgq3LVKnhgLN5sDFsj84W7ZC9aC/qbHW7O1uQjcfjKvTfiZmzYK1ddFCw0osW99+rlHEa+JdaWTef3c8xE1qqNskHudD5XXuYZjNe28PrDS2uAb8sP3Y7UbcqKdcLahCzfc/JaaR7oF/dplYyWs3ql4uTt8voVOY5p03RrLiqs8r7nBx1dqLuH0TT0YbaxDuCKY1vmPZBowpdfFQRLkYQqgYVS/BPGJ8qJWNuMyPMEMLd7YNNBEaTwVq7XA/q0zLtZCjxij789rm3GOIQGeybsMhYLLPEDMfFKLXYajqC2wSIhcghoghKhLrFG2OEjAH0jy0utv4gTMR0qnKEUrWtSdcEGSmFLej5lMfBtYZ1qkFELfXxGYoJJTOywaJRRP6TsZs2+ZVnTI1pdrMJwQf8lqVz4jVvML4zOoSs1QoluBAsW7iqOATBhyxyxQIrsuHchXZU+1sZ/80FSN6NHuJnx10VyzvQK/UIhYA/d+FsrO0k4ZazHDwlXjGMjhWjmCOHpqMRyAI75LuBK+kWMLfj3ijkcluxt4H/3ON2SM/bockO4X5+V9hYbmfoJ1zFGQPHQnWH2TEBgmC8Resy5Bmb0TRVbZIB86s2mq00IQOaUhGzTK1g2qzNAQUInZ+ipojNRV0usKd+XV7fbYx+Ecvn3dRmRgEG4BdYBQeZa8WTe7LMvdTPU8EyOuA+a8+J/9oPi88BcwyUBlriooI2TE1qtxauPHfhW1iGpcxuHMn1RvJAeS45dAqBkedZPOaaYW0zQETX6ELhBksV17RXY6aYi6FzKtGW398bw9DPewrmi5nr8uPl2ab5A4tOpPCgH7R4wWWuyIy8tvt2s3TBWFQA/yOn6VyNcpolEf4NGdV/zNhgzNLp9lD2IRQ03b4RcpayZMTM0NslBPuW9JypaKwn//onDOQBKxOjePa/NhvD/FzYs7tCqt/wvfhXy+G1UqNcc1i4u/81cQkU0ihN5JPSSlRQscwKzbK0OIWRHkYnQmEVqNMe3yq1XU8s/OVy6SzoAOInaxXVqBp80UxS2Hz2zFL+CKcpnIbhbE1vL9ge8S2LJlxnDCvkGxm2PaR/AJunP8S3rA83pv0AONWPM0Y1S/7Vg/R8P20oWznDs/js01QqIzl6v5yFGP5XbX3PBZnQ+N0lwRo+ZCfq7kQH7TAer0wOG/H74X1vhaLoDCpdrHuDOCkaePqD5hRc3bE09c3RtEQNu+NsWRKsTTMxmDuMrWjYOD/ddNEhtnxJKaqq6bAkeEkfkfPwXp3k5csTO4Ed1N3B1elaPT2WZf3ZmOo+V32zBXiyaXm9yuN+9Bqvn5/+V8MabWFdqE6ns0LTBwgNXVu29wnJGMbLLxYwJf3ZShtMXJtwzUdo/nhauMXw3J9U1qVKmOYViUd8a8CF+RbcefGI/9388aOn40G3uwIZDeP118r81oqUGVExFc2s2lgprNvpHkWrMIUZX7AsumUikevKk7+y0X6LDngAgSAINbSumKCDdPmiULHMWDQoygndhcwwlVQ3qrCXZhgM+cmoGNmrr07UMRp3txN1bOCe+dN1mBkzMpFKE8VuWRYmjbwyKqayI0pjfRqNTSmm1ATu2kBqT1PJtSPKhOmMx4psUK1pfENuIVyhiDLEfI1PXM/bZJrxW56yEbM5pPYmXLMME2k324RPpjTWxajhvbYZw49rXhtlMKwZykaGAEy2UC6k7y5QAhrUL6eqA+tuJTLODcqbNU11P9pfbYmZuOWZhC48S11lfaG1PgvBum/RqZgTn40EXGJXqE0eskJwIcszBp2JnsASaTaZyuwprc6Vhei+hYG7nwnVORLakDThQSR0u3Reu7WKH29fLEnh9frKwZB/6+rQlDwehem88faX083isIewcQ0Fvz2NYBmAP6m44WIELurWhZxBsxuW8HzSQm5u/cxH4xYsgTHTyO2OWVQvPv2IwAmq6oDEiut+Lg1TFWPtRh0bfjwHH2LChlyUMzLNCMXDpTUKuAie4IrImWAJai9U0BH6nl6ff7i8it5lIyw9RDbgCyM8ycfLLeyJICT0/hrywNQKiv60yWwsjTDgyiVaa0nGLJ2C3AePumIxMKfRbEFOGO1rKkVwWaYZnShC40wqVJxnMkuTBSwqbpNIcKWjkbwFn8WWFUXArnVhgJcjy7GqXZI1ahd+1Rs1DAjcNdQDQeEOQQoV9KA8feppNs24zLi2C0EyNqIZXA4HIuBhFKwp8Waa2E99jx/y037nOHQ/Qr2hXqVg/p03UVwZLSDFwwHvYNASMRvLOSTNZvlU6WqgSpVLQ08lx1oo6ZykcjSytTigh5sRpniTk/ARh5PQ1Tksihd6irA410bHIwMuaMaNHnO5/eb8zVl5NmGDdAcygWfgAKXpXEGeLGTxOyglePRv/J791aX6h6XjMJRQYV0Q83Ybkrf12JODanJtfoCaUtcRDGNHHFM1ZsrxW9hUqVRIM2NFdC0mK1ybN6+haA5UTihdrwwYmcppbuBK/L0f3lshIEHDoutNj97ZrV1UqovQxVLrsap72d0dFRdrql0GxZECK1shPcJEI+uANqttXVnkWqcqCqpwXdsiHXZE+DloSnq9wi3Ic/+Kr9K/4q/es+Jb7VPx3JvC/vPQFX8yhTof1I/ir9KD4i/cd+L77jXx3fWX+L56SnxvfSSee0eUifB99ov49npEPPeF+GJ9IZ57QXzBXhDfe/+Hb7Xnw3Ofh89Y7SdjMj6st8N32c/hO+nh8H33bfhmejVsmZlfkgGDq2oq4rHM8ONW7CIY7f3MK3ymBMJ/h7F7rhSWPZPM6/6+wV0VwM1mmtoqpOBmNqA2esYheWkslQ4ENdKJptxXGZ1SPXYPBw82AGj+OWXTjMVwC7EFNwHFi3DtAp94OY+JCpdIVYLP4BdpPmF/uuToxeBhHHvl4QkfYZzlS6KznJVHR4qUhpVhC3D80G/imwWo+/WBMBq42h/lGSwKTtaE3xKkNysUPncnWjDoQ9f0zpENcY26z1TEhdKBs/ReGoH7Ad8l7l3CE7ct4lTmSbEDeuajiwvIyIRpmlBNmzfFG/srBnfEpVchgLCwR2iS9OGBvhvSPBkzpTB4LNwjJczhpYhP6IgVVV2KohETvkUHcdLd2W2UHwWDnJsRyPmpD09EcB1FLHv8QE7MSsFDMk1CRnUAGfgjhMrhes9SNz5853IHczgAi9DFu6fxCPnnV55pCe6tzLUsGwezTWg85oLBHl9qMvtCFLyw7FxhtFV/CYF291vLzjrNJEixJRfOPr76umVsVGh9d89RerRxfCcWEhnfAK9auXDqPjdsL/wN9A5zPqYptkABoYC/mR2uxjLTfZTMhT7hjmOcb8vLhAXHpgeLNNxAl18pCRE8HaBqkP+xiVgBwZpfaSTagqmMxFl9NpB0wYZacdbKm8tN+vDpbCVb8gO5enf67iX5Wc6MejGhUyNkFft7DZbSQU/uPuzJYnlOvExHECLHueb8Lfj2Z/zUMMi5GMqQW+2xAPVZnawJGNR838ie9tw4612GmcWuiKiKWKyi+SSN7HOYGkcz9KkKKbaKNytluqSvHLqY0xcvTamWlhtiIGXKqFiSvMOCIpCAUyx7fV6pokHO0/qU9RX1p3ere3Ta7Ry3lgPn3SWBGcK4mGZAYpmwxn1wFyxKZ0zH4+WBcbNgMT4x9xx4kw9YJpiGUADLh/8Iv2sYt/jd61xlBaoYlIRceLdULV66V7KWgL6b56oUn8qkWeystJkDCkwlupXqi2umyhtk+ENnei8T8vH8tD4RmMxTGj8eUsWI9clkUhP5nzmZq4KzYLKKkfL5E7oBm3K6zYz/93//H2XL3tRBshL8b599VgQ/9yd0OuViZJ9t/W3JjR3gZM+2CZ3WQYYigugDe3JwB7A1A2/rukWKpZCg8vRQuLSV5zyEzYhkbJrymCqmH3f7FOMu2EQJm6ZyPqmY8J8/cTHugonBuTfM00dHORh4wdT36JgPndgPe++0zQr158+L49rD256Txcn93n/RMK79sTizvcOg6YwtxiYrHbDs07IqvZ0hKqKz71DrLca/y1TecLpFcy0TriC5pkD/f+Cv5NT+MifhcyTwatzrIGoYKtRwLBx+yEWuU/tchB60ci7NCh5D51q21+dy6AEICks1z8nvcmwvmO6MxmNbJxPb6vmEZhsYZOvYMw4NxXxtmiTHOgqaZjqfujs2HAi7pUwwl9r7PLVtDUwnTBvEMptfBevGNJg7WO4cvjAf2zZhF0CDrAyaQiV/hVET5+/xCctehCdtCKWHhKsSSJCeoRVQppmENtJ8mskkj/XqhIRwHL937TBGBfe43TXtg9mlNO0L5WulbQQzb94zdZCsu+LM+K6/YfXoB7ygSJYLYRaai2Y4XE/UlWf/+OGCjKHfhzEDYTrLrQDJXUSP86xyDVQ2QRfM+qvvq+fwm1HlWdya6zTXYya0r0OCPdC8Y7tyt+OrVTROiWa5NeB9eSmwwnwHgiB3FSrkung+h17QBFdmZJjKGUJt+0kukmeBQ/OONXA1Jaotesu1dH6+unrfJm/ml/+8aJMPLOGYcPPh45tNEhRDaBngWgYJV9HNfOHjc2xCatLkeCy2Lxw0919KVdPInQyBtBfbca+CVHTnlDQbqWX26mRCRbKVcvF4U9eO1QUAnAyUTHPN4FQuchwze2ICEMVYd885k9mNUaZ9If37cbevBLX3Xa+lEgh3zwsnzhJ8ySesCT143TB9aQ6bR/RI3MMFh5Zp961iZdZHYqAHzv5ZPIRj3c9DlTkfk4fKINw976o8VEGvzEP2bo6Vr+MyRtM+n5aOmPr1hytyOJTZjGYJS4pXqlrxndCel/aR5QCXvF7pgg6a7CfoGuhqf/lxSu2ffUNTi36RSVZUVHstMyvch9U+SkEvbPZJQ6hl4mq+hxfhfiwzDhkzmrCsbZRvGzVBrv9967Wjj/nrOuy+IFJk/LBbacKVGTiB+FCazuhcWeUWwkjbVhskE6rjcZAKBwmViGyfT68BJWGUVkMvS4UqZwFxg/aa96109fmVlvnKrSYUdJlmUstYpmERp/KGN3whpHZB0FahDlo4xtj0RKl8AvxsdRQ4dfuuHbBVVFqvjeYAyaGtZnVlGWUF1A+uFUuHixQP80g0DGrKr6CgndvyoMpo3hjvwhU2u7KfBI4PzZeBuw3n0NR1cC/3QEaXoSJUYHI3Zm1bLGxAk0jnFZ6ACfg9Cuy5TRbHsc5PCSbzQwq1L09r7HdLQZEUu68+m68nfF+weWBoQgnSIH7YdVCwVWSHmWty75QxisXmtjSF/Gx4INg8fgtCQ7GgkiBmcpfq975QtflTrnTYZgUqXNwlYg3i999ilxfjnvCfKs8tGC588M4Ra8uyYMDguTvHsx2k4Uo7Ekz3B3PNVF9LfS/g9lV44UFTYf3klSazrywzXcKUfhBe5kUu8NZtaeQqs62CWjjfPfhZaQoSuSZNr4JT+XOFaumEv1O2GpzzJbTMMR+NbRdEfKXBxsMWwjM6x2ZKUEoExIAfCbM2EjZlIlGuB5U7ttqQr47p/8qc83hETxgVYVoCF/i+Ed6FugsjLLAL7WpJpfggZX2s8xx6L9/9I/hwlmWBBbrlcnyrX/dQB8KvSySdMD2WS3lpQHHfvmXZYBtfaiRqoVJpm81U2PLEzmaj2386u2qT9+8uzX8/XtmKWpJAkS6jD1z+8yIchJip/Ugbl2cXZ72rNvn4/vTk6qxNTs8uzsz/F6NUThpXke9+XFM54jFNKzX8AJSQV6GIoCJaNmBd0so+frhAeyOfOpMDznSVUjUmG9ublT6etvMstr33I11v54plart77Zo8W+i4cr9d40CJrUekag8WYPl63bCCENIp4MS8ciU/XFvhIU9T5xtK05AC4WiserAHPeQbOfwO+qNtVpEMd1Hbkaus2Rv+KZGieDZE2Dx6w+ZbuN2Vlpl7utjF+BZkVpaQDJvAr+j+w57lXBBKxvmEGgRpgqG1GI4doMk1aiXFqg2CilLS7CpjLkFfnuufzq6IZZU+tnzHCo+aKW0ZxLqyuA5ZojoObjDCrdkDI5IZFI4NxqsuekYn5auYoIjuHdSw7bMKD7sqL3MY3mNEBpEZMYgGz5fW/mqc8aHe+vC+V327eKPQGcvNu4I85UrcRkOUtpGo0YQpVdyiLUDzDT5kp30Phy8EvNszL6xmnavcdhqzFi0rCfSJH0ra6obTjHmLOaMz4HuXUBoUvLEO5jFLp8O8qPQE1lcm80HK1FhKjS0JrAKQ0Vlx8H+AD9UE0PoR7+AIdzDAtOBktyuwIueYlTZP+TO1ss0dV8H9CxPuDJ/xoHzaBp3CtTSAmNI5y8AosjIZqjDNi/H98DLPQjsrY4oJXSrd3cxUlcpkj4cpDvu1US0pjRNGVW5LMAa645vga7IRaJJqcxUtMhzd1q9K3PFa8huWOa7ZGkONnd9n7jSYIXe5WP0lKLxQpRZ08Q90C8iirqgO9RWze5+kTIz0uNzHCb9z85y/D28nrnrOPVXL2gDcZX6fE2iRrfIQCiC3fk0S/L8AAAD//8vz1+o=" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3rsuN3MiC8P95CoQc8bU0H1UiqXtveCfUlNrWjvoyLfX4nDOekMAqkIS7CNAFlCh6YyP2Nfb19kk2kAmgUBdKpCS21G05xh6RrAIyE4lEZiIvKY9nLdRMUCPA+2136hrrCXb2Umc/ptyOWdHaPvSrWZ/n5Ucr8i/fopa1KJ3y/JnIfnDHyMxHRngawZGgijMBbaHgMOBMLXQclAVm/VjotNv476K0W20o3EXQVHmLZOyaq6rq0GcGa+AdcHbYalJ11KI7cPKxFUDh0EQ6L765xUg6ss+ZRU7YgAu8xcELGvA/md8Eod54iKUQdnkGXlFHk4dkbEgz8KYqBuaJagXP4/r3Od63ojwdpHIK12xZUlhMb2VGLnof7ajYZ1Z5MBG2mPHrIiqHC645Tcn5f76HblJMr6sN+6Md1AxYwIJ3NciLXumqzmQFZDqr0eMvhRRwdIHgO2oHB8eitYMIjXWOFSBsi0zNsjFZ8+OtGfkBp1owrINCVABXEfCX/dlaiVZ4M9c1tTgs7Ii2Dy21RSlUZYoQD+sBOS9NgPYzYGFHDOrUgBH6Wy6QKeC+Cp2F9u2mwQrSCqlrQw5ABJtlxAjHqkndw+G3HArlKzH0etEkIYqNqdA8xtujGzhjqSDsBsMfWyWhzhV4ygZ5ah675gZd19EZ7HaDKMugnUbhSnPuzszPMTCGsxtToAh1Bwn6O+1NpdI8TQlD7xvWsMGmmsamDnyvQLABD9pI0skkk5OMU83S2TLGNTqDV6U4Adfj0WcXxnufAQcvYMZ9PsxlrtIZcjO846U8XLMqn7+ecgV9ik8/tgh17jbwEOeC3xAlDZ9EhPxnQVmaTulMob+9fGTTqYPJ8f1VZL+w/bzLOpowWlRxs5zkrg4WeLIjPrkyoFxFCNZViyRswsBpT6TVGYgUgSPRHKeVCB+qIpEbJWGBdZkX5GPL8uA4hKbQJblokUJzLYUcy1xZUYB0L772ALoW8jjQ+tH5+41aIRwIUKbxqPA0ISkxQpQ1nNC7nb3DKs6hG+Z5F1xYPKzoQ4BTc7jdT1IOU0bOznolejRE6ywSIRq+Vq7BCHE5ULwFOvAE8t6yBIro+lIdlDtUI2PfAdm9Lv0RGhy/7JQeMhnFXM9WVQawx/WseXXeSaEzVmniC+BIoblgYmWlCd+XShLayWrwvZeZHpEjiDChDUDmQmezS65kQ1GhxyEdTkFOzz9ABkINwt7RXLBWtZoWpMYF7VFBkzqlXBP5O8AZMnkJxnnTvGdSDLnOEzyvU6rhQ93h+z/JWirF2muyub8d7XV2DrbbLbKWUr32muzsRrvt3cPOAflfr2pArtCJ8+qzYtmmO48rDk7qe+y3CEWXA2phckCGGRV5SrOw+KgesRmJofaaUTtLpdDsuanLTiOeoUYVM4EXC5BCkEoMn+qzrChb5VTb4oRC8FIyGc0UN3+gY7FFYretw+C091IbOpkHUQMHhdUcfGM4IIdMOmzr3o2+VFqKzSSurU3GhlyKVe60TzDDbRtt8x+9eXCtaKtZmBp32j9y1mdlQlWvMWswNF9hFlELvq0znhXrpx+vd4y+dfrxem+jfGaMabwChN8d9ZphqdZQ19ED7mxfXRjb0VpTkFwSav99apj2/dGFN6ptoTVu1a1iI0oyyfg11Ywcv/uvjUCRLW8AMNFSSRPSpykVMWzB4M5PZiSTudmZFU3V4DmRCyVxLJUsERIAUuaeLwnQLF1CVat1gGb6fopZJauntgwPzCiyZJ/H4hiayTKWXDaphI/YYRzCJocjpnQwqaMRzt0CRCYTlniQ877TJP2Svy0SMlpByDEMZ83IgczI2kDKyD4XxXK8Rrgia+EX1fLdeDlqA6kShkUVocQai7kyhpJtiQmma8q/2JQlvPhT+WDAb/yI8Mz6SOvJ660tfASfMAbSRkQuMJRJS7T6b/jYe5n7M6L4eJLOiKZfinVFUzelShM9lSSlfZYqtKqF1BCigkVEDfYXZ8fKRymvxTLKv6zVD8KAGiWu8GRfJTf4SYDpvZIyyM1u/j2nKVaRDQJxXNhEoDQUYTEYisJuYjZB5QaCJOA1vMMrs4pl94iQU0EomdBM88APRmoQgPCwBaLNv/Z3G1rhNSlQefLUponGVBSOMFLmq1ZAAdvPVdUR6rNUTpvZvHlPlPdNSNu16XQaMap0NJ7ZEZAxcGdQpdciP+KpLYWNo4xoUWcWccXwejdNERG/pvJ+N1J5v1PafK0SExfglSqTuq62xRhrLdxzQhKdUZ6aLTNhGZcNhbINAp7Z7rgp0HJyCWh8BanHBgMG1dHNrJZRLPbr7OLseKOFd3lfhJwK58QtgUWscGk5PzkIAcOyjleCTRLVBWR1Xj9skNtmVgn44NuWjCAV5wnFYiUWE4/wfYlvcsWyaLUsE3oMihQ2H3EXXD4SOZh3LFJBzo6PPhqRdYQYH/uhQl55VceOjSlPV4ScMU8JTODU73rYYmSk5yMn8j+Z49Ag/EoVBwIYwLdEhKR9lmlywoXSzLJYiTZwD/BkDIhXwSvnQERyZdfg80vd26tuexMOHvMtF4DZwKgI5wrdOeFK4GR1IFZZHcVSCuQORI1rGfSMD2NmMLQfBZQgVEgxG/M/gqBKJKH/+Bnb5PABuQIsoFd8Zj8Y7K68MhBLMcC1qsbpiKRBvzJmYBNT3Vmo4XFYya4WTFkH4vH8N08m0c5HxqIUttp0Kodc1JEORBoFkVYnRSbTleUx+35rwJAwk/N4QqEJC+/cSN4vvE8FvaTJmIu1FlnLGGjRYngJ7dDuCu8NgzdcdbEgesN9dWtSFHNv12IBdPgbRjODx6EIUUyophbCKVUklmnKYiimYb+9GDHlB4Y0kpnMyYCLBDeV3+KpHCq7t30jCjc3pNNhOMwSV9VsMmJjltF0hb1MTtwctY3JlQd/nQ8gdRi7om3UWnklsE3As4RRBcr128gYFCdR2Mzkyg4IIiyRTBm9s65KHtCdwW67PSgRYyUyqaGViw9REgKDeBBiZ+M5knAF1X0yrgLBLQeYJCdkwqxHv4RycYnuK2wAw4ACnrB6jzRv7dX6sITA2Iz+Mf3CFOGaTKRSvI9lNjx/FiaF4VPDkGOmMx4jz0JieIVry6lmZsOA4R/nKc0AXj8kG3Pt+g5VgzzfS20jOzjmxAlm2wAyVrygcF+WwACfhCyRvbCMgxgSTM1AVYRqcmXes+eiOSbho6E+KIq0wRhOtvfZLusPWJuyvXjncL+b9NnhoN3Z36Gdve39fv+gu7M/2Cvx44quF0oapWM2DL0JpBNQqxJJKxpehF4ldmeCfIeEQssvNE3lFJc/4UpnvJ+HqR12DJujk+WQteT9GpC1VtZx0O/iAqKUplBYAPzWxQ4R3l0TgH+K38ZUAQYnxjrlsc3kK+0ip+6EHhB0GOdK++gREhj3bxjVqmkQNJHtsQRNiCa++ol/1CzkVaGYYfbpwGwM9LEFLZwanCwhHpt2u5WZSCZspXecjpuoZwmYsiJnAk7QU4myyLOSGcG97KSiU/vNb7BNg5jvsDIQlAOAOBtMl2wFi+BQ92KxuKLsu8ZTflB7nHjIXGqsG20xXqqI5ACEOkdVADDP4poHAcBlRrU8GBkQzPQuxbS0kyVT4tWrQr+E+oQ24AG8sYCcn61V8c7KzAFpEwrDSoqFHithR3MxzLka+VUrNiVsaXNekHxSOurtOSeVAZWE5oKtD2PpIphy909eJBTDV6RQmWsKAeO4Z4NsolTwNLZIjanAqFHFGtQEN99m2/7TKUtoFaSiP2qwBdY3wPEruJbtmBXVCgGV1yUlLH1OwIuV+ptozDfosyU9wZ/QgWLuMAkmOXELdDrAQWTmx6AZq0BX3aFzRO/UaU5XJal6dYfULS1HY8j746zIP8sVX92C+LjZkm1RX5VCBmtJUim/GBOM2lRZprGjaMW2CIrMeulep8Z21I12QjsLwmtLZlbxzS1WFj7l7CCXP1yLtSaKwf0RSjEXTm1jjbfw4jhqsqwMYwTBz4YxaDkeu2XvncMMCoiztQIxvNRFqEpAhLHpRe2LEKkgwPuO0O7wXt7Gdxc4zYtgDmaJpVA8wV6ZIwYqEjTxDIprYfjuX/yRirHP4BEVZbzVvAkdGcrEdLwehuqfBjY+3q/4sZ1lFNMw99PGtgO8RY4FQfcBFmdofs5RwWOJeVme3M8zkNvS9yWQ+yWQ+yWQ+5kEcuOedMUOC7H3hNHcCNJLNPdLNPfjgPQSzb04zV6iuV+iub+laG48K55HNDfAsuJobovwHVHMNLUmQ7EVpQ9wboxkDrKCjU0DRrEYPvvI7rnkiB5Ij2cY2b24pvYVw7sbeP7Jw7tD/fElvPslvPslvPslvPslvPslvPslvPslvPvRgHgJ734UBnwJ734J734J734J734J776VZqX+foi6DTu4KL6ZH3awZruDmc2WUqX4YObiRSn0VYDq4zSOJZbcg8KeOBfR9EYKOZ79aiH81Ss5BuF3pxefTsjRxcX/1/s79NwcZHTMoJPDr6IWmWD2tMG3BEkxsIUDL9q91cIzX+YcfTqnx+ct8v6nt7+0oCD4hgsloySW47GRtRbkqBgaInYAoUjTWPM4+itA5Bt/hKXcR3w4stqtL9spnZlmxijGRYh+XePjCY31r2sbUWkqFo9gP0d/DclQmxTuhItBv3AB7gpQVmk8grKZvm42+L41RsDgPC1YsDiW40nKFYZ6DiVNEbpi3F/Xgqrrwgg/Y3BhyIsBHfujLhI04Ff5KxxTlg/9lEW34zzD9sWu3jheuDi+KmnyuOjwu18UH6MOe9FTMyJv/VR2LF66FCLObPE9aiEAFiqNiqGvWU+YsXGwmZkmXAyZ0iAs0HHIdCbVBI2HwEeg6XCI6LlChRVhEu64sgGKfL0yJWfNMDZHPxpSs8STjnj/abuw5IoRWpMPv3pEf7WjtEomI1lnN5EvBUy1pvGXaMx1xqAUML6iti6O2u12d4tsrFXJg780EWaFWtVaiV9dROGiRAppUpOnDydSnUbl/lEVMq26JjawkZ8EmkI8I2KFw9cJt+goZbr6Q+CrbE0v3R66O91Ay5HTvaW2Ljrt3cMG7oPv51DoO7HR10qJJEuvSLgMIXevakV6cjymNhHvHLEQQ4zcmmTM5YPUV+uJRMXC9AzpWGf21dFz8XfnEFbl/a8lNcCPhKIjnPWhkjgc62Hkbbc784RI1F68i8cc4j5rgTNfpiy5VLeKlVUv1Uc5Zdn5iKXpA9fqacTNwqQOydt8vK6c1Mu9v6DLwVYgd/4G235jmU7kFBoShRXzS56BgYxz5XykRXsPV0ufcK1YOoDTiUPnXqj3n84IvZYcGpttJmyiR773QWHYIQg30W770I4as8zG4UMyAFuiF3rMJ6OVtbg7x67RXCRgbNpGFjglsl2SZ/5rmzoVkLQmIM/OL096xz+fXH46P7r85fTi58ujk/PLTvfgsvemd3n+81F3d2/RDWnrCAa0WxEVPp6823Q9z5WmItmkqRSstGoSkiJ9EzELG9wq+h0IDhNMQRnn2DJhk93Eaa74NQjQqzpKl/GIcnFFFBexvRwMW+ISvFLF3H1fjT/lqu7ve3d6GkULd2icB8mqPZkhrYPJa1mNJeoXLpARpFzMX4t7rUGRqOZWgWp7VVxO+h/wTOkSW7gM5pGPGi97YHFR1lrE/bVExzyEc0TVKBonuytamF5JMomhUb650EFbm3fHuyTh4EeSA3J88smvXzklDyooLLBl3mIarOJKMxHbG3fb2pSqke0kHMZZ+Iv7YjXw9qRo2Z9PJiyDtGGgV3Ul2m/393r7b7u93d03b4/3jw9ODt4cvN158/bN23bv8KR3nzVRI9p5skU5//mo882vyuHJ9uH28eF2Z/vg4ODguHtw0N3b63WPDzu73c7Ocee40+udvOke3XN1iqPmSdanu7vXvEKehkES6MNXqBgVV+px9s3ewf7bvb29o/buzsnbzv5R++Ck+7bb2eueHL3Z6b3ptY+7e7snneP9g/3dNyf7O2/ebvf2O93e0WH3+Ojtwu3+LI5cqXxlus5xkVTPktCm+Y3FPv4IIXCfQIVrPIhsu57aKtWcHO9/tBnV5JOUmvSOWuTD5x9PxSCjSmd5DDcxF4yOW+S496OPOjju/ehiGRcn3290e1XHt702h0owReodzmvLhBhdeoQhfjMyYZlhNcNi5+dnW4V+TciIikSN6Jd61Eiyw3b7nYNkr7+7G+93uvvdg8PtbrcTH+71aXdnWW4SUl/SgV6IoZJicctMQzXbuuAQsul15OmICZcdW1IGFBESwppZFqQJhzuTJ3Utodvudjbb5n8X7fZr+F/Ubrf/a1lNweDbh0odXxFhqxItjGzncL/9GMhiRvIjh1dV2n8rSWIKmduGjd+fWpmqWZqWGpBhcq1r1W5sz3qvRUs9rgjFrsH2xtsaU0TLiPyCmddebJuHS90wUY77cYfMUH7CbQ5wGJ1vs4Br9IfIWayxEMVyWZqjrHxK+VyTyIUk9mS5UyKPZ/gbiOLjUpPSR5LEKp/g7e4l2tIrDxCx0zTrDiUjHr8ZsTSVTQbLHAu+u7t3+VPvnbHgtw92jD1TPHjSO77tUb8ua/eyf25224cRTSGhRvNrBlt+VfQ846itOa4L5rVh7OvnR+83IgwVMPOYvZrNDL2b1ATsvs71DGMEAraF+9p+rm30CCZDQZxYkW9mtLjj9+ckxJiQdTPUlKdJTLNEbbRg6FIsKqvf37/6a7Dt77UEqBlFCO4q5a5bAxtWA4JgvfceumEaIAwnh5T0NK4h7TQvo4yTn/lwRI6UyjNqbHzbvau3rHFRpgWk+q6cDphQvN7bgNRLVUXz88KtiRtwSEKpu8plbRDv68f3WdXej5/PW+SD16tPRQyCHI62IgegFereDRzg99NjcAKkABdJyKtiBTeNk0VnG1XivDPMYqTIPzmbPgChsCTGipEKp1Jk/cMDNvqpiB8JZ5pe5oKvStVpQp2mxMxoKPD5HiSocP8DyACV0S5ldgmBZqu7+PJnLVZiy4ibz5+0Fy1yDmFrH2t83qMpH8hMcHofTB/DMgQbieqgGvECpuAcq6jb7rY32/ubnT3S3n7d2X29ffj/g2l0X+QebAbeiV3V7puLWedws30AmHVe77Rfd3fvjxnmWF1+YbNLmg7NPhiNV2b82fGb+uP7hLAvrL4RP53f6yAJcIvz7HpVm+4C7/Guw0tlRliamgdi+1OBHfF0rl91+Z98VbsaLQRXerLbXThcYg5B2M1EiiKP/j5VqU7sEH45E5bx69pi+jukBZDb293d3nfEFwm7qYZR3A9Zxf9YZPHnIQoJyfwPHxcarKWa0BhurPq8IcK32945uA/oimWcppcL1w17QHoKTuUqgsFxVVi6jadk1WleGKOuoEvhaUknIypyqGXUKtdaK5zmU65HEoy21CgrxvLyHnQ/dDyiGY2hQEOVyLu7b9+8OeztH5+8eds+PGgfHne6vd7RvSSG4kNBdW6ot2JheFrOMAtJ7YEIJcUvjGTMmG/M0EeF+a14tA9kDmEV5CdJzqgYkl42m2hJUt7PaDaLyDljPqxkyPUo7xulZmsoUyqGW0O51U9lf2soO1FnZ0tl8VYMA2wZwsB/oqH84Wx7e3/zbHt3u7YMeDuzeU9RbZ0DT2MKK28LOzCqyKkRzVgSDVPZp6nXCYsek/fE9SlM3cexdB0Oz8HUrYoq52jColFzbN3zix8LfbdFzn48p4K8NVYsV7EMbOGWsYAisHxXwgXPxswtEeAhGD21nTtvE5cW9LEQfAZGbQXfe6H0JzBQbWTAarWqoOy1mdSqOTVW3F4YgRXaLXMCFQtLxqe+Q2cBvA5p4cUlnUCp3KY6BYrFk+7uXrawhcKUpv0UBPsCmPalTBkVTQi9wZ/IIKUltGxhnouzcyLYUGqO91JTCmU+YqbUIE+N4ulVKigGzc1TNu5VECZAHzKfcyFYuvB2E+xGX7oQ2K+6lD7uts/gK4CbJRH5aCseYVgLCYq+QKHfo/dHtqCQ0RuczjidTiNOBYUwZKqMljpmQqstnapNwMRwvsFhE8ed+0N0M9Lj9AeaTsSmg3GTJ2qjEgqFlcsCoyGVU8gSVXWuM1BudaKFmS5jKh+vlOG4qgRLA8PZeSE12mNr2OsGFZwqly7MZrY/97OM7LWwLRvZW0fpqSJ750GyIhKvMrI3XIt7rcHzjOy1cH43kb1umb7lyN5wTb6PyN6nXJXHjuytrM53Etm74AoVo36Dkb0Wx5VG9p4vFcNbi90tzgiEtWbKfZUYXjv5b3R7ZcFizUG8OPGjBfFuH+7s7HRof293f3eHdbvt/X6Hdfo7u/v97b2dTrIkPR7rqlZpOp7UYlptAOdzCOIN8H2U29tlEP7qQbwW2dUGlJ4vHDpaEcgNAqAWXLQyAfAS7/h08Y7hEvzZ4x0bafGNxTs24PAcLoG+sXjHBio+m4uge8U7NiD01PdAK493vAPnZ3A19FXiHRvI8J1eJ4WYfnfxjlXkvp94xxCz7y3ecQ5uf954xzkE+T7jHecg+y3EO4agv8Q7fsV4xxLhX+Idv168Y4nw33m8YzOu31a8YxMOz8HU/XbiHZso+GzM3HvFOzZh9NR27qPGO96F4DMwapeNd2xC6U9goH6T8Y7l6/hHb0aAqlmpO5q7Vp7QTNm4LPheZnzIDfNhFFrDhU3UXdgJ7tZixWGA7w31U/4HSzBUDq6qfRQgHCIhmneh6AqGzkXQs92EClfduAmnOkZz8GlsMVTvoGPmc71C4HMssVK/ERM6ozHz7YSO8OGM2YspuMeXE2OGQ0ieazgCEZ8U4vSKfoWUZOz3HLo9SEIFhA/YcW2zDdi5FFpd9w2xf89ZNrMthgruHwwO6cHhQae/H8fJLv3LAiRFLL4iTatkg89YRzVo72h7zWAXv4JkNiCtz4xJSbQcMkOqcrdBO7LtBOUIO6IiSdEE85NAP99NGzjJEkdrVaXrTn9w2B1s7+7v97d3ErpHt2N22D1M2qzNdva398rkdLB+ZaK6aRfm1/Ad29LR9cb1jUShpcmYUZVn1qIEJvZMaRnYkzxkY3dIVIjZbg/ae/uUtvv0sN3t7wfEyzMUWLZw8OdPZ/BxfuHgz5/OXElg21mF2Oo9aPxJM6U9D7G3qnlF4TWkfdIBb/DvZwxaOpJEToVhD0lUPGJj1vL9VydUj+z7kriw2UVqAa+2X94xdrNzTbCyNGiGWq4bFfbVPBVESegQq5iRQoaeYzrDktY2Hv30o8F2y5DQ0BWb8aWzlvcv0GpDTwENQE9tOSwzNnYADZqxT8FdMZSuOfWVrXmFlAshRIQMYEV7WpJyzTKaQvN2PyYTcSqto/DqX1ewRlf/viLrpycXb8mntz0/aHd/u7uBMIUPFr4Q50+BKN8+c12XEhdY6sD1IyLYtd6dDRW7fDKCi1dfFUdAqX5obOsJh8GyRrq6yRvUELuFPWrASxCrm7gwupTRBHeJLjVprY3OFYFwAcU04UYK2ZDpluFLIbUR89kM6qaP4Bgsv18Z3E2LvXfJOFcaBun7nsxJQ99ZdJrBw31G1iZiGJS1Mq+vRea7YK73Utto4ykWdbN4gV5TakLsIVVk3ZmtmmbR8I+NFmDux/S9YaUIA/88Y62vDf9YayE8OMLaRp2fJtY7FTTVGo4Xczbfi4c+Fn2brVghcBWFm+CHq0DIaDlZq6zX1Q9XeLdUbhPsgK40SBzk6SOqq0/WyOV0gA0yzDkDrdv42MhN275tJnOozV5IxVnADUrLMICLC3KVZyn0or2CfCgIKwWpijubK3BeCgxkYgkafqB/OlEFipQfMuy+39AFoCyvXu/sbG8pRrN49Lfff7Tf4+cftJyUVs+Jj+9gBV99FmOZYNd1LxWB9RVRjIkSZT1FG6QHF0QwjSqUFFxLY/ygUJJ9UI4Sf+L2me06b76Btc4YVSErUEggI6kcqpY/E6FzgWaC/Gbkmzc+bCAxKCvVNtqec3xPQf+aH5YqI6unVHlAWyVlSkhdF073YiIz2pyfS/w1oUoFXPPouUZ2+KIPBByCUQUGvaoutx+pHlXmDmSrJdBaBRyZLXnLiE6T19YMb4RDFnK6BsfOTv12YmdnuwQU2KWrVGlgAsvE+GufoWaDv9hcviYc/D4wNK0wW+3s+hucXaj3hO6acJbISHtaVk6FNO/CDs0K2YMhFgHskdVsM7zPg/n6ufZPtYLJEFnUnPyI2OteEDae6AIeAB2fvLJv286T/i6ZQx6D0JxqRvpMTxkrp2XqqUSDoHJAY6Ymy1hyuVpb5iKwRItJQQQ7K8zgO5kwv19V3sef5nUCR2bwY9nm38ZIXBtIGUYjrZkFWQu/qEpQ1CgtXROmWTbmgiXm5I25YqlNAqGQEGhdGMXttsoHA37jR4RnIPf19dYWPoJPRDIbbkTkIpu5/rqTSSZv+BjjOrgydo7i40k6Ixqs1rqyaZYypX2WKjLlaQqqGJxHU5amgP3F2bEqBE0so/zLWl20V4O1vD8OjONV8cE5jD5fLMKBU1XcMarg6nWj6onwzjm6ypg5hlolk/tJQJZbRRvVgBn5PacpKiFBp3pn6BRyoOh6bD397CZmEzzKR1LZLtm5SKzWXtvFEbgBqHOQBDZLFQLwQXLXYpe537HTbeEz0q5HHMxcb45e7JhWQIHCuq8i1GcpJrXUN3Dzbi9LhJC26AqhSkfjmR0BWR73PFV6Laq6HuwoJbsPcFX2jsjLJMeXKu93I5X3OyWx0iptzwI8lO7WCHBx9cUYa+hoMQeDzihPCwO4YZtStfCVqZaTS0DjKwhzNhhg12Izq2UUi/06uzg73mihp+WLkFPh+oRXnEooFFvOUwniLdzawSZpcAJU5y0cN0FHtViOgQ++bZkP8n6euC9WYjHBD9+X+CZXLFthOMJnO3yDIh5CAK86N7H7PN9PDFwI1wHWW+w0R8IFKsVGQNC+zFFwwqNow0FbOnZNvRFtPZa2b7/90nawM/wxotcMvDwMwkNkFriLhM44U1ZthElArEjoIk8FvMYTJymcS5sKQiFR31qVeAIEgnJsF26hlnQjKoZMRavd9WF3a/QYy2xWkBZU3jGD0Dg5mKezUUHOjo8+GhIeIdMe+6HC7b54SXSLOyQgrZCByxlOi9dLsuCZw/ORQ35W2WbUYPxKFUd+y+gIvvdFzWI8Svss0+SEC6UZF8sSB7j7ybgXZn9q9kUSrKzJb/2S0ddnAuxt2001U5qNtyYp1UaELs3liMUKj5JwFXGyZUEMEvgfncc++/awtpQD9JPJsAFp6VgawM0/yk1BqJBiNuZ/BH5iJL//+FmxQZ6aTXhlXop4cmV4ED8YBK+8mhlLMcB1pmn5KBRJg+aeK5Ysz65VRo2LbI/HZFJ3R6GKJOCFQaxz4X2BXKWgPR/JzNpzMiOpHAYXvqoh9ZmCpF2WFplMV5ay7OsNYWiGmYlQVLk0L3ar1a0q6Lz619oX3qeCXtJkzMVai6xlDIw7Mbw0Ay5Rxee70378tbJT8P+UCl6B/TNV8QoAX5S8W8nzJ1bzqkT4VhW9Kh7PUtUrgHxR9h6i7BV0fMbqXgHki8IXUuNPofI9hUYQxjY978N+8fCYR9AEHJzf6yFfxu9Znt9lEL/+0ezmfzl15566jkRPdaD6uuLP9axcXGY94CD10S9/hjNS02zI9J/SdWBRf6Z+Awvd89cjnsBpYGnzvSoTy1LgWaobyyLxLH0FFsIXleUhjgJLxGfsJbAQPlu15yu6CCwpvmPdJwwquqRDlysThBaR4tsFAoxwDBdmJCBPHurljhnGkFPSz+Q0yEz2e/RixGY2m0ON5JSY80SQKeu7dFvI/TBDcTEsAtJton3uQXXB4IvHBCXMDP+1hK6drbqW/ONICnaH5bESgArS1Ysv0QHNeAmoZ5/pVBGJAX9clvijius7+QdPU7q1G7XJOq7GfyO9j5/typAP56TTvexgcOM7Gpsv/mODHE0mKfuF9f/O9dZeezfqRJ1dD97633++eHfWwnd+YvEXueFKeWx1ulGbvJN9nrKtzu5JZ+fAkntrr71jGyx5oqtoQMc8XVVqyYdzguOTdRcTmbFkRHWLJKzPqWiRQcZYXyUtMuUikVO1USMgPlmD+/vIa/yApSzE0Cp4TqEXYWKwb52RQUksVGNrfIas807+Rq9ZlVpfWCbYqgywGg44mwcbK3HQ6bwdshPtRO3NTqe7CQU2eVyF/lmbZg9ea5fwH6z0vMX9jyplnDnwtVbWzWf3c8yElqpF8n4udH7bHqbZlNf2sAFsZSq/wlDxKzuPrYEAmj/VbCgz/gc+IatIcqGlX1wjou2B1s8kTaAQH8tio8SDbONMBfbAB/+4YmQg01ROzci2U1+Rkwx5Y+u+ys/Ga5Jykd+0yJjGQFHBb4rUBkvXegGHD+dkJvNXrzJz/lPIYoCAeZukY1NqU650yybcB1kRmOTvh5zISW7soSQiH1NGFSMp0yRXkD9A+jNDKGFmoAILb+JUJ73zlqHqJJMTqRjhQTYdTRLowliPgAc0F9WXpYpWW1iqxueLiq5OO+pUD9XVghpU7LpDyTKKQKCKX6f2ELVK+D/Pjt4von6b55ziTbMi49GagzNy0O5Gnd+JpsN1tYGpVhMaf2HalwxSmClBFeFiCEVFoF8F/gnjU6VkzG1dPDOEcCnSYIeDoW6w9huT+qK8djI8HF2vRr9T3mOmeGSwb8IiY7HMEjMcF8PUYqvpEJKyQDrkUJgBGkS6xRthoQED6O+bXGz+TpiI6UTlCKVqWTdCE2SklP2tZxMeB9lhNjcBiq1Qn+aumFAyI+ssGkbkvxj70iK/8IypEc2+bEAON79m6Yx4Iw2cRhkdQM3iCiW4ECybu6o4BMGHLHLFAiuy7rIu7Kj2tzL+G3OQvB09xM+OuyyWt6CH0u4vTpynMy9/ufASyuAuGnjFMDr2C2KOHJoOhyAL7JAf+q6hV8DcjnujkMvtKdDAf+5xO6Tn7dBNBFVT/K6wlbyccynhKs4YOLOqO8yOCRAE481blwHP2JSmqWqRDJhftdAHQhPSpykVMcvUElbwyhyngNDpMRoVhiWKStCe+nV5veiZs0Ij+cPE1sUEDMDJtAwOMteKJ3fUGPdSP08Fy2if+5qtTvzXfph/DphjoDTQAvletGFqUkv+cs2ZCzfUQslWqMCttCACNGeSA6cQGHmexSOuGXa2AkR0jS4Ugn9Uke16AYqgLUXitOdNv7/XB+ENxjFYumau88/nJxvmD2w5kMKDftDiBVe3UGbkrd23G6U8zaL/8+85TWdqmNMsifBvqKf9+5T1RyydbA3kJVTUSbeMvpeyZMjM0FslBC+d7sxUNNLjf/0DBvKAlYlRPPvvjcZqKa56lMvEq6uJr/615vBa4r41Ts1h4VKoV8Ql0EahNJEvSVqigoplVmiWpcUp/DlhkRdoqwFduuNrpbbqZWX/eb5wDewA4mdrQNeoGnzRTFLYfPbMUv4IpymchuFsTW/P2R7xNYvGXGcM+6MbGbY1oL8Dm6c/xNfsEhJPLwPg1GWcMWMw/asHxdn9tKFs5QzP4pObiVRGcvT+eRJi+O/a+p4KYx19OCfYwYV0o0432muFZU3K5LBW3qePvSVaYjPoc7DqDeKkaHB3BJoPXnFydcvS1DdH0xI17I6TRUmwMs3EYO4wtqJh/fR4wyXZ2+YVpeIUTYclwVzniJyG6ckkL1/H2QnsoO7uuE7X6umxKOtPR1RfcnVptgBPNiyvV3m8MPmrvH56/O+GNdrErkDtdnuJlv9QYWdltb6PSMaw7Nh8AVPSn620wbKlY675EM0fTwu3GJ77k8q6VAnTvCLxkG/2uTDfguc3HvK/mT9+9HTc63SWIKNhvMuVMr+1ImVGVExFM6s29onqtDsH0TJMYcYXLIuumUjkqqqkX9iiKfMOeACBIAg1tC6YoP108ZZAscxY1C+aydyGzCCVVDeqsOdmGKyckFExtLek7ahtNO5OO2rb+ifmT9Jn7qZhLJUmil2zLKy998aomMqOKI31aTQ2pZhSY7iWBak9SSXXjihjpjMeK7JOtabxF3INgTiFRxPL3t1wPWuRScavecqGzFYQttEXmmVYRnmjRfh4QmNdjBrGUpgx/LjmtWEGw5qhbFQUwGTbpELx5jlKQIP65VR1YN3NRMa5QXmjpqnuRrvLLTET1zyTwoy20K3nV1rrkxCsuxadihnxRR2BS+wKtch9Vgju7nnGzPjqGSyRZuOJzJ7T6lxYiO5aGLgmHFOdI6ENSRMeFJRqlc5rt1bx4+2LBSm8Wl85GPLvXReSksejMJ3X3//zeKM47KH6loZ2z55GsAzAn1R84WIILuq1Mzlda5G1dyzh+XgNuXntZz4crcESGDONXHfNonrx6UcETlBVByTE+RVzaZiqGGs7atsqTjPwISZswEW5sK0ZoXi4tEYBF8ETXBE5FSxB7YUKOkTf09vTT+cX0YdsiI1nyDp8YYQn+Xy+iR3xhRSbk0wOeGBqBS1fWmQ6kkYYcOXqVWtJRiydgNwHj7piMTCn0WxBThjtayJFcK+qGR0rQuNMKlScpzJLkzksKq6TSHClo6G8Bp/FphVFwK51YYCXI4uxql2SFWoXftUbNQyof2SoB4LCHYIU+qdBc/LU02yScZlxbReCZGxIM4gjCETA/ShYU+LNNLGf+g4/5M1u+zB0P0K3mV6lXfqtN1FcGS0gxcMB72DQEjEbyzkkzWa5qfS0V6W+laGnkmMnjHRGUjkc2k4M5OLsnBhhijc5CR9yOAldl7uidZ2nCItzbXQ80ueCZtzoMedb707fnZRnEzZKvS8TeAYOUJrOFJQbhmLoDkoJHv0vfs/+4iqmh43DMHxVYVcI83YLamD7e16I+LsyP0BHoasIhrEjjqgaMeX47fjk0yYT5tQot6g3YsZHltvS/ubNK2iZAgXoS9crfVZcI/t7P7y3QkDMy5Ea0e7u3tWGR+/k2i4q1UW4bNhstuZedndHxcWaapVBcaTAvkZIj7Beo3VAm9W2rixypVMVBT2YrmyLBjsi/BynnAltCbr4LQhNYaOaYwUyDVYV9+kbVtmmcsG8tu7j+vnR+40II/XMPIpc02xmJH9c2Y6gHrg+mqgoBGsCrp0+NMI02xCiMXHlioYUhsuP35+TEGNC1s1QU54mMc0SZdXyUgIHq7fNfPXXoPr1wlqG79L/BG0afZfG+zUyb+hXv3yfeo//U7RuVFXUFu/daOF+Du0al1s97NbouzEaFapFPnz+sdKbHfoz3rLSfq/cd8WfTZvGd4YpjFT4J2fTJZF46s6M99u4pyJ+AJ7PoEHjcmhXOHtJ1L/TRo5C6kto6bIAOvfuvy8kdCFg2SI9+LvtzfY+9ODfft3Zfb19uFwPfoMQ3ketEiPwMSyCTedws30A2HRe77Rfd3eXwybotb7qxtlHvou8C/nBK31dazxfxXKJ1tQBPtC+f4WWKoyPuNhAFZam5oHY/hR0mw/6gQcWGFmwub6xRSe73YWvAgIiMNvqfwE6zGuif2KHKDo8sAxKbZcXDcMZFkNob3d3e9+boQm7qd6DL46g4n8sssjzkAOXA//DX2gEa6YmNDYGF+lzXdfCu+2dg8XdJhmn6Wr719rURJzK3YHC0eLZs/kUAxcICBqlmYhD//TA3kxDaXJY2cmICmw92yJcB1HcaJVq6zmQYAylRoGAa4zJBIO7/dBFJ7waYXd33755c9jbPz5587Z9eNA+PO50e72jxZvTO/fEygXaaTlRudTJ3AER7vxfGAQ5jscMrnbC4up49Dp3CvlJkjMqhqQHjfxJyvsZzWYROWfM34wOuR7lfYhcGsqUiuHWUG71U9nfGspO1NnZUlm8FcMAW8ZGh/9EQ/nD2fb2/ubZ9m69145Rv3f3NpcQt9999/9vteP/S5f/B6z2szEZ79fZ/7vs5v+ddPD/vrv2fzOd+jfNzK9Jn8FVNRXxSGb4cTN2EYz2fuYNPlMC4b/D2D3XUcieSeZ1f9/grgrgZjNNbTNHcDMbUBs945C8NJJKB4Ia6URT7ps1TqgeuYeDBxsANP8cs0nGYriF2ISbgOJFuHaBT7ycx0SFS6QqwWfwizQfsz9cHv188DCOvfLwmA8xzvI10VnOyqMjRUrDStgs9iv8cNnEN3NQ9+sDYTRwtT/MM1gUnKwJvwVIb1YofO5WtGDQ+67prSMb4hp1n6mIC6UDZ+mdNAL3A75L3LuEJ25bxKnMk2IH9MxHFxeQkTHTNKGaNm+Kd/ZXDO6IS69CAGFhj9AkuYQHLt2Q5smYKYXBY+EeKWEOL0V8TIdBNdiiAsmYb9J+nHS6243yo2CQUzMCOT324YkIrqOIZY8fyJFZKXhIpknIqA4gA3+EUDlc71jqxodvXe5gDgdgEbp4+zQeIf/80jMtwL2VuRZl42C2MY1HXLDLIBv69snsC2H69KJzhdFWlwsItNvfWnTWSSZBii24cPbx5dctY8NC67t9jtKjjeM7sZDI+AvwqpULx+5zw/bC30DvMOdjmjJoHw1CAX8zO1yNZKYvUTIX+oQ7jnG+TS8T5hybHizScANdfqUkRPB0gEpV/scmYgUEa36lkWhzpjISZ/nZQNIFG2rJWStvLjbp/aezDUHJD+Tiw/GH1+RnOTXqxZhOsBrA32qwlA56cvthT+bLc+JlOoIQOc4152/Btz/jp4ZBTsVAhtxqjwVoc+lkTcCg5vtG9rTnxknvPMwsdr0YVcRiFc3GaWSfw9Q4mqFPVUixWbxZqWYrfQPG+Zw+f2lK9dvcEH0pU0bFguQdFBSBBJxi2evzShX1c57Wp6yvqD+91zoHx5324dpi4Hw4JzBDGBfTDEgsE9a4D26DRemM6Xi0ODBuFixEKWaeA7/kfZYJpiEUwPLh38PvGsYtfvc6V1mBKgYlIRfeLlWLl+6UrCWgb+e5KsUnMmkWO0tt5oACE4lupfrimqnyBhl+35k+yoR8Pj2uTwQm84TGj4dUMWJ9MpnURP4DJ3MFk+ZMVjFSHj6hG7App9vM+H//9/9RtkJSHSQrwf/64LMi+PlyTCcTLob22bW/LrixA5zs2TamkzrIULgSfWDPDu4AtmbgbQnASLEUElSeHwrntkihh7AZkYxNUh5TVa6wSR7MzcW4czZRwiapnI0rJvzDJy7GnTMxOPcGefroKAcDz5n6Dh3zvhP7Ye+ctlmhfvi8OK49vO05WZzcH/0XDePaH4sz2zsMms7YYmyy1AHLbhZV6e0MURGdfYtabzH+TabyC6ebNNcy4QqSawr0/wf+So7tLzMSPkcCr8adDqKGoUINx8Lhh5znOrXPRehBK+fSLOExdK5le30uBx6AoLBU85z8Nsf2nOlOaDyyJVVHtJTQbAODbDtwxvWooGtCkhzrKGia6Xzi7thwIA6Vm8eYS+19nhAvPqEZHTNtEMtsfhWsG9Ng7mDXaPjCfGzZhF0ADbIyaAoN0RVGTZx+xCcsexGetCCUHhKuSiBBeoZWQJlmEtpI80kmkzzWyxMSwnH83rXDGBXc43bbtPdml9K0r5SvlbYezLxxx9RBsu6SM+O7/obVox/wgiJZLqBSHRfNcORZer/ZP386IyNj2I+MGQjTWW4FSG4jepxnlWugsgk6Z9ZfRgy2QYHflCrP4tZcp7keMaF9HZKMCKm9FVa92/HVKhqnRLPcGvC+vBRYYb6Re5C7CsWUXTyfQy+jQmHuroFlkMopQk0n2sA8T54FDs1b1sDVlIBa1sFM5Vo6P19cfGyRd7Pzf5y1yCeWcEy4+fT53QYJiiGsGeDWDBKuopv5wsfn2ITUpMnxWGxfOGjuvpSqppE7GQJpL1gsrYpUdOuUNBuqRfbqeExFsply8XhT147VOQAc9ZVMc83gVC5yHDN7YgIQxVi3zzmV2RejTPsWEXfjbl8JukpYApRBuH1eOHEW4Es+Zk3oweuG6Utz2DyiR+IeLrjmcN15+ypWZn0kBrrn7A/iIRzrbh6qzPmYPFQG4fZ5l+WhCnplHrJ3c6x8HZcxml7ySemIqV9/uCKHA5lNaZawpHilqhXfCu1paR9ZDnDJ66FYBn/pJJM3sxYemyD5/Tixu66Gmne2CLxDv8gkKyqqvZWZFe4lea9BOXOPE3ajIdQyce0BwotwP5YZh4wYTVjWMsq3jZogV/+x+dbRx/x1FXb8ECkyvi9jxhVJuDIDJxAfStMpnSmr3EIYactqg2RMdTwKUuEgoRKRveSTK0BJGKXV0MtSocpZQNyJzPSCK119fqllvnCrCQVdJpnUMpZpWMSpvOENXwipXRC0VagLN7uOsZ2PUvkY+NnqKHDqXkL8RKGorL01mgMkh641qyuLKCugfnCtWDqYp3iYR6JB0H5gCQXt1JYHVUbzxngXrkhKlXafBI5vSANzQKYDTZXlWoc0/oMuQwVFloVmGWZtWyxsQJNIZxWegAn4HQrsqU0Wx7FOjwkm80MKtS9Pa+x3S0GRFLuvPpuvJ3xXsHlgaEIJ0iB+2DXbsFVkB8ZSi8hpoYxRLDa3qSnkZ8MDwebxW3DK0zSsJIiZ3KX6va9Ubf6UKx229oEKF7eJWIP43bfY5cW4I/ynynNzhgsfvHXE2rLMGTB47tbxsCIWhO6pSDB92Z9ppi611HcCbl+FF+41FdZPXmoy+8oi0yVM6XvhZV7kAm/dFkauMtsyqIXz3YGflaYgkWvS9CI4lR8qVEsn/K2y1eCcL6BljvhwhFGT9pUGGy9ChYzOsIEXlBIBMeBHwqyNhE2YSJTrneaOrRbkq2P6vzLnPB7RY0ZFmJbABb5vhHeh7sIIc+xCu1pSKd5P2SXWeQ69lx/+Hnw4ybLAAt10Ob7Vr3uoA+HXJZKOmR7Jhbw0oLhvXbOsv4UvNRK1UKm0zWYqbHliZ7PR7T+dXLTIxw/n5r+fL2xFLUmgSJfRB87/cRYOQszUfqT185Ozk95Fi3z+eHx0cdIixydnJ+b/i1EqJ42ryHc3rqkc8pimlRp+AErIq1BEUBEtG7AuaWWfP52hvZFPnMkBZ7pKqRqR9a1ymd0Wpg3ha8FIV1u5Ypna6ly1HN8hdFy5365woMTWI1K1BwuwfL1uWEEI6RRwYl741g628cOAp6nzDaVpSIFwNFY92A3Ct3H4LfRH26wiGW6jtiNXWbM3/FMiRfFsiLB59AubbeJ2V1pm7uliF+NbkFlZQvL3nHmzb0n3H7wKsc1klI+pQZAmGFqL4dgBmlyjVlKsWtBrQ0mzq4y5BC2crn46uSCWVS4Vo1k8wgqPmiltGcS6srgOWaI6Dm4wwq3ZAyOSKRSODcarLnpGx+WrmKCI7i3UsJ3WCg+7Ki9zGN5jRAaRGTGIBs+X1v5ilPGB3vz0sVd9u3ij0BnLfd6CPOVK3EZDlLaRqNGYKVXcos1B8x0+ZKf9CIcvBLzbMy+sZp2r3DalsxYtKwn0sR9K2uqGk4x5izmjU+B7l1AaFLyxDuYRSyeDvKj0BNZXJvN+ytRISo0tCawCkNFpcfB/gg/VBND6Ee/gCHcwwDTnZLcrsCTnmJU2T/kztbLNHVfB/QsT7gyf8qB82jqdwLU0gJjSGcvAKLIyGaowzYrx/fAyz0I7K2OKCV0q3d3MVJXKZI+HKQ771KiWlMYxoyq3JRgD3fFd8DVZDzRJtbGMFhmObutXJe54LfkNyxzXbI2hxs7vMncazJDbXKz+EhReqFKLvJc61C0gi7qiOtRXzO59kjIx1KNyyy/8zs1z+jG8nbjoOfdULWsDcJf5XU6gebbKfSiA3PqUJPh/AQAA//9VaEu9" } diff --git a/packetbeat/protos/amqp/amqp.go b/packetbeat/protos/amqp/amqp.go index 1113d4ee6df..f0c1e26dd28 100644 --- a/packetbeat/protos/amqp/amqp.go +++ b/packetbeat/protos/amqp/amqp.go @@ -455,6 +455,10 @@ func (amqp *amqpPlugin) publishTransaction(t *amqpTransaction) { } fields["amqp"] = t.amqp + if userID, found := t.amqp["user-id"]; found { + fields["user.id"] = userID + } + //let's try to convert request/response to a readable format if amqp.sendRequest { if t.method == "basic.publish" { diff --git a/packetbeat/protos/cassandra/pub.go b/packetbeat/protos/cassandra/pub.go index c4d0164310e..3b90c53feae 100644 --- a/packetbeat/protos/cassandra/pub.go +++ b/packetbeat/protos/cassandra/pub.go @@ -69,7 +69,9 @@ func (pub *transPub) createEvent(requ, resp *message) beat.Event { evt, pbf := pb.NewBeatEvent(ts) pbf.SetSource(&src) + pbf.AddIP(src.IP) pbf.SetDestination(&dst) + pbf.AddIP(dst.IP) pbf.Event.Dataset = "cassandra" pbf.Network.Transport = "tcp" pbf.Network.Protocol = pbf.Event.Dataset diff --git a/packetbeat/protos/http/event.go b/packetbeat/protos/http/event.go index 691f8b1d156..f53ed9b632d 100644 --- a/packetbeat/protos/http/event.go +++ b/packetbeat/protos/http/event.go @@ -42,6 +42,9 @@ type ProtocolFields struct { // Referrer for this HTTP request. RequestReferrer common.NetString `ecs:"request.referrer"` + // HTTP request mime-type. + RequestMIMEType string `ecs:"request.mime_type"` + // Http response status code. ResponseStatusCode int64 `ecs:"response.status_code"` @@ -69,6 +72,9 @@ type ProtocolFields struct { // HTTP response headers. ResponseHeaders common.MapStr `packetbeat:"response.headers"` + // HTTP response mime-type. + ResponseMIMEType string `ecs:"response.mime_type"` + // HTTP response status phrase. ResponseStatusPhrase common.NetString `packetbeat:"response.status_phrase"` } diff --git a/packetbeat/protos/http/http.go b/packetbeat/protos/http/http.go index 3dd7484822e..dd57ada3ce9 100644 --- a/packetbeat/protos/http/http.go +++ b/packetbeat/protos/http/http.go @@ -19,6 +19,7 @@ package http import ( "bytes" + "encoding/base64" "fmt" "net" "net/url" @@ -439,6 +440,11 @@ func (http *httpPlugin) handleHTTP( m.tcpTuple = *tcptuple m.direction = dir m.cmdlineTuple = http.watcher.FindProcessesTupleTCP(tcptuple.IPPort()) + + if !http.redactAuthorization { + m.username = extractBasicAuthUser(m.headers) + } + http.hideHeaders(m) if m.isRequest { @@ -533,6 +539,8 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { evt, pbf := pb.NewBeatEvent(ts) pbf.SetSource(src) pbf.SetDestination(dst) + pbf.AddIP(src.IP) + pbf.AddIP(dst.IP) pbf.Network.Transport = "tcp" pbf.Network.Protocol = "http" @@ -552,6 +560,9 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { host, port := extractHostHeader(string(requ.host)) if net.ParseIP(host) == nil { pbf.Destination.Domain = host + pbf.AddHost(host) + } else { + pbf.AddIP(host) } if port == 0 { port = int(pbf.Destination.Port) @@ -560,6 +571,7 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { } pbf.Event.Start = requ.ts pbf.Network.ForwardedIP = string(requ.realIP) + pbf.AddIP(string(requ.realIP)) pbf.Error.Message = requ.notes // http @@ -568,6 +580,7 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { httpFields.RequestBodyBytes = int64(requ.contentLength) httpFields.RequestMethod = bytes.ToLower(requ.method) httpFields.RequestReferrer = requ.referer + pbf.AddHost(string(requ.referer)) if requ.sendBody && len(requ.body) > 0 { httpFields.RequestBodyBytes = int64(len(requ.body)) httpFields.RequestBodyContent = common.NetString(requ.body) @@ -588,6 +601,11 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { } fields["method"] = httpFields.RequestMethod fields["query"] = fmt.Sprintf("%s %s", requ.method, path) + + if requ.username != "" { + fields["user.name"] = requ.username + pbf.AddUser(requ.username) + } } if resp != nil { @@ -913,3 +931,28 @@ func (ml *messageList) pop() *message { func (ml *messageList) last() *message { return ml.tail } + +func extractBasicAuthUser(headers map[string]common.NetString) string { + const prefix = "Basic " + + auth := string(headers["authorization"]) + if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) { + return "" + } + + c, err := base64.StdEncoding.DecodeString(auth[len(prefix):]) + if err != nil { + c, err = base64.RawStdEncoding.DecodeString(auth[len(prefix):]) + if err != nil { + return "" + } + } + + cs := string(c) + s := strings.IndexByte(cs, ':') + if s < 0 { + return "" + } + + return cs[:s] +} diff --git a/packetbeat/protos/http/http_parser.go b/packetbeat/protos/http/http_parser.go index 748ea9dc712..be4343ea120 100644 --- a/packetbeat/protos/http/http_parser.go +++ b/packetbeat/protos/http/http_parser.go @@ -62,6 +62,7 @@ type message struct { isChunked bool headers map[string]common.NetString size uint64 + username string rawHeaders []byte diff --git a/packetbeat/protos/http/http_test.go b/packetbeat/protos/http/http_test.go index 0fcf94a3f39..d6696e4b400 100644 --- a/packetbeat/protos/http/http_test.go +++ b/packetbeat/protos/http/http_test.go @@ -921,6 +921,36 @@ func TestHttpParser_RedactAuthorization(t *testing.T) { assert.True(t, proxyObscured) } +func TestExtractBasicAuthUser(t *testing.T) { + logp.TestingSetup(logp.WithSelectors("http", "httpdetailed")) + + http := httpModForTests(nil) + http.parserConfig.sendHeaders = true + http.parserConfig.sendAllHeaders = true + + data := []byte("POST /services/ObjectControl?ID=client0 HTTP/1.1\r\n" + + "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5472)\r\n" + + "Content-Type: text/xml; charset=utf-8\r\n" + + "SOAPAction: \"\"\r\n" + + "Authorization: Basic ZHVtbXk6NmQlc1AwOC1XemZ3Cg\r\n" + + "Proxy-Authorization: Basic cHJveHk6MWM3MGRjM2JhZDIwCg==\r\n" + + "Host: production.example.com\r\n" + + "Content-Length: 0\r\n" + + "Expect: 100-continue\r\n" + + "Accept-Encoding: gzip\r\n" + + "X-Forwarded-For: 10.216.89.132\r\n" + + "\r\n") + + st := &stream{data: data, message: new(message)} + + ok, _ := testParseStream(http, st, 0) + + username := extractBasicAuthUser(st.message.headers) + + assert.True(t, ok) + assert.Equal(t, "dummy", username) +} + func TestHttpParser_RedactAuthorization_raw(t *testing.T) { http := httpModForTests(nil) http.redactAuthorization = true diff --git a/packetbeat/protos/mongodb/mongodb.go b/packetbeat/protos/mongodb/mongodb.go index 28a9350840e..b05ebce9150 100644 --- a/packetbeat/protos/mongodb/mongodb.go +++ b/packetbeat/protos/mongodb/mongodb.go @@ -382,7 +382,9 @@ func (mongodb *mongodbPlugin) publishTransaction(t *transaction) { evt, pbf := pb.NewBeatEvent(t.ts) pbf.SetSource(&t.src) + pbf.AddIP(t.src.IP) pbf.SetDestination(&t.dst) + pbf.AddIP(t.dst.IP) pbf.Source.Bytes = int64(t.bytesIn) pbf.Destination.Bytes = int64(t.bytesOut) pbf.Event.Dataset = "mongodb" diff --git a/packetbeat/protos/mysql/mysql.go b/packetbeat/protos/mysql/mysql.go index 506b6c30ca8..1553bdf9901 100644 --- a/packetbeat/protos/mysql/mysql.go +++ b/packetbeat/protos/mysql/mysql.go @@ -1159,7 +1159,9 @@ func (mysql *mysqlPlugin) publishTransaction(t *mysqlTransaction) { evt, pbf := pb.NewBeatEvent(t.ts) pbf.SetSource(&t.src) + pbf.AddIP(t.src.IP) pbf.SetDestination(&t.dst) + pbf.AddIP(t.dst.IP) pbf.Source.Bytes = int64(t.bytesIn) pbf.Destination.Bytes = int64(t.bytesOut) pbf.Event.Dataset = "mysql" diff --git a/packetbeat/protos/nfs/request_handler.go b/packetbeat/protos/nfs/request_handler.go index d4656047743..fea417f4dc1 100644 --- a/packetbeat/protos/nfs/request_handler.go +++ b/packetbeat/protos/nfs/request_handler.go @@ -79,7 +79,9 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC evt, pbf := pb.NewBeatEvent(ts) pbf.SetSource(&src) + pbf.AddIP(src.IP) pbf.SetDestination(&dst) + pbf.AddIP(dst.IP) pbf.Source.Bytes = int64(xdr.size()) pbf.Event.Dataset = "nfs" pbf.Event.Start = ts @@ -102,6 +104,8 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC "xid": xid, } + fields := evt.Fields + authFlavor := xdr.getUInt() authOpaque := xdr.getDynamicOpaque() switch authFlavor { @@ -119,8 +123,14 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC pbf.Source.Domain = machine } cred["machinename"] = machine + fields["host.hostname"] = machine + cred["uid"] = credXdr.getUInt() + fields["user.id"] = cred["uid"] + cred["gid"] = credXdr.getUInt() + fields["group.id"] = cred["gid"] + cred["gids"] = credXdr.getUIntVector() rpcInfo["cred"] = cred case 6: @@ -133,7 +143,6 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC xdr.getUInt() xdr.getDynamicOpaque() - fields := evt.Fields fields["status"] = common.OK_STATUS // all packages are OK for now fields["type"] = pbf.Event.Dataset fields["rpc"] = rpcInfo diff --git a/packetbeat/protos/sip/plugin.go b/packetbeat/protos/sip/plugin.go index b9b1264f967..bdd93d24117 100644 --- a/packetbeat/protos/sip/plugin.go +++ b/packetbeat/protos/sip/plugin.go @@ -178,7 +178,9 @@ func (p *plugin) buildEvent(m *message, pkt *protos.Packet) (*beat.Event, error) src, dst := m.getEndpoints() pbf.SetSource(src) + pbf.AddIP(src.IP) pbf.SetDestination(dst) + pbf.AddIP(dst.IP) p.populateEventFields(m, pbf, sipFields) diff --git a/packetbeat/tests/system/config/golden-tests.yml b/packetbeat/tests/system/config/golden-tests.yml index 42ad0c746d2..5adcf50b5cf 100644 --- a/packetbeat/tests/system/config/golden-tests.yml +++ b/packetbeat/tests/system/config/golden-tests.yml @@ -35,3 +35,8 @@ test_cases: - name: SIP Authenticated Register pcap: pcaps/sip_authenticated_register.pcap config: {} + + - name: HTTP Basic Auth + pcap: pcaps/http_basicauth.pcap + config: + http_send_all_headers: true diff --git a/packetbeat/tests/system/golden/established_tls-expected.json b/packetbeat/tests/system/golden/established_tls-expected.json index 3cfa141af3a..ac0145028ab 100644 --- a/packetbeat/tests/system/golden/established_tls-expected.json +++ b/packetbeat/tests/system/golden/established_tls-expected.json @@ -250,4 +250,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/http_basic_auth-expected.json b/packetbeat/tests/system/golden/http_basic_auth-expected.json new file mode 100644 index 00000000000..3943796d341 --- /dev/null +++ b/packetbeat/tests/system/golden/http_basic_auth-expected.json @@ -0,0 +1,155 @@ +[ + { + "@metadata.beat": "packetbeat", + "@metadata.type": "_doc", + "client.bytes": 33, + "client.ip": "172.31.98.49", + "client.port": 51958, + "destination.bytes": 61, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "dns.additionals_count": 0, + "dns.answers": [ + { + "class": "IN", + "data": "2606:2800:220:1:248:1893:25c8:1946", + "name": "www.example.com", + "ttl": "21353", + "type": "AAAA" + } + ], + "dns.answers_count": 1, + "dns.authorities_count": 0, + "dns.flags.authentic_data": false, + "dns.flags.authoritative": false, + "dns.flags.checking_disabled": false, + "dns.flags.recursion_available": true, + "dns.flags.recursion_desired": true, + "dns.flags.truncated_response": false, + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": 42715, + "dns.op_code": "QUERY", + "dns.question.class": "IN", + "dns.question.etld_plus_one": "example.com", + "dns.question.name": "www.example.com", + "dns.question.registered_domain": "example.com", + "dns.question.subdomain": "www", + "dns.question.top_level_domain": "com", + "dns.question.type": "AAAA", + "dns.resolved_ip": [ + "2606:2800:220:1:248:1893:25c8:1946" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "dns", + "event.duration": 20690000, + "event.kind": "event", + "event.type": [ + "connection", + "protocol" + ], + "method": "QUERY", + "network.bytes": 94, + "network.community_id": "1:/Zwm1tJot2cAhFAO0OxKQHuXs3Y=", + "network.protocol": "dns", + "network.transport": "udp", + "network.type": "ipv4", + "query": "class IN, type AAAA, www.example.com", + "related.ip": [ + "172.31.98.49", + "8.8.8.8", + "2606:2800:220:1:248:1893:25c8:1946" + ], + "resource": "www.example.com", + "server.bytes": 61, + "server.ip": "8.8.8.8", + "server.port": 53, + "source.bytes": 33, + "source.ip": "172.31.98.49", + "source.port": 51958, + "status": "OK", + "type": "dns" + }, + { + "@metadata.beat": "packetbeat", + "@metadata.type": "_doc", + "client.bytes": 130, + "client.ip": "172.31.98.49", + "client.port": 55874, + "destination.bytes": 1591, + "destination.domain": "www.example.com", + "destination.ip": "93.184.216.34", + "destination.port": 80, + "event.category": [ + "network" + ], + "event.dataset": "http", + "event.duration": 18341000, + "event.kind": "event", + "event.type": [ + "connection", + "protocol" + ], + "http.request.bytes": 130, + "http.request.headers.accept": "*/*", + "http.request.headers.authorization": "Basic c2ltcGxlc2ltb246YWJjZDEyMys=", + "http.request.headers.content-length": 0, + "http.request.headers.host": "www.example.com", + "http.request.headers.user-agent": "curl/7.37.1", + "http.request.method": "get", + "http.response.body.bytes": 1270, + "http.response.bytes": 1591, + "http.response.headers.accept-ranges": "bytes", + "http.response.headers.cache-control": "max-age=604800", + "http.response.headers.content-length": 1270, + "http.response.headers.content-type": "text/html", + "http.response.headers.date": "Wed, 18 Feb 2015 00:13:06 GMT", + "http.response.headers.etag": "\"359670651\"", + "http.response.headers.expires": "Wed, 25 Feb 2015 00:13:06 GMT", + "http.response.headers.last-modified": "Fri, 09 Aug 2013 23:54:35 GMT", + "http.response.headers.server": "ECS (pae/3796)", + "http.response.headers.x-cache": "HIT", + "http.response.headers.x-ec-custom-error": "1", + "http.response.status_code": 200, + "http.response.status_phrase": "ok", + "http.version": "1.1", + "method": "get", + "network.bytes": 1721, + "network.community_id": "1:TMPM5eEnGOXfxAjx6NKlyjx+X10=", + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "query": "GET /", + "related.hosts": [ + "www.example.com" + ], + "related.ip": [ + "172.31.98.49", + "93.184.216.34" + ], + "related.user": [ + "simplesimon" + ], + "server.bytes": 1591, + "server.domain": "www.example.com", + "server.ip": "93.184.216.34", + "server.port": 80, + "source.bytes": 130, + "source.ip": "172.31.98.49", + "source.port": 55874, + "status": "OK", + "type": "http", + "url.domain": "www.example.com", + "url.full": "http://www.example.com/", + "url.path": "/", + "url.scheme": "http", + "user.name": "simplesimon", + "user_agent.original": "curl/7.37.1" + } +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/non_established_tls-expected.json b/packetbeat/tests/system/golden/non_established_tls-expected.json index 39641270769..846c2d9d081 100644 --- a/packetbeat/tests/system/golden/non_established_tls-expected.json +++ b/packetbeat/tests/system/golden/non_established_tls-expected.json @@ -112,4 +112,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_1_3-expected.json b/packetbeat/tests/system/golden/tls_1_3-expected.json index 35fae5ab58e..ba826d5408c 100644 --- a/packetbeat/tests/system/golden/tls_1_3-expected.json +++ b/packetbeat/tests/system/golden/tls_1_3-expected.json @@ -122,4 +122,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_all_options-expected.json b/packetbeat/tests/system/golden/tls_all_options-expected.json index 0106aa9048d..b791c38aea3 100644 --- a/packetbeat/tests/system/golden/tls_all_options-expected.json +++ b/packetbeat/tests/system/golden/tls_all_options-expected.json @@ -257,4 +257,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_no_certs-expected.json b/packetbeat/tests/system/golden/tls_no_certs-expected.json index 69af5c89b75..d1907c51cbc 100644 --- a/packetbeat/tests/system/golden/tls_no_certs-expected.json +++ b/packetbeat/tests/system/golden/tls_no_certs-expected.json @@ -146,4 +146,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_not_detailed-expected.json b/packetbeat/tests/system/golden/tls_not_detailed-expected.json index 94283acb4bb..7d521abda44 100644 --- a/packetbeat/tests/system/golden/tls_not_detailed-expected.json +++ b/packetbeat/tests/system/golden/tls_not_detailed-expected.json @@ -90,4 +90,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/winlogbeat/cmd/root.go b/winlogbeat/cmd/root.go index e6d29e3a62a..41259e7cab7 100644 --- a/winlogbeat/cmd/root.go +++ b/winlogbeat/cmd/root.go @@ -37,7 +37,7 @@ const ( Name = "winlogbeat" // ecsVersion specifies the version of ECS that Winlogbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index 5df290e69e7..4628e29caad 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -2044,7 +2044,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2097,7 +2097,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3288,6 +3288,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -4362,6 +4375,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -4532,6 +4558,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -7683,6 +7722,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -7858,6 +7898,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -7868,6 +8021,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -7971,6 +8237,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8087,6 +8466,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/winlogbeat/include/fields.go b/winlogbeat/include/fields.go index 37f77acf315..ee7ef95c22b 100644 --- a/winlogbeat/include/fields.go +++ b/winlogbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetBuildFieldsFieldsCommonYml returns asset data. // This is the base64 encoded gzipped contents of build/fields/fields.common.yml. func AssetBuildFieldsFieldsCommonYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h7/6ZGcmRR9P/9FAom4g3sM4VtfveLeRs00DO8pbvZgZ455+ycBblKtjWUJU9JhfG8uBH3a9yvdz/JDWVKKtUPg21wN93LxJ4TjW2llKlUKjOVP9bVhv3SAjUAi7XgWw3yole6qjNZAZlOa/T4SyEFHF0g+I5a4OBYtHYQobHOsQKEbZGpWTYiax7empEfcKsFYN0qRGXhKgL+sl9bK9EKb+a6phaXhYVo+9BSW5RCVaYI8bAekMvSBGg/AxYWYlCnBozQ33OBTAHvVegstKObgBWkFVLXQPZBBJttxAjHqkl9jOC3HArlJzH0etEkIYqNqNA8xteje7hjqSDsHsMfWyWhzrE3fj9Pzc/uuEGX/8mKB2WDKMugnUbhSnPuzszP0TeGs4MpUIS6iwT9nfalUmmepoSh9w1r2GBTTWNTB75XIFifB20k6XicyXHGqWbpdBHjGp3Bq1KcgOvx6rMb473PgIMXMKMeH+QyV+kUuRnGeCkPz6zK56+nXEGf4rOLFqHO3QYe4lzwe6Kk4ZOIkP8sKEvTCZ0q9LeXr2w6cWtyfH8T2Q9ukGRlHU0YLap4WU5yVwcLPNkRH9+YpdxEuKybFknYmIHTnkirMxApAkeiuU4rET5URSI3SsIc+zIryMeW5UE4hKbQJblokUJzLYUcyVy5vvxA9+Jjv0DXGhwBrR9dftioFcKBAGUaDwtPE5ISI0RZww2929k7rOIcumFedsGF+cOKPgY4NYfb/SjlIGXk/Py4RI+GaJ15IkTDYeUajBCXA8VboANPIO8tS6CIrm/VQblDNTL2Iytb6tEfV4Pwy07pAZNRzPV0VWUAj7meNu/Oeyl0xipNfGE5UmgumFhZacIPpZKEdrLa+j7ITA/JEUSY0IZF5kJn02uuZENRoechHU5Bzi4/QgZCbYXHRzOXtardtEtq3NBjKmhSp5RrIv/IcgZMXoNx3jTvuRQDrvME7+uUavij7vD9/8laKsXaG7K5vx3tdXYOttstspZSvfaG7OxGu+3dw84B+R/f1xa5QifO958UyzbdfVxxcFLfY79FKLocUAuTfTLIqMhTmoXFR/WQTUkMtdeM2lkqhWbvTV12GvEMNaqYCXxYgBSCVGL4VI9lRdkqp9oWNxQuLyXj4VRx8w90LLZI7I51GJz2QWpDJ/ND1MBBYTUX3wguyAGTDtu6d6MnlZZiM4lre5OxAZdilSftZ5jhoYO2+Y/jWeta0VGza2o8af/IWY+VCVV9xqytofkJs4ha8G2d8a5YP7u42zH61tnF3d5G+c4Y0XgFCL8/Om5eS7WGuo6e8Gb7/ZWxHa01Bcklofbfo4ZpPxxdeaPaFlrjVt0qDqIk44zfUc3Iyfv/2ggU2fIBABMtlTQhPZpSEcMRDN78ZEYymZuTWdFUDZ5jOVcSx0LJEiEBIGXu5ZIAzdIFVLVaB2iml1PMKlk9tW14YkaRJfssFsfQTJax5LpJJXzGDuMQNjkYMqWDSR2NcO4WIDIes8QvOe85TdJv+bsiIaMVhBwDOGtG9mVG1vpSRvZ3USxHa4QrshZ+UC3fjY+jNpAqYVhUEUqssZgrYyjZlphguqb81qYs4cOfyvt9fu8hwm/Wh1qP32xt4U/wF8ZA2ojIFYYyaYlW/z0feS9zb0oUH43TKdH0tthXNHVTqjTRE0lS2mOpQqtaSA0hKlhE1GB/dX6ifJTyWiyj/HatfhEG1ChxhSf7KrnBTwJM75WUfm5O8x85TbGKbBCI48ImAqWhCIvBUBR2H7MxKjcQJAHD8A2vzCqW3SNCzgShZEwzzQM/GKmtAISHLRBt/s9+b0MrvCYFKk+e2jTRmIrCEUbKfNUKKGD7uao6Qj2WykkzmzefifK5CWm7NplMIkaVjkZTCwEZA08GVXot8hDPbClshDKkRZ1ZxBXD6900RUT8msp73UjlvU7p8LVKTFwsr1SZ1HW1LWCstfDMCUl0RnlqjsyYZVw2FMo2CHhme+SlQMvxNaDxGaQe6/cZVEc3s1pGsdivs6vzk40WvuXdCjkRzolbWhaxwqXl/OQgBAzLOl4JDklUF5DVeT3YILfN7BLwwdctGUEqzhKKxU7MJx7h8xLf5Ipl0WpZJvQYFClsPuIueHwksj/rWqSCnJ8cXRiRdYQYn3hQIa98X8eOjShPV4ScMU8JTODU73rYYmSk5zMn8n8xx6FB+HtVXAhgAD8QEZL2WKbJKRdKM8tiJdrAO8AXY0B8Cl45ByKSK3sGn13q3j5125dw8JhvuQDMBkbFda7QnRPuBE5WX8Qqq6NYSoHcgahxLYOe8WHMDIb2o4AShAoppiP+ZxBUiST0f37CNjm8T24AC+gVn9k/DHY3XhmIpejjXlXjdETSoF8ZM7CJqR4t1PA8rGR3C6asL+L5/DdfTKJdDo1FKWy16VQOuKgjHYg0CiKtTopMpivLY/b91oAhYSbn8YRCE3a9MyN5b3mPCnpNkxEXay2yljHQosXgGtqhPRbeGwZvuOpiQfSG++jBpCjmRtdiAXT4HUYzg8ehCFFMqKZ2hROqSCzTlMVQTMN+ejVkygOGNJKpzEmfiwQPlT/iqRwoe7Z9Iwo3N6TTYTjMAk/VbDxkI5bRdIW9TE7dHLWDyZVf/jrvQ+owdkXbqLXySuCYgGcJowqU67eRMShOorCZyY0FCCIskUwZvbOuSh7Qnf5uu90vEWMlMqmhlYsPURICg3hwxc7GcyThCqr7ZFwFglv2MUlOyIRZj34J5eIR3VfYAIYBBTxh9R5p3tqr9WEJF2Mz+kf0linCNRlLpXgPy2x4/ixMCsOnhiFHTGc8Rp6FxPAK15ZTzcyBAcM/zlOawXo9SDbi2vUdqgZ5fpDaRnZwzIkTzLYBZKwYoPBclpYBPglZInthGQcxJJiagaoI1eTGjLP3orkm4U9DfVAUaYMxnGzvs13W67M2ZXvxzuF+N+mxw367s79DO3vb+73eQXdnv79X4scVPS+UNErHbBh6E0gnoFYlklY0DIReJfZkgnyHhELLLzRN5QS3P+FKZ7yXh6kdFobN0clyyFryfg3IWivrOOh3cQFRSlMoLAB+6+KECO+uCZZ/hp/GVAEGp8Y65bHN5CudIqfuhB4QdBjnSvvoERIY928Z1aoJCJrI9lqCJkRjX/3E/9Rs5E2hmGH2ad8cDPSxBS2cGpwsIR6b9riVmUgmbKVvnI6bqGcJmLIiZwJO0BOJssizkoHgBjup6NR+8x0c0yDmO6wMBOUAIM4G0yVbwSY41L1YLJ4oe67xlAdqrxO/Mpca66DNx0sVkRwsoc5RlQWY3+KeBwHAZUa1PBiZJZjpXYpp6SRLpsT33xf6JdQntAEP4I0F5PxsrYp3VmZukTahMKykWOixEk40F4Ocq6HfteJQwpE29wXJx6Wr3t5zUpmlktBcsPVhLF0EU+79yYuEAnxFCpW5phAwjns2yCZKBU9ji9SICowaVaxBTXDzbbbtf52yhFZBKvqzBltgfQOEX8G1bMesqFYIqLwuKWHhewIGVupvojHfoM+W9AR/QweKucMkmOTUbdBZH4HIzMOgGausrnpCZ4jeidOcbkpS9eYRqVvajsaQ9+fZkV/KFV/dhvi42ZJtUd+VQgZrSVIpb40JRm2qLNPYUbRiWwRFZr10r1NjO+pGO6GdBeG1JTOr+OQBKwt/5ewglz9ci7UmisH7EUoxF05tY4238OE4arKsDGMEwc+GMWg5Hrtl353DDAqIs7UCMXzUxVWVFhHGphe1L0KkggDvR0K7w3d5G99d4DQrgjmYJZZC8QR7ZQ4ZqEjQxDMoroXhu3/xVyrGPoNHVJTxVrMmdGQoE9PxehiqfxbY+Pi+4mE7yyimYe6njW2H9RY5FgTdB1icofl3jgoeS8zL8uR+mYHclr6vgdyvgdyvgdwvJJAbz6QrdliIvS8YzY1Leo3mfo3mfp4lvUZzz0+z12ju12jurymaG++KlxHNDWtZcTS3RfiRKGaaWpOhOIrSBzg3RjIHWcHGpgGjWAxefGT3THJET6THC4zsnl9T+4zh3Q08/8XDu0P98TW8+zW8+zW8+zW8+zW8+zW8+zW8+zW8+9kW8Rre/SwM+Bre/Rre/Rre/Rre/Rre/SDNSv39EHUbdnBVfDI77GDNdgczhy2lSvH+1MWLUuirANXHaRxLLLkHhT1xLqLpvRRyNP3NrvA3r+QYhN+fXf18So6urv6v479Dz81+RkcMOjn8JmqRCeZMG3xLKykA23XgQ7u3Wnjmy5yjT+fs5LJFPvz47tcWFATfcKFklMRyNDKy1i45KkBDxA4gFGkaax5Hf4UV+cYfYSn3IR8MrXbry3ZKZ6YZGAVcXNFva3w0prH+bW0jKk3F4iGc5+ivIRlqk8KbcAH0lgtwV4CySuMhlM30dbPB960xAgbnacGGxbEcjVOuMNRzIGmKqyvg/rYWVF0XRvgZgwtDXszSsT/qPEEDfpc/wzVl+dBPWXQ7zjNsX+zqjeODi+OrkiaPmw7f+03xMepwFj01I/LOT2Vh8dKjEHFmi+9RCwGwUGlUDHzNesKMjYPNzDThYsCUBmGBjkOmM6nGaDwEPgJNBwNEzxUqrAiT8MSVDVDk65UpOWuGsTn60ZCaJZ50xPtP24UlV4zQmnz4zSP6m4XSKpmMZJ3dR74UMNWaxrfRiOuMQSlgHKK2ro7a7XZ3i2ysVcmD3zQRZoVa1VqJX11E4bxECmlSk6dPJ1KdRuX+URUyrbomNrCRnwSaQrwgYoXg64SbF0qZrv4S+CxH00u3p55OB2gxcrpRauuq0949bOA++HwGhb4RG32tlEiy8I6E2xBy96p25FiORtQm4l0iFmKAkVvjjLl8kPpufSFRMTc9QzrWmX119Jx/7AzCqrz3uaQG+JFQdISzPlUSh7CeRt52uzNLiETt+bt4zCDuixY4s2XKglv1oFhZ9VZdyAnLLocsTZ+4V19G3MxN6pC8zdfrykm92Pg5XQ62ArnzN9j2G4t0IqfQkCismF/yDPRlnCvnIy3ae7ha+oRrxdI+3E4cOvdCvf90Suid5NDYbDNhYz30vQ8Kww6XcB/ttg8t1JhlNg4fkgHYAr3QYz4erqzF3SV2jeYiAWPTNrLAKZHtkjzzH9vUqYCkNQF5fnl9enzy0+n1z5dH17+eXf10fXR6ed3pHlwfvz2+vvzpqLu7N++BtHUEA9qtiAoXp+83Xc9zpalINmkqBSvtmoSkSN9EzK4NXhX9CQSHCaagjHJsmbDJ7uM0V/wOBOhNHaXreEi5uCGKi9g+DoYtcQk+qWLuvq/Gn3JV9/e9PzuLork7NM5ayao9mSGtg8lrWY0l6hcukCGkXMzei6X2oEhUc7tAtX0qLif993mmdIktXAbz0EeNlz2wuClrLeL+tUDHPFznkKphNEp2V7QxxyXJJAZG+eZCB21t3p/skoSDH0n2ycnpz37/yil5UEFhjiPzDtNgFVeaidi+uNvWplQNbSfhMM7CP9wXu4GvJ0XL/nw8ZhmkDQO9qjvRfre/d7z/rnu8u/v23cn+ycHpwduDdztv37191z4+PD1eZk/UkHa+2KZc/nTU+ep35fB0+3D75HC7s31wcHBw0j046O7tHXdPDju73c7OSeekc3x8+rZ7tOTuFFfNF9mf7u5e8w55GgZJoE/foQIq7tTznJu9g/13e3t7R+3dndN3nf2j9sFp9123s9c9PXq7c/z2uH3S3ds97ZzsH+zvvj3d33n7bvt4v9M9Pjrsnhy9m7vdn8WRK5WvTNc5KZLqWRLaNL+z2Mcf4QrcX6DCNV5Etl1PbZdqTo4PP9iMavKzlJocH7XIx08/nIl+RpXO8hheYq4YHbXIyfEPPurg5PgHF8s4P/l+p9urur7tszlUgilS73BeWybE6NJDDPGbkjHLDKsZFru8PN8q9GtChlQkakhv61EjyQ7b7XUOkr3e7m683+nudw8Ot7vdTny416PdnUW5SUh9Tft6LoZKis0tMw3VbOuKQ8im15EnQyZcdmxJGVBESAhrZlmQJhyeTJ7UtYRuu9vZbJv/XbXbb+B/Ubvd/q9FNQWDbw8qdXxGhK1KNDeyncP99nMgixnJzxxeVWn/rSSJKWRuGzb+cGZlqmZpWmpAhsm1rlW7sT3rvRYt9bgiFLsG2xdva0wRLSPyK2Zee7Ftflzqholy3MMdMEP5Mbc5wGF0vs0CrtEfImexxkIUy0VpjrLyS8rnmkQuJLEny6MSeTTF70AUn5SalD6TJFb5GF93r9GWXnmAiJ2mWXcoGfH4yZClqWwyWGZY8N3dvesfj98bC377YMfYM8UPT49PHvqp35e1peyf+932YURTSKjR/I7BkV8VPc85amuO64J5bRj7+uXRh40IQwXMPOasZlND7yY1Abuvcz3FGIGAbeG9tpdrGz2CyVAQJ1bkmxkt7uTDJQkxJmTdgJrwNIlplqiNFoAuxaKy+vv9938Njv1SW4CaUYTLXaXcdXtgw2pAEKwff4BumGYRhpNDSnoa15B2mpdRxslPfDAkR0rlGTU2vu3edbyocVGmBaT6rpwOmFC8frwBqZeqiuanuVsTN+CQhFJ3ldvaIN7XT5bZ1eMfPl22yEevV5+JGAQ5XG1FDkAr1L0bOMCfp+fgBEgBLpKQV8UKbhoni843qsR5b5jFSJFfOJs8AaGwJMaKkQqnUmT94xMO+pmInwlnml7ngq9K1WlCnabEzGgo8GkJElS4/wlkgMpo1zK7hkCz1T18+bsWK7FlxM3nb9qrFrmEsLWLGp8f05T3ZSY4XQbT57AMwUaiOqhGPIcpOMMq6ra77c32/mZnj7S333R232wf/t9gGi2L3JPNwEexq9p9MzHrHG62DwCzzpud9pvu7vKYYY7V9S2bXtN0YM7BcLQy48/Cb+qP7xPCbln9IP58udRFEuAW59ndqg7dFb7j3YWPyoywNDU/iO1XBXbE07n+1OW/8lXtarQQXOnxbnfucIkZBGH3YymKPPplqlKdWhB+OxOW8bvaZvo3pDmQ29vd3d53xBcJu6+GUSyHrOJ/zrP5sxCFhGT+p48LDfZSjWkML1Y93hDh223vHCyzdMUyTtPrueuGPSE9BadyFcHguios3cZbsuo0L4xRV9Cl8LSk4yEVOdQyapVrrRVO8wnXQwlGW2qUFWN5eQ+6Bx0PaUZjKNBQJfLu7ru3bw+P909O375rHx60D0863ePjo6UkhuIDQXVuqLdiYXhWzjALSe0XEUqKXxnJmDHfmKGPCvNb8WrvyxzCKsiPkpxTMSDH2XSsJUl5L6PZNCKXjPmwkgHXw7xnlJqtgUypGGwN5FYvlb2tgexEnZ0tlcVbMQDYMoSB/xcN5Hfn29v7m+fbu9u1bcDXmc0lRbV1DnwZU1h5W9gto4qcGtKMJdEglT2aep2w6DG5JK5fwtR9HkvX4fASTN2qqHKOJiwaNcPWvbz6odB3W+T8h0sqyDtjxXIVy8AWbhkLKALLdyVc8GLM3BIBnoLRl7ZzZx3i0oY+F4IvwKit4LsUSv8GBqqNDFitVhWUvTaTWjWnxorbcyOwQrtlRqBiYcn41HfoLIDPIS18uKRjKJXbVKdAsXjc3d3L5rZQmNK0l4JgnwPTnpQpo6IJobf4FemntISWLcxzdX5JBBtIzfFdakKhzEfMlOrnqVE8vUoFxaC5+ZWNexWECdCHzN+5ECyd+7gJdq+vXQjsZ91KH3fbY/ARrJslEbmwFY8wrIUERV+g0O/RhyNbUMjoDU5nnEwmEaeCQhgyVUZLHTGh1ZZO1SZgYjjf4LCJcGd+Ed0P9Sj9jqZjsenWuMkTtVEJhcLKZYHRkMoJZImqOteZVW51ormZLmMqH62U4biqBEsDw9l5ITXaY2vY6x4VnCqXzs1mtj/3i4zstWtbNLK3jtKXiuydtZIVkXiVkb3hXiy1By8zsteu85uJ7HXb9DVH9oZ78m1E9n7JXXnuyN7K7nwjkb1z7lAB9SuM7LU4rjSy93KhGN5a7G5xR+Baa6bcZ4nhtZP/TrdXFizWHMSLEz9bEO/24c7OTof29nb3d3dYt9ve73VYp7ezu9/b3tvpJAvS47meapWmo3EtptUGcL6EIN4A32d5vV0E4c8exGuRXW1A6eXcoaMVgdwgAGrBRSsTAK/xjl8u3jHcgn/3eMdGWnxl8Y4NOLyER6CvLN6xgYov5iFoqXjHBoS+9DvQyuMdH8H5BTwNfZZ4xwYyfKPPSSGm31y8YxW5byfeMcTsW4t3nIHbv2+84wyCfJvxjjOQ/RriHcOlv8Y7fsZ4xxLhX+MdP1+8Y4nw33i8YzOuX1e8YxMOL8HU/XriHZso+GLM3KXiHZsw+tJ27rPGOz6G4AswaheNd2xC6d/AQP0q4x3Lz/HP3owAVbNSdzT3rDymmbJxWfC5zPiAG+bDKLSGB5uoO7cT3O3FisMAPxjqp/xPlmCoHDxV+yhAuERCNB9D0RUMnYmgZ7sxFa66cRNOdYxm4NPYYqjeQcfM53qFwN+xxEr9RkzojMbMtxM6wh9nzD5MwTu+HBszHELyXMMRiPikEKdX9CukJGN/5NDtQRIqIHzAwrXNNuDkUmh13TPE/iNn2dS2GCq4v98/pAeHB53efhwnu/Qvc5AUsfiMNK2SDf7GOqpBe0fbawa7+BUkswFpPWZMSqLlgBlSlbsNWsi2E5Qj7JCKJEUTzE8C/Xw3beAkSxytVZWuO73+Ybe/vbu/39veSege3Y7ZYfcwabM229nf3iuT0631MxPVTTs3v4ZjbEtH1xvXNxKFliYjRlWeWYsSmNgzpWVgT/KQjd0lUSFmu91v7+1T2u7Rw3a3tx8QL89QYNnCwZ9+Poc/ZxcO/vTzuSsJbDurEFu9B40/aaa09yH2VjVDFD5D2l+6xRv8exmDlo4kkRNh2EMSFQ/ZiLV8/9Ux1UM7XhIXNjtPLeDV9ss7wW52rglWlgbNUMt1o8K+mmeCKAkdYhUzUsjQc0SnWNLaxqOfXRhstwwJDV2xGV86bXn/Aq029BTQAPTMlsMysLEDaNCMfQLuioF0zalvbM0rpFy9CWZD6Ssf1e8Cv1dFWqh5Dx1ifYNcjDo1YspN3nCf27PgyQKbAkGviYtHSxlNkN10qdtpDTpXBN7dFdOEm+NsY49bZoOF1EZeZlMoQD6E+6Q8vgLcTYtNbMkoVxqA9Hxz46ShgSt6n+DHPUbWxmIQ1Icyw9ci81kw1wepbdjuBKujWbxAQSh18/UrVWTd2X+aZtHgz40WYO5h+iarUoQRdLYvVkLW1wZ/rrVwPQhhbaPOT2Pr5gm6Uw1G83ltl+Khi6IBsj2fBN50kPm/uwlOq5bjtcp+3Xx3g4805X67btGVToP9PH1Gve+LdUQ562OnCSOwoQcaHxkBZPugTWUORc4L8TINuEFpGUZCcUFu8iyFpq43kFgE8ZkgnvBkcwVeQIERQSxBCwoUORdMDhqJBxm2sW8op1+WV292dra3FKNZPPzbHz/Yz/Hv77Qcl3bPiY9vYAe//yRGMsH25V4qAusrohgTJcp6ijZIDy6IYBp1ESm4lsaKQKEke6BlJP7q6jHbvt18AnudMapCVqCQiUVSOVAIwwyFFgCaCfK7kW9ei7cRuXDrV/tRe87xzfn8MA+WKiOrJ1T5hbZKWomQui6clmIiA23G1yX+GlOlAq559qQdC75oqACXYFRZg15Vu9gLqoeVuQPZagm0VlmOzBZ8rkPvwxtrzzauQxZyuraOnZ26m39nZ7u0KDDwVqnSwASWifHbHkPNBr+xSXFNOPhzYGhaYbba3fU3uLtQ7wn9HuEskZH2qH56HUtIMxZOaFbIHoxVCNYOQ+E32BPazNfLtf9VK5gMkUXNyUPEpvGCsNFYF+uBpeMvb+xo28LRP8pySAgQmlPNSI/pCWPl/EY9kahZVy5oTHlkGUs+Q+N/Z9IVk4IIduaMwXc8Zv68qryHX81qqY3M4GHZLtrG2lrrSxmG9axBJ//wg6+3o7/ZSujqr2a19Z+vmX816sk7tsDKXBUfXAL02WIRLpyq4o7P8zdvGlVPXO+Mq6uMmWOoVTK5nwRkuVW0UQ2Ykj9ymqISErR8d4ZOIQeK9sHWZc7uYzbGq3wolW03nYvEau21UxyBPU2dpyGwWaorAGced71qmfseW8YWzhftmq3BzPUu48WJaQUU8AK0hlCPpZgdUj/Azae9LBFC2qJPgSodjaYWArI8nnmq9FpUeBlsG3+EUrL7AFdlH1u8THJ8qfJeN1J5r1MSK63S8SyWh9LdGgEuQL2AsYYeC3Mx6IzytDCAG44pVXO/PWo5vgY0PoMwZ/0+tv81s1pGsdivs6vzk40WJibfCjkRruF2xTuDQrHlXH4g3sKjHRySBidAdV4PNmxNFssR8MHXLfNB3s8S98VOzCf44fMS3+SKZSt81/9kwTco4uEK0H1p/a3u79kOV+BC8Ktbt6vTHAkXqBQbAUF7MkfBCT9FGw76u7E76o1o6/qzDfDth7YVnOGPIb1j4OVhEGchs8BdJHTGmbJqI0wCYkVCO3YqYBhPnKRwvmEqCIWMd2tV4g0QCMqR3bgv788N20Ojy1Vm04KkoOqOGMSWyf4sXY0Kcn5ydGFId4TMeuJBhce8rJ5Ces4KubKc/xPVfFfPHO3yxdwfBtfvVXGDt8yV73tC1AzAo7THMk1OuVCa8XKjbeDE6EtxHMy+UpZD/FbWtrb+bOYrDgFqtpEktuHfGqdUG1kWNSxxhQI7pD9OVpo/SCZ/9q3/5FuV2rIC0Nskw2aYJcneh1doFEGCUCHFdMT/DFytSDj/5yfF+nlqGP/GDIp4cmNYA/8wiN14TS2Woo87RNPybSKSBuXXmOEVLqryT1ykFTwn7zgfvnLZpr4AU405ll3BF5NZl0OZWUtHZiSVg+BNUTVk11IQWmXvhkxXlvLq69Xg076ZiVDUNDQvjo9VKSpr/f6fa7e8RwW9psmIi7UWWcsY2DRicG0APloFJlScrunAvQcE6hMpPp1DiUIYTpUSEFQDybUjhn4ySnqZnARhDP5oXQ3Z1Hqs1VBOiBHQgkxYz73Ng3/bgDIKsHe62aic3C/VObwW0HuYAf+5JKGdrbqX/GIoBXvk9K1kQQXp6pHatE8zXlrUi3/Nqci6gD+uS/xRxfW9/JOnKd3ajdpkHXfj/yHHF5/szpCPl6TTve6gAfeexuaD/9ggR+Nxyn5lvb9zvbXX3o06UWfXL2/97z9dvT9v4ZgfWXwrN1zc31anG7XJe9njKdvq7J52dg4subf22ju2Gpsnuor6dMTTVbnPP14ShE/Wnd2XsWRIdYskrMepaJF+xlhPJS0y4SKRE7VR75cHv6yt+9t4u/2IcW9iYHUqp/+KMPjB19nJIH4e9cIanyHrvJe/0ztWpdYtywRblalSwwFn88vGsD06mXVCdqKdqL3Z6XQ3IRuPx9XVfyNmzoy9dtFBwU7P2tz/qFLGaeCfa2fdfPY8x0xoqVok7+VC5w+dYZpNeO0Mrza0uLb4efmx0446VUm52qUGMduP3JxGugf61V1qJaPVrH45P/owj05lfue0KZoVT3VWeZ+Sg3Y36vxBNB2sqw18IxjT+JZpHzSq0MVHFeFiAKFqULEE/wnwqVIy5jYzwoAQ7m0fbCIwmgzW2uV6UJ+WaSdDiVf04be/+4AhDpHBvgmLjMUySww4LgapxVbTAbwmQCxEDhFFUCLUbd4QI2TMQv/Y5GLzD8JETMcqx1WqljXpmlZGSmELejrmcfCsYZ1qEFFLfXyGYkLJjKyzaBCR/2LstkV+5RlTQ5rdbkDwAb9j6ZR4zRuM74z2IWu1QgkuBMtm7iqCIPgji1yxwYqsO3ehhWq/K+O/MQPJh9FD/CzcRbF8AL1Sj1AI+HMPzsbaThJuOcutp8QrhtGxYhRz5NB0MABZYEF+7LmSbgFzO+6NQi63FXsb+M/93IL0vB2a7BDu50+FjeV2hn7CVZwxcCxUT5iFCSsI4M3alz7P2ISmqWqRDJhftdBspQnp0ZSKmGVqAdNmZQ4oQOjsBDVFbC7qcoE99evy+mFj9LNYPh/HNjMKMAC/wCI4yFwrnjySZe6lfp4KltEe91l7TvzXvph9D5hroARojocK2jA1qb1auPLchW9hHpYyp3EgVxvJA+W5ZN8pBEaeZ/GQa4a1zQARXaMLhRcsVTzTXg2ZYi6GzqlEm/58r/dDP+8JmC9mrstPl6cb5h9YdCKFH3qgxQCXuSIz8s6e243SA2NRAfyPnKZTNchplkT4b8io/mPCekOWjrf68hpCQdOtWyEnKUsGzIDeKiF4bUnPmYqGevTPfwAgv7AyMYrf/vdGY5ifC3t2T0j1F77v/7nm8FqoUa65LNzb/4q4BApplCbySWklKqhYZoVmWdqcwkgPoxOhsArUaY/vlNqqJxb+cjl3FnSw4hdrFdWoGnzQTFI4fPbOUv4KpynchuFsTaNnHI/4jkUjrjOGFfKNDNvq0z+AzdPv4jt2DS+m18Hi1HWcMapZ8s9jSM/304aylTO8i0/vx1IZyXH8y2mI4X/X9vdMkBGNP14SrOFDulGnG+21wni8MjlsxO/PF8cLFEVnUOli1QfESdHA0x80p+Dqga2pH46mLWo4HafzkmBlmonB3GFsRcP62cmGiw6x5UtKUVVNlyXBR/qInIXv6iQvP57YCSxQ9wZXp2v19piX9SdDqq+5ujZHgCcblterPO6h13j97OS/G/ZoE+tCtdvtBZo+QGjoyrK9j0jGMF5+toAp6c9W2mDi2ohrPkDzx9PCbYbn/qSyL1XCNO9IPOCbPS7Mp+DOiwf8b+YfP3g67nU6C5DRMN71SpnfWpEyIyqmoplVGyuFddqdg2gRpjDwBcuiOyYSuao8+Ssb7TfrgoclEFxCDa0rJmgvnb8oVCwzFvWKckIPIdNPJdWNKuylAYMhPxkVA/v01Y7aRuPutKO2Ddwz/3QdZoaMjKTSRLE7loVJI2+NiqksRGmsT6OxKcWUGsFbG0jtcSq5dkQZMZ3xWJF1qjWNb8kdhCsUUYaYr3HP9bRFxhm/4ykbMJtDal/CNcswkXajRfhoTGNdQA3ftQ0MD9cMG2QA1oCykSGwJlsoF9J3ZygBDeqXU9WBdTcTGecG5Y2aprob7S62xUzc8UxCF565nrI+016fhst6bNOpmBKfjQRcYneoRZbZIXiQ5RmDzkQvYIs0G41l9pJ258qu6LGNgbefEdU5EtqQNOFBJHSrdF+7vYqf71zMSeHV+srBkP/g6tCUPB6F6bz+4ZeTjeKyh7BxDQW/PY1gG4A/qbjlYgAu6rVzOYFmNyzh+WgNuXntJz4YrsEWGDON3HXNpnrx6SECJ6iqAxIrrvu5NExVwNqO2jb8eAo+xIT1uShnZBoIxY9LexRwEfyCKyIngiWovVBBB+h7enf28+VV9DEbYOkhsg4fGOFJPl1uYk8EIaH3V58HplZQ9KdFJkNphAFXLtFaSzJk6RjkPnjUFYuBOY1mC3LCaF9jKYLHMs3oSBEaZ1Kh4jyRWZrMYFFxl0SCKx0N5B34LDatKAJ2rQsDfByZj1XtlqxQu/C73qhhQOCuoR4ICncJUqigB+XpU0+zccZlxrXdCJKxAc3gcTgQActRsKbEm2liP/Ujfsj73fZh6H6EekPHlYL5D75EcWW0gBQvB3yDQUvEHCznkDSH5b7S1UCVKpeGnkqOtVDSKUnlYGBrcUAPNyNM8SUn4QMON6Grc1gUL/QUYXGujY5HelzQjBs95nLr/dn70/Jswgbp9mQCv4ELlKZTBXmykMXvVinBo3/rz+yvLtU/LB2HoYQK64KY0S1I3tZDTw6qyY35AmpK3UQAxkIcUjVkyvFb2FSpVEgzY0V0LSYr3JiRN1A0ByonlJ5XeoyM5Tg360r8ux++W+FCgoZFNxsevdM7u6lUF6GLpdZjVfeyezsqHtZUq7wURwqsbIX0CBONrAPa7LZ1ZZEbnaooqMJ1Y4t0WIjwddCU9GaBV5DX/hVfpH/Fv3vPiq+1T8Vrbwr737I7/mIKdS7Vj+LfpQfFv3HfiW+718Q311/i2+op8a31kXjtHVEmwrfZL+Lr6xHx2hfis/WFeO0F8Rl7QXzr/R++1p4Pr30enrDbL8ZkXK63wzfZz+Eb6eHwbfdt+Gp6NWyamd+QHoOnairioczwz83YRTDa95m3+JvSEv5fgH3sSmHZO8kM9+8N7qkAXjbT1FYhBTezWWqjZxySl4ZS6UBQI51oyn2V0THVQ/fj4IcNCzT/nbBxxmJ4hdiEl4BiIDy7wF+8nMdEhUukKq3P4BdpPmJ/uuTo2cvDOPbKj0d8gHGWb4jOclaGjhQpgZVhC3D847qJb2ag7vcHwmjgaX+QZ7ApOFkTfnOQ3uxQ+LsH0QKgy+7pg5ANcY26z1TEhdKBs/RRGoH7AccSN5bwxB2LOJV5UpyAY/OniwvIyIhpmlBNmw/Fe/stBnfEpaEQQFjYIzRJruEH1w6k+WXMlMLgsfCMlDCHQREf0QErqroURSNGfJP24qTT3W6UHwWDnBkI5OzEhyfich1FLHt8R47MTsGPZJqEjOoWZNYf4aocro9sdeOPH9zuYA63wCJ08eFpPEL+9wvPNAf3Vuaal42D2UY0HnLB4IzPNZkdEAUD5p0rjLa6nkOgPTxq3lnHmQQpNufG2Z8vvm8ZGxRa38NzlH7aCN+JhUTGt8CrVi6cuL8bjhd+B3qHuR/TFFuggFDA78wJV0OZ6WuUzIU+4a5jnG/Ty4QZ16ZfFml4gS4PKQkRvB2gapD/solYAcGahzQSbcZURuIsPhtIuuBALThrZeR8ky4/na1kS74jVx9PPr4hP8mJUS9GdGyErGJ/q62ldNGThy97MlueEy/TcQmR41xz/xZ8+xP+1QDkTPRlyK32WoD6rE7WBAxqPm9kT3tvnB5fhpnFroioilisoukojezvMDWOZuhTFVJsFiMrZbqkrxw6m9Nnb02plpYD0ZMyZVTMSd5+QRFIwCm2vT6vVFEv52l9yvqO+tt7rXNw0mkfrs23nI+XBGYI42KaFxLLhDWeg4fWonTGdDycfzFuFizGJ6aeA2/zHssE0xAKYPnw7+FnDXCL773OVVagCqAk5MKHpWox6FHJWlr0wzxXpfhYJs1iZ6HDHFBgLNGtVN9cM1XeIMOXnelCJuTT2Ul9IjCZxzR+PqQKiPXJZFIT+U+czFXBmTFZxUh5+oQOYFNOt5nxf//P/6Vs2Zv6kqwE/+uT74rg6+sRHY+5GNjfrv11zoMd4GTvthEd15cMRQTRB/bi1h2srXnxtq5bpFgKCSovD4VLW3nOr7AZkYyNUx5TxfTzHp8C7oxDlLBxKqejign/9IkLuDMmBudeP0+fHeUA8IypH9Exl53Yg3102maF+unzIlx7edt7sri5L/wHDXDtl8Wd7R0GTXdsAZssdMGy+3lVejtDVERnP6DWW4x/l6m85XST5lomXEFyTYH+/4ffkhP7zZSEvyOBV+NRB1EDqFDDsevwIGe5Tu3vIvSglXNpFvAYOteyfT6Xfb+AoLBU85z8Icf2jOlOaTy0dTKxrZ5PaLaBQbaOPePQUMzXpklyrKOgaabzsXtjQ0DYLWWEudTe56lta2A6Ytogltn8Ktg3psHcwXLn8IH5s2UTdmFpkJVBU6jkrzBq4uwCf2HZi/CkBaH0kHBVWhKkZ2gFlGkmoY00H2cyyWO9OCEhHMefXQvGqOAet4emXZpdStN+r3yttPVg5o1Hpg6SdRecGcf6F1aPfsALimS5EGajuWheh+uJuvDsn34+J0Po92HMQJjOcius5CGix3lWeQYqm6AzZv3V99Vz+E2o8ixuzXWa6yET2tchwR5oTqxNuEjloBBka7/CBz1G9VqztLINA3yF21+xWB/maZBzOYiqZr8X0PACUqnQakTcJOOaWXH7KJkzOiH/8f686P1Wqq+Cj0qyBztvvWt2hZVAM99NDvITitcp6btI+8IsyrWudQmYFmIhthzu5OjijKy/53EmlexrT5xfuDKmqkiIYBOWbUSVjnZhrW3XEdRIfPtUh3l4tiIO5ozD14ppWNONHXN9P0qRjjceHFU1sSexfgpm6UINszue5NQ9yaVyUOkp9hi9Obwo9XNs1aEzmfdSpoZS6jCkZ5xnY6kw54phkhAXYUpSaBIVfFicotGYhl0mbVZkCMgsFFqF0YGQ2CK9l7JR9V3Lcz1p1DBmcN9Rmvq6ca5Ik11D7RCESZhkCIm6Ads1uaTomAdaiM12Tkqn4oG1uZ3yOwicCHk4RTk5mtj8plhmCe7CWCrFDdsX9edKMNcmXADMVA7WvPuvjq6ZTWZkzf12wEXx+xJEP8b8xIwLeM1hUfsNCLaEKT4QVqy5JdgkiG67vV0CE/yk226362caGiaXzmcr4GiLQgkkF/2MYsPSPGOwpIy5RUXkYwUcVMajoFy4uUvg7DpaD1AUz1UShafB6CMjqkulIR1rmAtWWU0J9l/CA7ehV2ZbEHv0VINXkMaa33E9vZ7LeVTwaLmQ7YNMekQwGimdVovV+MY17m+byZlnGehMdm3AtyWQLMgQNMcOIlYh6gpyNuE+DiaBn4St1cp2GilmajKzMEX5ek7jbtljLIKKIj4tGhB0EeLloww5oBBAWbubPIUMG0ww47eFRBG2zZltrYi35U056OKmgQoA7tq+eJdJsKhDZCke8oKuKJZnFlO9VEe5zoHRoBem4ncMGKIEChpjACo3oO1PZQ4Mgu2tiwMDl4wUTqFVmExdAqVlkzjxJgZk9N8UpLuBeQxBE3IDv+rctMprg0+7N0H3+xbpsZiaM10I+mAGqB4qECYXZRagWcqhEo1FQPa9YrTQDocX5aP7ZOPf4QWH3Q9priDbNLVBWMHS/em11VdLgBxd8aRH5O2UDOmd1cYUK0pO4n1rlQHNRuPUJlOUJWXYWZQLklA17EmaJcoWPIB3rc2U0QxMhd9lLyjbWPdAhJQ7KqnbFzS+pQP2oSpiZkuMAtJbLmg2XWKYTuH995Ni2ZkY5/qKLzO7lPp9EXG72MCrIvpggYE5T5NfSpbn/IOPjXIoFqfWscyyHJj3CDLFL3WY4Tw3lIzBdn/S8VLEPqmVYlxkrC7ahy0y7I7HyzFmMfSciUFFoM4PYElKmaGWS97T3ysyeHEQXCwDIuN3S9LOjMyeOHRZsptvfqGL88qp0Nn0WOZCLz70Xmf0TPTlwiPfUZ7m2XJUDsYuSat3PGXLyqJ3XNDUCJJcLTz2x8rtOt+osyRlZ64ACl1KjBgQIPyW2+ez0ZhlSgqY/JzdscW57MwV/1py+PgIC0QsMfKiaEg//7C/s+mSzHVOlTbX5I9SJksNvhzmOpETsRyA0VO0knM5kOLHcnTBAiPPlhxnn5CWX/JSKglcMMuKgff0no/y0QXLIBBHxOyCZTFb4nC9hyaQS+GOQy+X2K73XDzX8hHS1TCTWqdPAbP8ZnxgE8tCS3BgMXipPfjAJtgQfqlj84FNltKUPsiRuYfeQSM7ES+uGn8IU1bmH/YxTZ6A7cc0WQrbj/ZVwdzbS23SBV1CkAeH44nX70XG7rjM1VMtCQdnycG22Oo5V4ufz+XP11MOlx273PbZsUvw6UXpYXaBcTldTsG6yOmFTHk8XYK+/+gvrcv+zKhaYhhIALrspJdgDL9NZXx7FZbsn3s8xkUtxU927NJLt5oZehOWUjocCHgKOF7GBeMgLLt5LlV/+ZFLWj+X8JSy+DBNs+W8XMu5e5bFTsvxcqvEHNkTaOe9HFcjhGVVcDv8k1pSCw3GL6OKXl0useYrmg3YU2iGAJbyXeDQ5U2lYPzSmOPD6BMwX3q3i+FLbTbLQHG9xDKry+Avb5k4TdkdXVoGX2VUqBHXmiX2Qlj8uC9LgGWvnl9ldquWVD/x/Wm5Yd3lhm0vN2xnuWG7yw3bW27Y/nLDDh4c9pfqGHykW/CpfplwkuLxHINGfPmjahiMbZFS7gpfW7ddnlpo3Qs+D7s5Sg0VbUuuadBWrra4eEiFKLkfV/q2j7Phy7srfQc98KD1I4aY0MS+bDu6l0BK4aEJrJnkIvPsY3MqB+rG5fDZYtM2PrKICWugBK5htfxl8Tw7KceTpXJQilLC2n+OKJmRy2UZF7QKhMEFCW3gcgcf0SXES+JXyBv4fUXpVOAz0Zym6TRyGX5lgBmj8dCGqIzQ02f3Z737r+3uv0rwXNxUPa7JLKr7r72dfz0cW7VRjgyAzWb3urKmCU9T0mOk3bibUHj7+iWG+Lg1mW2EQ1ACF0uhM5nCYdDmXu6zLIMDHVkewpLiNgxoAgXY9JAJMqRQlK9yYMJQIJifZ+QmIMtNKO8aMifHcdkme3bZhTNUoxlQYJErqm6RlfFXkCPrm7VaSdeEL6YPpDKmoRCgY8jhwXhQFELMZt3iaZrQMvWwGn4DXVxCwvVgvtTDz8NavkYHfImLrx2lWXeByxMZNyAUlE980mbbOa554kTgMVSRd4GNP+dC8xFzvqqHCC9WG5PWcLkHgpqsV9lJZi6FDojfwEWBWN1oQExTdbvKc2bgv+xThvkUtqNtqbBq/SZZl4KMM1aOQStrCtUQWOg6aK9TVOFc+NwDh0EPQSNZ/EjUIPrQuxqkzxtFSJ4eRRiE9TWQziAaFYLqSTxdVMLb7GzubnY7m9u7O52d7fZh92Cz297t7Hc63U57s7N92Nk+2NneO9zsFD3z5iCJ45+iCU8hYdcvz058BUMaQ3VG35/fxttWpCtXNfFKsGpCOcJfSOjyI1NbR/fy7ASblwgoHqBdkxMI2ITcymq0JHyRgL/HhkziR4bGNy5E0KlIEo37QlkO2kwHa5zKnPgsvmDBxWrNcbo8O1EtkrE7zib2/A9IvxJXFGN8vUIlx3aItvkJtgn0LNaZU7A/sLEfApsDan9VNq15o0qLQMquUh7jDEX77BkMFqwVg0tHzOYmzlq6LruAnv8isZ1sH19wwwrvau6epygYmAZXzdn0DP69DZLl1uazlbyY8uZHUM/Lpoi5lI4iSeycDWhcStFxebaz8sXwB0wR7BEmRTh4L7q3XVUlx7bvQU6Q6wYMsO6KQofF+CioFoOpshYC1NEuooAnrsHRjU/xjfautbzejzClymZOgWOD6RlmcnO2rX68PhfmHEVFms+DlavqZtpjcGsDHoTflMjwyAxNQx6co+KfegR85dcPQq54kB6BXPn1g5BTOViEJCVn0SOlyJSiA3bNskw+VgoPfhPZEfMAt66aUpHRR5Ze9e48An+W8+DRWWYNfHC+ko39yBSl3z4ItclCfQR405DH5rDm3NwTVEzMB8GjDbYAhzYZhw/X0CyMrkdAB798GCIYDAtTpGpnPDhHs4Y9ayY3VfOoxyeaX9pXf/4g7Kas+5mQyz9+EO79KH1M4DRlZldh/p8AAAD///yA9Sk=" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H39k2N5Ejj4P/7KRRMxDXsmcI2730x9wQN9Ay3dDfPQM88z7OzC3KVbGsoS56SCuO5uIj7Gvf17pP8QpmSSvVisA3uZnrY2N1oXFUpZSqVykzlS8rjaQs1E9QI8H7bnbrGeoKdvdDZjym3I1a0tg/9atbneX1hRf71e9Sy5qVTnr8Q2Q/uGJn5yAhPIzgSVHEmoC0UHAacqbmOg7LArB8LnXYb/zcv7VYbCncVNFXeIhm746qqOvSYwRp4B5wdtppUHbXoEZx8bAVQODSRLotfHjCSjux7ZpET1ucCb3Hwggb8T+aZINQbD7EUwi5P3yvqaPKQjA1oBt5UxcA8Ua3gfVz/Hsf7VpSn/VRO4JotSwqL6b3MyNXxhYWKfWaVnybOLWb8rojK4YJrTlNy+d8foZsU0+tqwz60QA3AYi54V4O86JWu6khWQKbTGj3+VkgBRxcIvqMWODgWrR1EaKxzrABhW2Rqlo3Imoe3ZuQHnGoBWDcLUZm4ioC/7GNrJVrhzVzX1OKwsBBtH1pqi1KoyhAhHtYDclkaAO1nwMJCDOrUgBH6Wy6QKeC+Cp2F9usmYAVphdQ1kH0QwWYZMcKxalIfI/gth0L5Sgy9XjRJiGIjKjSP8fboHs5YKgi7x/DHVkmocwWesn6emtfuuEHXdXQGu90gyjJop1G40py7M/Nj9I3h7GAKFKHuIEF/p72pVJqnKWHofcMaNthU09jUge8VCNbnQRtJOh5ncpxxqlk6XcS4RmfwqhQn4Ho8+uzCeO8z4OAFzKjHB7nMVTpFboZvvJSHa1bl89dTrqBP8dlFi1DnbgMPcS74PVHS8ElEyH8XlKXphE4V+tvLRzaduDk5vr+J7A+2n3dZRxNGiypulpPc1cECT3bExzdmKjcRTuumRRI2ZuC0J9LqDESKwJFojtNKhA9VkciNkjDHuswK8rFleRAOoSl0SS5apNBcSyFHMldWFCDdi5/9BF0LeQS0fnT5caNWCAcClGk8LDxNSEqMEGUNJ/RuZ++winPohnnZBRfmDyv6FODUHG73g5SDlJHz8+MSPRqideaJEA0/K9dghLgcKN4CHXgCeW9ZAkV0fakOyh2qkbEfmdlSl/44G4RfdkoPmIxirqerKgN4zPW0eXU+SKEzVmniC9ORQnPBxMpKE34slSS0g9Xm91FmekiOIMKENkwyFzqbXnMlG4oKPQ/pcAhydvkJMhBqMzw+mjmtVa2mnVLjgh5TQZM6pVwT+UemM2DyGozzpnHPpRhwnSd4XqdUwx91h+//TdZSKdbeks397Wivs3Ow3W6RtZTqtbdkZzfabe8edg7I//OmNskVOnHefFYs23TnccXBSX2P/Rah6HJALUz2ySCjIk9pFhYf1UM2JTHUXjNqZ6kUmj03ddlpxDPUqGIm8GIBUghSieFTPZYVZaucalucUDi9lIyHU8XNP9Cx2CKx29ZhcNpHqQ2dzIuogYPCag6+ERyQAyYdtnXvRk8qLcVmEtfWJmMDLsUqd9pPMMJDG23zP49nzWtFW83OqXGn/WfOeqxMqOo1Zm0OzVeYRdSCb+uMZ8X62cXdjtG3zi7u9jbKZ8aIxitA+MPRcfNcqjXUdfSEO9s3V8Z2tNYUJJeE2n+PGqb9eHTljWpbaI1bdavYiJKMM35HNSMnH/5nI1BkyxsATLRU0oT0aEpFDFswuPOTGclkbnZmRVM1eI7lXEkcCyVLhASAlLmXSwI0SxdQ1WodoJleTjGrZPXUluGJGUWW7LNYHEMzWcaS6yaV8Bk7jEPY5GDIlA4GdTTCsVuAyHjMEj/lvOc0Sb/k74uEjFYQcgzgrBnZlxlZ60sZ2feiWI7WCFdkLfyhWr4bL0dtIFXCsKgilFhjMVfGULItMcF0TfmtTVnCiz+V9/v83kOEd9aHWo/fbm3hK/iGMZA2InKFoUxaotV/z0fey9ybEsVH43RKNL0t1hVN3ZQqTfREkpT2WKrQqhZSQ4gKFhE12F+dnygfpbwWyyi/XasfhAE1Slzhyb5KbvCDANN7JaWfm938e05TrCIbBOK4sIlAaSjCYjAUhd3HbIzKDQRJwGd4h1dmFcvuESFnglAyppnmgR+M1GYAwsMWiDb/s89taIXXpEDlyVObJhpTUTjCSJmvWgEFbD9XVUeox1I5aWbz5j1R3jchbdcmk0nEqNLRaGohIGPgzqBKr0Ue4pkthY1QhrSoM4u4Yni9G6aIiF9Tea8bqbzXKW2+VomJi+mVKpO6rrYFjLUW7jkhic4oT82WGbOMy4ZC2QYBz2yP3BRoOb4GNL6A1GP9PoPq6GZUyygW+3V2dX6y0cK7vFshJ8I5cUvTIla4tJyfHISAYVnHK8EmieoCsjquBxvktplVAj74c0tGkIqzhGKxEvOJR/i9xDe5Ylm0WpYJPQZFCpuPuAsuH4nszzoWqSDnJ0cXRmQdIcYnHlTIK2/q2LER5emKkDPmKYEBnPpdD1uMjPR85kT+r+Y4NAi/UcWBAAbwAxEhaY9lmpxyoTSzLFaiDdwDfDUGxKvglXMgIrmya/DZpe7tVbe9CQeP+ZYLwGxgVJznCt054UrgYPVJrLI6iqUUyB2IGtcy6BkfxsxgaD8KKEGokGI64n8EQZVIQv/nZ2yTw/vkBrCAXvGZ/cNgd+OVgViKPq5VNU5HJA36lTEDm5jq0UINz8NKdrVgyPokns9/89Uk2uXQWJTCVptO5YCLOtKBSKMg0uqkyGS6sjxm328NGBJGch5PKDRh5zszkveW96ig1zQZcbHWImsZAy1aDK6hHdpj4b1h8IarLhZEb7ifHkyKYu7rWiyADp9hNDN4HIoQxYRqamc4oYrEMk1ZDMU07K9XQ6Y8YEgjmcqc9LlIcFP5LZ7KgbJ72zeicGNDOh2GwyxwVc3GQzZiGU1X2Mvk1I1R25hc+emv8z6kDmNXtI1aK68Etgl4ljCqQLl+GxmD4iQKm5ncWIAgwhLJlNE766rkAd3p77bb/RIxViKTGlq5+BAlITCIB2fsbDxHEq6guk/GVSC4ZR+T5IRMmPXol1AuLtF9hQ1gGFDAE1bvkeatvVoflnAyNqN/RG+ZIlyTsVSK97DMhufPwqQwfGoYcsR0xmPkWUgMr3BtOdXMbBgw/OM8pRnM14NkI65d36FqkOdHqW1kB8ecOMFsG0DGig8U7svSNMAnIUtkLyzjIIYEUzNQFaGa3Jjv7Llojkn401AfFEXaYAwn2/tsl/X6rE3ZXrxzuN9Neuyw3+7s79DO3vZ+r3fQ3dnv75X4cUXXCyWN0jEbht4E0gmoVYmkFQ0fQq8SuzNBvkNCoeUXmqZygsufcKUz3svD1A4Lw+boZDlkLXm/BmStlXUc9Lu4gCilKRQWAL91sUOEd9cE0z/DX2OqAINTY53y2GbylXaRU3dCDwg6jHOlffQICYz7d4xq1QQETWR7LEETorGvfuJfNQt5UyhmmH3aNxsDfWxBC6cGJ0uIx6bdbmUmkglb6R2n4ybqWQKGrMiZgBP0RKIs8qxkILiPnVR0ar95Bts0iPkOKwNBOQCIs8F0yVawCA51LxaLK8qeazzlgdrjxM/MpcY6aPPxUkUkB1Ooc1RlAuZdXPMgALjMqJYHIzMFM7xLMS3tZMmUePOm0C+hPqENeABvLCDnR2tVvLMyc5O0CYVhJcVCj5Wwo7kY5FwN/aoVmxK2tDkvSD4uHfX2nJPKTJWE5oKtD2PpIphy909eJBTgK1KozDWFgHHcs0E2USp4GlukRlRg1KhiDWqCG2+zbf/TKUtoFaSiP2uwBdY3QPgVXMt2zIpqhYDK65ISFj4n4MNK/U005hv02ZKe4E/oQDF3mASDnLoFOusjEJl5GDRjldlVd+gM0TtxmtNNSarePCJ1S8vRGPL+PCvyc7niq1sQHzdbsi3qq1LIYC1JKuWtMcGoTZVlGjuKVmyLoMisl+51amxH3WgntLMgvLZkZhW/PGBl4VvODnL5w7VYa6IY3B+hFHPh1DbWeAsvjqMmy8owRhD8bBiDluOxW/beOcyggDhbKxDDS12cVWkSYWx6UfsiRCoI8H4ktDu8l7fx3QVOsyKYg1FiKRRPsFfmkIGKBE08g+JaGL77N3+kYuwzeERFGW81a0BHhjIxHa+HofpngY2P9ysetrOMYhrmftrYdphvkWNB0H2AxRma33NU8FhiXpYn98sM5Lb0fQ3kfg3kfg3kfiGB3LgnXbHDQux9xWhunNJrNPdrNPfzTOk1mnt+mr1Gc79Gc/+ZornxrHgZ0dwwlxVHc1uEH4lipqk1GYqtKH2Ac2Mkc5AVbGwaMIrF4MVHds8kR/REerzAyO75NbUvGN7dwPNfPbw71B9fw7tfw7tfw7tfw7tfw7tfw7tfw7tfw7ufbRKv4d3PwoCv4d2v4d2v4d2v4d2v4d0P0qzU3w9Rt2EHV8Uvs8MO1mx3MLPZUqoU709dvCiFvgpQfZzGscSSe1DYE8cimt5LIUfTX+0Mf/VKjkH4w9nVT6fk6Orqfzv+B/Tc7Gd0xKCTw6+iFplg9rTBtzSTArCdB160e6uFZ77MOfp0zk4uW+TjD+9/aUFB8A0XSkZJLEcjI2vtlKMCNETsAEKRprHmcfR3mJFv/BGWch/ywdBqt75sp3RmmoFRwMUZ/brGR2Ma61/XNqLSUCwewn6O/h6SoTYo3AkXQG+5AHcFKKs0HkLZTF83G3zfGiNgcJwWLFgcy9E45QpDPQeSpji7Au6va0HVdWGEnzG4MOTFTB37o84TNOBX+QscU5YP/ZBFt+M8w/bFrt44Xrg4vipp8rjo8Nwvio9Rh73oqRmR934oC4uXLoWIM1t8j1oIgIVKo2Lga9YTZmwcbGamCRcDpjQIC3QcMp1JNUbjIfARaDoYIHquUGFFmIQ7rmyAIl+vTMlZM4zN0Y+G1CzxpCPef9suLLlihNbkw68e0V8tlFbJZCTr7D7ypYCp1jS+jUZcZwxKAeMnauvqqN1ud7fIxlqVPPikiTAr1KrWSvzqIgrnJVJIk5o8fTqR6jQq94+qkGnVNbGBjfwg0BTiBRErBF8n3LxQynT1h8AX2Zpeuj11dzpAi5HTfaW2rjrt3cMG7oPfZ1DoG7HR10qJJAuvSLgMIXevakWO5WhEbSLeJWIhBhi5Nc6Yywepr9ZXEhVz0zOkY53ZV0fP+b+dQViV976U1AA/EoqOcNSnSuIQ1tPI2253ZgmRqD1/F48ZxH3RAme2TFlwqR4UK6teqgs5YdnlkKXpE9fq64ibuUkdkrf5eF05qRf7fk6Xg61A7vwNtv3GIp3IKTQkCivmlzwDfRnnyvlIi/YerpY+4VqxtA+nE4fOvVDvP50Seic5NDbbTNhYD33vg8KwwyncR7vtQws1ZpmNw4dkALZAL/SYj4cra3F3iV2juUjA2LSNLHBIZLskz/zPNnUqIGlNQJ5fXp8en/x4ev3T5dH1L2dXP14fnV5ed7oH18fvjq8vfzzq7u7NuyFtHcGAdiuiwsXph03X81xpKpJNmkrBSqsmISnSNxGzc4NbRb8DwWGCKSijHFsmbLL7OM0VvwMBelNH6ToeUi5uiOIitpeDYUtcgleqmLvvq/GnXNX9fR/OzqJo7g6Ns2ayak9mSOtg8FpWY4n6hQtkCCkXs9diqTUoEtXcKlBtr4rLSf99nildYguXwTz0UeNlDywuylqLuH8t0DEP5zmkahiNkt0VLcxxSTKJgVG+udBBW5sPJ7sk4eBHkn1ycvqTX79ySh5UUJhjy7zHNFjFlWYitjfutrUpVUPbSTiMs/AX98Vq4O1J0bI/H49ZBmnDQK/qSrTf7+8d77/vHu/uvnt/sn9ycHrw7uD9zrv37963jw9Pj5dZEzWkna+2KJc/HnX+9KtyeLp9uH1yuN3ZPjg4ODjpHhx09/aOuyeHnd1uZ+ekc9I5Pj591z1acnWKo+arrE93d695hTwNgyTQp69QARVX6nn2zd7B/vu9vb2j9u7O6fvO/lH74LT7vtvZ654evds5fnfcPunu7Z52TvYP9nffne7vvHu/fbzf6R4fHXZPjt7P3e7P4siVylem65wUSfUsCW2a31js449wBu4vUOEaDyLbrqe2SjUnx8fvbUY1+UlKTY6PWuTT5+/PRD+jSmd5DDcxV4yOWuTk+HsfdXBy/L2LZZyffL/R7VUd3/baHCrBFKl3OK4tE2J06SGG+E3JmGWG1QyLXV6ebxX6NSFDKhI1pLf1qJFkh+32OgfJXm93N97vdPe7B4fb3W4nPtzr0e7OotwkpL6mfT0XQyXF4paZhmq2dcUhZNPryJMhEy47tqQMKCIkhDWzLEgTDncmT+paQrfd7Wy2zX+v2u238N+o3W7/z6KagsG3B5U6viDCViWaG9nO4X77OZDFjORnDq+qtP9WksQUMrcNG388szJVszQtNSDD5FrXqt3YnvVei5Z6XBGKXYPtjbc1poiWEfkFM6+92DYvl7phohz3cAfMUH7MbQ5wGJ1vs4Br9IfIWayxEMVyUZqjrPya8rkmkQtJ7MnyqEQeTfEZiOKTUpPSZ5LEKh/j7e412tIrDxCxwzTrDiUjHn8ZsjSVTQbLDAu+u7t3/cPxB2PBbx/sGHumePH0+OShV/26rC1l/9zvtg8jmkJCjeZ3DLb8quh5zlFbc1wXjGvD2Ncvjz5uRBgqYMYxezWbGno3qQnYfZ3rKcYIBGwL97W9XNvoEUyGgjixIt/MaHEnHy9JiDEh6wbUhKdJTLNEbbQAdCkWldXv79/8Pdj2Sy0BakYRTneVctetgQ2rAUGwfvwRumGaSRhODinpaVxD2mleRhknP/LBkBwplWfU2Pi2e9fxosZFmRaQ6rtyOmBC8frxBqReqiqan+duTdyAQxJK3VUua4N4Xz9ZZlWPv/982SKfvF59JmIQ5HC0FTkArVD3buAAv5+egxMgBbhIQl4VK7hhnCw636gS54NhFiNFfuZs8gSEwpIYK0YqHEqR9U9P2OhnIn4mnGl6nQu+KlWnCXWaEjOiocDnJUhQ4f4nkAEqo13L7BoCzVZ38eXPWqzElhE3nj9pr1rkEsLWLmp8fkxT3peZ4HQZTJ/DMgQbieqgGvEcpuAMq6jb7rY32/ubnT3S3n7b2X27ffi/g2m0LHJPNgMfxa5q983ErHO42T4AzDpvd9pvu7vLY4Y5Vte3bHpN04HZB8PRyow/C7+pP75PCLtl9Y340+VSB0mAW5xnd6vadFd4j3cXXiozwtLUvBDbRwV2xNO5ftXlH/mqdjVaCK70eLc7d7jEDIKw+7EURR79MlWpTi0Iv5wJy/hdbTH9HdIcyO3t7m7vO+KLhN1XwyiWQ1bxP+ZZ/FmIQkIy/8PHhQZrqcY0hhurHm+I8O22dw6WmbpiGafp9dx1w56QnoJDuYpgcFwVlm7jKVl1mhfGqCvoUnha0vGQihxqGbXKtdYKp/mE66EEoy01yoqxvLwH3YOOhzSjMRRoqBJ5d/f9u3eHx/snp+/etw8P2ocnne7x8dFSEkPxgaA6N9RbsTA8K2eYhaT2kwglxS+MZMyYb8zQR4X5rXi092UOYRXkB0nOqRiQ42w61pKkvJfRbBqRS8Z8WMmA62HeM0rN1kCmVAy2BnKrl8re1kB2os7OlsrirRgAbBnCwP9FA/nd+fb2/ub59u52bRnwdmZzSVFtnQNfxxRW3hZ206gip4Y0Y0k0SGWPpl4nLHpMLonr1zB1n8fSdTi8BFO3KqqcowmLRs2wdS+vvi/03RY5//6SCvLeWLFcxTKwhVvGAorA8l0JF7wYM7dEgKdg9LXt3FmbuLSgz4XgCzBqK/guhdJfwEC1kQGr1aqCstdmUKvm1Fhxe24EVmi3zAhULCwZn/oOnQXwOqSFF5d0DKVym+oUKBaPu7t72dwWClOa9lIQ7HNg2pMyZVQ0IfQOH5F+Skto2cI8V+eXRLCB1BzvpSYUynzETKl+nhrF06tUUAyam7ds3KsgTIA+ZP7OhWDp3NtNsHt97UJgv+hS+rjbHoOfYN4siciFrXiEYS0kKPoChX6PPh7ZgkJGb3A642QyiTgVFMKQqTJa6ogJrbZ0qjYBE8P5BodNhDvzQXQ/1KP0O5qOxaab4yZP1EYlFAorlwVGQyonkCWq6lxnZrnVieZmuoypfLRShuOqEiwNDGfHhdRoj61hr3tUcKpcOjeb2f7cLzKy185t0cjeOkpfK7J31kxWROJVRvaGa7HUGrzMyF47z28mstct0585sjdck28jsvdrrspzR/ZWVucbieydc4UKqH/CyF6L40ojey8XiuGtxe4WZwTOtWbKfZEYXjv4b3R7ZcFizUG8OPCzBfFuH+7s7HRob293f3eHdbvt/V6HdXo7u/u97b2dTrIgPZ7rqlZpOhrXYlptAOdLCOIN8H2W29tFEP7iQbwW2dUGlF7OHTpaEcgNAqAWXLQyAfAa7/j14h3DJfirxzs20uJPFu/YgMNLuAT6k8U7NlDxxVwELRXv2IDQ174HWnm84yM4v4CroS8S79hAhm/0OinE9JuLd6wi9+3EO4aYfWvxjjNw++vGO84gyLcZ7zgD2T9DvGM49dd4xy8Y71gi/Gu845eLdywR/huPd2zG9c8V79iEw0swdf888Y5NFHwxZu5S8Y5NGH1tO/dZ4x0fQ/AFGLWLxjs2ofQXMFD/lPGO5ev4Z29GgKpZqTuau1Ye00zZuCz4XWZ8wA3zYRRaw4VN1J3bCe7WYsVhgB8N9VP+B0swVA6uqn0UIBwiIZqPoegKhs5E0LPdmApX3bgJpzpGM/BpbDFU76BjxnO9QuDvWGKlfiMmdEZj5tsJHeHLGbMXU3CPL8fGDIeQPNdwBCI+KcTpFf0KKcnY7zl0e5CECggfsHBtsw3YuRRaXfcMsX/PWTa1LYYK7u/3D+nB4UGntx/HyS792xwkRSy+IE2rZIO/sY5q0N7R9prBLn4FyWxAWo8Zk5JoOWCGVOVugxay7QTlCDukIknRBPODQD/fTRs4yRJHa1Wl606vf9jtb+/u7/e2dxK6R7djdtg9TNqszXb2t/fK5HRz/cJEdcPOza/hN7alo+uN6xuJQkuTEaMqz6xFCUzsmdIysCd5yMbukKgQs93ut/f2KW336GG729sPiJdnKLBs4eDPP53Dn7MLB3/+6dyVBLadVYit3oPGnzRD2vMQe6uaTxReQ9o33eQN/r2MQUtHksiJMOwhiYqHbMRavv/qmOqh/V4SFzY7Ty3g1fbLO8Fudq4JVpYGzVDLdaPCvppngigJHWIVM1LI0HNEp1jS2sajn10YbLcMCQ1dsRlfOm15/wKtNvQU0AD0zJbDMrCxA2jQjH0C7oqBdM2pb2zNK6RcOENEyEysaE9LUq5ZRlNo3u5hMhGn0joKb/55A2t0868bsn52evWe/PT+2APt7m93N3BO4YuFL8T5UyDKt8dc16XEBZa66XqIOO1a786Gil0+GcHFq6+KI6BUPzS29YTDYFkjXd3gDWqI3cIeNeAliNVNXBhdymiCu0SXmrTWoHNFIFxAMU24kUI2ZLpl+FJIbcR8NoW66UM4BsvfV4C7YbH3LhnlSgOQnu/JnDT0nUWnGbzcY2RtLAZBWSvz+VpkfgvG+ii1jTaeYFE3ixfoNaUmxH6miqw7s1XTLBr8sdECzD1M3xtWijDwzzPW+trgj7UWzgchrG3U+WlsvVNBU63BaD5n81I8dFH0bbZihcBVFG6C724CIaPleK2yXjff3eDdUrlNsJt0pUFiP0+fUV39ao1czvrYIMOcM9C6jY+M3LTt26Yyh9rshVScBtygtAwDuLggN3mWQi/aG8iHgrBSkKq4s7kC56XAQCaWoOEH+qcTVaBIeZBh9/2GLgBlefV2Z2d7SzGaxcP/+P17+zv+/Z2W49LqOfHxDazgm89iJBPsuu6lIrC+IooxUaKsp2iD9OCCCKZRhZKCa2mMHxRKsgfKUeJP3B6zXefNL7DWGaMqZAUKCWQklQPV8mcidC7QTJDfjHzzxocNJAZlpdpG23OO7ynoP/NgqTKyekKVn2irpEwJqevCaSkmMtBmPC7x15gqFXDNs+caWfBFHwg4BKPKHPSqutxeUD2sjB3IVkugtcp0ZLbgLSM6Td5aM7xxHrKQ07V57OzUbyd2drZLkwK7dJUqDQxgmRif9hhqNvjE5vI14eD3gaFphdlqZ9d/wNmFek/orglHiYy0p2XlVEjzLezQrJA9GGIRzD2ymm2G93kwXi/X/q1WMBgii5qTh4i97gVho7Eu5gNTxzdv7Ne286S/S+aQxyA0p5qRHtMTxsppmXoi0SCoHNCYqckyllyv1pa5CizRYlAQwc4KM/iOx8zvV5X38NGsTuDIDB6Wbf5tjMS1vpRhNNKaWZC18IeqBEWN0tI1YZplIy5YYk7emCuW2iQQCgmB1oVR3G6rvN/n9x4ivAO5r2+3tvAVfCOS2WAjIlfZ1PXXHY8zec9HGNfBlbFzFB+N0ynRYLXWlU2zlCntsVSRCU9TUMXgPJqwNAXsr85PVCFoYhnlt2t10V4N1vL+ODCOV8UHlwB9tliEA6equGNUwc3bRtUT5zvj6Cpj5hhqlUzuBwFZbhVtVAOm5PecpqiEBJ3qnaFTyIGi67H19LP7mI3xKB9KZbtk5yKxWnttF0fgBqDOQRLYLNUZgA+Suxa7zD3HTreFz0i7HnEwcr05erFjWgEFCuu+ilCPpZjUUt/Azbu9LBFC2qIrhCodjaYWArI87nmq9FpUdT1YKCW7D3BV9o7IyyTHlyrvdSOV9zolsdIqbc9ieijdrRHg4uoLGGvoaDEHg84oTwsDuGGbUjX3lamW42tA4wsIc9bvY9diM6plFIv9Ors6P9looaflVsiJcH3CK04lFIot56kE8RZu7WCTNDgBquMWjpugo1osR8AHf26ZD/J+lrgvVmI+wQ+/l/gmVyxbYTjCZwu+QREPZwCfOjex+3u2nxi4EK4DrLfYaY6EC1SKjYCgPZmj4IRX0YaDtnTsjnoj2nosbd9++6PtYGf4Y0jvGHh5GISHyCxwFwmdcaas2giDgFiR0EWeCviMJ05SOJc2FYRCor61KvEECATlyC7cXC3phlQMmIpWu+vD7tboMZbZtCAtqLwjBqFxsj9LZ6OCnJ8cXRgSHiHTnnhQ4XafvyS6xR0SkFbIwOUMp/nrJdnpmcPzmUN+Vtlm1GD8RhVHfsvoCL73Rc1iPEp7LNPklAulGReLEge4+6txL4z+tdkXSbCyJr/1S0Zfnwmwt2031VRpNtoap1QbEbowlyMWKzxKwlXEwRadYpDA/+w89tm3h7WlHKCfTIYNSEvHUh9u/lFuCkKFFNMR/yPwEyP5/Z+fFevnqdmEN+ajiCc3hgfxD4PgjVczYyn6uM40LR+FImnQ3HPFksXZtcqocZHt8ZxM6u4oVJEEPPcU61y47CRXKWgvhzKz9pzMSCoHwYWvakh9piBpF6VFJtOVpSz7ekMYmmFGIhRVLs2L3Wp1qwo6b/65dst7VNBrmoy4WGuRtYyBcScG1wbgAlV8vjntx18rOwX/L6ngFdi/UBWvmOCrkvcgef7Cal6VCH9WRa+Kx4tU9YpJvip7T1H2Cjq+YHWvmOSrwhdS4y+h8n0NjSCMbXrZh/384THPoAm4eX6rh3wZvxd5fpen+OWPZjf+66k789R1JPpaB6qvK/5Sz8r5ZdYTDlIf/fJXOCM1zQZM/yVdBxb1F+o3sLN7+XrEV3AaWNp8q8rEohR4kerGoki8SF+BneGryvIUR4El4gv2EtgZvli15wu6CCwpvmHdJwwquqYDlysThBaR4tc5AowQhgszEpAnD/VyRwxjyCnpZXISZCb7PXo1ZFObzaGGckLMeSLIhPVcui3kfhhQXAyKgHSbaJ/7qbpg8PljghJmwH8poWtHq64lvxhKwR6xPFYyoYJ09eJLtE8zXprUi890qojEgD+uS/xRxfWD/IOnKd3ajdpkHVfj/yDHF5/typBPl6TTve5gcOMHGpsf/muDHI3HKfuF9f7B9dZeezfqRJ1dP731f/x49eG8hd/8wOJbueFKeWx1ulGbfJA9nrKtzu5pZ+fAkntrr71jGyx5oquoT0c8XVVqyadLgvDJuouJzFgypLpFEtbjVLRIP2Osp5IWmXCRyInaqBEQ36zN+9vIa/yEpSzEwCp4TqEXYWKwb52RQUksVGNrfIas80H+Ru9YlVq3LBNsVQZYDQcczU8bK3HQyawdshPtRO3NTqe7CQU2eVyd/Ys2zZ681i7hP1jpWYv7X1XKOHPgS62sG8/u55gJLVWL5L1c6PyhPUyzCa/tYTOxlan8CkPFb+w4tgYCaP5Us4HM+B/4hqwiyYWWfnGNiLYHWi+TNIFCfCyLjRIPso0zFdgDn/zripG+TFM5MZBtp74iJxnyxtZ9lZ+NtyTlIr9vkRGNgaKC3xepDZau9QIOny7JVOZv3mTm/KeQxQAB8zZJx6bUplzplk24D7IiMMnfgxzLcW7soSQiFymjipGUaZIryB8gvakhlDAjUIGFN3Go0+PLlqHqOJNjqRjhQTYdTRLowliPgAc059WXpYpWW1iqxufziq5OO+pUD9XVTjWo2PWIkmUUgUAVv0vtIWqV8J/Pjz7Oo36b95ziTbMi49Gag1Ny0O5Gnd+JpoN1tYGpVmMa3zLtSwYpzJSginAxgKIi0K8C/wnwqVIy5rYungEhXIo02OFgqBus/cakviivHQwPR9er0e+Uj5gpHhnsm7DIWCyzxIDjYpBabDUdQFIWSIccCjNAg0i3eEMsNGAm+vsmF5u/EyZiOlY5zlK1rBuhaWaklP2tp2MeB9lhNjcBiq1Qn+aumFAyI+ssGkTkfxi7bZFfeMbUkGa3G5DDze9YOiXeSAOnUUb7ULO4QgkuBMtmriqCIPiSRa5YYEXWXdaFhWqflfHfmIHkw+ghfhbuolg+gB5Ku785cZ5Ovfzlwksog7to4BXD6NgviDlyaDoYgCywID/1XEOvgLkd90Yhl9tToIH/3OsWpOft0E0EVVP8rrCVvJxzKeEqzhg4s6o7zMKEGQTwZq1Ln2dsQtNUtUgGzK9a6AOhCenRlIqYZWoBK3hljlNA6OwEjQrDEkUlaE/9urye98xZoZH8aWzrYgIG4GRaBAeZa8WTR2qMe6mfp4JltMd9zVYn/msPZp8D5hgoAZoj34s2DE1qyV+uOXPhhpor2QoVuJUWRIDmTLLvFAIjz7N4yDXDzlaAiK7RhULwjyqyXa9AEbSlSJz2vOn393o/vME4AUvXjHX5+fJ0w/wDWw6k8KIHWnzg6hbKjLy3+3ajlKdZ9H/+PafpVA1ymiUR/hvqaf8+Yb0hS8dbfXkNFXXSLaPvpSwZMAN6q4TgtdOdmYqGevTP/wRAfmJlYhTv/mujsVqKqx7lMvHqauKbf645vBa4b41Tc1i4FOoVcQm0USgN5EuSlqigYpkVmmVpcQp/TljkBdpqQJfu+E6prXpZ2Z8v566BHcz4xRrQNaoGPzSTFDafPbOUP8JpCqdhOFrT1zO2R3zHohHXGcP+6EaGbfXp78Dm6XfxHbuGxNPrYHLqOs6YMZj+eQzF2f2woWzlDM/i0/uxVEZyHP98GmL4r9r6ngljHX26JNjBhXSjTjfaa4VlTcrksFbeTxfHC7TEZtDnYNUbxEnR4O4INB+84uTqgaWpb46mJWrYHafzkmBlmonB3GFsRcP62cmGS7K3zStKxSmaDkuCuc4ROQvTk0levo6zA1ig7u64Ttfq6TEv60+GVF9zdW22AE82LK9Xebww+au8fnbyr4Y12sSuQO12e4GW/1BhZ2W1vo9IxrDs2GwBU9KfrbTBsqUjrvkAzR9PC7cYnvuTyrpUCdO8IvGAb/a4ML+C5zce8P8w//je03Gv01mAjIbxrlfK/NaKlBlRMRXNrNrYJ6rT7hxEizCFgS9YFt0xkchVVUm/skVTZh3wMAWCU6ihdcUE7aXztwSKZcaiXtFM5iFk+qmkulGFvTRgsHJCRsXA3pK2o7bRuDvtqG3rn5h/kh5zNw0jqTRR7I5lYe29d0bFVBaiNNan0diUYkqN4FoWpPY4lVw7ooyYznisyDrVmsa35A4CcQqPJpa9u+d62iLjjN/xlA2YrSBsoy80y7CM8kaL8NGYxrqAGsZSGBgervlskAFYA8pGRcGcbJtUKN48QwloUL+cqg6su5nIODcob9Q01d1od7ElZuKOZ1IYaHPden6htT4Np/XYolMxJb6oI3CJXaEWWWaF4O6eZ8zAVy9giTQbjWX2klbnys7osYWBa8IR1TkS2pA04UFBqVbpvHZrFT/fvpiTwqv1lYMh/9F1ISl5PArTef3jzycbxWEP1bc0tHv2NIJlAP6k4paLAbio187lZK1F1j6whOejNeTmtR/5YLgGS2DMNHLXNYvqxaeHCJygqg5IiPMrxtIwVAFrO2rbKk5T8CEmrM9FubCtgVC8XFqjgIvgDa6InAiWoPZCBR2g7+n92U+XV9GnbICNZ8g6/GCEJ/l8uYkd8YUUm+NM9nlgagUtX1pkMpRGGHDl6lVrSYYsHYPcB4+6YjEwp9FsQU4Y7WssRXCvqhkdKULjTCpUnCcyS5MZLCrukkhwpaOBvAOfxaYVRcCudWGAlyPzsapdkhVqF37VGzUMqH9kqAeCwh2CFPqnQXPy1NNsnHGZcW0XgmRsQDOIIwhEwHIUrCnxZpjYD/2IH/J+t30Yuh+h28xxpV36gzdRXBktIMXDAe9g0BIxG8s5JM1mua/0tFelvpWhp5JjJ4x0SlI5GNhODOTq/JIYYYo3OQkfcDgJXZe7onWdpwiLc210PNLjgmbc6DGXWx/OPpyWRxM2Sr0nE3gHDlCaThWUG4Zi6G6WEjz6t37P/uIqpoeNwzB8VWFXCPN1C2pg+3teiPi7MQ+go9BNBGAsxCFVQ6Ycv52c/rTJhDk1yi3qjZjxkeW2tL/58gZapkAB+tL1So8V18j+3g/vrXAi5uNIDWl3d+9mw6N3emcXleoiXDZsNltzL7u7o+JiTbXKU3GkwL5GSI+wXqN1QJvVtq4scqNTFQU9mG5siwYLER7HKWdCW4LOfwtCU9io5liBTINVxX36hlW2qVwwrq37uH559HEjwkg9M44idzSbGskfV7YjqAeujyYqCsGagGunB40wzTaEaExcuaIhheHyk4+XJMSYkHUDasLTJKZZoqxaXkrgYPW2mW/+HlS/nlvL8F36v0KbRt+lcblG5g396hfvU+/x/xqtG1UVtfl7N9p5v4R2jYutHnZr9N0YjQrVIp8+f1/pzQ79GR9Yab9Xll3xF9Om8YNhCiMVfuZssiASX7sz43Ib90zET8DzBTRoXAztCmcviPo32shRSH0NLV3mQGfp/vtCQhcCls3Tg7/b3mzvQw/+7bed3bfbh4v14DcI4X3UKjECH8M82HQON9sHgE3n7U77bXd3MWyCXuurbpx95LvIu5AfvNLXtcbzVSwXaE0d4APt+1doqQJ8xMUGqrA0NS/E9lHQbT7oBx5YYGTO5vrGFh3vdue+CgiIwGyr/znoMKuJ/qkFUXR4YBmU2i4vGoYzzIfQ3u7u9r43QxN2X70Hnx9Bxf+YZ5FnIQcuB/6Hv9AI1kyNaWwMLtLjuq6Fd9s7B/O7TTJO09X2r7WpiTiUuwOFo8WzZ/MpBi4QEDRKMxGH/um+vZmG0uSwsuMhFdh6tkW4DqK40SrV1nMgwRhKjQIB1xjjMQZ3e9BFJ7waYXd33797d3i8f3L67n378KB9eNLpHh8fzd+c3rknVi7QzsqJyqVO5m4S4c7/hUGQ42jE4GonLK6OR69zp5AfJDmnYkCOoZE/SXkvo9k0IpeM+ZvRAdfDvAeRSwOZUjHYGsitXip7WwPZiTo7WyqLt2IAsGVsdPi/aCC/O9/e3t88396t99ox6vfu3uYC4vab7/7/Z+34/9rl/wmr/WJMxuU6+3+T3fy/kQ7+33bX/j9Np/5NM/Jb0mNwVU1FPJQZ/rkZuwhGez/zDt8pTeH/BNjHrqOQPZPM5/6+wV0VwM1mmtpmjuBmNlNt9IxD8tJQKh0IaqQTTblv1jimeuheDl5smKD5zwkbZyyGW4hNuAkoPoRrF/iLl/OYqHCJVKX5GfwizUfsD5dHP3t6GMdeeXnEBxhn+ZboLGdl6EiRElgJm8X+hH9cN/HNDNT9+kAYDVztD/IMFgUHa8JvDtKbFQrfexAtALrsmj4I2RDXqPtMRVwoHThLH6URuB/wW+K+JTxx2yJOZZ4UO+DY/OniAjIyYpomVNPmTfHBPsXgjrj0KQQQFvYITZJreOHagTRvxkwpDB4L90gJc/go4iM6CKrBFhVIRnyT9uKk091ulB8Fg5wZCOTsxIcn4nQdRSx7fEeOzErBSzJNQkZ1EzLzj3BWDtdHlrrx5QeXOxjDTbAIXXx4GI+Qf3/hkebg3spY87JxMNqIxkMu2HWQDf3wYPaDMH163rHCaKvrOQTaw1/NO+o4kyDF5lw4+/ri65axQaH1PTxG6dVG+E4sJDK+BV61cuHE/d2wvfAZ6B3mfExTBu2jQSjgM7PD1VBm+holc6FPuOMYx9v0MmHGsemnRRpuoMuflIQIng5Qqco/bCJWQLDmTxqJNmMoI3EWHw0kXbChFhy18uV8gy4/nG0ISr4jV59OPr0lP8qJUS9GdIzVAP6jNpfSQU8ePuzJbHlOvEzHKUSOc835W/Dtj/hXA5Az0Zcht9pjAdpcOlkTMKj5vZE97blxenwZZha7XowqYrGKpqM0su9hahzN0KcqpNgsvqxUs5W+AeNsTp+9NKX6bQ5ET8qUUTEnefsFRSABp1j2+rhSRb2cp/Uh6yvqT++1zsFJp324Nt90Pl0SGCGMi2meSCwT1rgPHpqL0hnT8XD+ybhRsBClmHoOvM17LBNMQyiA5cN/hL81wC2ee52rrEAVQEnIhQ9L1eKjRyVradIP81yV4mOZNIudhTZzQIGxRLdSfXHNUHmDDF92pAuZkM9nJ/WBwGQe0/j5kCog1geTSU3kP3EwVzBpxmAVI+XpAzqATTndZsT////9/5StkFSfkpXgf3/yWRE8vh7R8ZiLgX137e9zbuwAJ3u2jei4PmUoXIk+sBc372BuzZO3JQAjxVJIUHl5KFzaIoV+hs2IZGyc8piqcoVN8mRuLuDO2EQJG6dyOqqY8E8fuIA7Y2Bw7vXz9NlRDgDPGPoRHXPZgT3YR4dtVqifPi7CtYe3PSeLk/vC/9AA1z4szmzvMGg6YwvYZKEDlt3Pq9LbEaIiOvsBtd5i/JtM5S2nmzTXMuEKkmsK9P8vfEpO7JMpCd8jgVfjUQdRA6hQw7Hz8CBnuU7texF60Mq5NAt4DJ1r2V6fy76fQFBYqnlM/pBje8ZwpzQe2pKqQ1pKaLaBQbYdOON6WNA1IUmOdRQ0zXQ+dndsCIhD5eYR5lJ7nyfEi49pRkdMG8Qym18F68Y0mDvYNRp+MH+2bMIuTA2yMmgKDdEVRk2cXeAblr0IT1oQSg8JV6UpQXqGVkCZZhLaSPNxJpM81osTEsJx/N61YIwK7nF7aNil2aU07Bvla6WtByNvPDJ0kKy74Mj4rb9h9egHvKBIlguoVMdF8zzyLF1u9M8/nZOhMeyHxgyE4Sy3wkweInqcZ5VroLIJOmPUX4YMtkGB34Qqz+LWXKe5HjKhfR2SjAipvRU24SKVg0KQrf0CP/QY1WvN0sr2XffFkH/B+oOYp0HO5SCqmv1eQMMNSKWYrxFxk4xrZsXto2TO6IT814dzo31kTDGhS/VV8FJJ9mDlrXfNzrASaIZlZrjCsl/F7ZSBVSn5p4jKx66wWIBzIbYc7uTo4oysf+BxJpXsa0+cn7kypqpIiGATlm1EYakbLMjogdlyDiDx7VUd5uHZijiYMw6PFdMwpxv7zfX9KEU63nhwVNXEnsT6KZilCzXM7niSU3cll8pBmFY6ZI/Sm8ONUj9P0UGUybyXMjWUUochPeM8G0uFOVcMk4RsWqJ1CYUmUcGHxS4ajWkWuGtsVmQIyExUS5JwOhBSgSjupWxUvdfyXE8aNYwZ3HeUpr5unCvSZOdQ2wRhEiYZQqJuwHZNLik65oEWYrOdk9KueGBubqX8CgInQh5OUU6OJja/KZZZgqswlkpxw/ZF/bkSzLUJFwAzlYM17/6ro2tGkxlZc+8OuCjeL0H035hXzHcBrzksau+AYEuY4gNhxZqbgk2C6Lbb2yUwwSvddrtd39MRORPl/dkKONqiUALJRT+jSmc5lvmaYMVqO6mIfKqAg8p4FJQLN3YJnJ1H6wGK4r5KonA3GH1kRHWpNKRjDXPAKqspwfpLuOA29DKrb7D36KkGryCNNb/jeno9l/Oo4NFyzeMHmfSIYDRSOq0Wq4GDjOrib5vJmWcZ6Ex2bsC3JZAsyBA02w4iViHqCnI24TwOBoFXaKadCFNlO40UIzWZWZiifD2ncbfsNhZBRRGfFg0Iugjx8laGHFAIoKydTZ5Chg0mmPHbQqLAKEa6JrzfZxmeljfloIubBioAuGt7410mwaIOkaV4yAu6oliemUz1UB3lOgdGY/dxmit+h1WJS6CgGQugcgPa/lTmwCAxHWu0KZB2cMhI4RRahcnUJVBaNokTb2JARv9NQbobGMcQNCE38FbnplWeG/zavbG1SSSRokV6LKZmTxeCPhgBqocKhMlFmQVolnKoRGMRkH2vGC20wuFB+eg62fh3uMFh90OaK8g2TW0QVjB1v3tt9dUSIEdX3OkReTclQ3pntTHFipKTeN5aZUCz0Ti1yRRlSWk1ClfoNaFq2JM0S5QteAD3WpspoxmYCr/JXlC2se6BCCl3VFK3L2h8SwfsY1XEzJYYBaR3XNBsusRnOoX738+KZWdinOsrvszoUuoPRcTtYh9eFdEHC3yY8zT5uWR5zv/xsVEOxeLUOpZZlgPzHkGm+KUOM5znhpIxWO7POl6K2Ce1UoyLfKuL/nmLfHbH4+UYs/j0nIlBRaDOD2BJSplPLZd8oL9VZPDiILhYBkTG75aknfkye+Kny5LdPPmZLs4rp0Jn02OZC734p/c6o2eiLxf+8j3laZ4tR+Xg2yVp9Z6nbFlZ9J4LmhpBkquFv/2hcrrO99VZkrIzVwCFLiVGDAgQfsut89lozDIlBQx+zu7Y4lx25op/Lfn5+AgLRCzx5YXMFkf5H2y6JHOdU6XNMfmDlMlSH18Oc53IiVgOwOgpWsm5HEjxQzm6YIEvz5b8zl4hLT/lpVQSOGCWFQMf6D0f5aMLlkEgjojZBctitsTm+gDtTZfCHT+9XGK5PnDxXNNHSFfDTGqdPgXM8ovxkU0sCy3BgcXHS63BRza5jIdsxJbaNh/ZZClN6aMcmXPoPfQ8FPHiqvHHMGVl/s8+pckTsP2UJkth+8neKphze6lFuqBLCPJgczzx+L3I2B2XuXqqJeHgLPmxLbZ6ztXi+3P5/fWUzWW/XW757LdL8OlF6WJ2ge9yupyCdZHTC5nyeLoEff+zv7Qu+xOjaonPQALQZQe9BGP4XSrj26uwZP/c32Nc1FL8ZL9deupWM0NvwlJKhwMBVwHHy7hgHIRlF8+l6i//5ZLWzyVcpSz+mabZcl6u5dw9y2Kn5Xi5WWKO7Ak0ql+OqxHCsiq4/fyzWlILDb5fRhW9ulxizlfQSPsJNEMAS/ku8NPlTaXg+6Uxx4vRJ2C+9GoXny+12CwDxfUSy6wug7+8ZeI0ZXd0aRl8lVGhRlxrltgDYfHtviwBlj16fpHZrVpS/cT7p+U+6y732fZyn+0s99nucp/tLffZ/nKfHTz42d+q3+Al3YJX9cuEkxSX5xg04ssfVcNgbIuUMDao4XLRTk8tNO8Fr4fdGKWGirYl1zRoK1ebXDykQpTcjyu928fR8Obdlb6DHnjQ+hFDTGhib7Yd3UsggybEAmsmucg8e9mcyoG6cTl8tti0jY8sYsIaKIFzWC1/WTzPTsrxZKkclKKUsPafI0pm5HJZxgWtAuHjgoQ2cLmDl+gS4iXxEfIGPq8onQp8JprTNJ1GLsOvDDBjNB7aEJURevrs+qx3/73d/XcJnoubqsc1mUl1/7238++HY6s2ypEBsNjsXlfmNOFpSnqMtBtXEwpvX7/EEB83J7OMsAlK4GIpdCZT2AzanMt9lmWwoSPLQ1hS3IYBTaAAmx4yQYYUivJVNkwYCgTj84zcBGS5CeVdQ+bkOC7bZM8uu3CEajQDCixyRdUtsjK+BTmyvlmrlXRN+GL6QCpjGgoBOoYcHowHRSHEbNYt7qYJLVMPq+E30MUlJFwP5ks9/DKs5Wt0wEOcfG0rzToLXJ7IuAGhoHzikxbbjnHNEycCj6GKvAts/CkXmo+Y81U9RHix2pi0hsM9ENRkvcpOMnMpdED8Bi4KxOpGA2KaqttV7jMD/2XvMsynsB1tS4VV6yfJuhRknLFyDFpZU6iGwELXQXucogrnwuce2Ax6CBrJ4luiBtGH3tUgfdkoQvL0KMIgrK+BdAbRqBBUT+LpohLeZmdzd7Pb2dze3ensbLcPuweb3fZuZ7/T6Xbam53tw872wc723uFmp+iZNwdJHP8UTXgKCbt+eXbiKxjSGKoz+v78Nt62Il25qolXglUTyhH+QkKXH5naOrqXZyfYvERA8QDtmpxAwCbkVlajJeFBAv4eGzKJPxka37gQQaciSTTuC2U5aDMdzHEqc+Kz+IIJF7M12+ny7ES1SMbuOJvY/T8g/UpcUYzx9QqVHNsh2uYn2CbQs1hnTsH+wMJ+DGwOqP1VWbTmhSpNAim7SnmMIxTts2cwWDBXDC4dMZubOGvquuwCev6DxHayfXzCDTO8q7l7nqJgYBpcNWfTM/gbGyTLrc1nK3kx5c2PoJ6XTRFzKR1Fktg5G9C4lKLj8mxn5YvhC0wR7BEmRfjxXnRvu6pKjm3fg5wg1w0YYN0VhQ6L76OgWgymyloIUEe7iAKeuAZHNz7FN9q71vJ6P8KUKps5BY4NpmeYyc3Ztvrx+lyYcxQVaT4PVq6qm2mPwa198CD8pkSGR0Zo+uTBMSr+qUfAV95+EHLFg/QI5MrbD0JO5WARkpScRY+UIlOKDtg1yzL5WCk8eCeyX8wD3LpqSkVGH5l61bvzCPxZzoNHR5n14YPjlWzsR4Yovfsg1CYL9RHgTZ88NoY15+YeoGJiPggebbAFOLTJOHy4hmZhdD0COnjzYYhgMCxMkaqd8eAYzRr2rJHcUM1fPT7Q/NK++vqDsJuy7mdCLr/8INz7UfqYwGnKzK7C/F8BAAD//x9IaPw=" } diff --git a/x-pack/auditbeat/module/system/fields.go b/x-pack/auditbeat/module/system/fields.go index 2fc71f8ac33..24f8a73989d 100644 --- a/x-pack/auditbeat/module/system/fields.go +++ b/x-pack/auditbeat/module/system/fields.go @@ -19,5 +19,5 @@ func init() { // AssetSystem returns asset data. // This is the base64 encoded gzipped contents of module/system. func AssetSystem() string { - return "eJy0WU1v27gW3ftXXHTTBHAVxG2CwosHpC8PL8G002CSAt3ZlHgtcUyRGpJKov76AakPSzZlW44qIEBEk+ec+0VeSR9gjcUcdKENphMAwwzHObx7dAPvJgAUdaRYZpgUc/jPBADgKUGNQBSCSRBWDDnVEKNARQxSCAs3XmJCKmnOMZgAKORINM4hREMmUC2cTyYAH0CQFOeAzyiM4zBFhnOIlcwzd19Ptv/Xs6ViMRNuqF6wxuJFKlqNebTb67tbB3LldDrOAJ4SpiEiAkIEAivGETJiEjjDIA5gefFM1AWXsf0LLpfn0wZNKgdjJdWQlemRTDMpUBgwCTGg8yzjDKmbQokhNbZAw5lYL8+Dti9yjepoV6AwzBQLRod74/4WcsH+yZEXwKgFWhVMxE6l1QBSAIFEahPAvQHrJZlmuY000UDg8e7mw+zqGhKik41TSkfYVXB/Oy2B7D9E0PLG6g46NhhUKROEDzfhqVpZ01qCji8zJSPU+mh3tmzZnt4r4o7oBHWTVa8Y5YaEHG1qobVDu5IhPJaKmSR1VNo5xC54JjxHN6VBdB7EV0ARSYoUKItRm2qms29b/8aCkJM1zsLF7Op6g+fx6JY5X77e/PG/WdgE1GPOpIfp4+dPpzB9/PxpKNPV5ewUpqvL2bFMOiGz2SBzHu9uZrOjLdEJGeiux7ubAZ6y+IvhFrg1wziGpVfJcXxuOY4TPLUY6quBKeU4huXT1eXshIhcXc4uhsXE8QyOiuM5Pi6vr8n1IFN+/rzea0RjgIzWeHwH8JuOvVLF4eOuMqbBbI67EgCYkBSnwGVEONw/1P9lUpkpKEylQTdsz4Dq1v7W9YjrJQKSU+b3i8e+7pHQOtakNs2g72jb4y97LS3AEiIpDGGi7vl4aTcTK6lSYtcFrVXbXV99bWtsNT6ZYSl2iEulXIq4M1wSzoHmyvF2fmQiy82iniKIkBojKajuzJK5aU8j+pYU3hmZwohp55TLzu97/GWvH84aYKItIfCYHUppegynxOAQzi9SGrBYPp4qeqjYL6QeslBKjkQM4Xu0ub6q0sAWScPhE2CF/ZICA3vrEbC9kRwh4M9W813Dt3vQKbhO+8vj015BcrXSaAKN0THZd0DT00aHRbUZsCf6VuV4/rir0HxMzBf0Ezng/tZHQVSUMIORydWIBnVgq2en18/Xi+tP5z4RKfFF8QTubzf/BUKpQq3RGzuWeYi2Bg9w3D/sp5DaQ7G9cx9gWUrd2rtb2zWQUObGFYvM7EO8PQerc6e73+7s2e1theJOAu/z+kGffH9sQKd2eyGiqKKujUITJeeBV0nGibG2jaqkBq0URCiM1FPIw1yYfAovTFD5onsUje4X97KhVPKNRHbkZw/1iqSMF6OSl5AVvUKaEDMFiiEjYgorhRhqesgjz6j09oH9Vl0Vpp9wjUogH4/vyVMs73VFsyulyU0SrUmMb2rCKoy9tUwEMKEN4RwpSOW6y2ekNf/bGrTtrvuQM/e6cl8fXqsd3IjXV9OQV0hQbia2365HPFnTW7YnmvjQIvfx+IrhjVR7rKriPSZbBdnXCoxJ1e4BfHycRSjGta6C9J78ZY2N0rbXdBVmb/+u2a+jHo6OIrNgXpI8TYkqTgAsF/owc8XHDMuPv77u7q/NS/M2xZDN1QIc7JLsJF2+F99tk47fT39XgwDwo/uGfcdLbBvx7WzdJ4ENVzwu1/9tLHvJKFNjG/ZeQyJTtNAYGdlN7fabN+QjthcAD0rGiqRgJKhcADHAZcx6uhubkItWro7q8eolj/tq037JA98FfGUif52CSZi2J7Qtjhgjqcts78mInceWWqEM/8bIDBO4dHAHmqGiJNWbj1pMQ0aUsY3DWYiFrL7C5GXEM8XsLlau2mph/ZUM+6v5UBSOigQ0+b9b2rC35Db0TBiMcbtKBtL3lV9GtPYY1/e0eji2NeD+8DZRq2bDmZCmaiCrEWY08tXgSFrlvyuSNzuyLWwAD1JrFvL2F0FY6oRQ+bJo/NGDedYx2nXGtjBF+VbbYbhP2+fTjW8XlGkScqTLaQ/qUsgNs+Uoi50SEaOSuXb9uCikQPcBncsYmDh3bXYfYqSKzLRBXxIU3ZC52FjtF2iiCzdMQSOmugfUyDpL7OMPCsfhnnlKxJ3ot7pGos0iSqxB/aWz086V11HBfnKf/IvOHlMb+kK0EwCVgGDybwAAAP//v4QD6w==" + return "eJy0Wl1v27AVffevuOhLE8BVELcJCj8MSJtiCdauwZwCfbMp8VriQpEaSSVRf/1A6sOSTdmWowoIYNPkOed+kLyk8gGesJiDLrTBdAJgmOE4h3cL1/BuAkBRR4plhkkxh39MAAAeE9QIRCGYBGHNkFMNMQpUxCCFsHDtJSakkuYcgwmAQo5E4xxCNGQC1cD5ZALwAQRJcQ74jMI4DlNkOIdYyTxz3+vO9nPdWyoWM+Ga6gFPWLxIRas2j3b7/HTjQK6dTscZwGPCNEREQIhAYM04QkZMAmcYxAGsLp6JuuAytn/B5ep82qBJ5WCspBqyMj2SaSYFCgMmIQZ0nmWcIXVdKDGkxhZoOBNPq/Og7YtcozraFSgMM8WS0eHeuL+FXLD/5cgLYNQCrQsmYqfSagApgEAitQng3oD1kkyz3EaaaCCwuLv5MLu6hoToZOOU0hF2FNzfTksg+4EIWn6xuoOODQZVygThw014rEbWtJag48tMyQi1PtqdLVu2u/eKuCM6Qd1k1StGuSEhR5taaO3QbsoQHkvFTJI6Ku0cYgc8E56j69IgOg/iK6CIJEUKlMWoTdXT2betf2NByMkTzsLl7Op6g+fx6JY5X77f/OvbLGwC6jFn0sP08fOnU5g+fv40lOnqcnYK09Xl7FgmnZDZbJA5i7ub2exoS3RCBrprcXczwFMWfzncAjdmGMew9Co5js8tx3GCp5ZDfTUwpRzHsHy6upydEJGry9nFsJg4nsFRcTzHx+X1NbkeZMrv39d7jWgMkNETHl8B/KVtr1RxeLurjGkwm+2uBAAmJMUpcBkRDvcP9adMKjMFhak06JrtHlB9tb91PeJqiYDklPn94rGvuyW0tjWpTdPo29r2+Ms+KwuwgkgKQ5ioaz5e2s3EWqqU2HFBa9R21Vc/2xpbhU9mWIod4lIplyLuNJeEc6C5crydH5nIcrOsuwgipMZICqo7vWRu2t2IviWFt0emMGLaOeWy8/sef9nnl7MGmGhLCDxmh1KaHsMpMTiE84uUBiyWj6eKHir2B6mHLJSSIxFD+BY219dVGthJ0nD4BFhhf6TAwH71CNheSI4Q8O9W8V3Dt2vQKbhK+8vica8guV5rNIHG6JjsO6DpcaPDotoM2BN9q3I8f9xVaD4m5gv6iRxwf+ujICpKmMHI5GpEgzqw1dnp9fP18vrTuU9ESnxRPIH7x81XIJQq1Bq9sWOZh2ir8QDH/cN+Cqk9FNsr9wGWldSttbu1XAMJZW7cZJGZPcTbfbDad7rr7c6a3V5WKO4k8D6vH/TJz0UDOrXLCxFFFXVtFJooOQ+8SjJOjLVtVCU1aKUgQmGknkIe5sLkU3hhgsoX3aNodL+4y4ZSyQ8S2ZbfPdRrkjJejEpeQlb0CmlCzBQohoyIKawVYqjpIY88o9LbG/ZbdVWYfsInVAL5eHyPnsnyXlc0+6VY1lENt6PhTCPCt68LkDqwDS3HNxODRE8kxjdVgBXG3oWECGBCG8I5UpDKlbbPSGv+t1WH2yX/IQfudd++Q0CtdvApoH6a00CFBOVKZov9usWTJ71rxokmPrTIfTy+mfhGqj1WVfEek62C7KtDxqRqFyA+Ps4iFONaV0F6y45yjo1yZqjpKszew4Nmf446mR1FZsG8JHmaElWcAFgO9GHmio8Zll//+b67vjY39m2KIYurBThYotlOuryU363Rjl9P/1Z1AvCre72/4yW2jfh2tu4xZMMVj8v1TxvLXjLK1NiGvdeQyBQtNEZGdlO7fe2HfMTaBuBByViRFIwElQsgBriMWU89YxNy2crVUT1e3TC5V0btGyb4KeA7E/nrFEzCtN2h7eSIMZK6zPaejNg5M9UKZfhfjMwwgSsHd6AYKkpSvXmjxjRkRBlbOJyFWMjqFVBeRjxTzK5i5ait+tk/k2H/bD4UhaMiAU3+705t2DvlNvRMGIxxe5YMpO+bfhnR2mNc31H5cGxrwP3hbaJW9YYzIU1VQFYtzGjk68GR9JwTYKxI3uzItrABPEitWcjbryNhpRNC5cuy8UcP5lnHaFcZ24kpyit1h+Heq59PN75dUqZJyJGupj2oKyE3zJajnOyUiBiVzLWrx0UhBbq391zGwMS5K7P7ECNVZKYN+pKg6IbMxcZqv0ATXbhmChox1T2gRtZZYo8/KByHO/OUiDvRb1WNRJtllFiD+qfOTjlXPkcF+9H9v0HRWWNqQ1+IdgKgEhBM/h8AAP//gcIhxw==" } diff --git a/x-pack/auditbeat/module/system/host/_meta/data.json b/x-pack/auditbeat/module/system/host/_meta/data.json index e0b0818dcae..a4494027c6b 100644 --- a/x-pack/auditbeat/module/system/host/_meta/data.json +++ b/x-pack/auditbeat/module/system/host/_meta/data.json @@ -47,6 +47,7 @@ }, "timezone.name": "UTC", "timezone.offset.sec": 0, + "type": "linux", "uptime": 18661357350265 } } diff --git a/x-pack/auditbeat/module/system/host/_meta/fields.yml b/x-pack/auditbeat/module/system/host/_meta/fields.yml index 642a3c44962..3d6ca173d83 100644 --- a/x-pack/auditbeat/module/system/host/_meta/fields.yml +++ b/x-pack/auditbeat/module/system/host/_meta/fields.yml @@ -77,3 +77,7 @@ type: keyword description: > The operating system's kernel version. + - name: type + type: keyword + description: > + OS type (see ECS os.type). diff --git a/x-pack/auditbeat/module/system/host/host.go b/x-pack/auditbeat/module/system/host/host.go index 9aa0f7fb2e7..3a4bb38dee9 100644 --- a/x-pack/auditbeat/module/system/host/host.go +++ b/x-pack/auditbeat/module/system/host/host.go @@ -144,6 +144,10 @@ func (host *Host) toMapStr() common.MapStr { mapstr.Put("os.codename", host.Info.OS.Codename) } + if host.Info.OS.Type != "" { + mapstr.Put("os.type", host.Info.OS.Type) + } + var ipStrings []string for _, ip := range host.Ips { ipStrings = append(ipStrings, ip.String()) @@ -362,6 +366,7 @@ func hostEvent(host *Host, eventType string, action eventAction) mb.Event { hostFields.CopyFieldsTo(hostTopLevel, "os.kernel") hostFields.CopyFieldsTo(hostTopLevel, "os.name") hostFields.CopyFieldsTo(hostTopLevel, "os.platform") + hostFields.CopyFieldsTo(hostTopLevel, "os.type") hostFields.CopyFieldsTo(hostTopLevel, "os.version") event.RootFields.Put("host", hostTopLevel) diff --git a/x-pack/auditbeat/module/system/socket/state.go b/x-pack/auditbeat/module/system/socket/state.go index 485ca4b1f1d..369ba6705b0 100644 --- a/x-pack/auditbeat/module/system/socket/state.go +++ b/x-pack/auditbeat/module/system/socket/state.go @@ -985,11 +985,11 @@ func (f *flow) toEvent(final bool) (ev mb.Event, err error) { gid := strconv.Itoa(int(f.process.gid)) root.Put("user.id", uid) root.Put("group.id", gid) - if name := userCache.LookupUID(uid); name != "" { + if name := userCache.LookupID(uid); name != "" { root.Put("user.name", name) root.Put("related.user", []string{name}) } - if name := groupCache.LookupGID(gid); name != "" { + if name := groupCache.LookupID(gid); name != "" { root.Put("group.name", name) } metricset["uid"] = f.process.uid diff --git a/x-pack/filebeat/module/activemq/audit/config/audit.yml b/x-pack/filebeat/module/activemq/audit/config/audit.yml index 8077b2e4164..5b5cf7df03f 100644 --- a/x-pack/filebeat/module/activemq/audit/config/audit.yml +++ b/x-pack/filebeat/module/activemq/audit/config/audit.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/activemq/log/config/log.yml b/x-pack/filebeat/module/activemq/log/config/log.yml index 1ef09c9f504..58a8f27a0f3 100644 --- a/x-pack/filebeat/module/activemq/log/config/log.yml +++ b/x-pack/filebeat/module/activemq/log/config/log.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml b/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml index 4cc64e9e561..fc501fd4705 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml @@ -66,4 +66,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml index 6339940d432..8e04baa3395 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml index 76cf0f936b6..c2a46c88090 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml @@ -27,6 +27,11 @@ processors: field: "json.userIdentity.type" target_field: "aws.cloudtrail.user_identity.type" ignore_failure: true + - append: + field: related.user + value: '{{json.userIdentity.userName}}' + allow_duplicates: false + if: 'ctx.json?.userIdentity?.userName != null' - rename: field: "json.userIdentity.userName" target_field: "user.name" @@ -225,28 +230,16 @@ processors: field: "json.vpcEndpointId" target_field: "aws.cloudtrail.vpc_endpoint_id" ignore_failure: true - - script: - lang: painless - ignore_failure: true - source: >- - void addRelatedUser(def ctx, String userName) { - if (ctx.related == null) { - Map map = new HashMap(); - ctx.put("related", map); - } - if (ctx.related.user == null) { - ArrayList al = new ArrayList(); - ctx.related.put("user", al); - } - ctx.related.user.add(userName); - } - if (ctx?.aws?.cloudtrail?.flattened?.request_parameters?.userName != null) { - addRelatedUser(ctx, ctx.aws.cloudtrail.flattened.request_parameters.userName); - } - if (ctx?.aws?.cloudtrail?.flattened?.request_parameters?.newUserName != null) { - addRelatedUser(ctx, ctx.aws.cloudtrail.flattened.request_parameters.newUserName); - } - + - append: + field: related.user + value: '{{aws.cloudtrail.flattened.request_parameters.userName}}' + allow_duplicates: false + if: 'ctx.aws?.cloudtrail?.flattened?.request_parameters?.userName != null' + - append: + field: related.user + value: '{{aws.cloudtrail.flattened.request_parameters.newUserName}}' + allow_duplicates: false + if: 'ctx.aws?.cloudtrail?.flattened?.request_parameters?.newUserName != null' - script: lang: painless ignore_failure: true @@ -685,6 +678,32 @@ processors: field: "json.insightDetails" target_field: "aws.cloudtrail.insight_details" ignore_failure: true + - set: + field: group.id + value: '{{aws.cloudtrail.flattened.response_elements.group.groupId}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: user.target.id + value: '{{aws.cloudtrail.flattened.response_elements.user.userId}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: user.changes.name + value: '{{aws.cloudtrail.flattened.request_parameters.newUserName}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: group.name + value: '{{aws.cloudtrail.flattened.request_parameters.groupName}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: user.target.name + value: '{{aws.cloudtrail.flattened.request_parameters.userName}}' + ignore_empty_value: true + ignore_failure: true + - remove: field: - "json" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json index 2f49aa15134..50253665f08 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json @@ -27,9 +27,11 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "admin", "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -40,6 +42,7 @@ ], "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "AWSConsole" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json index 886d94486ad..f6bb959a8d6 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json @@ -29,6 +29,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -70,6 +73,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 720, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json index 4d715f61769..ca6b38754cb 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json @@ -32,6 +32,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "JohnDoe" + ], "service.type": "aws", "source.address": "192.0.2.110", "source.ip": "192.0.2.110", @@ -82,6 +85,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 658, + "related.user": [ + "JaneDoe" + ], "service.type": "aws", "source.address": "192.0.2.100", "source.ip": "192.0.2.100", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json index 9736605a6b2..bfce5b07ccb 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json @@ -38,6 +38,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -48,6 +49,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json index c3a33c948e4..7487c6d6581 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json @@ -36,8 +36,13 @@ "creation" ], "fileset.name": "cloudtrail", + "group.id": "EXAMPLE_ID", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -80,8 +85,12 @@ "creation" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 903, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json index 41cca74d099..f2ce56d3683 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json @@ -32,6 +32,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "72.21.198.64", "source.as.number": 16509, diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json index e358d16bc72..66e126a2da2 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json @@ -41,6 +41,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json index 2fee7445e82..65b0db2d293 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,8 @@ ], "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.id": "EXAMPLEUSERID", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.3.2 Python/2.7.5 Windows/7", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json index aa2b7a2bc63..5ab34b15c5f 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json @@ -34,6 +34,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json index 3c062a8ef23..2639ed8a490 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json @@ -44,6 +44,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Alice", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json index 2ea8b42fa6c..8146718df72 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json @@ -34,6 +34,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -44,6 +45,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json index 687e4602194..d1c2ab6f9e7 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json @@ -30,8 +30,12 @@ "deletion" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -74,8 +78,12 @@ "deletion" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 747, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json index 8c3897af795..d1f4415d4cd 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json @@ -34,6 +34,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -44,6 +45,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json index 09ad2ddf9d4..58a7d7a36ad 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json @@ -24,6 +24,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json index b97cdbab3df..ac0c0163b5d 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,7 @@ ], "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json index d770587f648..ec713a1c41b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json @@ -32,6 +32,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json index ae3605a03a0..f89c1b5ab53 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json @@ -25,6 +25,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "REDACTED" + ], "service.type": "aws", "source.address": "REDACTED", "tags": [ diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json index 1f9d3a519bb..253bf3d4523 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "console.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json index c4ce4c167be..419a86799cc 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json @@ -31,9 +31,11 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "Admin", "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -44,6 +46,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json index 586c1ee9421..5d7299ae4c2 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json @@ -27,6 +27,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json index b3670ee5fac..266cded86f2 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json @@ -27,6 +27,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json index 0c517b2c688..4b30eaed7ae 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json @@ -35,6 +35,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -45,6 +46,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json index e08eea3d071..edb7444604b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json @@ -37,6 +37,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json index 09c00b8d57b..95827327cec 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json @@ -28,8 +28,12 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -74,8 +78,12 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP2", "input.type": "log", "log.offset": 683, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json index 174bae15aa1..6992dc1a978 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json index 204ae7e2e1e..12efc4cf071 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json @@ -35,6 +35,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -45,6 +46,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" @@ -85,6 +87,7 @@ "input.type": "log", "log.offset": 800, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -95,6 +98,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json index 1531a7c1e5a..1d00ae0c171 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json @@ -25,6 +25,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "205.251.233.182", "source.as.number": 16509, @@ -92,6 +95,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 766, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json index 08769b6dcca..068c1db631a 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json @@ -31,6 +31,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob", "Robert" ], @@ -40,8 +41,10 @@ "tags": [ "forwarded" ], + "user.changes.name": "Robert", "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Spider", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json index 0464fe184a8..d81ec8fa25b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json @@ -45,6 +45,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Alice", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml b/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml index db50bdc4362..c156fac870b 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml index 6339940d432..8e04baa3395 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml b/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml index db50bdc4362..c156fac870b 100644 --- a/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/file.yml b/x-pack/filebeat/module/aws/ec2/config/file.yml index 6339940d432..8e04baa3395 100644 --- a/x-pack/filebeat/module/aws/ec2/config/file.yml +++ b/x-pack/filebeat/module/aws/ec2/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/elb/config/aws-s3.yml b/x-pack/filebeat/module/aws/elb/config/aws-s3.yml index db50bdc4362..c156fac870b 100644 --- a/x-pack/filebeat/module/aws/elb/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/elb/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/elb/config/file.yml b/x-pack/filebeat/module/aws/elb/config/file.yml index 402a1b25b12..4242dc4cd7b 100644 --- a/x-pack/filebeat/module/aws/elb/config/file.yml +++ b/x-pack/filebeat/module/aws/elb/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml b/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml index db50bdc4362..c156fac870b 100644 --- a/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/file.yml b/x-pack/filebeat/module/aws/s3access/config/file.yml index 402a1b25b12..4242dc4cd7b 100644 --- a/x-pack/filebeat/module/aws/s3access/config/file.yml +++ b/x-pack/filebeat/module/aws/s3access/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml b/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml index dd8613a904a..4dea7d027c6 100644 --- a/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml @@ -1,6 +1,12 @@ description: "Pipeline for s3 server access logs" processors: + - set: + field: event.category + value: web + - append: + field: event.type + value: access - set: field: event.ingested value: '{{_ingest.timestamp}}' @@ -24,6 +30,22 @@ processors: S3ID: "[a-zA-Z0-9\\/_\\.\\-%+=]+" S3VERSION: "[a-zA-Z0-9.]+" + - grok: + field: aws.s3access.request_uri + ignore_failure: true + patterns: + - '%{NOTSPACE:http.request.method} %{NOTSPACE:url.original} [hH][tT][tT][pP]/%{NOTSPACE:http.version}' + + # + # Best-effort parse of url.original in the form /path?query" + # + - grok: + field: url.original + ignore_failure: true + patterns: + - '^%{ABS_PATH:url.path}(?:\?%{DATA:url.query})?$' + pattern_definitions: + ABS_PATH: '/[^?]*' - append: if: "ctx?.aws?.s3access?.bucket_owner != null" field: related.user @@ -99,10 +121,25 @@ processors: field: event.outcome value: success - - set: - field: event.duration - value: "{{aws.s3access.total_time}}" - ignore_empty_value: true + - convert: + field: aws.s3access.bytes_sent + target_field: http.response.body.bytes + type: long + ignore_failure: true + + - convert: + field: aws.s3access.total_time + target_field: event.duration + type: long + ignore_failure: true + + - script: + lang: painless + if: ctx.event?.duration != null + params: + MS_TO_NS: 1000000 + source: >- + ctx.event.duration *= params.MS_TO_NS; - set: field: http.request.referrer @@ -137,13 +174,18 @@ processors: field: event.kind value: event + # + # Save original message into event.original + # + - rename: + field: "message" + target_field: "event.original" + # # Remove temporary fields # - remove: - field: - - message - - _temp_ + field: _temp_ ignore_missing: true on_failure: diff --git a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json index 187f7f33589..aa9d1bf6938 100644 --- a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json @@ -23,12 +23,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.LOCATION", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "17", + "event.duration": 17000000, "event.id": "44EE8651683CB4DA", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:41 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 44EE8651683CB4DA REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 17 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - BsCfJedfuSnds2QFoxi+E/O7M6OEWzJnw4dUaes/2hyA363sONRJKzB7EOY+Bt9DTHYUn+HoHxI= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -38,7 +43,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 142, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 0, "related.ip": [ @@ -54,6 +62,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?location&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -86,12 +97,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.LOCATION", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "3", + "event.duration": 3000000, "event.id": "E26222010BCC32B6", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:42 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 E26222010BCC32B6 REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 3 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - gNl/Q1IzY6nGTBygqI3rnMz/ZFOFwOTDpSMrNca+IcEmMAd6sCIs1ZRLYDekD8LB9lrj9UdQLWE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -101,7 +117,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 142, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 715, "related.ip": [ @@ -117,6 +136,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?location&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -150,12 +172,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.BUCKET", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "2", + "event.duration": 2000000, "event.id": "4DD6D17D1C5C401C", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 4DD6D17D1C5C401C REST.GET.BUCKET - \"GET /test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251 HTTP/1.1\" 200 - 265 - 2 1 \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - KzvchfojYQnuFC4PABYVJVxIlv/f6r17LRaTSvw7x+bxj4PkkPKT1kX9x8wbqtq40iD4PC881iE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -165,7 +192,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 265, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 1429, "related.ip": [ @@ -181,6 +211,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "max-keys=0&encoding-type=url&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -213,12 +246,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.LOCATION", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "4", + "event.duration": 4000000, "event.id": "706992E2F3CC3C3D", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 706992E2F3CC3C3D REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 4 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - cIN12KTrJwx+uTBZD+opZUPE4iGypi8oG/oXGPzFk9CMuHQGuEpmAeNELdtYKDxf2TDor25Nikg= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -228,7 +266,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 142, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 2161, "related.ip": [ @@ -244,6 +285,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?location&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -274,11 +318,16 @@ "client.user.id": "arn:aws:iam::123456:user/test@elastic.co", "cloud.provider": "aws", "event.action": "BATCH.DELETE.OBJECT", + "event.category": "web", "event.dataset": "aws.s3access", "event.id": "8CD7A4A71E2E5C9E", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 jsoriano-s3-test [10/Sep/2019:15:11:07 +0000] 77.227.156.41 arn:aws:iam::123456:user/test@elastic.co 8CD7A4A71E2E5C9E BATCH.DELETE.OBJECT jolokia-war-1.5.0.war - 204 - - 344017 - - - - - IeDW5I3wefFxU8iHOcAzi5qr+O+1bdRlcQ0AO2WGjFh7JwYM6qCoKq+1TrUshrXMlBxPFtg97Vk= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.eu-central-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Teruel", "geo.continent_name": "Europe", @@ -327,11 +376,16 @@ "client.user.id": "arn:aws:iam::123456:user/test@elastic.co", "cloud.provider": "aws", "event.action": "BATCH.DELETE.OBJECT", + "event.category": "web", "event.dataset": "aws.s3access", "event.id": "6CE38F1312D32BDD", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [19/Sep/2019:17:06:39 +0000] 174.29.206.152 arn:aws:iam::123456:user/test@elastic.co 6CE38F1312D32BDD BATCH.DELETE.OBJECT Screen+Shot+2019-09-09+at+9.08.44+AM.png - 204 - - 57138 - - - - - LwRa4w6DbuU48GKQiH3jDbjfTyLCbwasFBsdttugRQ+9lH4jK8lT91+HhGZKMYI3sPyKuQ9LvU0= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3-ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Denver", "geo.continent_name": "North America", diff --git a/x-pack/filebeat/module/aws/s3access/test/test.log b/x-pack/filebeat/module/aws/s3access/test/test.log index abb17ce2b45..8e3d2c0aff1 100644 --- a/x-pack/filebeat/module/aws/s3access/test/test.log +++ b/x-pack/filebeat/module/aws/s3access/test/test.log @@ -3,3 +3,4 @@ 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be A1206F460EXAMPLE REST.GET.BUCKETPOLICY - "GET /awsexamplebucket?policy HTTP/1.1" 404 NoSuchBucketPolicy 297 - 38 - "-" "S3Console/0.4" - BNaBsXZQQDbssi6xMBdBU2sLt+Yf5kZDmeBUP35sFoKa3sLLeMC78iwEIWxs99CRUrbS4n11234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:00 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 7B4A0FABBEXAMPLE REST.GET.VERSIONING - "GET /awsexamplebucket?versioning HTTP/1.1" 200 - 113 - 33 - "-" "S3Console/0.4" - Ke1bUcazaN1jWuUlPJaxF64cQVpUEhoZKEG/hmy/gijN/I1DeWqDfFvnpybfEseEME/u7ME1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:57 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.PUT.OBJECT s3-dg.pdf "PUT /awsexamplebucket/s3-dg.pdf HTTP/1.1" 200 - - 4406583 41754 28 "-" "S3Console/0.4" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 +79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be faketest [09/Feb/2021:14:48:42 +0200] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.OPTIONS.FAKE s3-dg.pdf "OPTIONS * HTTP/1.0" 200 - - 4406583 41754 28 "-" "S3Console/0.4" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 diff --git a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json index fb6c38fb108..f6ca4d4edf3 100644 --- a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json @@ -23,14 +23,22 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.VERSIONING", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "7", + "event.duration": 7000000, "event.id": "3E57427F3EXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 3E57427F3EXAMPLE REST.GET.VERSIONING - \"GET /awsexamplebucket?versioning HTTP/1.1\" 200 - 113 - 7 - \"-\" \"S3Console/0.4\" - s9lzHYrFp76ZVxRcpX9+5cjAnEH2ROuNkd2BHfIa6UkFVdtjf5mKR3/eTPFvsiP/XV/VLi31234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 113, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 0, "related.ip": [ @@ -46,6 +54,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?versioning", + "url.path": "/awsexamplebucket", + "url.query": "versioning", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -74,14 +85,22 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.LOGGING_STATUS", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "11", + "event.duration": 11000000, "event.id": "891CE47D2EXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 891CE47D2EXAMPLE REST.GET.LOGGING_STATUS - \"GET /awsexamplebucket?logging HTTP/1.1\" 200 - 242 - 11 - \"-\" \"S3Console/0.4\" - 9vKBE6vMhrNiWHZmb2L0mXOcqPGzQOI5XLnCtZNPxev+Hf+7tpT6sxDwDty4LHBUOZJG96N1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 242, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 471, "related.ip": [ @@ -97,6 +116,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?logging", + "url.path": "/awsexamplebucket", + "url.query": "logging", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -126,15 +148,23 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.BUCKETPOLICY", + "event.category": "web", "event.code": "NoSuchBucketPolicy", "event.dataset": "aws.s3access", - "event.duration": "38", + "event.duration": 38000000, "event.id": "A1206F460EXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be A1206F460EXAMPLE REST.GET.BUCKETPOLICY - \"GET /awsexamplebucket?policy HTTP/1.1\" 404 NoSuchBucketPolicy 297 - 38 - \"-\" \"S3Console/0.4\" - BNaBsXZQQDbssi6xMBdBU2sLt+Yf5kZDmeBUP35sFoKa3sLLeMC78iwEIWxs99CRUrbS4n11234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "failure", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 297, "http.response.status_code": 404, + "http.version": "1.1", "input.type": "log", "log.offset": 944, "related.ip": [ @@ -150,6 +180,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?policy", + "url.path": "/awsexamplebucket", + "url.query": "policy", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -178,14 +211,22 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.VERSIONING", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "33", + "event.duration": 33000000, "event.id": "7B4A0FABBEXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:00 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 7B4A0FABBEXAMPLE REST.GET.VERSIONING - \"GET /awsexamplebucket?versioning HTTP/1.1\" 200 - 113 - 33 - \"-\" \"S3Console/0.4\" - Ke1bUcazaN1jWuUlPJaxF64cQVpUEhoZKEG/hmy/gijN/I1DeWqDfFvnpybfEseEME/u7ME1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 113, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 1431, "related.ip": [ @@ -201,6 +242,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?versioning", + "url.path": "/awsexamplebucket", + "url.query": "versioning", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -231,14 +275,21 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.PUT.OBJECT", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "41754", + "event.duration": 41754000000, "event.id": "DD6CC733AEXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:57 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.PUT.OBJECT s3-dg.pdf \"PUT /awsexamplebucket/s3-dg.pdf HTTP/1.1\" 200 - - 4406583 41754 28 \"-\" \"S3Console/0.4\" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "PUT", "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 1903, "related.ip": [ @@ -254,6 +305,69 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket/s3-dg.pdf", + "url.path": "/awsexamplebucket/s3-dg.pdf", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "S3Console/0.4" + }, + { + "@timestamp": "2021-02-09T12:48:42.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "faketest", + "aws.s3access.bucket_owner": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "awsexamplebucket.s3.amazonaws.com", + "aws.s3access.host_id": "10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234=", + "aws.s3access.http_status": 200, + "aws.s3access.key": "s3-dg.pdf", + "aws.s3access.object_size": 4406583, + "aws.s3access.operation": "REST.OPTIONS.FAKE", + "aws.s3access.remote_ip": "192.0.2.3", + "aws.s3access.request_id": "DD6CC733AEXAMPLE", + "aws.s3access.request_uri": "OPTIONS * HTTP/1.0", + "aws.s3access.requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSV1.1", + "aws.s3access.total_time": 41754, + "aws.s3access.turn_around_time": 28, + "aws.s3access.user_agent": "S3Console/0.4", + "client.address": "192.0.2.3", + "client.ip": "192.0.2.3", + "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "cloud.provider": "aws", + "event.action": "REST.OPTIONS.FAKE", + "event.category": "web", + "event.dataset": "aws.s3access", + "event.duration": 41754000000, + "event.id": "DD6CC733AEXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be faketest [09/Feb/2021:14:48:42 +0200] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.OPTIONS.FAKE s3-dg.pdf \"OPTIONS * HTTP/1.0\" 200 - - 4406583 41754 28 \"-\" \"S3Console/0.4\" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", + "event.outcome": "success", + "event.type": [ + "access" + ], + "fileset.name": "s3access", + "http.request.method": "OPTIONS", + "http.response.status_code": 200, + "http.version": "1.0", + "input.type": "log", + "log.offset": 2379, + "related.ip": [ + "192.0.2.3" + ], + "related.user": [ + "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be" + ], + "service.type": "aws", + "tags": [ + "forwarded" + ], + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.1", + "tls.version_protocol": "tls", + "url.original": "*", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" diff --git a/x-pack/filebeat/module/aws/vpcflow/config/input.yml b/x-pack/filebeat/module/aws/vpcflow/config/input.yml index 1752158d25e..1f1e085c082 100644 --- a/x-pack/filebeat/module/aws/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/aws/vpcflow/config/input.yml @@ -181,4 +181,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml index 29e6d770780..8701cae46fb 100644 --- a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/config/file.yml b/x-pack/filebeat/module/azure/activitylogs/config/file.yml index 402a1b25b12..4242dc4cd7b 100644 --- a/x-pack/filebeat/module/azure/activitylogs/config/file.yml +++ b/x-pack/filebeat/module/azure/activitylogs/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml index a7a581db2b2..d9621f0694f 100644 --- a/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml @@ -21,10 +21,11 @@ processors: ignore_failure: true formats: - ISO8601 +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.activitylogs.time + field: azure.activitylogs.time ignore_missing: true - rename: field: azure.activitylogs.resourceId @@ -34,6 +35,15 @@ processors: field: azure.activitylogs.callerIpAddress target_field: source.ip ignore_missing: true +- set: + field: client.ip + value: '{{source.ip}}' + ignore_empty_value: true +- append: + field: related.ip + value: '{{source.ip}}' + allow_duplicates: false + if: 'ctx.source?.ip != null' - rename: field: azure.activitylogs.level target_field: log.level @@ -223,6 +233,26 @@ processors: patterns: - '%{USERNAME:user.name}@%{HOSTNAME:user.domain}' ignore_missing: true + ignore_failure: true + +# set user.email to the original name if the above grok succeeded. +- set: + field: user.email + value: '{{azure.activitylogs.identity.claims_initiated_by_user.name}}' + ignore_empty_value: true + if: 'ctx.user?.name != null' + +# set user.name to the original name if the above grok failed (name format is not an email). +- set: + field: user.name + value: '{{azure.activitylogs.identity.claims_initiated_by_user.name}}' + ignore_empty_value: true + if: 'ctx.user?.name == null' +- append: + field: related.user + value: '{{user.name}}' + allow_duplicates: false + if: 'ctx.user?.name != null' - convert: field: azure.activitylogs.identity.claims_initiated_by_user.fullname target_field: user.full_name diff --git a/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json b/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json index 3f86faee084..245269fbfb6 100644 --- a/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json +++ b/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json @@ -35,12 +35,14 @@ "azure.resource.namespace": "AZURELSEVENTS", "azure.resource.provider": "MICROSOFT.EVENTHUB", "azure.subscription_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "client.ip": "51.251.141.41", "cloud.provider": "azure", "event.action": "MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION", "event.dataset": "azure.activitylogs", "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"callerIpAddress\":\"51.251.141.41\",\"category\":\"Action\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"durationMs\":0,\"identity\":{\"authorization\":{\"action\":\"Microsoft.EventHub/namespaces/authorizationRules/listKeys/action\",\"evidence\":{\"principalId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"principalType\":\"ServicePrincipal\",\"role\":\"Azure EventGrid Service BuiltIn Role\",\"roleAssignmentId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"roleAssignmentScope\":\"/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"roleDefinitionId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\"},\"scope\":\"/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53/resourceGroups/sa-hem/providers/Microsoft.EventHub/namespaces/azurelsevents/authorizationRules/RootManageSharedAccessKey\"},\"claims\":{\"aio\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"appid\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"appidacr\":\"2\",\"aud\":\"https://management.core.windows.net/\",\"exp\":\"1571904826\",\"http://schemas.microsoft.com/identity/claims/identityprovider\":\"https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/\",\"http://schemas.microsoft.com/identity/claims/objectidentifier\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"http://schemas.microsoft.com/identity/claims/tenantid\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"iat\":\"1571875726\",\"iss\":\"https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/\",\"nbf\":\"1571875726\",\"uti\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"ver\":\"1.0\"}},\"level\":\"Information\",\"location\":\"global\",\"operationName\":\"MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION\",\"resourceId\":\"/SUBSCRIPTIONS/8a4de8b5-095c-47d0-a96f-a75130c61d53/RESOURCEGROUPS/SA-HEMA/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/AZURELSEVENTS/AUTHORIZATIONRULES/ROOTMANAGESHAREDACCESSKEY\",\"resultSignature\":\"Started.\",\"resultType\":\"Start\",\"time\":\"2019-10-24T00:13:46.3554259Z\"}", "event.type": [ "change" ], @@ -53,6 +55,9 @@ "input.type": "log", "log.level": "Information", "log.offset": 0, + "related.ip": [ + "51.251.141.41" + ], "service.type": "azure", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", diff --git a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json index 5f14108e4c4..28c9ca7cd00 100644 --- a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json +++ b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json @@ -39,12 +39,14 @@ "azure.correlation_id": "c776f9f4-36e5-4e0e-809b-c9b3c3fb62a8", "azure.resource.id": "/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841", "azure.resource.provider": "microsoft.support/supporttickets/115012112305841", + "client.ip": "111.111.111.11", "cloud.provider": "azure", "event.action": "microsoft.support/supporttickets/write", "event.dataset": "azure.activitylogs", "event.duration": -1468967296, "event.kind": "event", "event.module": "azure", + "event.original": "{\"time\":\"2015-01-21T22:14:26.9792776Z\",\"resourceId\":\"/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841\",\"operationName\":\"microsoft.support/supporttickets/write\",\"category\":\"Write\",\"resultType\":\"Success\",\"resultSignature\":\"Succeeded.Created\",\"durationMs\":2826,\"callerIpAddress\":\"111.111.111.11\",\"correlationId\":\"c776f9f4-36e5-4e0e-809b-c9b3c3fb62a8\",\"identity\":{\"authorization\":{\"scope\":\"/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841\",\"action\":\"microsoft.support/supporttickets/write\",\"evidence\":{\"role\":\"Subscription Admin\"}},\"claims\":{\"aud\":\"https://management.core.windows.net/\",\"iss\":\"https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/\",\"iat\":\"1421876371\",\"nbf\":\"1421876371\",\"exp\":\"1421880271\",\"ver\":\"1.0\",\"http://schemas.microsoft.com/identity/claims/tenantid\":\"1e8d8218-c5e7-4578-9acc-9abbd5d23315 \",\"http://schemas.microsoft.com/claims/authnmethodsreferences\":\"pwd\",\"http://schemas.microsoft.com/identity/claims/objectidentifier\":\"2468adf0-8211-44e3-95xq-85137af64708\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\":\"admin@contoso.com\",\"puid\":\"20030000801A118C\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\":\"9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\":\"John\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\":\"Smith\",\"name\":\"John Smith\",\"groups\":\"cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\":\" admin@contoso.com\",\"appid\":\"c44b4083-3bq0-49c1-b47d-974e53cbdf3c\",\"appidacr\":\"2\",\"http://schemas.microsoft.com/identity/claims/scope\":\"user_impersonation\",\"http://schemas.microsoft.com/claims/authnclassreference\":\"1\"}},\"level\":\"Information\",\"location\":\"global\",\"properties\":{\"statusCode\":\"Created\",\"serviceRequestId\":\"50d5cddb-8ca0-47ad-9b80-6cde2207f97c\"}}", "event.outcome": "success", "event.type": [ "change" @@ -58,6 +60,12 @@ "input.type": "log", "log.level": "Information", "log.offset": 0, + "related.ip": [ + "111.111.111.11" + ], + "related.user": [ + "admin" + ], "service.type": "azure", "source.as.number": 2516, "source.as.organization.name": "KDDI CORPORATION", @@ -71,6 +79,7 @@ "forwarded" ], "user.domain": "contoso.com", + "user.email": " admin@contoso.com", "user.full_name": "John Smith", "user.name": "admin" } diff --git a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml index f7894a5c3bf..7f5eb091550 100644 --- a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/auditlogs/config/file.yml b/x-pack/filebeat/module/azure/auditlogs/config/file.yml index d24e13efdcb..ded48a1474f 100644 --- a/x-pack/filebeat/module/azure/auditlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/auditlogs/config/file.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml index e6a29f6cc13..052fd9d69ae 100644 --- a/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml @@ -39,10 +39,11 @@ processors: field: azure.auditlogs.level target_field: log.level ignore_missing: true +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.auditlogs.time + field: azure.auditlogs.time ignore_missing: true - convert: field: azure.auditlogs.operationName diff --git a/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json b/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json index 7d18285024a..3e4e3c64313 100644 --- a/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json +++ b/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json @@ -34,6 +34,7 @@ "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"category\":\"AuditLogs\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"durationMs\":0,\"identity\":\"Device Registration Service\",\"level\":\"Informational\",\"operationName\":\"Update device\",\"operationVersion\":\"1.0\",\"properties\":{\"activityDateTime\":\"2019-10-18T15:30:51.0273716+00:00\",\"activityDisplayName\":\"Update device\",\"category\":\"Device\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"id\":\"Directory_ESQ\",\"initiatedBy\":{\"app\":{\"appId\":null,\"displayName\":\"Device Registration Service\",\"servicePrincipalId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"servicePrincipalName\":null}},\"loggedByService\":\"Core Directory\",\"operationType\":\"Update\",\"result\":\"success\",\"resultReason\":\"\",\"targetResources\":[{\"displayName\":\"LAPTOP-12\",\"id\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"modifiedProperties\":[{\"displayName\":\"Included Updated Properties\",\"newValue\":\"\\\"\\\"\",\"oldValue\":null}],\"type\":\"Device\"}]},\"resourceId\":\"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam\",\"resultSignature\":\"None\",\"tenantId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"time\":\"2019-10-18T15:30:51.0273716Z\"}", "event.outcome": "success", "fileset.name": "auditlogs", "input.type": "log", diff --git a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml index 496480aa1d0..80a73bc9905 100644 --- a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/platformlogs/config/file.yml b/x-pack/filebeat/module/azure/platformlogs/config/file.yml index e9470671e07..4242dc4cd7b 100644 --- a/x-pack/filebeat/module/azure/platformlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/platformlogs/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml index 8493ef886fe..6d68736bc8b 100644 --- a/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml @@ -28,10 +28,11 @@ processors: formats: - ISO8601 - "M/d/yyyy h:mm:ss a XXX" +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.platformlogs.time + field: azure.platformlogs.time ignore_missing: true - rename: field: azure.platformlogs.resourceId @@ -62,6 +63,15 @@ processors: field: azure.platformlogs.callerIpAddress target_field: source.ip ignore_missing: true +- set: + field: client.ip + value: '{{source.ip}}' + ignore_empty_value: true +- append: + field: related.ip + value: '{{source.ip}}' + allow_duplicates: false + if: 'ctx.source?.ip != null' - rename: field: azure.platformlogs.level target_field: log.level diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json index b8a96002e14..4401b205a96 100644 --- a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json @@ -24,6 +24,7 @@ "event.dataset": "azure.platformlogs", "event.kind": "event", "event.module": "azure", + "event.original": "{\"ActivityId\":\"30ed877c-a36b-491a-bd4d-ddd847fe55b8\",\"Caller\":\"Portal\",\"Environment\":\"PROD\",\"EventName\":\"Retreive ConsumerGroup\",\"EventProperties\":\"{\\\"SubscriptionId\\\":\\\"7657426d-c4c3-44ac-88a2-3b2cd59e6dba\\\",\\\"Namespace\\\":\\\"obstesteventhubs\\\",\\\"Via\\\":\\\"sb://obstesteventhubs.servicebus.windows.net/insights-logs-operationallogs/consumergroups?api-version=2017-04\\u0026$skip=0\\u0026$top=100\\\",\\\"TrackingId\\\":\\\"30ed877c-a36b-491a-bd4d-ddd847fe55b8_M2CH3_M2CH3_G3S2\\\"}\",\"EventTimeString\":\"11/3/2020 9:06:42 AM +00:00\",\"Region\":\"West Europe\",\"ScaleUnit\":\"PROD-AM3-AZ501\",\"Status\":\"Succeeded\",\"category\":\"OperationalLogs\",\"resourceId\":\"/SUBSCRIPTIONS/7657426D-C4C3-44AC-88A2-3B2CD59E6DBA/RESOURCEGROUPS/OBS-TEST/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/OBSTESTEVENTHUBS\"}", "event.outcome": "succeeded", "fileset.name": "platformlogs", "input.type": "log", diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json index 59669df1681..1e5b7cc84e3 100644 --- a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json @@ -19,6 +19,7 @@ "event.dataset": "azure.platformlogs", "event.kind": "event", "event.module": "azure", + "event.original": "{\"Cloud\":\"AzureCloud\",\"Environment\":\"prod\",\"category\":\"kube-audit\",\"ccpNamespace\":\"5e4bf4baee195b00017cdbfa\",\"operationName\":\"Microsoft.ContainerService/managedClusters/diagnosticLogs/Read\",\"properties\":{\"log\":\"{\\\"kind\\\":\\\"Event\\\",\\\"apiVersion\\\":\\\"audit.k8s.io/v1\\\",\\\"level\\\":\\\"Metadata\\\",\\\"auditID\\\":\\\"22af12c3-a1fe-4f2c-99a9-3cdde671dbfe\\\"}\",\"pod\":\"kube-apiserver-666bd4b459-hjgdc\",\"stream\":\"stdout\"},\"resourceId\":\"/SUBSCRIPTIONS/70BD6E77-4B1E-4835-8896-DB77B8EEF364/RESOURCEGROUPS/OBS-INFRASTRUCTURE/PROVIDERS/MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/OBSKUBE\",\"time\":\"2020-11-09T10:57:31.0000000Z\"}", "fileset.name": "platformlogs", "input.type": "log", "log.offset": 0, diff --git a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml index b779113753b..e37c7c61a4d 100644 --- a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/signinlogs/config/file.yml b/x-pack/filebeat/module/azure/signinlogs/config/file.yml index d24e13efdcb..ded48a1474f 100644 --- a/x-pack/filebeat/module/azure/signinlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/signinlogs/config/file.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml index b156d5346d3..e20115d6b05 100644 --- a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml @@ -18,10 +18,11 @@ processors: ignore_failure: false formats: - ISO8601 +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.signinlogs.time + field: azure.signinlogs.time ignore_missing: true - rename: field: azure.signinlogs.resourceId @@ -31,6 +32,15 @@ processors: field: azure.signinlogs.callerIpAddress target_field: source.ip ignore_missing: true +- set: + field: client.ip + value: '{{source.ip}}' + ignore_empty_value: true +- append: + field: related.ip + value: '{{source.ip}}' + allow_duplicates: false + if: 'ctx.source?.ip != null' - rename: field: azure.signinlogs.Level target_field: log.level diff --git a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json index db0643ccf25..75e6eb05bb2 100644 --- a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json +++ b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json @@ -37,6 +37,7 @@ "azure.signinlogs.result_signature": "None", "azure.signinlogs.result_type": "50140", "azure.tenant_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "client.ip": "81.171.241.231", "cloud.provider": "azure", "event.action": "Sign-in activity", "event.category": [ @@ -46,6 +47,7 @@ "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"Level\":4,\"callerIpAddress\":\"81.171.241.231\",\"category\":\"SignInLogs\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"durationMs\":0,\"identity\":\"Test LTest\",\"location\":\"FR\",\"operationName\":\"Sign-in activity\",\"operationVersion\":\"1.0\",\"properties\":{\"appDisplayName\":\"Office 365\",\"appId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"clientAppUsed\":\"Browser\",\"conditionalAccessStatus\":\"notApplied\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"createdDateTime\":\"2019-10-18T04:45:48.0729893-05:00\",\"deviceDetail\":{\"browser\":\"Chrome 77.0.3865\",\"deviceId\":\"\",\"operatingSystem\":\"MacOs\"},\"id\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"ipAddress\":\"81.171.241.231\",\"isInteractive\":false,\"location\":{\"city\":\"Champs-Sur-Marne\",\"countryOrRegion\":\"FR\",\"geoCoordinates\":{\"latitude\":48.12341234,\"longitude\":2.12341234},\"state\":\"Seine-Et-Marne\"},\"originalRequestId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"processingTimeInMilliseconds\":239,\"riskDetail\":\"none\",\"riskLevelAggregated\":\"none\",\"riskLevelDuringSignIn\":\"none\",\"riskState\":\"none\",\"servicePrincipalId\":\"\",\"status\":{\"errorCode\":50140,\"failureReason\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\"},\"tokenIssuerName\":\"\",\"tokenIssuerType\":\"AzureAD\",\"userDisplayName\":\"Test LTest\",\"userId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"userPrincipalName\":\"test@elastic.co\"},\"resourceId\":\"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam\",\"resultDescription\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\",\"resultSignature\":\"None\",\"resultType\":\"50140\",\"tenantId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"time\":\"2019-10-18T09:45:48.0729893Z\"}", "event.outcome": "failure", "event.type": [ "info" @@ -60,6 +62,9 @@ "log.level": 4, "log.offset": 0, "message": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", + "related.ip": [ + "81.171.241.231" + ], "service.type": "azure", "source.as.number": 8426, "source.as.organization.name": "Claranet Ltd", @@ -118,6 +123,7 @@ "azure.signinlogs.result_signature": "None", "azure.signinlogs.result_type": "50140", "azure.tenant_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "client.ip": "8.8.8.8", "cloud.provider": "azure", "event.action": "Sign-in activity", "event.category": [ @@ -127,6 +133,7 @@ "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"Level\":4,\"callerIpAddress\":\"8.8.8.8\",\"category\":\"SignInLogs\",\"correlationId\":\"a8d4eb85-90c5-740d-9af6-7a15036cd135\",\"durationMs\":0,\"identity\":\"Test LTest\",\"location\":\"FR\",\"operationName\":\"Sign-in activity\",\"operationVersion\":\"1.0\",\"properties\":{\"appDisplayName\":\"Office 365\",\"appId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"clientAppUsed\":\"Browser\",\"conditionalAccessStatus\":\"notApplied\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"createdDateTime\":\"2019-10-18T04:45:48.0729893-05:00\",\"deviceDetail\":{\"browser\":\"Chrome 77.0.3865\",\"deviceId\":\"\",\"operatingSystem\":\"MacOs\"},\"id\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"ipAddress\":\"81.171.241.231\",\"isInteractive\":false,\"location\":{\"city\":\"Champs-Sur-Marne\",\"countryOrRegion\":\"FR\",\"geoCoordinates\":{\"latitude\":48.12341234,\"longitude\":2.12341234},\"state\":\"Seine-Et-Marne\"},\"originalRequestId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"processingTimeInMilliseconds\":239,\"riskDetail\":\"none\",\"riskLevelAggregated\":\"none\",\"riskLevelDuringSignIn\":\"none\",\"riskState\":\"none\",\"servicePrincipalId\":\"\",\"status\":{\"errorCode\":50140,\"failureReason\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\"},\"tokenIssuerName\":\"\",\"tokenIssuerType\":\"AzureAD\",\"userDisplayName\":\"Test LTest\",\"userId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"userPrincipalName\":\"c3813493-bf92-5123-2717-8a8b2979c38b\"},\"resourceId\":\"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam\",\"resultDescription\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\",\"resultSignature\":\"None\",\"resultType\":\"50140\",\"tenantId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"time\":\"2019-10-18T09:45:48.0729893Z\"}", "event.outcome": "failure", "event.type": [ "info" @@ -141,6 +148,9 @@ "log.level": 4, "log.offset": 1688, "message": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", + "related.ip": [ + "8.8.8.8" + ], "service.type": "azure", "source.as.number": 15169, "source.as.organization.name": "Google LLC", diff --git a/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml b/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml index 1a1ed1bc28c..f4f33a69fe8 100644 --- a/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml +++ b/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/barracuda/waf/config/input.yml b/x-pack/filebeat/module/barracuda/waf/config/input.yml index 30ae8228f70..26be6dda115 100644 --- a/x-pack/filebeat/module/barracuda/waf/config/input.yml +++ b/x-pack/filebeat/module/barracuda/waf/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/bluecoat/director/config/input.yml b/x-pack/filebeat/module/bluecoat/director/config/input.yml index 7b8167b4238..a907db353bb 100644 --- a/x-pack/filebeat/module/bluecoat/director/config/input.yml +++ b/x-pack/filebeat/module/bluecoat/director/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cef/log/config/input.yml b/x-pack/filebeat/module/cef/log/config/input.yml index 4568f659c3a..7916908599e 100644 --- a/x-pack/filebeat/module/cef/log/config/input.yml +++ b/x-pack/filebeat/module/cef/log/config/input.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cef/log/ingest/pipeline.yml b/x-pack/filebeat/module/cef/log/ingest/pipeline.yml index 676f66a943a..18a2cda4bf2 100644 --- a/x-pack/filebeat/module/cef/log/ingest/pipeline.yml +++ b/x-pack/filebeat/module/cef/log/ingest/pipeline.yml @@ -52,35 +52,48 @@ processors: - append: field: related.hash value: "{{cef.extensions.fileHash}}" - if: "ctx?.cef?.extensions?.fileHash != null" + allow_duplicates: false + if: "ctx?.cef?.extensions?.fileHash != null && ctx?.cef?.extensions?.fileHash != ''" - append: field: related.hash value: "{{cef.extensions.oldFileHash}}" - if: "ctx?.cef?.extensions?.oldFileHash != null" + allow_duplicates: false + if: "ctx?.cef?.extensions?.oldFileHash != null && ctx?.cef?.extensions?.oldFileHash != ''" - append: field: related.ip value: "{{destination.ip}}" - if: "ctx?.destination?.ip != null" + allow_duplicates: false + if: "ctx?.destination?.ip != null && ctx?.destination?.ip != ''" - append: field: related.ip value: "{{destination.nat.ip}}" - if: "ctx?.destination?.nat?.ip != null" + allow_duplicates: false + if: "ctx?.destination?.nat?.ip != null && ctx?.destination?.nat?.ip != ''" - append: field: related.ip value: "{{source.ip}}" - if: "ctx?.source?.ip != null" + allow_duplicates: false + if: "ctx?.source?.ip != null && ctx?.source?.ip != ''" - append: field: related.ip value: "{{source.nat.ip}}" - if: "ctx?.source?.nat?.ip != null" + allow_duplicates: false + if: "ctx?.source?.nat?.ip != null && ctx?.source?.nat?.ip != ''" - append: field: related.user value: "{{destination.user.name}}" - if: "ctx?.destination?.user?.name != null" + allow_duplicates: false + if: "ctx?.destination?.user?.name != null && ctx?.destination?.user?.name != ''" - append: field: related.user value: "{{source.user.name}}" - if: "ctx?.source?.user?.name != null" + allow_duplicates: false + if: "ctx?.source?.user?.name != null && ctx?.source?.user?.name != ''" + - append: + field: related.hosts + value: "{{observer.hostname}}" + allow_duplicates: false + if: "ctx?.observer?.hostname != null && ctx?.observer?.hostname != ''" - pipeline: name: '{< IngestPipeline "fp-pipeline" >}' if: "ctx.cef?.device?.vendor == 'FORCEPOINT'" diff --git a/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json b/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json index 70ef4f7776f..3087409c970 100644 --- a/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json +++ b/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json @@ -27,6 +27,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "service.type": "cef", "tags": [ "cef", @@ -61,6 +64,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "service.type": "cef", "tags": [ "cef", @@ -108,6 +114,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "related.ip": [ "10.1.1.40", "10.37.205.252" @@ -161,6 +170,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.10" + ], "related.ip": [ "255.255.255.255", "172.16.1.1" @@ -214,6 +226,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.1" + ], "related.ip": [ "192.168.1.1", "172.16.1.1" @@ -264,6 +279,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.6" + ], "related.user": [ "alice" ], @@ -304,6 +322,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.3" + ], "related.ip": [ "192.168.1.1" ], @@ -347,6 +368,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.10" + ], "related.ip": [ "192.168.1.1" ], @@ -390,6 +414,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.8" + ], "related.ip": [ "172.16.2.1" ], @@ -432,6 +459,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "service.type": "cef", "tags": [ "cef", diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml index e0fa537fc88..1925a535c24 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: target: _temp_ diff --git a/x-pack/filebeat/module/cisco/asa/config/input.yml b/x-pack/filebeat/module/cisco/asa/config/input.yml index 2e85cd4dfee..5dadd775a99 100644 --- a/x-pack/filebeat/module/cisco/asa/config/input.yml +++ b/x-pack/filebeat/module/cisco/asa/config/input.yml @@ -23,7 +23,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json index 1d225c42add..2578835b3d0 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json @@ -1743,6 +1743,9 @@ "related.hosts": [ "dev01" ], + "related.user": [ + "aaaa" + ], "service.type": "cisco", "tags": [ "cisco-asa", @@ -1779,6 +1782,9 @@ "related.hosts": [ "dev01" ], + "related.user": [ + "aaaa" + ], "service.type": "cisco", "tags": [ "cisco-asa", @@ -2115,7 +2121,6 @@ "dev01" ], "related.ip": [ - "10.10.10.10", "10.10.10.10" ], "service.type": "cisco", @@ -2207,7 +2212,6 @@ "dev01" ], "related.ip": [ - "10.10.10.10", "10.10.10.10" ], "service.type": "cisco", @@ -2302,7 +2306,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2347,7 +2350,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2392,7 +2394,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2437,7 +2438,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2710,6 +2710,9 @@ "related.ip": [ "10.10.0.87" ], + "related.user": [ + "enable_15" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -2749,6 +2752,9 @@ "related.hosts": [ "dev01" ], + "related.user": [ + "enable_15" + ], "service.type": "cisco", "tags": [ "cisco-asa", @@ -2794,6 +2800,9 @@ "10.10.1.212", "10.10.1.254" ], + "related.user": [ + "*****" + ], "service.type": "cisco", "source.address": "10.10.1.212", "source.ip": "10.10.1.212", @@ -2837,6 +2846,9 @@ "related.ip": [ "10.10.0.87" ], + "related.user": [ + "admin" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -2884,6 +2896,9 @@ "10.10.0.87", "10.10.1.254" ], + "related.user": [ + "admin" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -2927,6 +2942,9 @@ "related.ip": [ "10.10.0.87" ], + "related.user": [ + "admin" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -3031,6 +3049,9 @@ "related.ip": [ "91.240.17.178" ], + "related.user": [ + "91.240.17.178" + ], "service.type": "cisco", "source.bytes": 297103, "source.user.name": "91.240.17.178", @@ -3071,6 +3092,9 @@ "related.ip": [ "8.8.8.8" ], + "related.user": [ + "testuser" + ], "service.type": "cisco", "source.address": "8.8.8.8", "source.as.number": 15169, @@ -3119,6 +3143,9 @@ "related.ip": [ "8.8.8.8" ], + "related.user": [ + "testuser" + ], "service.type": "cisco", "source.address": "8.8.8.8", "source.as.number": 15169, @@ -3167,6 +3194,9 @@ "related.ip": [ "192.168.50.1" ], + "related.user": [ + "alice" + ], "service.type": "cisco", "source.address": "192.168.50.1", "source.ip": "192.168.50.1", diff --git a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json index a57299252ca..bcd775e4e1e 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json @@ -96,7 +96,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -143,7 +142,6 @@ "observer.type": "firewall", "observer.vendor": "Cisco", "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -197,7 +195,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -242,7 +239,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", diff --git a/x-pack/filebeat/module/cisco/ftd/config/input.yml b/x-pack/filebeat/module/cisco/ftd/config/input.yml index 8a3ec3e9ab4..ebf27d1b115 100644 --- a/x-pack/filebeat/module/cisco/ftd/config/input.yml +++ b/x-pack/filebeat/module/cisco/ftd/config/input.yml @@ -22,7 +22,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json index 72b115c6975..cbb36cb6185 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json @@ -98,7 +98,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -146,7 +145,6 @@ "observer.type": "firewall", "observer.vendor": "Cisco", "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -201,7 +199,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -247,7 +244,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", diff --git a/x-pack/filebeat/module/cisco/ios/config/input.yml b/x-pack/filebeat/module/cisco/ios/config/input.yml index 9c69edf8d11..52431a66183 100644 --- a/x-pack/filebeat/module/cisco/ios/config/input.yml +++ b/x-pack/filebeat/module/cisco/ios/config/input.yml @@ -23,7 +23,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: cisco_ios diff --git a/x-pack/filebeat/module/cisco/meraki/config/input.yml b/x-pack/filebeat/module/cisco/meraki/config/input.yml index 8f635db379e..fe55241042b 100644 --- a/x-pack/filebeat/module/cisco/meraki/config/input.yml +++ b/x-pack/filebeat/module/cisco/meraki/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cisco/nexus/config/input.yml b/x-pack/filebeat/module/cisco/nexus/config/input.yml index a685316e639..b17aa083854 100644 --- a/x-pack/filebeat/module/cisco/nexus/config/input.yml +++ b/x-pack/filebeat/module/cisco/nexus/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml index 581691ebcf9..b76b7a69a20 100644 --- a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml +++ b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml @@ -1613,14 +1613,27 @@ processors: field: related.ip value: "{{source.ip}}" if: "ctx?.source?.ip != null" + allow_duplicates: false - append: field: related.ip value: "{{destination.ip}}" if: "ctx?.destination?.ip != null" + allow_duplicates: false - append: field: related.user value: "{{user.name}}" - if: "ctx?.user?.name != null" + if: "ctx?.user?.name != null && ctx?.user?.name != ''" + allow_duplicates: false + - append: + field: related.user + value: "{{host.user.name}}" + if: ctx?.host?.user?.name != null && ctx?.host?.user?.name != '' + allow_duplicates: false + - append: + field: related.user + value: "{{source.user.name}}" + if: ctx?.source?.user?.name != null && ctx?.source?.user?.name != '' + allow_duplicates: false - append: field: related.user value: "{{destination.user.name}}" @@ -1630,6 +1643,7 @@ processors: field: related.hash value: "{{file.hash.sha256}}" if: "ctx?.file?.hash?.sha256 != null" + allow_duplicates: false - append: field: related.hosts value: "{{host.hostname}}" diff --git a/x-pack/filebeat/module/cisco/umbrella/config/input.yml b/x-pack/filebeat/module/cisco/umbrella/config/input.yml index d4b26c49ce8..d2da78cc349 100644 --- a/x-pack/filebeat/module/cisco/umbrella/config/input.yml +++ b/x-pack/filebeat/module/cisco/umbrella/config/input.yml @@ -22,4 +22,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/coredns/log/config/coredns.yml b/x-pack/filebeat/module/coredns/log/config/coredns.yml index 8c4509eb227..162208f2e80 100644 --- a/x-pack/filebeat/module/coredns/log/config/coredns.yml +++ b/x-pack/filebeat/module/coredns/log/config/coredns.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml b/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml index e70201cb174..de7c32e3d3b 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml +++ b/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml @@ -16,11 +16,18 @@ tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: -- script: - lang: javascript - id: crowdstrike_falcon - file: ${path.home}/module/crowdstrike/falcon/config/pipeline.js +- decode_json_fields: + fields: + - message + target: crowdstrike + process_array: true + max_depth: 8 +- drop_fields: + fields: + - message + - host.name + ignore_missing: true - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js b/x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js deleted file mode 100644 index 46bbf671518..00000000000 --- a/x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js +++ /dev/null @@ -1,474 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -var crowdstrikeFalconProcessor = (function () { - var processor = require("processor"); - - // conversion helpers - function convertUnderscore(text) { - return text.split(/(?=[A-Z])/).join('_').toLowerCase(); - } - - function convertToMSEpoch(evt, field) { - var timestamp = evt.Get(field); - if (timestamp == 0) { - evt.Delete(field) - return - } - if (timestamp) { - if (timestamp < 100000000000) { // check if we have a seconds timestamp, this is roughly 1973 in MS - evt.Put(field, timestamp * 1000); - } - (new processor.Timestamp({ - field: field, - target_field: field, - timezone: "UTC", - layouts: ["UNIX_MS"] - })).Run(evt); - } - } - - function convertProcess(evt) { - var commandLine = evt.Get("crowdstrike.event.CommandLine") - if (commandLine && commandLine.trim() !== "") { - var args = commandLine.split(' ').filter(function (arg) { - return arg !== ""; - }); - var executable = args[0] - - evt.Put("process.command_line", commandLine) - evt.Put("process.args", args) - evt.Put("process.executable", executable) - } - } - - function convertSourceDestination(evt) { - var localAddress = evt.Get("crowdstrike.event.LocalAddress"); - var localPort = evt.Get("crowdstrike.event.LocalPort"); - var remoteAddress = evt.Get("crowdstrike.event.RemoteAddress"); - var remotePort = evt.Get("crowdstrike.event.RemotePort"); - if (evt.Get("crowdstrike.event.ConnectionDirection") === "1") { - evt.Put("network.direction", "ingress") - evt.Put("source.ip", remoteAddress) - evt.Put("source.port", remotePort) - evt.Put("destination.ip", localAddress) - evt.Put("destination.port", localPort) - } else { - evt.Put("network.direction", "egress") - evt.Put("destination.ip", remoteAddress) - evt.Put("destination.port", remotePort) - evt.Put("source.ip", localAddress) - evt.Put("source.port", localPort) - } - evt.AppendTo("related.ip", remoteAddress) - evt.AppendTo("related.ip", localAddress) - } - - function convertEventAction(evt) { - evt.Put("event.action", convertUnderscore(evt.Get("crowdstrike.metadata.eventType"))) - } - - function convertUsername(evt) { - var username = evt.Get("crowdstrike.event.UserName") - if (!username || username === "") { - username = evt.Get("crowdstrike.event.UserId") - } - if (username && username !== "") { - evt.Put("user.name", username) - if (username.split('@').length == 2) { - evt.Put("user.email", username) - } - evt.AppendTo("related.user", username) - } - } - - // event processors by type - var eventProcessors = { - DetectionSummaryEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "alert", - "event.category": ["malware"], - "event.type": ["info"], - "event.dataset": "crowdstrike.falcon_endpoint", - "agent.type": "falcon", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.LocalIP", - to: "source.ip", - type: "ip" - }, { - from: "crowdstrike.event.LocalIP", - to: "related.ip", - type: "ip" - }, { - from: "crowdstrike.event.ProcessId", - to: "process.pid", - type: "long" - }, { - from: "crowdstrike.event.ParentImageFileName", - to: "process.parent.executable" - }, { - from: "crowdstrike.event.ParentCommandLine", - to: "process.parent.command_line" - }, { - from: "crowdstrike.event.PatternDispositionDescription", - to: "event.action", - }, { - from: "crowdstrike.event.FalconHostLink", - to: "event.url", - }, { - from: "crowdstrike.event.Severity", - to: "event.severity", - }, { - from: "crowdstrike.event.DetectDescription", - to: "message", - }, { - from: "crowdstrike.event.FileName", - to: "process.name", - }, { - from: "crowdstrike.event.UserName", - to: "user.name", - }, - { - from: "crowdstrike.event.MachineDomain", - to: "user.domain", - }, - { - from: "crowdstrike.event.SensorId", - to: "agent.id", - }, - { - from: "crowdstrike.event.ComputerName", - to: "host.name", - }, - { - from: "crowdstrike.event.SHA256String", - to: "file.hash.sha256", - }, - { - from: "crowdstrike.event.MD5String", - to: "file.hash.md5", - }, - { - from: "crowdstrike.event.SHA1String", - to: "file.hash.sha1", - }, - { - from: "crowdstrike.event.DetectName", - to: "rule.name", - }, - { - from: "crowdstrike.event.DetectDescription", - to: "rule.description", - } - ], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - var tactic = evt.Get("crowdstrike.event.Tactic").toLowerCase() - var technique = evt.Get("crowdstrike.event.Technique").toLowerCase() - evt.Put("threat.technique.name", technique) - evt.Put("threat.tactic.name", tactic) - convertProcess(evt) - }) - .Build(), - - IncidentSummaryEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "alert", - "event.category": ["malware"], - "event.type": ["info"], - "event.action": "incident", - "event.dataset": "crowdstrike.falcon_endpoint", - "agent.type": "falcon", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.FalconHostLink", - to: "event.url", - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - evt.Put("message", "Incident score " + evt.Get("crowdstrike.event.FineScore")) - convertProcess(evt) - }) - .Build(), - - UserActivityAuditEvent: new processor.Chain() - .AddFields({ - fields: { - kind: "event", - category: ["iam"], - type: ["change"], - dataset: "crowdstrike.falcon_audit", - }, - target: "event", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.OperationName", - to: "message", - }, { - from: "crowdstrike.event.UserIp", - to: "source.ip", - type: "ip" - }, { - from: "crowdstrike.event.UserIp", - to: "related.ip", - type: "ip" - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(convertUsername) - .Add(convertEventAction) - .Build(), - - AuthActivityAuditEvent: new processor.Chain() - .AddFields({ - fields: { - kind: "event", - category: ["authentication"], - type: ["change"], - dataset: "crowdstrike.falcon_audit", - }, - target: "event", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.ServiceName", - to: "message", - }, { - from: "crowdstrike.event.UserIp", - to: "source.ip", - type: "ip" - }, { - from: "crowdstrike.event.UserIp", - to: "related.ip", - type: "ip" - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - evt.Put("event.action", convertUnderscore(evt.Get("crowdstrike.event.OperationName"))) - convertUsername(evt) - }) - .Build(), - - FirewallMatchEvent: new processor.Chain() - .AddFields({ - fields: { - kind: "event", - category: ["network"], - type: ["start", "connection"], - outcome: ["unknown"], - dataset: "crowdstrike.falcon_endpoint", - }, - target: "event", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.Ipv", - to: "network.type", - }, { - from: "crowdstrike.event.PID", - to: "process.pid", - type: "long" - }, - { - from: "crowdstrike.event.RuleId", - to: "rule.id" - }, - { - from: "crowdstrike.event.RuleName", - to: "rule.name" - }, - { - from: "crowdstrike.event.RuleGroupName", - to: "rule.ruleset" - }, - { - from: "crowdstrike.event.RuleDescription", - to: "rule.description" - }, - { - from: "crowdstrike.event.RuleFamilyID", - to: "rule.category" - }, - { - from: "crowdstrike.event.HostName", - to: "host.name" - }, - { - from: "crowdstrike.event.Ipv", - to: "network.type", - }, - { - from: "crowdstrike.event.EventType", - to: "event.code", - } - ], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - evt.Put("message", "Firewall Rule '" + evt.Get("crowdstrike.event.RuleName") + "' triggered") - convertEventAction(evt) - convertProcess(evt) - convertSourceDestination(evt) - }) - .Build(), - - RemoteResponseSessionStartEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "event", - "event.type": ["start"], - "event.dataset": "crowdstrike.falcon_audit", - message: "Remote response session started", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.HostnameField", - to: "host.name", - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(convertUsername) - .Add(convertEventAction) - .Build(), - - RemoteResponseSessionEndEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "event", - "event.type": ["end"], - "event.dataset": "crowdstrike.falcon_audit", - message: "Remote response session ended", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.HostnameField", - to: "host.name", - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(convertUsername) - .Add(convertEventAction) - .Build(), - } - - // main processor - return new processor.Chain() - .DecodeJSONFields({ - fields: ["message"], - target: "crowdstrike", - process_array: true, - max_depth: 8 - }) - .Add(function (evt) { - evt.Delete("message"); - evt.Delete("host.name"); - - convertToMSEpoch(evt, "crowdstrike.event.ProcessStartTime") - convertToMSEpoch(evt, "crowdstrike.event.ProcessEndTime") - convertToMSEpoch(evt, "crowdstrike.event.IncidentStartTime") - convertToMSEpoch(evt, "crowdstrike.event.IncidentEndTime") - convertToMSEpoch(evt, "crowdstrike.event.StartTimestamp") - convertToMSEpoch(evt, "crowdstrike.event.EndTimestamp") - convertToMSEpoch(evt, "crowdstrike.event.UTCTimestamp") - convertToMSEpoch(evt, "crowdstrike.metadata.eventCreationTime") - - var outcome = evt.Get("crowdstrike.event.Success") - if (outcome === true) { - evt.Put("event.outcome", "success") - } else if (outcome === false) { - evt.Put("event.outcome", "failure") - } else { - evt.Put("event.outcome", "unknown") - } - - var eventProcessor = eventProcessors[evt.Get("crowdstrike.metadata.eventType")] - if (eventProcessor) { - eventProcessor.Run(evt) - } - }) - .Convert({ - fields: [{ - from: "crowdstrike.metadata.eventCreationTime", - to: "@timestamp", - }], - mode: "copy", - ignore_missing: false, - fail_on_error: true - }) - .Convert({ - fields: [ - { - from: "crowdstrike.event.LateralMovement", - type: "long", - }, - { - from: "crowdstrike.event.LocalPort", - type: "long", - }, - { - from: "crowdstrike.event.MatchCount", - type: "long", - }, - { - from: "crowdstrike.event.MatchCountSinceLastReport", - type: "long", - }, - { - from: "crowdstrike.event.PID", - type: "long", - }, - { - from: "crowdstrike.event.RemotePort", - type: "long", - }, - { - from: "source.port", - type: "long", - }, - { - from: "destination.port", - type: "long", - } - ], - ignore_missing: true, - fail_on_error: false - }) - .Build() - .Run -})(); - -function process(evt) { - crowdstrikeFalconProcessor(evt); -} diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml new file mode 100644 index 00000000000..c7ba463c7bc --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml @@ -0,0 +1,34 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [authentication] + - append: + field: event.type + value: [change] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - convert: + field: crowdstrike.event.ServiceName + type: string + target_field: message + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.UserIp + target_field: source.ip + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.UserIp != null && ctx?.crowdstrike?.event?.UserIp != "" + - script: + lang: painless + source: | + def regex = /([a-z0-9])([A-Z])/; + def replacement = "$1_$2"; + def action = ctx?.crowdstrike?.event?.OperationName; + if (action == null || action == "") return; + ctx["event.action"] = regex.matcher(action).replaceAll(replacement).toLowerCase(); diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml new file mode 100644 index 00000000000..b721c6df1bf --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml @@ -0,0 +1,163 @@ +processors: + - set: + field: event.kind + value: alert + - append: + field: event.category + value: [malware] + - append: + field: event.type + value: [info] + - set: + field: event.dataset + value: crowdstrike.falcon_endpoint + - set: + field: agent.type + value: falcon + - convert: + field: crowdstrike.event.LocalIP + target_field: source.ip + type: string + ignore_failure: true + ignore_missing: true + if: ctx?.crowdstrike?.event?.LocalIP != null && ctx?.crowdstrike?.event?.LocalIP != "" + - convert: + field: crowdstrike.event.ProcessId + target_field: process.pid + ignore_failure: true + type: long + ignore_missing: true + - convert: + field: crowdstrike.event.ParentImageFileName + target_field: process.parent.executable + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.ParentCommandLine + target_field: process.parent.command_line + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.PatternDispositionDescription + target_field: event.action + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.FalconHostLink + target_field: event.url + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.Severity + target_field: event.severity + type: long + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.DetectDescription + target_field: message + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.FileName + target_field: process.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.UserName + target_field: user.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.MachineDomain + target_field: user.domain + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.SensorId + target_field: agent.id + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.ComputerName + target_field: host.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.SHA256String + target_field: file.hash.sha256 + type: string + ignore_failure: true + ignore_missing: true + - append: + field: related.hash + value: "{{file.hash.sha256}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.file?.hash?.sha256 != null && ctx?.file?.hash?.sha256 != "" && !(/^0+$/.matcher(ctx.file.hash.sha256).matches()) + - convert: + field: crowdstrike.event.MD5String + target_field: file.hash.md5 + type: string + ignore_failure: true + ignore_missing: true + - append: + field: related.hash + value: "{{file.hash.md5}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.file?.hash?.md5 != null && ctx?.file?.hash?.md5 != "" && !(/^0+$/.matcher(ctx.file.hash.md5).matches()) + - convert: + field: crowdstrike.event.SHA1String + target_field: file.hash.sha1 + type: string + ignore_failure: true + ignore_missing: true + - append: + field: related.hash + value: "{{file.hash.sha1}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.file?.hash?.sha1 != null && ctx?.file?.hash?.sha1 != "" && !(/^0+$/.matcher(ctx.file.hash.sha1).matches()) + - convert: + field: crowdstrike.event.DetectName + target_field: rule.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.DetectDescription + target_field: rule.description + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.Technique + target_field: threat.technique.name + type: string + ignore_failure: true + ignore_missing: true + - lowercase: + field: threat.technique.name + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.Tactic + target_field: threat.tactic.name + type: string + ignore_failure: true + ignore_missing: true + - lowercase: + field: threat.tactic.name + ignore_missing: true + ignore_failure: true diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml new file mode 100644 index 00000000000..5437812dd1c --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml @@ -0,0 +1,137 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [network] + - append: + field: event.action + value: [firewall_match_event] + - append: + field: event.type + value: [start, connection] + - set: + field: event.dataset + value: crowdstrike.falcon_endpoint + - set: + field: message + value: "Firewall Rule '{{crowdstrike.event.RuleName}}' triggered" + if: ctx?.crowdstrike?.event?.RuleName != null + ignore_failure: true + - convert: + field: "crowdstrike.event.Ipv" + target_field: "network.type" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.PID" + target_field: "process.pid" + ignore_failure: true + ignore_missing: true + type: "long" + - convert: + field: "crowdstrike.event.RuleId" + target_field: "rule.id" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleName" + target_field: "rule.name" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleGroupName" + target_field: "rule.ruleset" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleDescription" + target_field: "rule.description" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleFamilyID" + target_field: "rule.category" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.HostName" + target_field: "host.name" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.Ipv" + target_field: "network.type" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.EventType" + target_field: "event.code" + type: string + ignore_missing: true + ignore_failure: true + - set: + field: network.direction + value: ingress + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - set: + field: source.ip + value: "{{crowdstrike.event.RemoteAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - convert: + field: crowdstrike.event.RemotePort + target_field: source.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - set: + field: destination.ip + value: "{{crowdstrike.event.LocalAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - convert: + field: crowdstrike.event.LocalPort + target_field: destination.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - set: + field: network.direction + value: ingress + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - set: + field: destination.ip + value: "{{crowdstrike.event.RemoteAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - convert: + field: crowdstrike.event.RemotePort + target_field: destination.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - set: + field: source.ip + value: "{{crowdstrike.event.LocalAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - convert: + field: crowdstrike.event.LocalPort + target_field: source.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml new file mode 100644 index 00000000000..5877ed4f20d --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml @@ -0,0 +1,29 @@ +processors: + - set: + field: event.kind + value: alert + - append: + field: event.category + value: [malware] + - append: + field: event.type + value: [info] + - set: + field: event.action + value: incident + - set: + field: event.dataset + value: crowdstrike.falcon_endpoint + - set: + field: agent.type + value: falcon + - convert: + field: crowdstrike.event.FalconHostLink + target_field: event.url + type: string + ignore_failure: true + ignore_missing: true + - set: + field: message + value: "Incident score {{crowdstrike.event.FineScore}}" + if: ctx?.crowdstrike?.event?.FineScore != null diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml index 3aa632ab715..7e7efe5cd74 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml @@ -3,6 +3,313 @@ processors: - set: field: event.ingested value: '{{_ingest.timestamp}}' + - date: + field: crowdstrike.event.ProcessStartTime + target_field: crowdstrike.event.ProcessStartTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessStartTime != null && + !(ctx.crowdstrike.event.ProcessStartTime instanceof String) && + ctx.crowdstrike.event.ProcessStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessStartTime) + 1) >= 12 + - date: + field: crowdstrike.event.ProcessEndTime + target_field: crowdstrike.event.ProcessEndTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessEndTime != null && + !(ctx.crowdstrike.event.ProcessEndTime instanceof String) && + ctx.crowdstrike.event.ProcessEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessEndTime) + 1) >= 12 + - date: + field: crowdstrike.event.IncidentStartTime + target_field: crowdstrike.event.IncidentStartTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentStartTime != null && + !(ctx.crowdstrike.event.IncidentStartTime instanceof String) && + ctx.crowdstrike.event.IncidentStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentStartTime) + 1) >= 12 + - date: + field: crowdstrike.event.IncidentEndTime + target_field: crowdstrike.event.IncidentEndTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentEndTime != null && + !(ctx.crowdstrike.event.IncidentEndTime instanceof String) && + ctx.crowdstrike.event.IncidentEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentEndTime) + 1) >= 12 + - date: + field: crowdstrike.event.StartTimestamp + target_field: crowdstrike.event.StartTimestamp + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.StartTimestamp != null && + !(ctx.crowdstrike.event.StartTimestamp instanceof String) && + ctx.crowdstrike.event.StartTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.StartTimestamp) + 1) >= 12 + - date: + field: crowdstrike.event.EndTimestamp + target_field: crowdstrike.event.EndTimestamp + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.EndTimestamp != null && + !(ctx.crowdstrike.event.EndTimestamp instanceof String) && + ctx.crowdstrike.event.EndTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.EndTimestamp) + 1) >= 12 + - date: + field: crowdstrike.event.UTCTimestamp + target_field: crowdstrike.event.UTCTimestamp + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.UTCTimestamp != null && + !(ctx.crowdstrike.event.UTCTimestamp instanceof String) && + ctx.crowdstrike.event.UTCTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.UTCTimestamp) + 1) >= 12 + - date: + field: crowdstrike.metadata.eventCreationTime + target_field: crowdstrike.metadata.eventCreationTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.metadata?.eventCreationTime != null && + !(ctx.crowdstrike.metadata.eventCreationTime instanceof String) && + ctx.crowdstrike.metadata.eventCreationTime != 0 && + (int)(Math.log10(ctx.crowdstrike.metadata.eventCreationTime) + 1) >= 12 + - date: + field: crowdstrike.event.ProcessStartTime + target_field: crowdstrike.event.ProcessStartTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessStartTime != null && + !(ctx.crowdstrike.event.ProcessStartTime instanceof String) && + ctx.crowdstrike.event.ProcessStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessStartTime) + 1) < 12 + - date: + field: crowdstrike.event.ProcessEndTime + target_field: crowdstrike.event.ProcessEndTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessEndTime != null && + !(ctx.crowdstrike.event.ProcessEndTime instanceof String) && + ctx.crowdstrike.event.ProcessEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessEndTime) + 1) < 12 + - date: + field: crowdstrike.event.IncidentStartTime + target_field: crowdstrike.event.IncidentStartTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentStartTime != null && + !(ctx.crowdstrike.event.IncidentStartTime instanceof String) && + ctx.crowdstrike.event.IncidentStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentStartTime) + 1) < 12 + - date: + field: crowdstrike.event.IncidentEndTime + target_field: crowdstrike.event.IncidentEndTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentEndTime != null && + !(ctx.crowdstrike.event.IncidentEndTime instanceof String) && + ctx.crowdstrike.event.IncidentEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentEndTime) + 1) < 12 + - date: + field: crowdstrike.event.StartTimestamp + target_field: crowdstrike.event.StartTimestamp + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.StartTimestamp != null && + !(ctx.crowdstrike.event.StartTimestamp instanceof String) && + ctx.crowdstrike.event.StartTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.StartTimestamp) + 1) < 12 + - date: + field: crowdstrike.event.EndTimestamp + target_field: crowdstrike.event.EndTimestamp + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.EndTimestamp != null && + !(ctx.crowdstrike.event.EndTimestamp instanceof String) && + ctx.crowdstrike.event.EndTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.EndTimestamp) + 1) < 12 + - date: + field: crowdstrike.event.UTCTimestamp + target_field: crowdstrike.event.UTCTimestamp + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.UTCTimestamp != null && + !(ctx.crowdstrike.event.UTCTimestamp instanceof String) && + ctx.crowdstrike.event.UTCTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.UTCTimestamp) + 1) < 12 + - date: + field: crowdstrike.metadata.eventCreationTime + target_field: crowdstrike.metadata.eventCreationTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.metadata?.eventCreationTime != null && + !(ctx.crowdstrike.metadata.eventCreationTime instanceof String) && + ctx.crowdstrike.metadata.eventCreationTime != 0 && + (int)(Math.log10(ctx.crowdstrike.metadata.eventCreationTime) + 1) < 12 + - set: + field: event.outcome + value: success + if: ctx?.crowdstrike?.event?.Success == true + - set: + field: event.outcome + value: failure + if: ctx?.crowdstrike?.event?.Success == false + - set: + field: event.outcome + value: unknown + if: ctx?.event?.outcome == null + - convert: + field: crowdstrike.metadata.eventCreationTime + target_field: "@timestamp" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.LateralMovement + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.LocalPort + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.MatchCount + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.MatchCountSinceLastReport + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.PID + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.RemotePort + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: source.port + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: destination.port + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.UserName + target_field: user.name + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.UserId + target_field: user.name + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.user?.name == null || ctx?.user?.name == "" + - set: + field: user.email + value: "{{user.name}}" + ignore_empty_value: true + ignore_failure: true + if: ctx?.user?.name != null && /@/.split(ctx.user.name).length == 2 + - script: + lang: painless + source: | + def commandLine = ctx?.crowdstrike?.event?.CommandLine; + if (commandLine != null) { + + commandLine = commandLine.trim(); + + if (commandLine != "") { + def args = Arrays.asList(/ /.split(commandLine)); + args.removeIf(arg -> arg == ""); + + ctx["process.command_line"] = commandLine; + ctx["process.args"] = args; + ctx["process.executable"] = args.get(0); + } + } + - pipeline: + name: '{< IngestPipeline "detection_summary" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "DetectionSummaryEvent" + - pipeline: + name: '{< IngestPipeline "incident_summary" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "IncidentSummaryEvent" + - pipeline: + name: '{< IngestPipeline "user_activity_audit" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "UserActivityAuditEvent" + - pipeline: + name: '{< IngestPipeline "auth_activity_audit" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "AuthActivityAuditEvent" + - pipeline: + name: '{< IngestPipeline "firewall_match" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "FirewallMatchEvent" + - pipeline: + name: '{< IngestPipeline "remote_response_session_start" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "RemoteResponseSessionStartEvent" + - pipeline: + name: '{< IngestPipeline "remote_response_session_end" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "RemoteResponseSessionEndEvent" - script: lang: painless if: ctx?.crowdstrike?.event != null @@ -12,6 +319,8 @@ processors: - '' - '-' - 'N/A' + - 'NA' + - 0 source: | ctx.crowdstrike.event.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); - script: @@ -23,8 +332,33 @@ processors: - '' - '-' - 'N/A' + - 'NA' source: | ctx.crowdstrike.metadata.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); + - append: + field: related.user + value: "{{user.name}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.user?.name != null && ctx?.user?.name != "" + - append: + field: related.ip + value: "{{source.ip}}" + ignore_failure: true + allow_duplicates: false + if: ctx?.source?.ip != null && ctx?.source?.ip != "" + - append: + field: related.ip + value: "{{destination.ip}}" + ignore_failure: true + allow_duplicates: false + if: ctx?.destination?.ip != null && ctx?.destination?.ip != "" + - append: + field: related.hosts + value: "{{host.name}}" + ignore_failure: true + allow_duplicates: false + if: ctx?.host?.name != null && ctx?.host?.name != "" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml new file mode 100644 index 00000000000..4e3b7b834a9 --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml @@ -0,0 +1,25 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [network] + - append: + field: event.action + value: [remote_response_session_end_event] + - append: + field: event.type + value: [end, session] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - set: + field: message + value: Remote response session ended. + - convert: + field: crowdstrike.event.HostnameField + target_field: host.name + type: string + ignore_failure: true + ignore_missing: true diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml new file mode 100644 index 00000000000..834a3dee73d --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml @@ -0,0 +1,25 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [network] + - append: + field: event.action + value: [remote_response_session_start_event] + - append: + field: event.type + value: [start, session] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - set: + field: message + value: Remote response session started. + - convert: + field: crowdstrike.event.HostnameField + target_field: host.name + type: string + ignore_failure: true + ignore_missing: true diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml new file mode 100644 index 00000000000..6998062561d --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml @@ -0,0 +1,29 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [iam] + - append: + field: event.type + value: [change] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - set: + field: event.action + value: user_activity_audit_event + - convert: + field: crowdstrike.event.OperationName + target_field: message + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.UserIp + target_field: source.ip + type: string + ignore_failure: true + ignore_missing: true + if: ctx?.crowdstrike?.event?.UserIp != null && ctx?.crowdstrike?.event?.UserIp != "" diff --git a/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml b/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml index 905124a0eab..d4f04b84f11 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml +++ b/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml @@ -8,4 +8,13 @@ var: default: [forwarded] input: config/falcon.yml -ingest_pipeline: ingest/pipeline.yml + +ingest_pipeline: + - ingest/pipeline.yml + - ingest/auth_activity_audit.yml + - ingest/detection_summary.yml + - ingest/firewall_match.yml + - ingest/incident_summary.yml + - ingest/remote_response_session_end.yml + - ingest/remote_response_session_start.yml + - ingest/user_activity_audit.yml diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json index 4d21948cac7..690cb98ed09 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json @@ -9,13 +9,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionStartEvent", "crowdstrike.metadata.offset": 1045, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_start_event", + "event.action": [ + "remote_response_session_start_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "start" + "start", + "session" ], "fileset.name": "falcon", "host.name": "hostnameofmachine", @@ -24,8 +30,13 @@ "multiline" ], "log.offset": 0, - "message": "Remote response session started", - "related.user": "first.last@company.com", + "message": "Remote response session started.", + "related.hosts": [ + "hostnameofmachine" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -43,13 +54,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionEndEvent", "crowdstrike.metadata.offset": 1046, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_end_event", + "event.action": [ + "remote_response_session_end_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "end" + "end", + "session" ], "fileset.name": "falcon", "host.name": "hostnameofmachine", @@ -58,8 +75,13 @@ "multiline" ], "log.offset": 457, - "message": "Remote response session ended", - "related.user": "first.last@company.com", + "message": "Remote response session ended.", + "related.hosts": [ + "hostnameofmachine" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -119,8 +141,12 @@ ], "log.offset": 910, "message": "Crowdstrike Streaming API", - "related.ip": "10.10.0.8", - "related.user": "api-client-id:1234567890abcdefghijklmnopqrstuvwxyz", + "related.ip": [ + "10.10.0.8" + ], + "related.user": [ + "api-client-id:1234567890abcdefghijklmnopqrstuvwxyz" + ], "service.type": "crowdstrike", "source.ip": "10.10.0.8", "tags": [ @@ -158,8 +184,12 @@ ], "log.offset": 2152, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -198,8 +228,12 @@ ], "log.offset": 2645, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.3", - "related.user": "bob@company.com", + "related.ip": [ + "192.168.6.3" + ], + "related.user": [ + "bob@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.3", "tags": [ @@ -247,8 +281,12 @@ ], "log.offset": 3136, "message": "update_group", - "related.ip": "192.168.6.13", - "related.user": "chris@company.com", + "related.ip": [ + "192.168.6.13" + ], + "related.user": [ + "chris@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.13", "tags": [ @@ -293,8 +331,12 @@ ], "log.offset": 3858, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -333,8 +375,12 @@ ], "log.offset": 4506, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -379,8 +425,12 @@ ], "log.offset": 4999, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -419,8 +469,12 @@ ], "log.offset": 5646, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -459,8 +513,12 @@ ], "log.offset": 6134, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -499,8 +557,12 @@ ], "log.offset": 6627, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -556,8 +618,12 @@ ], "log.offset": 7113, "message": "detection_update", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json index eab6fb1db0e..0756dfac477 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json @@ -73,7 +73,19 @@ "process.executable": "C:\\Windows\\Explorer.EXE", "process.name": "explorer.exe", "process.pid": 38684386611, - "related.ip": "192.168.12.51", + "related.hash": [ + "6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a", + "ac4c51eb24aa95b77f705ab159189e24" + ], + "related.hosts": [ + "alice-laptop" + ], + "related.ip": [ + "192.168.12.51" + ], + "related.user": [ + "alice" + ], "rule.description": "Terminated a process related to the deletion of backups, which is often indicative of ransomware activity.", "rule.name": "Process Terminated", "service.type": "crowdstrike", @@ -159,7 +171,9 @@ ], "log.offset": 2579, "message": "quarantined_file_update", - "related.user": "Crowdstrike", + "related.user": [ + "Crowdstrike" + ], "service.type": "crowdstrike", "tags": [ "forwarded" diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json index becdbecc7c8..dd277a3f2c9 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json @@ -33,7 +33,9 @@ "crowdstrike.metadata.version": "1.0", "destination.ip": "10.37.60.194", "destination.port": 445, - "event.action": "firewall_match_event", + "event.action": [ + "firewall_match_event" + ], "event.category": [ "network" ], @@ -41,9 +43,7 @@ "event.dataset": "crowdstrike.falcon_endpoint", "event.kind": "event", "event.module": "crowdstrike", - "event.outcome": [ - "unknown" - ], + "event.outcome": "unknown", "event.type": [ "start", "connection" @@ -59,6 +59,9 @@ "network.direction": "ingress", "network.type": "ipv4", "process.pid": 206158879910, + "related.hosts": [ + "TESTDEVICE01" + ], "related.ip": [ "10.37.60.21", "10.37.60.194" @@ -163,8 +166,12 @@ ], "log.offset": 2041, "message": "Crowdstrike Authentication", - "related.ip": "165.225.220.184", - "related.user": "first.last@company.com", + "related.ip": [ + "165.225.220.184" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "source.ip": "165.225.220.184", "tags": [ @@ -211,7 +218,9 @@ ], "log.offset": 3219, "message": "quarantined_file_update", - "related.user": "Crowdstrike", + "related.user": [ + "Crowdstrike" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -228,13 +237,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionStartEvent", "crowdstrike.metadata.offset": 57217, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_start_event", + "event.action": [ + "remote_response_session_start_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "start" + "start", + "session" ], "fileset.name": "falcon", "host.name": "TESTDEVICE01", @@ -243,8 +258,13 @@ "multiline" ], "log.offset": 4017, - "message": "Remote response session started", - "related.user": "first.last@company.com", + "message": "Remote response session started.", + "related.hosts": [ + "TESTDEVICE01" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -273,13 +293,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionEndEvent", "crowdstrike.metadata.offset": 57269, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_end_event", + "event.action": [ + "remote_response_session_end_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "end" + "end", + "session" ], "fileset.name": "falcon", "host.name": "TESTDEVICE01", @@ -288,8 +314,13 @@ "multiline" ], "log.offset": 4466, - "message": "Remote response session ended", - "related.user": "first.last@company.com", + "message": "Remote response session ended.", + "related.hosts": [ + "TESTDEVICE01" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -335,7 +366,6 @@ "crowdstrike.event.LocalIP": "10.1.190.117", "crowdstrike.event.MACAddress": "54-ad-d4-d2-a8-0b", "crowdstrike.event.MD5String": "0ab1235adca04aef6239f5496ef0a5df", - "crowdstrike.event.MachineDomain": "NA", "crowdstrike.event.Objective": "Falcon Detection Method", "crowdstrike.event.ParentCommandLine": "C:\\Windows\\Explorer.EXE", "crowdstrike.event.ParentImageFileName": "\\Device\\HarddiskVolume2\\Windows\\explorer.exe", @@ -402,13 +432,25 @@ "process.args": [ "\"C:\\ProgramData\\file\\path\\filename.exe\"" ], - "process.command_line": "\"C:\\ProgramData\\file\\path\\filename.exe\" ", + "process.command_line": "\"C:\\ProgramData\\file\\path\\filename.exe\"", "process.executable": "\"C:\\ProgramData\\file\\path\\filename.exe\"", "process.name": "filename.exe", "process.parent.command_line": "C:\\Windows\\Explorer.EXE", "process.parent.executable": "\\Device\\HarddiskVolume2\\Windows\\explorer.exe", "process.pid": 663790158277, - "related.ip": "10.1.190.117", + "related.hash": [ + "0a123b185f9a32fde1df59897089014c92e3d08a0533b54baa72ba2a93d64deb", + "0ab1235adca04aef6239f5496ef0a5df" + ], + "related.hosts": [ + "TESTDEVICE01" + ], + "related.ip": [ + "10.1.190.117" + ], + "related.user": [ + "First.last" + ], "rule.description": "This file meets the machine learning-based on-sensor AV protection's low confidence threshold for malicious files.", "rule.name": "NGAV", "service.type": "crowdstrike", diff --git a/x-pack/filebeat/module/cyberark/corepas/config/input.yml b/x-pack/filebeat/module/cyberark/corepas/config/input.yml index caf07675b0f..49b1e4ef20b 100644 --- a/x-pack/filebeat/module/cyberark/corepas/config/input.yml +++ b/x-pack/filebeat/module/cyberark/corepas/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cylance/protect/config/input.yml b/x-pack/filebeat/module/cylance/protect/config/input.yml index 7727cd2b81e..9e7cfc5a0fd 100644 --- a/x-pack/filebeat/module/cylance/protect/config/input.yml +++ b/x-pack/filebeat/module/cylance/protect/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml b/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml index 8c4509eb227..162208f2e80 100644 --- a/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml +++ b/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/f5/bigipafm/config/input.yml b/x-pack/filebeat/module/f5/bigipafm/config/input.yml index 28e46f847ab..9166fe8a62f 100644 --- a/x-pack/filebeat/module/f5/bigipafm/config/input.yml +++ b/x-pack/filebeat/module/f5/bigipafm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/f5/bigipapm/config/input.yml b/x-pack/filebeat/module/f5/bigipapm/config/input.yml index de1b1166774..9ca73218246 100644 --- a/x-pack/filebeat/module/f5/bigipapm/config/input.yml +++ b/x-pack/filebeat/module/f5/bigipapm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml index 94c4f9b163e..833d5dae4a4 100644 --- a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml +++ b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml @@ -90,4 +90,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml index 033577a4ef4..61f503d7f99 100644 --- a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_interfaces }} - add_fields: diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml index 8278c538c26..4e299f4be08 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml @@ -242,93 +242,6 @@ processors: type: integer ignore_failure: true ignore_missing: true -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- append: - field: related.ip - value: "{{source.ip}}" - if: "ctx.source?.ip != null" -- append: - field: related.ip - value: "{{destination.ip}}" - if: "ctx.destination?.ip != null" -- append: - field: related.user - value: "{{source.user.name}}" - if: "ctx.source?.user?.name != null" - remove: field: - fortinet.firewall.dstport diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml index a227d770082..c103fd14700 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml @@ -15,14 +15,17 @@ processors: ignore_missing: true ignore_failure: false trim_value: "\"" -- remove: - field: fortinet.tmp.assignip - if: "ctx.fortinet?.tmp?.assignip == 'N/A'" - ignore_missing: true - rename: field: fortinet.tmp target_field: fortinet.firewall ignore_missing: true +- script: + lang: painless + source: | + def fw = ctx?.fortinet?.firewall; + if (fw != null) { + fw.entrySet().removeIf(entry -> entry.getValue() == "N/A"); + } - set: field: observer.vendor value: Fortinet @@ -134,36 +137,6 @@ processors: field: fortinet.firewall.level target_field: log.level ignore_missing: true -- remove: - field: fortinet.firewall.assignip - if: "ctx.fortinet?.firewall?.assignip == 'N/A'" -- remove: - field: fortinet.firewall.dstip - if: "ctx.fortinet?.firewall?.dstip == 'N/A'" -- remove: - field: fortinet.firewall.srcip - if: "ctx.fortinet?.firewall?.srcip == 'N/A'" -- remove: - field: fortinet.firewall.remip - if: "ctx.fortinet?.firewall?.remip == 'N/A'" -- remove: - field: fortinet.firewall.locip - if: "ctx.fortinet?.firewall?.locip == 'N/A'" -- remove: - field: fortinet.firewall.group - if: "ctx.fortinet?.firewall?.group == 'N/A'" -- remove: - field: fortinet.firewall.user - if: "ctx.fortinet?.firewall?.user == 'N/A'" -- remove: - field: fortinet.firewall.tranip - if: "ctx.fortinet?.firewall?.tranip == 'N/A'" -- remove: - field: fortinet.firewall.transip - if: "ctx.fortinet?.firewall?.transip == 'N/A'" -- remove: - field: fortinet.firewall.tunnelip - if: "ctx.fortinet?.firewall?.tunnelip == 'N/A'" # Handle interface-based network directionality - set: field: network.direction @@ -259,6 +232,128 @@ processors: field: fortinet.firewall.size type: long ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + if: "ctx.source?.geo == null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + if: "ctx.destination?.geo == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + field: source.nat.ip + target_field: source.geo + ignore_missing: true + if: "ctx.source?.geo == null" +- geoip: + field: destination.nat.ip + target_field: destination.geo + ignore_missing: true + if: "ctx.destination?.geo == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.nat.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + if: "ctx.source?.as == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.nat.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + if: "ctx.destination?.as == null" +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- script: + lang: painless + source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" + if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" + ignore_failure: true +- script: + lang: painless + source: "ctx.network.packets = ctx.source.packets + ctx.destination.packets" + if: "ctx?.source?.packets != null && ctx?.destination?.packets != null" + ignore_failure: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx.destination?.ip != null" +- append: + field: related.user + value: "{{source.user.name}}" + if: "ctx.source?.user?.name != null" +- append: + field: related.user + value: "{{destination.user.name}}" + if: "ctx.destination?.user?.name != null" +- append: + field: related.hosts + value: "{{destination.address}}" + if: "ctx.destination?.address != null" +- append: + field: related.hosts + value: "{{source.address}}" + if: "ctx.source?.address != null" +- append: + field: related.hosts + value: "{{dns.question.name}}" + if: "ctx.dns?.question?.name != null" +- script: + lang: painless + source: | + def dnsIPs = ctx?.dns?.resolved_ip; + if (dnsIPs != null && dnsIPs instanceof List) { + if (ctx?.related?.ip == null) { + ctx.related.ip = []; + } + for (ip in dnsIPs) { + if (!ctx.related.ip.contains(ip)) { + ctx.related.ip.add(ip); + } + } + } on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml index 051a3eca2f8..5166332e2a1 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml @@ -200,102 +200,6 @@ processors: field: fortinet.firewall.url target_field: url.path ignore_missing: true -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- script: - lang: painless - source: "ctx.network.packets = ctx.source.packets + ctx.destination.packets" - if: "ctx?.source?.packets != null && ctx?.destination?.packets != null" - ignore_failure: true -- append: - field: related.ip - value: "{{source.ip}}" - if: "ctx.source?.ip != null" -- append: - field: related.ip - value: "{{destination.ip}}" - if: "ctx.destination?.ip != null" -- append: - field: related.user - value: "{{source.user.name}}" - if: "ctx.source?.user?.name != null" -- append: - field: related.user - value: "{{destination.user.name}}" - if: "ctx.destination?.user?.name != null" - remove: field: - fortinet.firewall.dstport @@ -310,4 +214,4 @@ processors: on_failure: - set: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml index e3df460546c..a788aa4c8bc 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml @@ -348,93 +348,6 @@ processors: field: fortinet.firewall.filehash target_field: fortinet.file.hash.crc32 ignore_missing: true -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- append: - field: related.ip - value: "{{source.ip}}" - if: "ctx.source?.ip != null" -- append: - field: related.ip - value: "{{destination.ip}}" - if: "ctx.destination?.ip != null" -- append: - field: related.user - value: "{{source.user.name}}" - if: "ctx.source?.user?.name != null" - append: field: related.hash value: "{{fortinet.file.hash.crc32}}" diff --git a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json index 2a485f787f4..172748796d1 100644 --- a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json +++ b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json @@ -427,6 +427,9 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.example.com" + ], "related.ip": [ "192.168.2.1", "8.8.8.8" @@ -498,9 +501,13 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.example.com" + ], "related.ip": [ "192.168.2.1", - "8.8.8.8" + "8.8.8.8", + "8.8.4.4" ], "rule.category": "Web-based Email", "rule.id": "26", @@ -642,6 +649,9 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.co" + ], "related.ip": [ "192.168.2.1", "8.8.8.8" @@ -704,6 +714,9 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.co" + ], "related.ip": [ "192.168.2.1", "8.8.8.8" @@ -864,9 +877,6 @@ "fortinet.firewall.subtype": "vpn", "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", - "fortinet.firewall.vpntunnel": "N/A", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "error", "log.offset": 7112, @@ -934,8 +944,6 @@ "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", "fortinet.firewall.vpntunnel": "elasticvpn", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "notice", "log.offset": 7680, @@ -1096,8 +1104,6 @@ "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", "fortinet.firewall.vpntunnel": "testvpn", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "notice", "log.offset": 9122, @@ -1198,7 +1204,6 @@ }, { "@timestamp": "2020-04-23T12:23:47.000-05:00", - "destination.address": "N/A", "destination.as.number": 15169, "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", @@ -1221,7 +1226,6 @@ ], "fileset.name": "firewall", "fortinet.firewall.action": "ssl-new-con", - "fortinet.firewall.reason": "N/A", "fortinet.firewall.subtype": "vpn", "fortinet.firewall.tunnelid": "2", "fortinet.firewall.tunneltype": "ssl", @@ -1248,7 +1252,6 @@ }, { "@timestamp": "2020-04-23T12:23:47.000-05:00", - "destination.address": "N/A", "destination.as.number": 3356, "destination.as.organization.name": "Level 3 Parent, LLC", "destination.geo.continent_name": "North America", @@ -2005,8 +2008,6 @@ "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", "fortinet.firewall.vpntunnel": "P1_Test", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "notice", "log.offset": 17123, diff --git a/x-pack/filebeat/module/fortinet/fortimail/config/input.yml b/x-pack/filebeat/module/fortinet/fortimail/config/input.yml index 08b243e6a02..b4ae86db1ff 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/config/input.yml +++ b/x-pack/filebeat/module/fortinet/fortimail/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml b/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml index b20b230f1b6..ff232c9266e 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml +++ b/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/gcp/audit/config/input.yml b/x-pack/filebeat/module/gcp/audit/config/input.yml index 80d6fc9c781..b1ba0148832 100644 --- a/x-pack/filebeat/module/gcp/audit/config/input.yml +++ b/x-pack/filebeat/module/gcp/audit/config/input.yml @@ -34,4 +34,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/gcp/firewall/config/input.yml b/x-pack/filebeat/module/gcp/firewall/config/input.yml index 72e6bfaed38..cc914cedfca 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/input.yml +++ b/x-pack/filebeat/module/gcp/firewall/config/input.yml @@ -38,4 +38,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml index aa2649a3598..fbcfc88a79a 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml @@ -37,4 +37,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/google_workspace/admin/config/config.yml b/x-pack/filebeat/module/google_workspace/admin/config/config.yml index e2e8cd80e3d..8c2c3824ed7 100644 --- a/x-pack/filebeat/module/google_workspace/admin/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/admin/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js b/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js index 1071a61aef0..4e9b5630a0d 100644 --- a/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js @@ -422,6 +422,17 @@ var login = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var setEventDuration = function(evt) { diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json index 6e14b17286f..abd84e26272 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json @@ -55,7 +55,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -112,7 +115,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -169,7 +175,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -224,7 +233,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -275,7 +287,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -325,7 +340,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -375,7 +393,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -426,7 +447,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -476,6 +500,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json index b58fc898aa5..b2d9d491215 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -97,7 +100,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -150,7 +156,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -200,7 +209,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -250,7 +262,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -300,7 +315,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -350,7 +368,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -404,7 +425,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -455,7 +479,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -508,7 +535,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -565,7 +595,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -615,7 +648,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -665,6 +704,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json index fd36d938cfa..4caec2adf2d 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -145,7 +151,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -202,6 +211,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json index be4e9edc547..f81d96a81f1 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json @@ -55,7 +55,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -107,7 +110,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -165,7 +171,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -215,7 +224,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -264,7 +276,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -317,7 +332,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -369,7 +387,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -422,7 +443,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -471,7 +495,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -520,7 +547,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -571,7 +601,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -620,7 +653,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -669,7 +705,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -720,7 +759,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -773,7 +815,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -826,7 +871,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -880,7 +928,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -932,7 +983,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -981,7 +1035,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1031,7 +1088,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1085,6 +1145,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json index 7c057be7bfd..5db40eec65c 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json @@ -51,6 +51,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json index e38c013ed50..608736f7167 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json @@ -49,7 +49,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -99,7 +105,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -149,7 +158,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -200,7 +212,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -251,7 +266,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -301,7 +319,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -351,7 +372,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -403,6 +427,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json index 3d9032bcb6c..fd8de3b21d1 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json @@ -49,7 +49,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -102,7 +108,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -159,6 +171,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json index aedc198aeec..65e1fe272a7 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -98,7 +101,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -148,7 +154,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -199,7 +208,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -248,7 +260,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -297,7 +312,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -346,7 +364,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -397,7 +418,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -447,7 +471,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -498,7 +525,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -548,7 +578,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -598,7 +631,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -648,7 +684,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -698,7 +737,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -749,7 +791,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -800,7 +845,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -851,7 +899,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -903,7 +954,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -957,7 +1011,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1007,7 +1064,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1058,7 +1118,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1108,7 +1171,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1158,7 +1224,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1210,7 +1279,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1263,7 +1335,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1314,7 +1389,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1366,7 +1444,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1417,7 +1498,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1466,7 +1550,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1517,7 +1604,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1566,7 +1656,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1617,7 +1710,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1669,7 +1765,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1720,7 +1819,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1769,7 +1871,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1818,7 +1923,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1869,7 +1977,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1920,7 +2031,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1970,7 +2084,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2020,7 +2137,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2071,7 +2191,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2120,7 +2243,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2169,7 +2295,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2220,7 +2349,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2271,7 +2403,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2322,7 +2457,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2373,7 +2511,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2424,7 +2565,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2472,7 +2616,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2523,7 +2670,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2574,7 +2724,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2625,7 +2778,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2675,7 +2831,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2724,7 +2883,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2775,7 +2937,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2826,7 +2994,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2877,7 +3048,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2926,7 +3100,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2975,7 +3152,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3026,7 +3206,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3077,7 +3260,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3130,7 +3316,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3181,7 +3370,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3232,7 +3424,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3283,7 +3478,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3335,7 +3533,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3385,7 +3586,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3435,7 +3639,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3486,7 +3693,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3536,7 +3746,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3585,7 +3798,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3634,7 +3850,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3683,7 +3902,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3732,7 +3954,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3782,7 +4007,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3833,7 +4061,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3883,7 +4114,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3933,7 +4167,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3983,7 +4220,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4033,7 +4273,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4083,7 +4326,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4134,7 +4380,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4184,7 +4433,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4232,7 +4484,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4281,6 +4536,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json index 5d748bc3990..86bbb3cbcbb 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -102,7 +105,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -155,7 +161,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -212,7 +224,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -265,7 +280,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -318,7 +336,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -371,7 +392,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -421,7 +445,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -471,6 +498,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json index d322acefbf9..d9c9e452f40 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json @@ -49,7 +49,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -101,7 +104,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -153,7 +159,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -202,7 +211,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -256,7 +268,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -310,7 +330,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -366,7 +394,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -422,7 +458,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -478,7 +522,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -529,7 +581,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -578,7 +633,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -631,7 +689,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -686,7 +747,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -740,6 +804,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json index 9a6738eb30b..c4dd9cdd54c 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -99,7 +102,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -151,7 +157,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -202,7 +214,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -255,7 +270,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -306,7 +327,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -358,7 +382,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -410,6 +440,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json index 436ec466cf4..099e46ceb46 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json @@ -52,7 +52,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -107,7 +113,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -158,7 +170,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -207,7 +222,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -257,7 +275,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -307,7 +328,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -357,7 +381,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -407,7 +434,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -462,7 +492,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -512,7 +545,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -564,7 +600,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -620,7 +659,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -672,7 +714,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -725,7 +770,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -778,7 +829,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -831,7 +888,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -884,7 +947,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -938,7 +1007,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -988,7 +1060,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1039,7 +1114,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1090,7 +1168,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1141,7 +1222,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1192,7 +1276,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1243,7 +1330,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1291,7 +1381,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1339,7 +1432,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1387,7 +1483,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1435,7 +1534,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1488,7 +1590,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1541,7 +1649,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1594,6 +1708,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json index cb63268bf24..efb0d4fefd7 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -100,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -151,7 +157,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -204,7 +213,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -253,7 +265,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -302,7 +317,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -351,7 +369,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -400,7 +421,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -449,7 +473,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -500,7 +527,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -549,7 +579,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -598,7 +631,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -647,7 +683,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -697,7 +736,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -747,7 +789,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -796,7 +841,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -851,6 +899,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json index d3e6ddbea99..38b52a4fde7 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json @@ -49,7 +49,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -100,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -151,7 +157,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -205,7 +214,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -257,7 +269,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -309,7 +324,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -359,7 +377,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -414,7 +435,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -469,7 +493,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -524,7 +551,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -579,7 +609,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -633,7 +666,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -682,7 +718,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -732,7 +771,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -785,7 +827,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -834,7 +879,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -883,7 +931,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -938,7 +989,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -995,7 +1049,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1047,7 +1104,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1102,7 +1162,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1155,7 +1218,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1206,7 +1272,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1256,6 +1325,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json index aa6e0b98b67..23436a2de5f 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json @@ -51,7 +51,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -105,7 +108,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -159,7 +165,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -211,7 +220,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -260,6 +272,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json index a04a9e8490b..0d31e53291c 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json @@ -48,7 +48,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -99,7 +105,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -152,7 +164,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -204,7 +222,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -255,7 +279,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -306,7 +336,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -357,7 +393,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -408,7 +450,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -460,7 +508,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -512,7 +566,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -563,7 +623,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -615,7 +678,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -667,7 +736,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -721,7 +796,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -774,7 +855,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -827,7 +914,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -880,7 +973,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -933,7 +1032,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -986,7 +1091,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1039,7 +1150,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1092,7 +1209,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1145,7 +1268,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1198,7 +1327,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1249,7 +1384,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1300,7 +1441,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1353,7 +1500,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1406,7 +1559,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1465,7 +1624,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1518,7 +1683,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1570,7 +1741,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1622,7 +1799,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1674,7 +1857,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1726,7 +1915,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1779,7 +1974,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1831,7 +2032,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1884,7 +2091,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1936,7 +2149,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1988,7 +2207,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2040,7 +2265,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2092,7 +2323,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2143,7 +2380,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2196,7 +2439,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2244,7 +2493,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2295,7 +2547,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2346,7 +2604,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2397,7 +2661,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2454,7 +2724,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2506,7 +2782,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2557,7 +2839,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2608,7 +2896,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2659,7 +2953,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2711,7 +3011,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2763,7 +3069,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2814,7 +3126,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2865,7 +3183,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2916,7 +3240,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2967,7 +3297,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3019,7 +3355,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3070,7 +3412,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3121,7 +3469,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3172,7 +3526,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3223,7 +3583,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3271,7 +3637,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3324,7 +3693,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3376,7 +3751,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3428,7 +3809,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3479,7 +3866,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3530,7 +3923,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3581,7 +3980,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3632,7 +4037,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3683,7 +4094,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3734,7 +4151,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3784,7 +4207,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3835,6 +4261,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/config/common.js b/x-pack/filebeat/module/google_workspace/config/common.js index a031e4e26aa..d918512df4e 100644 --- a/x-pack/filebeat/module/google_workspace/config/common.js +++ b/x-pack/filebeat/module/google_workspace/config/common.js @@ -50,7 +50,10 @@ var googleWorkspace = (function () { return; } + evt.Put("user.id", evt.Get("source.user.id")); + evt.Put("user.name", data[0]); evt.Put("source.user.name", data[0]); + evt.Put("user.domain", data[1]); evt.Put("source.user.domain", data[1]); }; diff --git a/x-pack/filebeat/module/google_workspace/drive/config/config.yml b/x-pack/filebeat/module/google_workspace/drive/config/config.yml index 32dbad8bffd..18eacfef7a2 100644 --- a/x-pack/filebeat/module/google_workspace/drive/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/drive/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json index 7577f101f35..2cf11698199 100644 --- a/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json @@ -59,7 +59,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -121,7 +124,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -183,7 +189,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -245,7 +254,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -307,7 +319,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -367,7 +382,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -427,7 +445,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -487,7 +508,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -547,7 +571,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -607,7 +634,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -671,7 +701,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -731,7 +764,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -791,7 +827,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -853,7 +892,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -915,7 +957,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -975,7 +1020,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1035,7 +1083,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1095,7 +1146,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1155,7 +1209,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1215,7 +1272,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1276,7 +1336,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1342,7 +1405,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1409,7 +1475,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1476,7 +1545,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1543,7 +1615,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1610,7 +1685,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1672,7 +1750,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1740,6 +1821,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/groups/config/config.yml b/x-pack/filebeat/module/google_workspace/groups/config/config.yml index 6028d2f672a..6d713ebdb29 100644 --- a/x-pack/filebeat/module/google_workspace/groups/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/groups/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js b/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js index 7f91d9db844..5b3029af0f4 100644 --- a/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js @@ -129,6 +129,17 @@ var groups = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var pipeline = new processor.Chain() diff --git a/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json index 1a129341981..5faa1d30d53 100644 --- a/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json @@ -57,7 +57,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -110,7 +113,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -165,7 +171,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -218,7 +232,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -271,7 +288,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -327,7 +347,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -379,7 +402,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -431,7 +457,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -487,7 +516,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -542,7 +574,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -598,7 +633,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -653,7 +691,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -709,7 +750,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -765,7 +809,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -821,7 +868,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -877,7 +927,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -933,7 +986,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -989,7 +1045,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1045,7 +1109,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1101,7 +1173,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1156,7 +1236,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1211,7 +1299,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1266,7 +1362,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1321,7 +1425,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1376,6 +1488,14 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/login/config/config.yml b/x-pack/filebeat/module/google_workspace/login/config/config.yml index db16922b042..3ce48abe77b 100644 --- a/x-pack/filebeat/module/google_workspace/login/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/login/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/login/config/pipeline.js b/x-pack/filebeat/module/google_workspace/login/config/pipeline.js index 62b5b8a7542..9f9610393f1 100644 --- a/x-pack/filebeat/module/google_workspace/login/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/login/config/pipeline.js @@ -9,14 +9,17 @@ var login = (function () { evt.Put("event.category", ["authentication"]); switch (evt.Get("event.action")) { case "login_failure": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "failure"); break; case "login_success": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "success"); break; case "logout": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["end"]); break; case "account_disabled_generic": @@ -83,9 +86,25 @@ var login = (function () { evt.Delete("json.events.parameters"); }; + var addTargetUser = function(evt) { + var affectedEmail = evt.Get("google_workspace.login.affected_email_address"); + if (affectedEmail) { + evt.Put("user.target.email", affectedEmail); + var data = affectedEmail.split("@"); + if (data.length !== 2) { + return; + } + + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.AppendTo("related.user", data[0]); + } + }; + var pipeline = new processor.Chain() .Add(categorizeEvent) .Add(processParams) + .Add(addTargetUser) .Build(); return { diff --git a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json index 9e26d2af48b..48f7038df80 100644 --- a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json @@ -47,7 +47,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -97,7 +103,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -147,7 +159,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -197,7 +215,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -245,13 +269,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.login", "event.id": "1", @@ -297,7 +325,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -348,7 +379,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -400,13 +434,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "logout", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.login", "event.id": "1", @@ -449,13 +487,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.login", "event.id": "1", @@ -501,6 +543,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/saml/config/config.yml b/x-pack/filebeat/module/google_workspace/saml/config/config.yml index f0678b76cd4..da0641282fc 100644 --- a/x-pack/filebeat/module/google_workspace/saml/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/saml/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js b/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js index caf62937f7a..9a779f8dd88 100644 --- a/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js @@ -7,7 +7,7 @@ var saml = (function () { var categorizeEvent = function(evt) { evt.Put("event.type", ["start"]); - evt.Put("event.category", ["authentication"]); + evt.Put("event.category", ["authentication", "session"]); switch (evt.Get("event.action")) { case "login_failure": evt.Put("event.outcome", "failure"); diff --git a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json index ff3ef42e1c8..90f6463ce34 100644 --- a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json @@ -3,7 +3,8 @@ "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.saml", "event.id": "1", @@ -52,13 +53,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:01.000Z", "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.saml", "event.id": "1", @@ -105,6 +110,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml index 36e7e88e323..2219d3ba1a0 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json index ed49851f291..cce07c42cf2 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -144,7 +150,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -193,7 +202,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -242,7 +254,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -291,7 +306,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -340,7 +358,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -389,6 +410,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/config/config.yml b/x-pack/filebeat/module/gsuite/admin/config/config.yml index a0a3f17d8b7..12e3730dc93 100644 --- a/x-pack/filebeat/module/gsuite/admin/config/config.yml +++ b/x-pack/filebeat/module/gsuite/admin/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/admin/config/pipeline.js b/x-pack/filebeat/module/gsuite/admin/config/pipeline.js index 8302ec5a1e5..9fdaa12998e 100644 --- a/x-pack/filebeat/module/gsuite/admin/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/admin/config/pipeline.js @@ -422,6 +422,17 @@ var login = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var setEventDuration = function(evt) { diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json index e33c671e30b..83556673967 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json @@ -54,7 +54,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_APPLICATION_SETTING", @@ -110,7 +113,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_APPLICATION_SETTING", @@ -166,7 +172,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REORDER_GROUP_BASED_POLICIES_EVENT", @@ -220,7 +229,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GPLUS_PREMIUM_FEATURES", @@ -270,7 +282,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_MANAGED_CONFIGURATION", @@ -319,7 +334,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_MANAGED_CONFIGURATION", @@ -368,7 +386,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_MANAGED_CONFIGURATION", @@ -418,7 +439,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "FLASHLIGHT_EDU_NON_FEATURED_SERVICES_SELECTED", @@ -467,6 +491,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json index 110753ae98d..10e0ec1aac4 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_BUILDING", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_BUILDING", @@ -147,7 +153,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_CALENDAR_RESOURCE", @@ -196,7 +205,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CALENDAR_RESOURCE", @@ -245,7 +257,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_CALENDAR_RESOURCE_FEATURE", @@ -294,7 +309,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CALENDAR_RESOURCE_FEATURE", @@ -343,7 +361,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CALENDAR_RESOURCE_FEATURE", @@ -396,7 +417,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_CALENDAR_RESOURCE", @@ -446,7 +470,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CALENDAR_RESOURCE", @@ -498,7 +525,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CALENDAR_SETTING", @@ -554,7 +584,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CANCEL_CALENDAR_EVENTS", @@ -603,7 +636,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RELEASE_CALENDAR_RESOURCES", @@ -652,6 +691,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json index 0c7828946da..5fde8049c7c 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json @@ -45,7 +45,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MEET_INTEROP_DELETE_GATEWAY", @@ -93,7 +96,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MEET_INTEROP_MODIFY_GATEWAY", @@ -142,7 +148,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHAT_SETTING", @@ -198,6 +207,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json index e4a8b714110..4627a127b8f 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json @@ -54,7 +54,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DEVICE_STATE", @@ -105,7 +108,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_APPLICATION_SETTING", @@ -162,7 +168,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SEND_CHROME_OS_DEVICE_COMMAND", @@ -211,7 +220,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_DEVICE_ANNOTATION", @@ -259,7 +271,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_DEVICE_SETTING", @@ -311,7 +326,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_DEVICE_STATE", @@ -362,7 +380,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_PUBLIC_SESSION_SETTING", @@ -414,7 +435,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "INSERT_CHROME_OS_PRINT_SERVER", @@ -462,7 +486,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CHROME_OS_PRINT_SERVER", @@ -510,7 +537,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CHROME_OS_PRINT_SERVER", @@ -560,7 +590,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "INSERT_CHROME_OS_PRINTER", @@ -608,7 +641,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CHROME_OS_PRINTER", @@ -656,7 +692,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CHROME_OS_PRINTER", @@ -706,7 +745,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_SETTING", @@ -758,7 +800,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_USER_SETTING", @@ -810,7 +855,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ISSUE_DEVICE_COMMAND", @@ -863,7 +911,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOVE_DEVICE_TO_ORG_UNIT_DETAILED", @@ -914,7 +965,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_CHROME_OS_APPLICATION_SETTINGS", @@ -962,7 +1016,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_DEVICE", @@ -1011,7 +1068,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CONTACTS_SETTING", @@ -1064,6 +1124,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json index 3f071102276..825e497e5a0 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json @@ -50,6 +50,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json index b5c6d47d8b3..01b558fdf49 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json @@ -48,7 +48,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_ROLE", @@ -97,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_ROLE", @@ -146,7 +155,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_PRIVILEGE", @@ -196,7 +208,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_PRIVILEGE", @@ -246,7 +261,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_ROLE", @@ -295,7 +313,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_ROLE", @@ -344,7 +365,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNASSIGN_ROLE", @@ -395,6 +419,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json index 311ecf3e237..da5410ee7d3 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json @@ -48,7 +48,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DRIVE_DATA_RESTORE", @@ -100,7 +106,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_DOCS_SETTING", @@ -156,6 +168,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json index ff5c3d1d2a5..05143097e3d 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_APPLICATION", @@ -96,7 +99,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_APPLICATION_TO_WHITELIST", @@ -145,7 +151,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ADVERTISEMENT_OPTION", @@ -195,7 +204,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_ALERT", @@ -243,7 +255,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ALERT_CRITERIA", @@ -291,7 +306,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_ALERT", @@ -339,7 +357,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ALERT_RECEIVERS_CHANGED", @@ -389,7 +410,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_ALERT", @@ -438,7 +462,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ALERT_STATUS_CHANGED", @@ -488,7 +515,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_DOMAIN_ALIAS", @@ -537,7 +567,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_DOMAIN_ALIAS", @@ -586,7 +619,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SKIP_DOMAIN_ALIAS_MX", @@ -635,7 +671,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_DOMAIN_ALIAS_MX", @@ -684,7 +723,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_DOMAIN_ALIAS", @@ -734,7 +776,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_OAUTH_ACCESS_TO_ALL_APIS", @@ -784,7 +829,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_ALLOW_ADMIN_PASSWORD_RESET", @@ -834,7 +882,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_API_ACCESS", @@ -885,7 +936,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "AUTHORIZE_API_CLIENT_ACCESS", @@ -938,7 +992,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_API_CLIENT_ACCESS", @@ -987,7 +1044,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_LICENSES_REDEEMED", @@ -1037,7 +1097,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_AUTO_ADD_NEW_SERVICE", @@ -1086,7 +1149,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_PRIMARY_DOMAIN", @@ -1135,7 +1201,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_WHITELIST_SETTING", @@ -1186,7 +1255,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMMUNICATION_PREFERENCES_SETTING_CHANGE", @@ -1238,7 +1310,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CONFLICT_ACCOUNT_ACTION", @@ -1288,7 +1363,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_FEEDBACK_SOLICITATION", @@ -1339,7 +1417,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_CONTACT_SHARING", @@ -1389,7 +1470,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_PLAY_FOR_WORK_TOKEN", @@ -1437,7 +1521,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_USE_CUSTOM_LOGO", @@ -1487,7 +1574,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CUSTOM_LOGO", @@ -1535,7 +1625,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", @@ -1585,7 +1678,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DATA_LOCALIZATION_SETTING", @@ -1636,7 +1732,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DATA_PROTECTION_OFFICER_CONTACT_INFO", @@ -1686,7 +1785,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_PLAY_FOR_WORK_TOKEN", @@ -1734,7 +1836,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VIEW_DNS_LOGIN_DETAILS", @@ -1782,7 +1887,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_DEFAULT_LOCALE", @@ -1832,7 +1940,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_DEFAULT_TIMEZONE", @@ -1882,7 +1993,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_NAME", @@ -1931,7 +2045,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_ENABLE_PRE_RELEASE_FEATURES", @@ -1980,7 +2097,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_SUPPORT_MESSAGE", @@ -2030,7 +2150,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_TRUSTED_DOMAINS", @@ -2078,7 +2201,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_TRUSTED_DOMAINS", @@ -2126,7 +2252,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_EDU_TYPE", @@ -2176,7 +2305,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_ENABLE_OAUTH_CONSUMER_KEY", @@ -2226,7 +2358,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_SSO_ENABLED", @@ -2276,7 +2411,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_SSL", @@ -2326,7 +2464,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_EU_REPRESENTATIVE_CONTACT_INFO", @@ -2376,7 +2517,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GENERATE_TRANSFER_TOKEN", @@ -2423,7 +2567,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_LOGIN_BACKGROUND_COLOR", @@ -2473,7 +2620,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_LOGIN_BORDER_COLOR", @@ -2523,7 +2673,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_LOGIN_ACTIVITY_TRACE", @@ -2573,7 +2726,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "PLAY_FOR_WORK_ENROLL", @@ -2622,7 +2778,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "PLAY_FOR_WORK_UNENROLL", @@ -2670,7 +2829,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MX_RECORD_VERIFICATION_CLAIM", @@ -2720,7 +2882,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "TOGGLE_NEW_APP_FEATURES", @@ -2770,7 +2938,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_USE_NEXT_GEN_CONTROL_PANEL", @@ -2820,7 +2991,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPLOAD_OAUTH_CERTIFICATE", @@ -2868,7 +3042,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REGENERATE_OAUTH_CONSUMER_SECRET", @@ -2916,7 +3093,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_OPEN_ID_ENABLED", @@ -2966,7 +3146,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ORGANIZATION_NAME", @@ -3016,7 +3199,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_OUTBOUND_RELAY", @@ -3068,7 +3254,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_PASSWORD_MAX_LENGTH", @@ -3118,7 +3307,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_PASSWORD_MIN_LENGTH", @@ -3168,7 +3360,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_DOMAIN_PRIMARY_ADMIN_EMAIL", @@ -3218,7 +3413,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_SERVICE_OR_FEATURE_NOTIFICATIONS", @@ -3269,7 +3467,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_APPLICATION", @@ -3318,7 +3519,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_APPLICATION_FROM_WHITELIST", @@ -3367,7 +3571,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_RENEW_DOMAIN_REGISTRATION", @@ -3417,7 +3624,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_RESELLER_ACCESS", @@ -3466,7 +3676,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RULE_ACTIONS_CHANGED", @@ -3514,7 +3727,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_RULE", @@ -3562,7 +3778,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_RULE_CRITERIA", @@ -3610,7 +3829,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_RULE", @@ -3658,7 +3880,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_RULE", @@ -3707,7 +3932,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RULE_STATUS_CHANGED", @@ -3757,7 +3985,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_SECONDARY_DOMAIN", @@ -3806,7 +4037,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_SECONDARY_DOMAIN", @@ -3855,7 +4089,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SKIP_SECONDARY_DOMAIN_MX", @@ -3904,7 +4141,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_SECONDARY_DOMAIN_MX", @@ -3953,7 +4193,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_SECONDARY_DOMAIN", @@ -4002,7 +4245,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_DOMAIN_SECONDARY_EMAIL", @@ -4052,7 +4298,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SSO_SETTINGS", @@ -4101,7 +4350,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GENERATE_PIN", @@ -4148,7 +4400,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_RULE", @@ -4196,6 +4451,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json index 1db80ed600b..ab2ea5b15fa 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EMAIL_LOG_SEARCH", @@ -100,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EMAIL_UNDELETE", @@ -152,7 +158,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_EMAIL_SETTING", @@ -208,7 +220,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GMAIL_SETTING", @@ -260,7 +275,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_GMAIL_SETTING", @@ -312,7 +330,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_GMAIL_SETTING", @@ -364,7 +385,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REJECT_FROM_QUARANTINE", @@ -413,7 +437,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RELEASE_FROM_QUARANTINE", @@ -462,6 +489,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json index ff894cd6c05..b8d46167531 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_GROUP", @@ -99,7 +102,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GROUP_DESCRIPTION", @@ -150,7 +156,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GROUP_LIST_DOWNLOAD", @@ -198,7 +207,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_GROUP_MEMBER", @@ -251,7 +263,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "REMOVE_GROUP_MEMBER", @@ -304,7 +324,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "UPDATE_GROUP_MEMBER", @@ -359,7 +387,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", @@ -414,7 +450,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS_CAN_EMAIL_OVERRIDE", @@ -469,7 +513,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "GROUP_MEMBER_BULK_UPLOAD", @@ -519,7 +571,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GROUP_MEMBERS_DOWNLOAD", @@ -567,7 +622,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GROUP_NAME", @@ -619,7 +677,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GROUP_SETTING", @@ -673,7 +734,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "WHITELISTED_GROUPS_UPDATED", @@ -726,6 +790,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json index 1fd3a0da6e2..2f36dd24262 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ORG_ALL_USERS_LICENSE_ASSIGNMENT", @@ -97,7 +100,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USER_LICENSE_ASSIGNMENT", @@ -148,7 +154,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_LICENSE_AUTO_ASSIGN", @@ -198,7 +210,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USER_LICENSE_REASSIGNMENT", @@ -250,7 +265,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ORG_LICENSE_REVOKE", @@ -300,7 +321,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USER_LICENSE_REVOKE", @@ -351,7 +375,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UPDATE_DYNAMIC_LICENSE", @@ -402,6 +432,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json index 10f080230c4..7b41064d5a8 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json @@ -51,7 +51,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ACTION_REQUESTED", @@ -105,7 +111,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_MOBILE_CERTIFICATE", @@ -155,7 +167,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_DEVICES_BULK_CREATION", @@ -203,7 +218,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_OWNED_DEVICE_BLOCKED", @@ -252,7 +270,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_DEVICE_DELETION", @@ -301,7 +322,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_OWNED_DEVICE_UNBLOCKED", @@ -350,7 +374,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_OWNED_DEVICE_WIPED", @@ -399,7 +426,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_APPLICATION_PERMISSION_GRANT", @@ -453,7 +483,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_APPLICATION_PRIORITY_ORDER", @@ -502,7 +535,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_MOBILE_APPLICATION_FROM_WHITELIST", @@ -553,7 +589,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_APPLICATION_SETTINGS", @@ -608,7 +647,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_MOBILE_APPLICATION_TO_WHITELIST", @@ -659,7 +701,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOBILE_DEVICE_APPROVE", @@ -711,7 +756,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_BLOCK", @@ -763,7 +814,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_DELETE", @@ -815,7 +872,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_WIPE", @@ -867,7 +930,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_MOBILE_SETTING", @@ -920,7 +989,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ADMIN_RESTRICTIONS_PIN", @@ -969,7 +1041,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_WIRELESS_NETWORK", @@ -1019,7 +1094,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_MOBILE_WIRELESS_NETWORK", @@ -1069,7 +1147,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_MOBILE_WIRELESS_NETWORK", @@ -1119,7 +1200,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_WIRELESS_NETWORK_PASSWORD", @@ -1169,7 +1253,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_MOBILE_CERTIFICATE", @@ -1219,7 +1306,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENROLL_FOR_GOOGLE_DEVICE_MANAGEMENT", @@ -1266,7 +1356,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT", @@ -1313,7 +1406,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_NON_IOS", @@ -1360,7 +1456,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_IOS", @@ -1407,7 +1506,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOBILE_ACCOUNT_WIPE", @@ -1459,7 +1561,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_APPROVE", @@ -1511,7 +1619,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_BLOCK", @@ -1563,6 +1677,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json index b4cdd02f0bd..854d75f96fd 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_CREATED", @@ -98,7 +101,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_DELETED", @@ -148,7 +154,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_UPDATED", @@ -200,7 +209,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_DEVICE_ENROLLMENT_TOKEN", @@ -248,7 +260,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ASSIGN_CUSTOM_LOGO", @@ -296,7 +311,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNASSIGN_CUSTOM_LOGO", @@ -344,7 +362,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_ENROLLMENT_TOKEN", @@ -392,7 +413,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REVOKE_ENROLLMENT_TOKEN", @@ -440,7 +464,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_LICENSES_ALLOWED", @@ -490,7 +517,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_ORG_UNIT", @@ -538,7 +568,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_ORG_UNIT", @@ -586,7 +619,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EDIT_ORG_UNIT_DESCRIPTION", @@ -634,7 +670,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOVE_ORG_UNIT", @@ -683,7 +722,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EDIT_ORG_UNIT_NAME", @@ -732,7 +774,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REVOKE_DEVICE_ENROLLMENT_TOKEN", @@ -780,7 +825,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_SERVICE_ENABLED", @@ -834,6 +882,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json index d08d68f872e..609025f9137 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -98,7 +101,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -148,7 +154,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID", @@ -201,7 +210,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_TO_TRUSTED_OAUTH2_APPS", @@ -252,7 +264,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_FROM_TRUSTED_OAUTH2_APPS", @@ -303,7 +318,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "BLOCK_ON_DEVICE_ACCESS", @@ -352,7 +370,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", @@ -406,7 +427,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", @@ -460,7 +484,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION", @@ -514,7 +541,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_START_DATE", @@ -568,7 +598,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", @@ -621,7 +654,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_CAA_ENABLEMENT", @@ -669,7 +705,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CAA_ERROR_MESSAGE", @@ -718,7 +757,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CAA_APP_ASSIGNMENTS", @@ -770,7 +812,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -818,7 +863,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -866,7 +914,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY", @@ -920,7 +971,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENFORCE_STRONG_AUTHENTICATION", @@ -976,7 +1030,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS", @@ -1027,7 +1084,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", @@ -1081,7 +1141,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SESSION_CONTROL_SETTINGS_CHANGE", @@ -1133,7 +1196,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SESSION_LENGTH", @@ -1183,7 +1249,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNBLOCK_ON_DEVICE_ACCESS", @@ -1232,6 +1301,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json index 8847953dbf3..6d7d3e37714 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json @@ -50,7 +50,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_WEB_ADDRESS", @@ -103,7 +106,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SITES_SETTING", @@ -156,7 +162,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SITES_WEB_ADDRESS_MAPPING_UPDATES", @@ -207,7 +216,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VIEW_SITE_DETAILS", @@ -255,6 +267,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json index b3be5557b03..832cbfc26b7 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json @@ -47,7 +47,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GENERATE_2SV_SCRATCH_CODES", @@ -97,7 +103,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_3LO_DEVICE_TOKENS", @@ -149,7 +161,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_3LO_TOKEN", @@ -200,7 +218,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_RECOVERY_EMAIL", @@ -250,7 +274,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_RECOVERY_PHONE", @@ -300,7 +330,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GRANT_ADMIN_PRIVILEGE", @@ -350,7 +386,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_ADMIN_PRIVILEGE", @@ -400,7 +442,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_ASP", @@ -451,7 +499,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "TOGGLE_AUTOMATIC_CONTACT_SHARING", @@ -502,7 +556,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "BULK_UPLOAD", @@ -552,7 +612,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "BULK_UPLOAD_NOTIFICATION_SENT", @@ -603,7 +666,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CANCEL_USER_INVITE", @@ -654,7 +723,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_CUSTOM_FIELD", @@ -707,7 +782,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_EXTERNAL_ID", @@ -759,7 +840,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_GENDER", @@ -811,7 +898,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_IM", @@ -863,7 +956,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ENABLE_USER_IP_WHITELIST", @@ -915,7 +1014,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_KEYWORD", @@ -967,7 +1072,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_LANGUAGE", @@ -1019,7 +1130,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_LOCATION", @@ -1071,7 +1188,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_ORGANIZATION", @@ -1123,7 +1246,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_PHONE_NUMBER", @@ -1175,7 +1304,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_RECOVERY_EMAIL", @@ -1225,7 +1360,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_RECOVERY_PHONE", @@ -1275,7 +1416,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_RELATION", @@ -1327,7 +1474,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_ADDRESS", @@ -1379,7 +1532,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_EMAIL_MONITOR", @@ -1437,7 +1596,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_DATA_TRANSFER_REQUEST", @@ -1489,7 +1654,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GRANT_DELEGATED_ADMIN_PRIVILEGES", @@ -1540,7 +1711,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_ACCOUNT_INFO_DUMP", @@ -1591,7 +1768,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_EMAIL_MONITOR", @@ -1642,7 +1825,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_MAILBOX_DUMP", @@ -1693,7 +1882,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_FIRST_NAME", @@ -1745,7 +1940,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GMAIL_RESET_USER", @@ -1796,7 +1997,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_LAST_NAME", @@ -1848,7 +2055,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MAIL_ROUTING_DESTINATION_ADDED", @@ -1899,7 +2112,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MAIL_ROUTING_DESTINATION_REMOVED", @@ -1950,7 +2169,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_NICKNAME", @@ -2001,7 +2226,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REMOVE_NICKNAME", @@ -2052,7 +2283,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_PASSWORD", @@ -2102,7 +2339,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_PASSWORD_ON_NEXT_LOGIN", @@ -2154,7 +2397,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DOWNLOAD_PENDING_INVITES_LIST", @@ -2201,7 +2450,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_RECOVERY_EMAIL", @@ -2251,7 +2503,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REMOVE_RECOVERY_PHONE", @@ -2301,7 +2559,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REQUEST_ACCOUNT_INFO", @@ -2351,7 +2615,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REQUEST_MAILBOX_DUMP", @@ -2407,7 +2677,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RESEND_USER_INVITE", @@ -2458,7 +2734,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RESET_SIGNIN_COOKIES", @@ -2508,7 +2790,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "SECURITY_KEY_REGISTERED_FOR_USER", @@ -2558,7 +2846,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_SECURITY_KEY", @@ -2608,7 +2902,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USER_INVITE", @@ -2659,7 +2959,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "VIEW_TEMP_PASSWORD", @@ -2710,7 +3016,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "TURN_OFF_2_STEP_VERIFICATION", @@ -2760,7 +3072,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNBLOCK_USER_SESSION", @@ -2810,7 +3128,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNENROLL_USER_FROM_TITANIUM", @@ -2860,7 +3184,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ARCHIVE_USER", @@ -2910,7 +3240,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UPDATE_BIRTHDATE", @@ -2961,7 +3297,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_USER", @@ -3011,7 +3353,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_USER", @@ -3061,7 +3409,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DOWNGRADE_USER_FROM_GPLUS", @@ -3111,7 +3465,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USER_ENROLLED_IN_TWO_STEP_VERIFICATION", @@ -3161,7 +3521,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DOWNLOAD_USERLIST_CSV", @@ -3208,7 +3574,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOVE_USER_TO_ORG_UNIT", @@ -3260,7 +3629,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USER_PUT_IN_TWO_STEP_VERIFICATION_GRACE_PERIOD", @@ -3311,7 +3686,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RENAME_USER", @@ -3362,7 +3743,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNENROLL_USER_FROM_STRONG_AUTH", @@ -3412,7 +3799,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "SUSPEND_USER", @@ -3462,7 +3855,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNARCHIVE_USER", @@ -3512,7 +3911,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNDELETE_USER", @@ -3562,7 +3967,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNSUSPEND_USER", @@ -3612,7 +4023,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UPGRADE_USER_TO_GPLUS", @@ -3662,7 +4079,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USERS_BULK_UPLOAD", @@ -3711,7 +4134,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USERS_BULK_UPLOAD_NOTIFICATION_SENT", @@ -3761,6 +4187,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/config/common.js b/x-pack/filebeat/module/gsuite/config/common.js index 2867ee518f8..64ce7b0620f 100644 --- a/x-pack/filebeat/module/gsuite/config/common.js +++ b/x-pack/filebeat/module/gsuite/config/common.js @@ -50,7 +50,10 @@ var gsuite = (function () { return; } + evt.Put("user.id", evt.Get("source.user.id")); + evt.Put("user.name", data[0]); evt.Put("source.user.name", data[0]); + evt.Put("user.domain", data[1]); evt.Put("source.user.domain", data[1]); }; diff --git a/x-pack/filebeat/module/gsuite/drive/config/config.yml b/x-pack/filebeat/module/gsuite/drive/config/config.yml index 1bbe63a6574..80583ee31b6 100644 --- a/x-pack/filebeat/module/gsuite/drive/config/config.yml +++ b/x-pack/filebeat/module/gsuite/drive/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json index 77b16b9e929..07868860ee6 100644 --- a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json @@ -58,7 +58,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_canceled", @@ -119,7 +122,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_comment_added", @@ -180,7 +186,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_requested", @@ -241,7 +250,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_reviewer_responded", @@ -302,7 +314,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "create", @@ -361,7 +376,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "delete", @@ -420,7 +438,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "download", @@ -479,7 +500,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "edit", @@ -538,7 +562,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "add_lock", @@ -597,7 +624,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "move", @@ -660,7 +690,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "preview", @@ -719,7 +752,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "print", @@ -778,7 +814,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "remove_from_folder", @@ -839,7 +878,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "rename", @@ -900,7 +942,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "untrash", @@ -959,7 +1004,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "sheets_import_range", @@ -1018,7 +1066,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "trash", @@ -1077,7 +1128,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "remove_lock", @@ -1136,7 +1190,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "upload", @@ -1195,7 +1252,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "view", @@ -1255,7 +1315,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_acl_editors", @@ -1320,7 +1383,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_document_access_scope", @@ -1386,7 +1452,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_document_visibility", @@ -1452,7 +1521,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "shared_drive_membership_change", @@ -1518,7 +1590,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "shared_drive_settings_change", @@ -1584,7 +1659,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "sheets_import_range_access_change", @@ -1645,7 +1723,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_user_access", @@ -1712,6 +1793,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/groups/config/config.yml b/x-pack/filebeat/module/gsuite/groups/config/config.yml index c0034e6af7a..75482518477 100644 --- a/x-pack/filebeat/module/gsuite/groups/config/config.yml +++ b/x-pack/filebeat/module/gsuite/groups/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/groups/config/pipeline.js b/x-pack/filebeat/module/gsuite/groups/config/pipeline.js index 21f859a13e6..a0144435049 100644 --- a/x-pack/filebeat/module/gsuite/groups/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/groups/config/pipeline.js @@ -129,6 +129,17 @@ var groups = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var pipeline = new processor.Chain() diff --git a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json index b99c77b57a5..2e43310ea93 100644 --- a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json @@ -56,7 +56,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "accept_invitation", @@ -108,7 +111,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approve_join_request", @@ -162,7 +168,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "join", @@ -214,7 +228,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "request_to_join", @@ -266,7 +283,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_basic_setting", @@ -321,7 +341,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "create_group", @@ -372,7 +395,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "delete_group", @@ -423,7 +449,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_identity_setting", @@ -478,7 +507,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "add_info_setting", @@ -532,7 +564,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_info_setting", @@ -587,7 +622,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "remove_info_setting", @@ -641,7 +679,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_new_members_restrictions_setting", @@ -696,7 +737,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_post_replies_setting", @@ -751,7 +795,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_spam_moderation_setting", @@ -806,7 +853,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_topic_setting", @@ -861,7 +911,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "moderate_message", @@ -916,7 +969,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "always_post_from_user", @@ -971,7 +1027,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "add_user", @@ -1026,7 +1090,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "ban_user_with_moderation", @@ -1081,7 +1153,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "revoke_invitation", @@ -1135,7 +1215,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "invite_user", @@ -1189,7 +1277,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "reject_join_request", @@ -1243,7 +1339,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "reinvite_user", @@ -1297,7 +1401,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "remove_user", @@ -1351,6 +1463,14 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/login/config/config.yml b/x-pack/filebeat/module/gsuite/login/config/config.yml index 41606ccb83c..ab40715bd4a 100644 --- a/x-pack/filebeat/module/gsuite/login/config/config.yml +++ b/x-pack/filebeat/module/gsuite/login/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/login/config/pipeline.js b/x-pack/filebeat/module/gsuite/login/config/pipeline.js index 13c155661a0..0fb518b351d 100644 --- a/x-pack/filebeat/module/gsuite/login/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/login/config/pipeline.js @@ -9,14 +9,17 @@ var login = (function () { evt.Put("event.category", ["authentication"]); switch (evt.Get("event.action")) { case "login_failure": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "failure"); break; case "login_success": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "success"); break; case "logout": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["end"]); break; case "account_disabled_generic": @@ -83,9 +86,25 @@ var login = (function () { evt.Delete("json.events.parameters"); }; + var addTargetUser = function(evt) { + var affectedEmail = evt.Get("google_workspace.login.affected_email_address"); + if (affectedEmail) { + evt.Put("user.target.email", affectedEmail); + var data = affectedEmail.split("@"); + if (data.length !== 2) { + return; + } + + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.AppendTo("related.user", data[0]); + } + }; + var pipeline = new processor.Chain() .Add(categorizeEvent) .Add(processParams) + .Add(addTargetUser) .Build(); return { diff --git a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json index 287e6245a25..261bf54dbf6 100644 --- a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "account_disabled_generic", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "account_disabled_spamming_through_relay", @@ -144,7 +150,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "account_disabled_spamming", @@ -193,7 +202,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "gov_attack_warning", @@ -240,12 +252,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.login", "event.id": "1", @@ -291,7 +307,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_challenge", @@ -341,7 +360,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_verification", @@ -392,12 +414,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "logout", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.login", "event.id": "1", @@ -440,12 +466,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.login", "event.id": "1", @@ -491,6 +521,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/saml/config/config.yml b/x-pack/filebeat/module/gsuite/saml/config/config.yml index e7d9992f045..62f1e7d9f4e 100644 --- a/x-pack/filebeat/module/gsuite/saml/config/config.yml +++ b/x-pack/filebeat/module/gsuite/saml/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/saml/config/pipeline.js b/x-pack/filebeat/module/gsuite/saml/config/pipeline.js index 3ad58062823..2011e6d437b 100644 --- a/x-pack/filebeat/module/gsuite/saml/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/saml/config/pipeline.js @@ -7,7 +7,7 @@ var saml = (function () { var categorizeEvent = function(evt) { evt.Put("event.type", ["start"]); - evt.Put("event.category", ["authentication"]); + evt.Put("event.category", ["authentication", "session"]); switch (evt.Get("event.action")) { case "login_failure": evt.Put("event.outcome", "failure"); diff --git a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json index 6dd2d0216b0..850766be83d 100644 --- a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json @@ -2,7 +2,8 @@ { "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.saml", "event.id": "1", @@ -51,12 +52,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.saml", "event.id": "1", @@ -103,6 +108,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml index 09cba1a7fd2..c6aa5ded144 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml +++ b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json index 689aad5cde2..5943488f324 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json @@ -45,7 +45,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "2sv_enroll", @@ -93,7 +96,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "password_edit", @@ -141,7 +147,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "recovery_email_edit", @@ -189,7 +198,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "recovery_phone_edit", @@ -237,7 +249,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "recovery_secret_qa_edit", @@ -285,7 +300,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "titanium_enroll", @@ -333,7 +351,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "titanium_unenroll", @@ -381,6 +402,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml index e433632b7a8..ac21107959c 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml +++ b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/imperva/securesphere/config/input.yml b/x-pack/filebeat/module/imperva/securesphere/config/input.yml index d7c7e0ba749..51f37f33c88 100644 --- a/x-pack/filebeat/module/imperva/securesphere/config/input.yml +++ b/x-pack/filebeat/module/imperva/securesphere/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/infoblox/nios/config/input.yml b/x-pack/filebeat/module/infoblox/nios/config/input.yml index 48403d0a09c..6f404d2ce46 100644 --- a/x-pack/filebeat/module/infoblox/nios/config/input.yml +++ b/x-pack/filebeat/module/infoblox/nios/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/iptables/log/config/input.yml b/x-pack/filebeat/module/iptables/log/config/input.yml index b247428d138..5226893b62c 100644 --- a/x-pack/filebeat/module/iptables/log/config/input.yml +++ b/x-pack/filebeat/module/iptables/log/config/input.yml @@ -55,4 +55,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/junos/config/input.yml b/x-pack/filebeat/module/juniper/junos/config/input.yml index 088629b28ba..6c3777a8325 100644 --- a/x-pack/filebeat/module/juniper/junos/config/input.yml +++ b/x-pack/filebeat/module/juniper/junos/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/netscreen/config/input.yml b/x-pack/filebeat/module/juniper/netscreen/config/input.yml index 0ec5bf4cda1..8316e26b292 100644 --- a/x-pack/filebeat/module/juniper/netscreen/config/input.yml +++ b/x-pack/filebeat/module/juniper/netscreen/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/srx/config/srx.yml b/x-pack/filebeat/module/juniper/srx/config/srx.yml index 6af16945317..021eca1c964 100644 --- a/x-pack/filebeat/module/juniper/srx/config/srx.yml +++ b/x-pack/filebeat/module/juniper/srx/config/srx.yml @@ -28,4 +28,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.5.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml b/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml index 9fb9057b8fa..a7d4b22ee7e 100644 --- a/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml +++ b/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml @@ -238,37 +238,57 @@ processors: field: related.ip value: '{{source.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.destination?.ip != null' field: related.ip value: '{{destination.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.source?.nat?.ip != null' field: related.ip value: '{{source.nat.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx?.destination?.nat?.ip != null' field: related.ip value: '{{destination.nat.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.url?.domain != null' field: related.hosts value: '{{url.domain}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.source?.domain != null' field: related.hosts value: '{{source.domain}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.destination?.domain != null' field: related.hosts value: '{{destination.domain}}' ignore_failure: true + allow_duplicates: false + +- append: + if: 'ctx?.source?.user?.name != null' + field: related.user + value: '{{source.user.name}}' + ignore_failure: true + allow_duplicates: false +- append: + if: 'ctx?.destination?.user?.name != null' + field: related.user + value: '{{destination.user.name}}' + ignore_failure: true + allow_duplicates: false on_failure: - set: diff --git a/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json index 69639938252..9227f428e4a 100644 --- a/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json @@ -58,6 +58,9 @@ "10.10.10.1", "187.19.188.200" ], + "related.user": [ + "user1" + ], "server.ip": "187.19.188.200", "server.port": 80, "service.type": "juniper", @@ -110,6 +113,9 @@ "related.ip": [ "192.0.2.0" ], + "related.user": [ + "admin" + ], "service.type": "juniper", "source.domain": "host.example.com", "source.ip": "192.0.2.0", diff --git a/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json index 9eb70c83a64..622200c634a 100644 --- a/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json @@ -44,8 +44,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.0.0.1", - "10.128.0.1", "10.0.0.1", "10.128.0.1" ], @@ -245,8 +243,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "1.2.3.4", - "5.6.7.8", "1.2.3.4", "5.6.7.8" ], @@ -323,8 +319,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "50.0.0.100", - "30.0.0.100", "50.0.0.100", "30.0.0.100" ], @@ -396,7 +390,6 @@ "related.ip": [ "192.0.2.1", "198.51.100.12", - "192.0.2.1", "18.51.100.12" ], "rule.name": "policy1", @@ -472,7 +465,6 @@ "related.ip": [ "192.0.2.1", "198.51.100.12", - "192.0.2.1", "18.51.100.12" ], "rule.name": "policy1", @@ -563,8 +555,7 @@ "related.ip": [ "10.3.255.203", "8.23.224.110", - "10.3.136.49", - "8.23.224.110" + "10.3.136.49" ], "rule.name": "permit_all", "server.bytes": 535, @@ -636,8 +627,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "192.168.2.164", - "172.16.1.19", "192.168.2.164", "172.16.1.19" ], @@ -722,8 +711,7 @@ "related.ip": [ "100.73.10.92", "58.68.126.198", - "58.78.140.131", - "58.68.126.198" + "58.78.140.131" ], "rule.name": "NAT", "server.bytes": 136, @@ -816,8 +804,7 @@ "related.ip": [ "192.168.255.2", "8.8.8.8", - "192.168.0.47", - "8.8.8.8" + "192.168.0.47" ], "rule.name": "trust-to-untrust-001", "server.bytes": 116, @@ -966,8 +953,7 @@ "related.ip": [ "192.168.224.30", "207.17.137.56", - "173.167.224.7", - "207.17.137.56" + "173.167.224.7" ], "rule.name": "General-Outbound", "server.ip": "207.17.137.56", @@ -1053,8 +1039,7 @@ "related.ip": [ "192.168.224.30", "207.17.137.56", - "173.167.224.7", - "207.17.137.56" + "173.167.224.7" ], "rule.name": "General-Outbound", "server.bytes": 0, @@ -1146,8 +1131,7 @@ "related.ip": [ "192.168.224.30", "207.17.137.56", - "173.167.224.7", - "207.17.137.56" + "173.167.224.7" ], "rule.name": "General-Outbound", "server.bytes": 104, @@ -1240,11 +1224,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.bytes": 686432, "server.ip": "5.0.0.1", @@ -1328,11 +1313,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.ip": "5.0.0.1", "server.nat.port": 80, @@ -1417,11 +1403,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.bytes": 646, "server.ip": "5.0.0.1", @@ -1495,8 +1482,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "50.0.0.100", - "30.0.0.100", "50.0.0.100", "30.0.0.100" ], @@ -1637,11 +1622,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.bytes": 646, "server.ip": "5.0.0.1", @@ -1733,8 +1719,7 @@ "related.ip": [ "10.1.1.100", "46.165.154.241", - "172.19.34.100", - "46.165.154.241" + "172.19.34.100" ], "rule.name": "default-permit", "server.bytes": 2132, @@ -1829,8 +1814,7 @@ "related.ip": [ "10.1.1.100", "91.228.167.172", - "172.19.34.100", - "91.228.167.172" + "172.19.34.100" ], "rule.name": "default-permit", "server.bytes": 9670, @@ -1906,8 +1890,7 @@ "related.ip": [ "10.1.1.100", "8.8.8.8", - "172.19.34.100", - "8.8.8.8" + "172.19.34.100" ], "rule.name": "default-permit", "server.ip": "8.8.8.8", @@ -1989,8 +1972,7 @@ "related.ip": [ "10.1.1.100", "8.8.8.8", - "172.19.34.100", - "8.8.8.8" + "172.19.34.100" ], "rule.name": "default-permit", "server.bytes": 82, diff --git a/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json index 8a5a7307355..71faf19efc7 100644 --- a/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json @@ -67,6 +67,9 @@ "0.0.0.0", "3.3.10.11" ], + "related.user": [ + "unknown-user" + ], "rule.id": "3", "rule.name": "IPS", "server.bytes": 0, @@ -155,6 +158,9 @@ "0.0.0.0", "3.3.10.11" ], + "related.user": [ + "unknown-user" + ], "rule.id": "3", "rule.name": "IPS", "server.bytes": 0, diff --git a/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json index 6b0aa31072f..1da203ed451 100644 --- a/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json @@ -49,6 +49,9 @@ "192.168.1.100", "103.235.46.39" ], + "related.user": [ + "user01" + ], "server.ip": "103.235.46.39", "server.port": 80, "service.type": "juniper", @@ -108,6 +111,9 @@ "10.10.10.50", "216.200.241.66" ], + "related.user": [ + "user02" + ], "server.ip": "216.200.241.66", "server.port": 80, "service.type": "juniper", @@ -320,6 +326,9 @@ "related.ip": [ "10.10.10.1" ], + "related.user": [ + "user01" + ], "service.type": "juniper", "source.ip": "10.10.10.1", "source.user.name": "user01", @@ -372,6 +381,9 @@ "192.0.2.3", "198.51.100.2" ], + "related.user": [ + "user01@testuser.com" + ], "server.ip": "198.51.100.2", "server.port": 80, "service.type": "juniper", @@ -433,6 +445,9 @@ "192.168.1.100", "103.235.46.39" ], + "related.user": [ + "user01" + ], "server.ip": "103.235.46.39", "server.port": 80, "service.type": "juniper", diff --git a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml index 9b9eda7e094..d1e5c971b80 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml @@ -54,4 +54,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml b/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml index 0f35c753092..b04d4b5d67f 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml @@ -249,17 +249,34 @@ processors: ###################### - rename: field: json.relatedUser.userName - target_field: host.user.name + target_field: user.name ignore_missing: true - rename: field: json.relatedUser.domainName - target_field: host.user.domain + target_field: user.domain ignore_missing: true - rename: field: json.evidence.userSid - target_field: host.user.id + target_field: user.id ignore_missing: true +############################## +## ECS host.user Mapping ## +## Deprecated since ECS 1.8 ## +############################## +- set: + field: host.user.name + value: '{{user.name}}' + ignore_empty_value: true +- set: + field: host.user.domain + value: '{{user.domain}}' + ignore_empty_value: true +- set: + field: host.user.id + value: '{{user.id}}' + ignore_empty_value: true + ######################### ## ECS Related Mapping ## ######################### @@ -269,8 +286,8 @@ processors: if: ctx.json?.evidence?.ipAddress != null - append: field: related.user - value: '{{host.user.name}}' - if: ctx.host?.user?.name != null + value: '{{user.name}}' + if: ctx.user?.name != null - append: field: related.hash value: '{{file.hash.sha1}}' diff --git a/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json b/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json index 0423289d6ac..388aa8586a1 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json +++ b/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json @@ -118,7 +118,9 @@ "forwarded" ], "threat.framework": "MITRE ATT&CK", - "threat.technique.name": "DefenseEvasion" + "threat.technique.name": "DefenseEvasion", + "user.domain": "TestServer4", + "user.name": "administrator1" }, { "cloud.account.id": "43521344-d66c-4c7e-9e30-40034eb7c6f3", @@ -176,7 +178,10 @@ "forwarded" ], "threat.framework": "MITRE ATT&CK", - "threat.technique.name": "DefenseEvasion" + "threat.technique.name": "DefenseEvasion", + "user.domain": "TestServer4", + "user.id": "S-1-5-21-46152456-1367606905-4031241297-500", + "user.name": "administrator1" }, { "cloud.account.id": "1234543-d66c-4c7e-9e30-40034eb7c6f3", diff --git a/x-pack/filebeat/module/microsoft/dhcp/config/input.yml b/x-pack/filebeat/module/microsoft/dhcp/config/input.yml index 2d6d418b4d9..0e77cbdf491 100644 --- a/x-pack/filebeat/module/microsoft/dhcp/config/input.yml +++ b/x-pack/filebeat/module/microsoft/dhcp/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml index 4f07ff46be2..52ebe56c3b1 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml +++ b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml @@ -54,4 +54,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml b/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml index f1ea7c03abd..ae33c77d6d5 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml +++ b/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml @@ -227,17 +227,34 @@ processors: ###################### - rename: field: json.alerts.entities.userPrincipalName - target_field: host.user.name + target_field: user.name ignore_missing: true - rename: field: json.alerts.entities.domainName - target_field: host.user.domain + target_field: user.domain ignore_missing: true - rename: field: json.alerts.entities.aadUserId - target_field: host.user.id + target_field: user.id ignore_missing: true +############################## +## ECS host.user Mapping ## +## Deprecated since ECS 1.8 ## +############################## +- set: + field: host.user.name + value: '{{user.name}}' + ignore_empty_value: true +- set: + field: host.user.domain + value: '{{user.domain}}' + ignore_empty_value: true +- set: + field: host.user.id + value: '{{user.id}}' + ignore_empty_value: true + ######################### ## ECS Related Mapping ## ######################### @@ -247,8 +264,8 @@ processors: if: ctx.json?.entities?.ipAddress != null - append: field: related.user - value: '{{host.user.name}}' - if: ctx.host?.user?.name != null + value: '{{user.name}}' + if: ctx.user?.name != null - append: field: related.hash value: '{{file.hash.sha1}}' diff --git a/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json b/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json index 1f81a57a98f..edd4b8ad091 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json +++ b/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json @@ -556,7 +556,9 @@ "forwarded" ], "threat.framework": "MITRE ATT&CK", - "threat.technique.name": "SuspiciousActivity" + "threat.technique.name": "SuspiciousActivity", + "user.id": "8e24c50a-a77c-4782-813f-965009b5ddf3", + "user.name": "brent@elasticbv.onmicrosoft.com" }, { "@timestamp": "2020-09-23T19:32:05.8366667Z", diff --git a/x-pack/filebeat/module/misp/threat/config/input.yml b/x-pack/filebeat/module/misp/threat/config/input.yml index 81deb7e5aa5..488f0a249c0 100644 --- a/x-pack/filebeat/module/misp/threat/config/input.yml +++ b/x-pack/filebeat/module/misp/threat/config/input.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/mssql/log/config/config.yml b/x-pack/filebeat/module/mssql/log/config/config.yml index 085cd033b37..d908ffc950b 100644 --- a/x-pack/filebeat/module/mssql/log/config/config.yml +++ b/x-pack/filebeat/module/mssql/log/config/config.yml @@ -14,4 +14,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml b/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml index ec1ee8b0903..c62863d5ac8 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml +++ b/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml b/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml index c9ec7375e71..c0bb73d049e 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml +++ b/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml @@ -23,7 +23,7 @@ processors: - append: field: event.category value: iam - if: '["create_user", "delete_user", "grant", "flush_privileges"].contains(ctx.mysqlenterprise.audit?.general_data?.sql_command)' + if: '["create_user", "delete_user", "drop_user", "grant", "flush_privileges"].contains(ctx.mysqlenterprise.audit?.general_data?.sql_command)' - append: field: event.type value: access @@ -128,6 +128,38 @@ processors: if (ctx.process.args.length > 0) { ctx.process.executable = ctx.process.args[0]; } +# Query parsing +- grok: + field: mysqlenterprise.audit.general_data.query + if: '["create_user", "delete_user", "drop_user"].contains(ctx.mysqlenterprise?.audit?.general_data?.sql_command)' + ignore_failure: true + patterns: + - '(?i)(?:CREATE|DROP)\s+USER(?:\s+IF\s+(?:NOT\s+)?EXISTS)?\s+(?:%{START_QUOTE}%{QUOTED:user.target.name}%{END_QUOTE}|%{UNQUOTED:user.target.name})(?:@(?:%{START_QUOTE}%{QUOTED:user.target.domain}%{END_QUOTE}|%{UNQUOTED:user.target.domain}))?' + pattern_definitions: + START_QUOTE: (?<__quote>['"`]) + QUOTED: (?~\k<__quote>) + END_QUOTE: (?:\k<__quote>) + UNQUOTED: (?:[^\s@;]*+) +- remove: + field: __quote + ignore_missing: true +- set: + field: user.name + value: '{{server.user.name}}' + ignore_empty_value: true + if: 'ctx.user?.target != null' +- append: + field: event.type + value: + - user + - creation + if: 'ctx.mysqlenterprise?.audit?.general_data?.sql_command == "create_user"' +- append: + field: event.type + value: + - user + - deletion + if: 'ctx.mysqlenterprise?.audit?.general_data?.sql_command == "drop_user" || ctx.mysqlenterprise?.audit?.general_data?.sql_command == "delete_user"' # Attributes starting with _ is only supported by MySQL 8.0.19 and above. - convert: @@ -138,23 +170,39 @@ processors: - append: field: related.user value: '{{server.user.name}}' + allow_duplicates: false if: ctx?.server?.user?.name != null - append: field: related.user value: '{{client.user.name}}' + allow_duplicates: false if: ctx?.client?.user?.name != null +- append: + field: related.user + value: '{{user.target.name}}' + allow_duplicates: false + if: ctx?.user?.target?.name != null - append: field: related.ip value: '{{client.ip}}' + allow_duplicates: false if: ctx?.client?.ip != null +- append: + field: related.hosts + value: '{{client.domain}}' + allow_duplicates: false + if: ctx?.client?.domain != null - date: field: mysqlenterprise.audit.timestamp formats: - yyyy-MM-dd HH:mm:ss if: ctx?.mysqlenterprise?.audit?.timestamp != null +- rename: + field: message + target_field: event.original + ignore_missing: true - remove: field: - - message - mysqlenterprise.audit.event - mysqlenterprise.audit.timestamp - mysqlenterprise.audit.connection_data.connection_attributes._pid diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log index 2bf3e31f37b..79e8ac2cd21 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log +++ b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log @@ -9,7 +9,7 @@ { "timestamp": "2020-10-19 19:28:27", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'root'@'hades.home' IDENTIFIED BY 'password'", "status": 1064 } }, { "timestamp": "2020-10-19 19:28:54", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'", "status": 1410 } }, { "timestamp": "2020-10-19 19:29:36", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "CREATE USER 'audit_test_user'@'localhost' IDENTIFIED BY ", "status": 1396 } }, -{ "timestamp": "2020-10-19 19:30:00", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "CREATE USER 'audit_test_user2'@'hades.home' IDENTIFIED BY ", "status": 0 } }, +{ "timestamp": "2020-10-19 19:30:00", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "CREATE USER IF NOT EXISTS 'audit_test_user2'@'hades.home' IDENTIFIED BY ", "status": 0 } }, { "timestamp": "2020-10-19 19:30:18", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO ‘audit_test_user2’@’hades.home’", "status": 1410 } }, { "timestamp": "2020-10-19 19:30:32", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'", "status": 1410 } }, { "timestamp": "2020-10-19 19:30:49", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'", "status": 1410 } }, @@ -29,3 +29,6 @@ { "timestamp": "2020-10-19 19:32:10", "id": 0, "class": "connection", "event": "disconnect", "connection_id": 16, "account": { "user": "audit_test_user2", "host": "hades.home" }, "login": { "user": "audit_test_user2", "os": "", "ip": "192.168.2.5", "proxy": "" }, "connection_data": { "connection_type": "ssl" } }, { "timestamp": "2020-10-19 19:32:12", "id": 0, "class": "connection", "event": "disconnect", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "connection_data": { "connection_type": "socket" } }, { "timestamp": "2020-10-19 19:32:16", "id": 0, "class": "audit", "event": "shutdown", "connection_id": 0, "shutdown_data": { "server_id": 1 } } +{ "timestamp": "2021-02-10 19:05:42", "id": 2, "class": "audit", "event": "status", "connection_id": 42, "account": { "user": "adrian", "host": "elastic" }, "login": { "user": "adrian", "os": "", "ip": "192.168.7.76", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "crEAtE uSeR 'evil user'@elastic IDENTIFIED BY ", "status": 1396 } }, +{ "timestamp": "2021-02-10 19:05:42", "id": 2, "class": "audit", "event": "status", "connection_id": 42, "account": { "user": "adrian", "host": "elastic" }, "login": { "user": "evil user", "os": "", "ip": "192.168.7.76", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "drop_db", "query": "DROP DATABASE prod", "status": 1396 } }, +{ "timestamp": "2021-02-10 19:05:42", "id": 2, "class": "audit", "event": "status", "connection_id": 42, "account": { "user": "adrian", "host": "elastic" }, "login": { "user": "evil user", "os": "", "ip": "192.168.7.76", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "drop_user", "query": "DrOp usEr IF EXISTS 'evil user'@%", "status": 1396 } }, diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json index 48e4c2fa161..e563f918ac7 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json +++ b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json @@ -8,6 +8,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:21:33\", \"id\": 0, \"class\": \"audit\", \"event\": \"startup\", \"connection_id\": 0, \"account\": { \"user\": \"skip-grants user\", \"host\": \"\" }, \"login\": { \"user\": \"\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"startup_data\": { \"server_id\": 1, \"os_version\": \"x86_64-Linux\", \"mysql_version\": \"8.0.22-commercial\", \"args\": [\"/usr/local/mysql/bin/mysqld\", \"--loose-audit-log-format=JSON\", \"--log-error=log.err\", \"--pid-file=mysqld.pid\", \"--port=3306\" ] } },", "event.outcome": "unknown", "event.timezone": "-02:00", "fileset.name": "audit", @@ -50,6 +51,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:25:51\", \"id\": 0, \"class\": \"connection\", \"event\": \"connect\", \"connection_id\": 13, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\", \"status\": 0, \"db\": \"\", \"connection_attributes\": { \"_pid\": \"33038\", \"_platform\": \"x86_64\", \"_os\": \"Linux\", \"_client_name\": \"libmysql\", \"os_user\": \"root\", \"_client_version\": \"8.0.22\" } } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -73,6 +75,9 @@ "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", "process.pid": 33038, + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -92,6 +97,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:25:51\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 13, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select @@version_comment limit 1\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -110,6 +116,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -129,6 +138,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:25:52\", \"id\": 0, \"class\": \"connection\", \"event\": \"disconnect\", \"connection_id\": 13, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -145,6 +155,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -165,6 +178,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:27:45\", \"id\": 0, \"class\": \"connection\", \"event\": \"connect\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\", \"status\": 0, \"db\": \"\", \"connection_attributes\": { \"_pid\": \"33197\", \"_platform\": \"x86_64\", \"_os\": \"Linux\", \"_client_name\": \"libmysql\", \"os_user\": \"root\", \"_client_version\": \"8.0.22\" } } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -188,6 +202,9 @@ "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", "process.pid": 33197, + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -207,6 +224,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:27:45\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select @@version_comment limit 1\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -225,6 +243,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -245,6 +266,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:27:50\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password'\", \"status\": 1064 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -263,6 +285,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -283,6 +308,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:28:04\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password'\", \"status\": 1064 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -301,6 +327,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -321,6 +350,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:28:27\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'hades.home' IDENTIFIED BY 'password'\", \"status\": 1064 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -339,6 +369,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -359,6 +392,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:28:54\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -377,6 +411,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -397,11 +434,14 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:29:36\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_user\", \"query\": \"CREATE USER 'audit_test_user'@'localhost' IDENTIFIED BY \", \"status\": 1396 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ "access", - "connection" + "connection", + "user", + "creation" ], "fileset.name": "audit", "input.type": "log", @@ -415,14 +455,21 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ - "root" + "root", + "audit_test_user" ], "server.user.name": "root", "service.type": "mysqlenterprise", "tags": [ "mysqlenterprise-audit" - ] + ], + "user.name": "root", + "user.target.domain": "localhost", + "user.target.name": "audit_test_user" }, { "@timestamp": "2020-10-19T19:30:00.000Z", @@ -435,11 +482,14 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:00\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_user\", \"query\": \"CREATE USER IF NOT EXISTS 'audit_test_user2'@'hades.home' IDENTIFIED BY \", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ "access", - "connection" + "connection", + "user", + "creation" ], "fileset.name": "audit", "input.type": "log", @@ -447,20 +497,27 @@ "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", - "mysqlenterprise.audit.general_data.query": "CREATE USER 'audit_test_user2'@'hades.home' IDENTIFIED BY ", + "mysqlenterprise.audit.general_data.query": "CREATE USER IF NOT EXISTS 'audit_test_user2'@'hades.home' IDENTIFIED BY ", "mysqlenterprise.audit.general_data.sql_command": "create_user", "mysqlenterprise.audit.general_data.status": 0, "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ - "root" + "root", + "audit_test_user2" ], "server.user.name": "root", "service.type": "mysqlenterprise", "tags": [ "mysqlenterprise-audit" - ] + ], + "user.name": "root", + "user.target.domain": "hades.home", + "user.target.name": "audit_test_user2" }, { "@timestamp": "2020-10-19T19:30:18.000Z", @@ -473,6 +530,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:18\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO \u2018audit_test_user2\u2019@\u2019hades.home\u2019\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -481,7 +539,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 4645, + "log.offset": 4659, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -491,6 +549,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -511,6 +572,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:32\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -519,7 +581,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 5031, + "log.offset": 5045, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -529,6 +591,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -549,6 +614,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:49\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -557,7 +623,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 5408, + "log.offset": 5422, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -567,6 +633,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -587,6 +656,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:01\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user2'@'hades.home'\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -595,7 +665,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 5785, + "log.offset": 5799, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -605,6 +675,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -626,6 +699,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:25\", \"id\": 0, \"class\": \"connection\", \"event\": \"connect\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"ssl\", \"status\": 0, \"db\": \"\", \"connection_attributes\": { \"_os\": \"Linux\", \"_client_name\": \"libmysql\", \"_pid\": \"394499\", \"_client_version\": \"5.7.30\", \"_platform\": \"x86_64\" } } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -635,7 +709,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 6160, + "log.offset": 6174, "mysqlenterprise.audit.class": "connection", "mysqlenterprise.audit.connection_data.connection_attributes._client_name": "libmysql", "mysqlenterprise.audit.connection_data.connection_attributes._client_version": "5.7.30", @@ -648,6 +722,9 @@ "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", "process.pid": 394499, + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -671,6 +748,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:25\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select @@version_comment limit 1\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -679,7 +757,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 6638, + "log.offset": 6652, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -689,6 +767,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -712,6 +793,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:31\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_db\", \"query\": \"create database audit_test\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -720,7 +802,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 7020, + "log.offset": 7034, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -730,6 +812,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -753,6 +838,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"SELECT DATABASE()\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -761,7 +847,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 7399, + "log.offset": 7413, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -771,6 +857,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -794,6 +883,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Init DB\", \"sql_command\": \"error\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -802,7 +892,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 7766, + "log.offset": 7780, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Init DB", @@ -811,6 +901,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -834,6 +927,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 2, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"show_databases\", \"query\": \"show databases\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -842,7 +936,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 8104, + "log.offset": 8118, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -852,6 +946,9 @@ "mysqlenterprise.audit.id": 2, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -875,6 +972,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 3, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"show_tables\", \"query\": \"show tables\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -883,7 +981,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 8476, + "log.offset": 8490, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -893,6 +991,9 @@ "mysqlenterprise.audit.id": 3, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -916,6 +1017,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:47\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_table\", \"query\": \"CREATE TABLE audit_test_table (firstname VARCHAR(20), lastname VARCHAR(20))\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -924,7 +1026,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 8842, + "log.offset": 8856, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -934,6 +1036,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -957,6 +1062,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:57\", \"id\": 0, \"class\": \"table_access\", \"event\": \"insert\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"table_access_data\": { \"db\": \"audit_test\", \"table\": \"audit_test_table\", \"query\": \"INSERT INTO audit_test_table values ('John', 'Smith')\", \"sql_command\": \"insert\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -965,7 +1071,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 9273, + "log.offset": 9287, "mysqlenterprise.audit.class": "table_access", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.id": 0, @@ -975,6 +1081,9 @@ "mysqlenterprise.audit.table_access_data.sql_command": "insert", "mysqlenterprise.audit.table_access_data.table": "audit_test_table", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -998,6 +1107,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:57\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"insert\", \"query\": \"INSERT INTO audit_test_table values ('John', 'Smith')\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -1006,7 +1116,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 9702, + "log.offset": 9716, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -1016,6 +1126,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1039,6 +1152,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:05\", \"id\": 0, \"class\": \"table_access\", \"event\": \"read\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"table_access_data\": { \"db\": \"audit_test\", \"table\": \"audit_test_table\", \"query\": \"select * from audit_test_table\", \"sql_command\": \"select\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -1047,7 +1161,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 10105, + "log.offset": 10119, "mysqlenterprise.audit.class": "table_access", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.id": 0, @@ -1057,6 +1171,9 @@ "mysqlenterprise.audit.table_access_data.sql_command": "select", "mysqlenterprise.audit.table_access_data.table": "audit_test_table", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1080,6 +1197,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:05\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select * from audit_test_table\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -1088,7 +1206,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 10509, + "log.offset": 10523, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -1098,6 +1216,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1121,6 +1242,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:10\", \"id\": 0, \"class\": \"connection\", \"event\": \"disconnect\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"ssl\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -1130,13 +1252,16 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 10889, + "log.offset": 10903, "mysqlenterprise.audit.class": "connection", "mysqlenterprise.audit.connection_data.connection_type": "ssl", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1159,6 +1284,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:12\", \"id\": 0, \"class\": \"connection\", \"event\": \"disconnect\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -1168,13 +1294,16 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 11204, + "log.offset": 11218, "mysqlenterprise.audit.class": "connection", "mysqlenterprise.audit.connection_data.connection_type": "socket", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -1193,11 +1322,12 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:16\", \"id\": 0, \"class\": \"audit\", \"event\": \"shutdown\", \"connection_id\": 0, \"shutdown_data\": { \"server_id\": 1 } }", "event.outcome": "unknown", "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", - "log.offset": 11486, + "log.offset": 11500, "mysqlenterprise.audit.class": "audit", "mysqlenterprise.audit.connection_id": 0, "mysqlenterprise.audit.id": 0, @@ -1207,5 +1337,146 @@ "tags": [ "mysqlenterprise-audit" ] + }, + { + "@timestamp": "2021-02-10T19:05:42.000Z", + "client.domain": "elastic", + "client.ip": "192.168.7.76", + "event.action": "mysql-status", + "event.category": [ + "database", + "iam" + ], + "event.dataset": "mysqlenterprise.audit", + "event.kind": "event", + "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2021-02-10 19:05:42\", \"id\": 2, \"class\": \"audit\", \"event\": \"status\", \"connection_id\": 42, \"account\": { \"user\": \"adrian\", \"host\": \"elastic\" }, \"login\": { \"user\": \"adrian\", \"os\": \"\", \"ip\": \"192.168.7.76\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_user\", \"query\": \"crEAtE uSeR 'evil user'@elastic IDENTIFIED BY \", \"status\": 1396 } },", + "event.outcome": "failure", + "event.timezone": "-02:00", + "event.type": [ + "user", + "creation" + ], + "fileset.name": "audit", + "input.type": "log", + "log.offset": 11644, + "mysqlenterprise.audit.class": "audit", + "mysqlenterprise.audit.connection_id": 42, + "mysqlenterprise.audit.general_data.command": "Query", + "mysqlenterprise.audit.general_data.query": "crEAtE uSeR 'evil user'@elastic IDENTIFIED BY ", + "mysqlenterprise.audit.general_data.sql_command": "create_user", + "mysqlenterprise.audit.general_data.status": 1396, + "mysqlenterprise.audit.id": 2, + "mysqlenterprise.audit.login.user": "adrian", + "process.name": "mysqld", + "related.hosts": [ + "elastic" + ], + "related.ip": [ + "192.168.7.76" + ], + "related.user": [ + "adrian", + "evil user" + ], + "server.user.name": "adrian", + "service.type": "mysqlenterprise", + "tags": [ + "mysqlenterprise-audit" + ], + "user.name": "adrian", + "user.target.domain": "elastic", + "user.target.name": "evil user" + }, + { + "@timestamp": "2021-02-10T19:05:42.000Z", + "client.domain": "elastic", + "client.ip": "192.168.7.76", + "event.action": "mysql-status", + "event.category": [ + "database" + ], + "event.dataset": "mysqlenterprise.audit", + "event.kind": "event", + "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2021-02-10 19:05:42\", \"id\": 2, \"class\": \"audit\", \"event\": \"status\", \"connection_id\": 42, \"account\": { \"user\": \"adrian\", \"host\": \"elastic\" }, \"login\": { \"user\": \"evil user\", \"os\": \"\", \"ip\": \"192.168.7.76\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"drop_db\", \"query\": \"DROP DATABASE prod\", \"status\": 1396 } },", + "event.outcome": "failure", + "event.timezone": "-02:00", + "fileset.name": "audit", + "input.type": "log", + "log.offset": 12034, + "mysqlenterprise.audit.class": "audit", + "mysqlenterprise.audit.connection_id": 42, + "mysqlenterprise.audit.general_data.command": "Query", + "mysqlenterprise.audit.general_data.query": "DROP DATABASE prod", + "mysqlenterprise.audit.general_data.sql_command": "drop_db", + "mysqlenterprise.audit.general_data.status": 1396, + "mysqlenterprise.audit.id": 2, + "mysqlenterprise.audit.login.user": "evil user", + "process.name": "mysqld", + "related.hosts": [ + "elastic" + ], + "related.ip": [ + "192.168.7.76" + ], + "related.user": [ + "adrian" + ], + "server.user.name": "adrian", + "service.type": "mysqlenterprise", + "tags": [ + "mysqlenterprise-audit" + ] + }, + { + "@timestamp": "2021-02-10T19:05:42.000Z", + "client.domain": "elastic", + "client.ip": "192.168.7.76", + "event.action": "mysql-status", + "event.category": [ + "database", + "iam" + ], + "event.dataset": "mysqlenterprise.audit", + "event.kind": "event", + "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2021-02-10 19:05:42\", \"id\": 2, \"class\": \"audit\", \"event\": \"status\", \"connection_id\": 42, \"account\": { \"user\": \"adrian\", \"host\": \"elastic\" }, \"login\": { \"user\": \"evil user\", \"os\": \"\", \"ip\": \"192.168.7.76\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"drop_user\", \"query\": \"DrOp usEr IF EXISTS 'evil user'@%\", \"status\": 1396 } },", + "event.outcome": "failure", + "event.timezone": "-02:00", + "event.type": [ + "user", + "deletion" + ], + "fileset.name": "audit", + "input.type": "log", + "log.offset": 12385, + "mysqlenterprise.audit.class": "audit", + "mysqlenterprise.audit.connection_id": 42, + "mysqlenterprise.audit.general_data.command": "Query", + "mysqlenterprise.audit.general_data.query": "DrOp usEr IF EXISTS 'evil user'@%", + "mysqlenterprise.audit.general_data.sql_command": "drop_user", + "mysqlenterprise.audit.general_data.status": 1396, + "mysqlenterprise.audit.id": 2, + "mysqlenterprise.audit.login.user": "evil user", + "process.name": "mysqld", + "related.hosts": [ + "elastic" + ], + "related.ip": [ + "192.168.7.76" + ], + "related.user": [ + "adrian", + "evil user" + ], + "server.user.name": "adrian", + "service.type": "mysqlenterprise", + "tags": [ + "mysqlenterprise-audit" + ], + "user.name": "adrian", + "user.target.domain": "%", + "user.target.name": "evil user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/netflow/log/config/netflow.yml b/x-pack/filebeat/module/netflow/log/config/netflow.yml index 68b7b43feb5..65baa78eaac 100644 --- a/x-pack/filebeat/module/netflow/log/config/netflow.yml +++ b/x-pack/filebeat/module/netflow/log/config/netflow.yml @@ -38,4 +38,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/netscout/sightline/config/input.yml b/x-pack/filebeat/module/netscout/sightline/config/input.yml index cc3b2064024..8174816245b 100644 --- a/x-pack/filebeat/module/netscout/sightline/config/input.yml +++ b/x-pack/filebeat/module/netscout/sightline/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/o365/audit/_meta/fields.yml b/x-pack/filebeat/module/o365/audit/_meta/fields.yml index 7d3311fb20c..e107c3a2376 100644 --- a/x-pack/filebeat/module/o365/audit/_meta/fields.yml +++ b/x-pack/filebeat/module/o365/audit/_meta/fields.yml @@ -4,6 +4,9 @@ description: > Fields from Office 365 Management API audit logs. fields: + - name: AADGroupId + type: keyword + - name: Actor type: array fields: @@ -71,6 +74,9 @@ type: text norms: false + - name: CommunicationType + type: keyword + - name: CorrelationId type: keyword @@ -86,9 +92,15 @@ - name: DataType type: keyword + - name: DoNotDistributeEvent + type: boolean + - name: EntityType type: keyword + - name: ErrorNumber + type: keyword + - name: EventData type: keyword @@ -104,6 +116,9 @@ - name: ExternalAccess type: keyword + - name: FromApp + type: boolean + - name: GroupName type: keyword @@ -125,21 +140,42 @@ - name: IntraSystemId type: keyword + - name: IsDocLib + type: boolean + - name: Item.* type: object - name: Item.*.* type: object + - name: ItemCount + type: long + - name: ItemName type: keyword - name: ItemType type: keyword + - name: ListBaseTemplateType + type: keyword + + - name: ListBaseType + type: keyword + + - name: ListColor + type: keyword + + - name: ListIcon + type: keyword + - name: ListId type: keyword + - name: ListTitle + type: keyword + - name: ListItemUniqueId type: keyword @@ -266,6 +302,9 @@ - name: TeamGuid type: keyword + - name: TemplateTypeId + type: keyword + - name: UniqueSharingId type: keyword diff --git a/x-pack/filebeat/module/o365/audit/config/input.yml b/x-pack/filebeat/module/o365/audit/config/input.yml index 72e13c42c68..11c7be4fc70 100644 --- a/x-pack/filebeat/module/o365/audit/config/input.yml +++ b/x-pack/filebeat/module/o365/audit/config/input.yml @@ -38,6 +38,11 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: {{ if eq .input "file" }} + - rename: + fields: + - from: json.error + to: error + ignore_missing: true - rename: fields: - from: json @@ -62,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/o365/audit/config/pipeline.js b/x-pack/filebeat/module/o365/audit/config/pipeline.js index 5d314822af6..dd1fe588e9e 100644 --- a/x-pack/filebeat/module/o365/audit/config/pipeline.js +++ b/x-pack/filebeat/module/o365/audit/config/pipeline.js @@ -191,8 +191,113 @@ function exchangeAdminSchema(debug) { return builder.Build(); } -function azureADLogonSchema(debug) { +function typeMapEnrich(conversions) { + return function (evt) { + var action = evt.Get("event.action"); + if (action != null && conversions.hasOwnProperty(action)) { + var conv = conversions[action]; + if (conv.action !== undefined) evt.Put("event.action", conv.action); + if (conv.category !== undefined) evt.Put("event.category", conv.category); + if (conv.type !== undefined) evt.Put("event.type", conv.type); + var n = conv.copy !== undefined? conv.copy.length : 0; + for (var i=0; iSite Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"Everyone except external users"} +{"CreationTime":"2021-02-05T09:07:56","Id":"a9b8277d-d3b9-4d99-0491-08d8c9b5874b","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"dfef0880-e895-47e1-2e39-08d8c9b58733","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:56","Id":"d9b6f410-30c7-42a0-0820-08d8c9b5872c","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Members"} +{"CreationTime":"2021-02-05T09:07:56","Id":"5c82c14e-525e-44f4-7cd7-08d8c9b58722","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f576a30e-1734-4f42-f3b3-08d8c9b58718","Operation":"SiteCollectionCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":4,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"20.190.143.50","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","ApplicationDisplayName":"Microsoft Graph","ApplicationId":"00000006-0000-0ff1-ce00-000000000000","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Site","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","EventData":"O365AdminCenter<\/SiteCreationSource>True<\/TenantSettings.ShowCreateSiteCommand>False<\/TenantSettings.UseCustomSiteCreationForm>"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f84f38b0-1963-4a1d-454e-08d8c9b586e9","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:55","Id":"e85ec350-af23-47a7-5b33-08d8c9b586be","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:08:14","Id":"32474de1-fca7-4d81-4f97-08d8c9b591a4","Operation":"ListUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":0,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:14","Id":"20b7fc96-6e31-437a-50fa-08d8c9b59185","Operation":"ListCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/SiteAssets","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","ListBaseTemplateType":"DocumentLibrary","ListBaseType":"DocumentLibrary","ListTitle":"96CDFC22-2B86-49EA-B4E9-F11888B1665D"} +{"CreationTime":"2021-02-05T09:08:17","Id":"3813eef0-90e1-4758-54d8-08d8c9b5938e","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"f4579e76-fb4b-4434-904e-08d8c9b59389","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"b401dd51-f4a2-477f-cc42-08d8c9b59384","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"073f437c-2e04-441a-05ad-08d8c9b59380","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"8f586afb-1438-475e-a4d5-08d8c9b5937d","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:00","Id":"9b9e973b-64c3-4607-bc79-bf743c985051","Operation":"TeamCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":25,"UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":2,"Version":1,"Workload":"MicrosoftTeams","UserId":"root@testsiem4.onmicrosoft.com","TeamGuid":"19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2","TeamName":"users"} +{"CreationTime":"2021-02-05T09:07:58","Id":"f16cc0cc-2a18-580e-83c5-04d3c385ebb8","Operation":"MemberAdded","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":25,"UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"MicrosoftTeams","UserId":"root@testsiem4.onmicrosoft.com","AADGroupId":"61b6d6f5-7aa0-437b-a967-fbcd39ec90a1","CommunicationType":"Team","Members":[{"DisplayName":"Adrian Serrano","Role":2,"UPN":"admin@testsiem4.onmicrosoft.com"},{"DisplayName":"Eve","Role":2,"UPN":"eve@testsiem4.onmicrosoft.com"}],"TeamGuid":"19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2","ItemName":"users","TeamName":"users"} +{"CreationTime":"2021-02-05T09:08:13","Id":"6454a7d9-afae-4a6c-ffa5-08d8c9b5911c","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/28cf69c5-fa48-462a-b5cd-27b6f9d2bd5f","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-5054-2000-9ced-83aa1cf560fd","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:12","Id":"6d69552c-2019-4f7c-92bc-08d8c9b5908b","Operation":"FolderCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":6,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/Shared Documents\/General","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-b01b-2000-9ced-879789d2d8e5","EventSource":"SharePoint","ItemType":"Folder","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","ListItemUniqueId":"81d4cd08-7ffb-45d2-a422-86a9a9335d66","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","SourceFileExtension":"","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/","SourceFileName":"General","SourceRelativeUrl":"Shared Documents"} +{"CreationTime":"2021-02-05T09:07:57","Id":"6e9fc7e0-158a-4456-2a89-08d8c9b58771","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"Everyone except external users"} +{"CreationTime":"2021-02-05T09:07:56","Id":"a9b8277d-d3b9-4d99-0491-08d8c9b5874b","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"dfef0880-e895-47e1-2e39-08d8c9b58733","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:56","Id":"d9b6f410-30c7-42a0-0820-08d8c9b5872c","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Members"} +{"CreationTime":"2021-02-05T09:07:56","Id":"5c82c14e-525e-44f4-7cd7-08d8c9b58722","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f576a30e-1734-4f42-f3b3-08d8c9b58718","Operation":"SiteCollectionCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":4,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"20.190.143.50","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","ApplicationDisplayName":"Microsoft Graph","ApplicationId":"00000006-0000-0ff1-ce00-000000000000","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Site","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","EventData":"O365AdminCenter<\/SiteCreationSource>True<\/TenantSettings.ShowCreateSiteCommand>False<\/TenantSettings.UseCustomSiteCreationForm>"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f84f38b0-1963-4a1d-454e-08d8c9b586e9","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:55","Id":"e85ec350-af23-47a7-5b33-08d8c9b586be","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:08:14","Id":"32474de1-fca7-4d81-4f97-08d8c9b591a4","Operation":"ListUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":0,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:14","Id":"20b7fc96-6e31-437a-50fa-08d8c9b59185","Operation":"ListCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/SiteAssets","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","ListBaseTemplateType":"DocumentLibrary","ListBaseType":"DocumentLibrary","ListTitle":"96CDFC22-2B86-49EA-B4E9-F11888B1665D"} +{"CreationTime":"2021-02-05T09:08:17","Id":"3813eef0-90e1-4758-54d8-08d8c9b5938e","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"f4579e76-fb4b-4434-904e-08d8c9b59389","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"b401dd51-f4a2-477f-cc42-08d8c9b59384","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"073f437c-2e04-441a-05ad-08d8c9b59380","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"8f586afb-1438-475e-a4d5-08d8c9b5937d","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:06:07","Id":"550ed0e2-27da-4cbc-9fb8-46add4018800","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"Unknown","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"df4c6d6c-4551-4f2d-8766-03700dfccb47","IntraSystemId":"550ed0e2-27da-4cbc-9fb8-46add4018800","SupportTicketId":"","Target":[{"ID":"Unknown","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} +{"CreationTime":"2021-02-05T09:06:08","Id":"a2b50af0-f77d-4bbf-b30b-d3b2eea07300","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"5f09333a-842c-47da-a157-57da27fcbca5","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"f987e734-9f74-4996-8d75-6da73a443d22","IntraSystemId":"a2b50af0-f77d-4bbf-b30b-d3b2eea07300","SupportTicketId":"","Target":[{"ID":"5f09333a-842c-47da-a157-57da27fcbca5","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} +{"CreationTime":"2021-02-05T09:06:34","Id":"5532155c-11e4-4628-95e7-6c1ddb0d6f00","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"5f09333a-842c-47da-a157-57da27fcbca5","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"e5e06ef9-0ea6-4a1e-82e2-b82d83ec68a1","IntraSystemId":"5532155c-11e4-4628-95e7-6c1ddb0d6f00","SupportTicketId":"","Target":[{"ID":"5f09333a-842c-47da-a157-57da27fcbca5","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} +{"CreationTime":"2021-02-05T09:06:07","Id":"f3bc8508-1130-4d82-b7c7-4c1292b98600","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"00000002-0000-0ff1-ce00-000000000000","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Success"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"17b096b5-881a-4d72-8268-4854f9aa8910","IntraSystemId":"f3bc8508-1130-4d82-b7c7-4c1292b98600","SupportTicketId":"","Target":[{"ID":"00000002-0000-0ff1-ce00-000000000000","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"00000002-0000-0ff1-ce00-000000000000","ErrorNumber":"0"} +{"CreationTime":"2021-02-04T16:33:17","Id":"1947bd7a-5b96-4bd5-931b-c12cc6ffdfcd","Operation":"Delete user.","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":8,"ResultStatus":"Success","UserKey":"1003200112EB07E6@testsiem4.onmicrosoft.com","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"","ObjectId":"6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"additionalDetails","Value":"{}"},{"Name":"extendedAuditEventCategory","Value":"User"}],"ModifiedProperties":[{"Name":"Is Hard Deleted","NewValue":"False","OldValue":""}],"Actor":[{"ID":"root@testsiem4.onmicrosoft.com","Type":5},{"ID":"1003200112EB07E6","Type":3},{"ID":"User_21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"User","Type":2}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"","InterSystemsId":"3e7b36e7-caba-4d7a-ae08-07f0a716135c","IntraSystemId":"995e2026-17cc-4599-8f63-b3f3556d784b","SupportTicketId":"","Target":[{"ID":"User_6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"User","Type":2},{"ID":"6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com","Type":5},{"ID":"10032001131B9761","Type":3}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e"} +{"CreationTime":"2021-02-04T16:33:14","Id":"4a27de4c-a2dd-4825-8f7f-6a623b3060ec","Operation":"Change user license.","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":8,"ResultStatus":"Success","UserKey":"1003200112EB07E6@testsiem4.onmicrosoft.com","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"","ObjectId":"newuser@testsiem4.onmicrosoft.com","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"additionalDetails","Value":"{}"},{"Name":"extendedAuditEventCategory","Value":"User"}],"ModifiedProperties":[],"Actor":[{"ID":"root@testsiem4.onmicrosoft.com","Type":5},{"ID":"1003200112EB07E6","Type":3},{"ID":"User_21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"User","Type":2}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"","InterSystemsId":"443c61f9-900a-46cd-906f-7de2d16bd7b0","IntraSystemId":"74634e79-78c4-4335-8776-8afc267f5329","SupportTicketId":"","Target":[{"ID":"User_6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"User","Type":2},{"ID":"newuser@testsiem4.onmicrosoft.com","Type":5},{"ID":"10032001131B9761","Type":3}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e"} +{"CreationTime":"2021-02-05T09:05:59","Id":"eed8f929-567c-45bf-94ad-76ccf0f26300","Operation":"UserLoginFailed","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"00000002-0000-0000-c000-000000000000","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Success"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"UserAuthenticationMethod","Value":"1"},{"Name":"RequestType","Value":"Login:login"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"9b4acea8-44ad-49f1-a9c3-88c075e8ba85","IntraSystemId":"eed8f929-567c-45bf-94ad-76ccf0f26300","SupportTicketId":"","Target":[{"ID":"00000002-0000-0000-c000-000000000000","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"4345a7b9-9a63-4910-a426-35363201d503","ErrorNumber":"50072","LogonError":"UserStrongAuthEnrollmentRequiredInterrupt"} +{"CreationTime":"2021-02-05T09:05:59","Id":"eed8f929-567c-45bf-94ad-76ccf0f26300","Operation":"UserLoginFailed","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"00000002-0000-0000-c000-000000000000","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Success"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"UserAuthenticationMethod","Value":"1"},{"Name":"RequestType","Value":"Login:login"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"9b4acea8-44ad-49f1-a9c3-88c075e8ba85","IntraSystemId":"eed8f929-567c-45bf-94ad-76ccf0f26300","SupportTicketId":"","Target":[{"ID":"00000002-0000-0000-c000-000000000000","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"4345a7b9-9a63-4910-a426-35363201d503","ErrorNumber":"50072","LogonError":"UserStrongAuthEnrollmentRequiredInterrupt"} +{"CreationTime":"2021-02-05T09:06:07","Id":"550ed0e2-27da-4cbc-9fb8-46add4018800","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"Unknown","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"df4c6d6c-4551-4f2d-8766-03700dfccb47","IntraSystemId":"550ed0e2-27da-4cbc-9fb8-46add4018800","SupportTicketId":"","Target":[{"ID":"Unknown","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json new file mode 100644 index 00000000000..372b29d8c2c --- /dev/null +++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json @@ -0,0 +1,3456 @@ +[ + { + "@timestamp": "2021-02-05T09:08:00.000Z", + "event.action": "added-group-account-to", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "audit", + "group.name": "users", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 0, + "o365.audit.CreationTime": "2021-02-05T09:08:00", + "o365.audit.Id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "o365.audit.Operation": "TeamCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "root", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:07:58.000Z", + "event.action": "added-users-to-group", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "change" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 406, + "o365.audit.AADGroupId": "61b6d6f5-7aa0-437b-a967-fbcd39ec90a1", + "o365.audit.CommunicationType": "Team", + "o365.audit.CreationTime": "2021-02-05T09:07:58", + "o365.audit.Id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "o365.audit.ItemName": "users", + "o365.audit.Members": [ + { + "DisplayName": "Adrian Serrano", + "Role": 2, + "UPN": "admin@testsiem4.onmicrosoft.com" + }, + { + "DisplayName": "Eve", + "Role": 2, + "UPN": "eve@testsiem4.onmicrosoft.com" + } + ], + "o365.audit.Operation": "MemberAdded", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": [ + "admin@testsiem4.onmicrosoft.com", + "eve@testsiem4.onmicrosoft.com", + "root" + ], + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:08:13.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 1073, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-5054-2000-9ced-83aa1cf560fd", + "o365.audit.CreationTime": "2021-02-05T09:08:13", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/28cf69c5-fa48-462a-b5cd-27b6f9d2bd5f", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:12.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "FolderCreated", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "creation", + "file.directory": "Shared Documents", + "file.extension": "", + "file.name": "General", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 2192, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-b01b-2000-9ced-879789d2d8e5", + "o365.audit.CreationTime": "2021-02-05T09:08:12", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "o365.audit.ItemType": "Folder", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListItemUniqueId": "81d4cd08-7ffb-45d2-a422-86a9a9335d66", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "o365.audit.Operation": "FolderCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 6, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users/", + "o365.audit.SourceFileExtension": "", + "o365.audit.SourceFileName": "General", + "o365.audit.SourceRelativeUrl": "Shared Documents", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "url.original": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:07:57.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 3234, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:57", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "Everyone except external users", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 4046, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 4838, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 5631, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Members", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 6426, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "client.address": "20.190.143.50", + "client.ip": "20.190.143.50", + "event.action": "SiteCollectionCreated", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 7218, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Graph", + "o365.audit.ApplicationId": "00000006-0000-0ff1-ce00-000000000000", + "o365.audit.ClientIP": "20.190.143.50", + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "O365AdminCenterTrueFalse", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "o365.audit.ItemType": "Site", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "SiteCollectionCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 4, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "20.190.143.50", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "20.190.143.50", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 8147, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:55.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 8940, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:55", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListUpdated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 9732, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 0, + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.Operation": "ListUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListCreated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 10806, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "DocumentLibrary", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96CDFC22-2B86-49EA-B4E9-F11888B1665D", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/SiteAssets", + "o365.audit.Operation": "ListCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 11743, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 12834, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 13925, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 15016, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 16107, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 17198, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:00.000Z", + "event.action": "added-group-account-to", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "audit", + "group.name": "users", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 18289, + "o365.audit.CreationTime": "2021-02-05T09:08:00", + "o365.audit.Id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "o365.audit.Operation": "TeamCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "root", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:07:58.000Z", + "event.action": "added-users-to-group", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "change" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 18695, + "o365.audit.AADGroupId": "61b6d6f5-7aa0-437b-a967-fbcd39ec90a1", + "o365.audit.CommunicationType": "Team", + "o365.audit.CreationTime": "2021-02-05T09:07:58", + "o365.audit.Id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "o365.audit.ItemName": "users", + "o365.audit.Members": [ + { + "DisplayName": "Adrian Serrano", + "Role": 2, + "UPN": "admin@testsiem4.onmicrosoft.com" + }, + { + "DisplayName": "Eve", + "Role": 2, + "UPN": "eve@testsiem4.onmicrosoft.com" + } + ], + "o365.audit.Operation": "MemberAdded", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": [ + "admin@testsiem4.onmicrosoft.com", + "eve@testsiem4.onmicrosoft.com", + "root" + ], + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:08:13.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 19362, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-5054-2000-9ced-83aa1cf560fd", + "o365.audit.CreationTime": "2021-02-05T09:08:13", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/28cf69c5-fa48-462a-b5cd-27b6f9d2bd5f", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:12.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "FolderCreated", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "creation", + "file.directory": "Shared Documents", + "file.extension": "", + "file.name": "General", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 20481, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-b01b-2000-9ced-879789d2d8e5", + "o365.audit.CreationTime": "2021-02-05T09:08:12", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "o365.audit.ItemType": "Folder", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListItemUniqueId": "81d4cd08-7ffb-45d2-a422-86a9a9335d66", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "o365.audit.Operation": "FolderCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 6, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users/", + "o365.audit.SourceFileExtension": "", + "o365.audit.SourceFileName": "General", + "o365.audit.SourceRelativeUrl": "Shared Documents", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "url.original": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:07:57.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 21523, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:57", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "Everyone except external users", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 22335, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 23127, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 23920, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Members", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 24715, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "client.address": "20.190.143.50", + "client.ip": "20.190.143.50", + "event.action": "SiteCollectionCreated", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 25507, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Graph", + "o365.audit.ApplicationId": "00000006-0000-0ff1-ce00-000000000000", + "o365.audit.ClientIP": "20.190.143.50", + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "O365AdminCenterTrueFalse", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "o365.audit.ItemType": "Site", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "SiteCollectionCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 4, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "20.190.143.50", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "20.190.143.50", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 26436, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:55.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 27229, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:55", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListUpdated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 28021, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 0, + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.Operation": "ListUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListCreated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 29095, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "DocumentLibrary", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96CDFC22-2B86-49EA-B4E9-F11888B1665D", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/SiteAssets", + "o365.audit.Operation": "ListCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 30032, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 31123, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 32214, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 33305, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 34396, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 35487, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:06:07.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 36578, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:07", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.InterSystemsId": "df4c6d6c-4551-4f2d-8766-03700dfccb47", + "o365.audit.IntraSystemId": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:08.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "a2b50af0-f77d-4bbf-b30b-d3b2eea07300", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 37782, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:08", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "a2b50af0-f77d-4bbf-b30b-d3b2eea07300", + "o365.audit.InterSystemsId": "f987e734-9f74-4996-8d75-6da73a443d22", + "o365.audit.IntraSystemId": "a2b50af0-f77d-4bbf-b30b-d3b2eea07300", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:34.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "5532155c-11e4-4628-95e7-6c1ddb0d6f00", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 39044, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:34", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "5532155c-11e4-4628-95e7-6c1ddb0d6f00", + "o365.audit.InterSystemsId": "e5e06ef9-0ea6-4a1e-82e2-b82d83ec68a1", + "o365.audit.IntraSystemId": "5532155c-11e4-4628-95e7-6c1ddb0d6f00", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:07.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "f3bc8508-1130-4d82-b7c7-4c1292b98600", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 40306, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:07", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "f3bc8508-1130-4d82-b7c7-4c1292b98600", + "o365.audit.InterSystemsId": "17b096b5-881a-4d72-8268-4854f9aa8910", + "o365.audit.IntraSystemId": "f3bc8508-1130-4d82-b7c7-4c1292b98600", + "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-04T16:33:17.000Z", + "event.action": "deleted-user-account", + "event.category": "iam", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "1947bd7a-5b96-4bd5-931b-c12cc6ffdfcd", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "user", + "deletion" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 41567, + "o365.audit.Actor": [ + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200112EB07E6", + "Type": 3 + }, + { + "ID": "User_21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.CreationTime": "2021-02-04T16:33:17", + "o365.audit.ExtendedProperties.additionalDetails": "{}", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.Id": "1947bd7a-5b96-4bd5-931b-c12cc6ffdfcd", + "o365.audit.InterSystemsId": "3e7b36e7-caba-4d7a-ae08-07f0a716135c", + "o365.audit.IntraSystemId": "995e2026-17cc-4599-8f63-b3f3556d784b", + "o365.audit.ModifiedProperties.Is_Hard_Deleted.NewValue": "False", + "o365.audit.ModifiedProperties.Is_Hard_Deleted.OldValue": "", + "o365.audit.ObjectId": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "o365.audit.Operation": "Delete user.", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "User_6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + }, + { + "ID": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "10032001131B9761", + "Type": 3 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "1003200112EB07E6@testsiem4.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": [ + "root", + "6d4ca534c337474d8c766c715b31bc52newuser" + ], + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user.target.domain": "testsiem4.onmicrosoft.com", + "user.target.email": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "user.target.id": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "user.target.name": "6d4ca534c337474d8c766c715b31bc52newuser" + }, + { + "@timestamp": "2021-02-04T16:33:14.000Z", + "event.action": "Change user license.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "4a27de4c-a2dd-4825-8f7f-6a623b3060ec", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 43022, + "o365.audit.Actor": [ + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200112EB07E6", + "Type": 3 + }, + { + "ID": "User_21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.CreationTime": "2021-02-04T16:33:14", + "o365.audit.ExtendedProperties.additionalDetails": "{}", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.Id": "4a27de4c-a2dd-4825-8f7f-6a623b3060ec", + "o365.audit.InterSystemsId": "443c61f9-900a-46cd-906f-7de2d16bd7b0", + "o365.audit.IntraSystemId": "74634e79-78c4-4335-8776-8afc267f5329", + "o365.audit.ObjectId": "newuser@testsiem4.onmicrosoft.com", + "o365.audit.Operation": "Change user license.", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "User_6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + }, + { + "ID": "newuser@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "10032001131B9761", + "Type": 3 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "1003200112EB07E6@testsiem4.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "root", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:05:59.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 44362, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:05:59", + "o365.audit.ErrorNumber": "50072", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.InterSystemsId": "9b4acea8-44ad-49f1-a9c3-88c075e8ba85", + "o365.audit.IntraSystemId": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.LogonError": "UserStrongAuthEnrollmentRequiredInterrupt", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:05:59.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 45730, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:05:59", + "o365.audit.ErrorNumber": "50072", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.InterSystemsId": "9b4acea8-44ad-49f1-a9c3-88c075e8ba85", + "o365.audit.IntraSystemId": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.LogonError": "UserStrongAuthEnrollmentRequiredInterrupt", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:07.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 47098, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:07", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.InterSystemsId": "df4c6d6c-4551-4f2d-8766-03700dfccb47", + "o365.audit.IntraSystemId": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json index 3425c52aafa..4d3bf4463fc 100644 --- a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json @@ -1,8 +1,8 @@ [ { "@timestamp": "2020-02-17T16:59:44.000Z", - "event.action": "TeamCreated", - "event.category": "web", + "event.action": "added-group-account-to", + "event.category": "iam", "event.code": "MicrosoftTeams", "event.dataset": "o365.audit", "event.id": "49fa9883-50a9-4c9c-8e12-57e0948a9d8a", @@ -10,8 +10,12 @@ "event.module": "o365", "event.outcome": "success", "event.provider": "MicrosoftTeams", - "event.type": "info", + "event.type": [ + "group", + "creation" + ], "fileset.name": "audit", + "group.name": "SIEMTest", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "input.type": "log", "log.offset": 0, @@ -36,8 +40,8 @@ }, { "@timestamp": "2020-02-17T16:59:47.000Z", - "event.action": "MemberAdded", - "event.category": "web", + "event.action": "added-users-to-group", + "event.category": "iam", "event.code": "MicrosoftTeams", "event.dataset": "o365.audit", "event.id": "3a951c24-3214-5529-b2fe-097628a39ecd", @@ -45,7 +49,10 @@ "event.module": "o365", "event.outcome": "success", "event.provider": "MicrosoftTeams", - "event.type": "info", + "event.type": [ + "group", + "change" + ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "host.name": "testsiem.onmicrosoft.com", @@ -87,19 +94,26 @@ "o365.audit.Version": 1, "o365.audit.Workload": "MicrosoftTeams", "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", - "related.user": "asr", + "related.user": [ + "david@testsiem.onmicrosoft.com", + "chuck@testsiem.onmicrosoft.com", + "bob@testsiem.onmicrosoft.com", + "alice@testsiem.onmicrosoft.com", + "asr" + ], "service.type": "o365", "tags": [ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "asr@testsiem.onmicrosoft.com", "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr" }, { "@timestamp": "2020-02-17T16:59:44.000Z", - "event.action": "MemberAdded", - "event.category": "web", + "event.action": "added-users-to-group", + "event.category": "iam", "event.code": "MicrosoftTeams", "event.dataset": "o365.audit", "event.id": "3350cfd2-1020-5b11-99d8-2701f3a29ea3", @@ -107,7 +121,10 @@ "event.module": "o365", "event.outcome": "success", "event.provider": "MicrosoftTeams", - "event.type": "info", + "event.type": [ + "group", + "change" + ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "host.name": "testsiem.onmicrosoft.com", @@ -134,12 +151,16 @@ "o365.audit.Version": 1, "o365.audit.Workload": "MicrosoftTeams", "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", - "related.user": "asr", + "related.user": [ + "asr@testsiem.onmicrosoft.com", + "asr" + ], "service.type": "o365", "tags": [ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "asr@testsiem.onmicrosoft.com", "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr" }, @@ -178,6 +199,7 @@ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "bob@testsiem.onmicrosoft.com", "user.id": "bob@testsiem.onmicrosoft.com", "user.name": "bob" } diff --git a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json index 7401b62112b..60092cad50c 100644 --- a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json @@ -62,6 +62,7 @@ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "asr@testsiem.onmicrosoft.com", "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr" }, diff --git a/x-pack/filebeat/module/o365/fields.go b/x-pack/filebeat/module/o365/fields.go index c371afd8dd9..e57e3c7b163 100644 --- a/x-pack/filebeat/module/o365/fields.go +++ b/x-pack/filebeat/module/o365/fields.go @@ -19,5 +19,5 @@ func init() { // AssetO365 returns asset data. // This is the base64 encoded gzipped contents of module/o365. func AssetO365() string { - return "eJzUmcFu40YMhu95ijkX2FyK9uBDAcP2LozGsRE5XfRUTCRaYT2aUTmUE+3TFzPqNrHitNn8vqyPnvATSZH/kM4Hs6d+YsKPP/90YYyyOpqY9W7HJZnhu4piKdwqBz8xv1wYY8wqVJ0jswti7q2vHPvauFBHs5PQPLO+vDBmx+SqOMl2w+eD8bah4ZmXtqtYnx0ao31LE1NL6Nqj7yva2c7pHxk4MTvrIo3+4IWjT5+P2Y2xg2Zlva2pIa9mulma7E0O5fLI/mUQT2FMSw0yetoQgxWx/ejkFOmJtZyPDr6i9tQ/BKn+PX3Fftu39B7CUSyz4JUedVmdDOrtnGU7rSqhGEHObSSBnfndNg3hKEeiC6+sPYyBAVfs96dze1x4rxNOlMu3ONG2UAxt67i0qV3nHFtn+2vbYO585UFufemEpqXygeYslGqnXxzIg8laPJb31te0IrVzq/byh5OscPcnlfrfqJlVqoOMleUbnJk5Jq/g+xsgS78LhQr7GiZtcAIsOLPQpMvgNCGp4ujAB2ni+DJ6hSxCDi7PmVBmbBnplVkXNTS3nv/qCPEmVTJmDXZVlmKQkZobCyQjitBJiSkE5eEltRQgD4tHJV9RtZHQkihTBGHirZuWJdRXn9I4h+k7UqfLJt0NrMW9FcQFX3KVhAZxxQ8ZvQp18FjlZlTRR6Umgi6JHTgQRqkBSm0wBwFgiSk12Cu54ghVR7ZXOoM05/paiLyym7ydASYkIdLYXTAQzMqyuwuPn7ozQNYPnmRlo5JMyzJ0Xs/hWqaeDXS7uQZA1NyRvHsz+MccaMRVqHjHxzcQgMN6ep2fgHTSuiXJMxeAkNp6/gJPf885YFqEa/ZW2dcFyYEAldhYsQ0pVjOb4Ljs56SW3btLd4AgCb6hMkiFSd4Nxc5poVY7YGIqyEdOW2gaB+ekVObiiUtfuq4iIMY8BG0Cez3DMlpQjGBRF3QgYQX22YIVeF/J+lYcAAAn/8H+IzvKs3uEpOYJhgnEwLnJK+sBzA/aCl3bBtEtl3uClHxrpabxCv+9/lY7BHOGH2sHUJrR1nKGPe0FDlPTLVlwqk8EbHIcpvGkm+xrJNUpK9Oa/OkafDMCdeFXAsQ2AbBX+hsJpnGf6Q5JwecgexcsQBj+m3BN+hBk/z+u/B0AAP//cb9ybQ==" + return "eJzUmUFv40YMhe/7K+ZcYHMp2oMPBVw7WRiNEyNyuuipGEu0wno0VDmUE++vL0bawoljd7N5vjRHK/z0huK8IaWPbkO7kZMff/7pg3PGFmjkbtdrLskNv1WUSuXWWOLI/fLBOefmUnWB3FrUPfhYBY61C1Int1ZpnkVffHBuzRSqNOrjhr+PLvqGhnte+K5ie3bROdu1NHK1Ste++L2ite+C/dkDR27tQ6KDf3gldP931cs4FOjmPvqaGormxouZ69X0S7l4Ef96EftljMfTT1nsrDq45bCQDe0eRffXjjNKEz0a7lX97uDKMTV71mx6cOFNSvbxy11L7yG8WMtEotGTwTmZteOqUkoJ5NwnUljMH75pCEcFUruMxraDMTDgmuPmeG5fFt5pwpFy+R4RLbZv2jZw6fOWn3Jqg9/d+AaT8y8PkvWlUxqXxluaslKund3lliKYrMun8sHHmuZkfurNX/xwlCWrv6i0/0ZNvFEteugs3yFmEpiigc9vgMziWgpTjjVMWuAE2HAm0uQD5Tghu+LBhSjapMMD7SS5i18LFKuliahSgCt9ojSIYWTbTbpk0txH/rsjRE3eFFg0ltSp3IhNOZnyqjPqt/xR2kokkI/f2O79GQFahqroTdes6Hh78TZIXgeW2x5RSKcl5n/Ut3fZMADzu3wyihVVC5WW1JgSCNPow7gsIde4UmnGbfv+cumbUOz4Q/berMlHJ1vx4BWREEuusg8jUuLwSK6lRm2yRxW7ZNQkUJL6gQNh0lTKa169v0pmRg1Q7UM4CJhId8IXgzzrAU7Gg0Vu1GBFcc3JfvWJltS0wRudiQZTJhJOTJFvRsxKiSABKO8cv2QLYB7yE8abid49+vMTZIAPNiPyzFkwsJi557CSp0/dGSC3j5F07pORjssy7+VzSOupZwPdL24AEOV+6d1j8ddwwCTnUvGaXzYoAA7zy9v+DshOum1J+ykBQGjtI3+B55XnHDAtyjVHbxzrgnSL9NcLr74hw2pmIYHL3ZTMc3h36Q4QJMF3VIpWmOXdUeqCFeatAxrqgmJi4y3laWFKRmVfPGkWy9BVBKyxb3EXwtHO8CamoJTAoi5oS8oGvMwp2IDnlaPvNQAAcDAc4q84UD/aJchq9jDMIAbOXf+SZQvmB90KXduK2pLLDUFOvvRa0/HW/f/3oWJYzBm+VAyg3KPd6hmm8Fc4zE2X5MGJKROwzvH5pIRkeujqs/9yrCFQIh3Xp17PvRmBSviNANPOAKw0fifFvPIzrZAUfBbdBPEAYfgkd0P2KLr5hpR/AgAA//9RmUaQ" } diff --git a/x-pack/filebeat/module/okta/system/config/input.yml b/x-pack/filebeat/module/okta/system/config/input.yml index be1634d73ae..05ff819fad0 100644 --- a/x-pack/filebeat/module/okta/system/config/input.yml +++ b/x-pack/filebeat/module/okta/system/config/input.yml @@ -50,13 +50,17 @@ tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - - script: - lang: javascript - id: okta_system_script - file: ${path.home}/module/okta/system/config/pipeline.js - params: - keep_original_message: {{ .keep_original_message }} + - decode_json_fields: + fields: + - message + target: json +{{ if eq .keep_original_message true }} + - rename: + fields: + - from: message + to: event.original +{{ end }} - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/okta/system/config/pipeline.js b/x-pack/filebeat/module/okta/system/config/pipeline.js deleted file mode 100644 index 0d381b0944d..00000000000 --- a/x-pack/filebeat/module/okta/system/config/pipeline.js +++ /dev/null @@ -1,215 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -function OktaSystem(keep_original_message) { - var processor = require("processor"); - - var decodeJson = new processor.DecodeJSONFields({ - fields: ["message"], - target: "json", - }); - - var setId = function(evt) { - var oktaUuid = evt.Get("json.uuid"); - if (oktaUuid) { - evt.Put("@metadata._id", oktaUuid); - } - }; - - var parseTimestamp = new processor.Timestamp({ - field: "json.published", - timezone: "UTC", - layouts: ["2006-01-02T15:04:05.999Z"], - tests: ["2020-02-05T18:19:23.599Z"], - ignore_missing: true, - }); - - var saveOriginalMessage = function(evt) {}; - if (keep_original_message) { - saveOriginalMessage = new processor.Convert({ - fields: [ - {from: "message", to: "event.original"} - ], - mode: "rename" - }); - } - - var dropOriginalMessage = function(evt) { - evt.Delete("message"); - }; - - var categorizeEvent = new processor.AddFields({ - target: "event", - fields: { - category: ["authentication"], - kind: "event", - type: ["access"], - - }, - }); - - var convertFields = new processor.Convert({ - fields: [ - { from: "json.displayMessage", to: "okta.display_message" }, - { from: "json.eventType", to: "okta.event_type" }, - { from: "json.uuid", to: "okta.uuid" }, - { from: "json.actor.alternateId", to: "okta.actor.alternate_id" }, - { from: "json.actor.displayName", to: "okta.actor.display_name" }, - { from: "json.actor.id", to: "okta.actor.id" }, - { from: "json.actor.type", to: "okta.actor.type" }, - { from: "json.client.device", to: "okta.client.device" }, - { from: "json.client.geographicalContext.geolocation", to: "client.geo.location" }, - { from: "json.client.geographicalContext.city", to: "client.geo.city_name" }, - { from: "json.client.geographicalContext.state", to: "client.geo.region_name" }, - { from: "json.client.geographicalContext.country", to: "client.geo.country_name" }, - { from: "json.client.id", to: "okta.client.id" }, - { from: "json.client.ipAddress", to: "okta.client.ip" }, - { from: "json.client.userAgent.browser", to: "okta.client.user_agent.browser" }, - { from: "json.client.userAgent.os", to: "okta.client.user_agent.os" }, - { from: "json.client.userAgent.rawUserAgent", to: "okta.client.user_agent.raw_user_agent" }, - { from: "json.client.zone", to: "okta.client.zone" }, - { from: "json.outcome.reason", to: "okta.outcome.reason" }, - { from: "json.outcome.result", to: "okta.outcome.result" }, - { from: "json.target", to: "okta.target" }, - { from: "json.transaction.id", to: "okta.transaction.id" }, - { from: "json.transaction.type", to: "okta.transaction.type" }, - { from: "json.debugContext.debugData.deviceFingerprint", to: "okta.debug_context.debug_data.device_fingerprint" }, - { from: "json.debugContext.debugData.requestId", to: "okta.debug_context.debug_data.request_id" }, - { from: "json.debugContext.debugData.requestUri", to: "okta.debug_context.debug_data.request_uri" }, - { from: "json.debugContext.debugData.threatSuspected", to: "okta.debug_context.debug_data.threat_suspected" }, - { from: "json.debugContext.debugData.url", to: "okta.debug_context.debug_data.url" }, - { from: "json.authenticationContext.authenticationProvider", to: "okta.authentication_context.authentication_provider" }, - { from: "json.authenticationContext.authenticationStep", to: "okta.authentication_context.authentication_step" }, - { from: "json.authenticationContext.credentialProvider", to: "okta.authentication_context.credential_provider" }, - { from: "json.authenticationContext.credentialType", to: "okta.authentication_context.credential_type" }, - { from: "json.authenticationContext.externalSessionId", to: "okta.authentication_context.external_session_id" }, - { from: "json.authenticationContext.interface", to: "okta.authentication_context.authentication_provider" }, - { from: "json.authenticationContext.issuer", to: "okta.authentication_context.issuer" }, - { from: "json.securityContext.asNumber", to: "okta.security_context.as.number" }, - { from: "json.securityContext.asOrg", to: "okta.security_context.as.organization.name" }, - { from: "json.securityContext.domain", to: "okta.security_context.domain" }, - { from: "json.securityContext.isProxy", to: "okta.security_context.is_proxy" }, - { from: "json.securityContext.isp", to: "okta.security_context.isp" }, - ], - mode: "rename", - ignore_missing: true, - fail_on_error: false, - }); - - var copyFields = new processor.Convert({ - fields: [ - { from: "okta.client.user_agent.raw_user_agent", to: "user_agent.original" }, - { from: "okta.client.ip", to: "client.ip" }, - { from: "okta.client.ip", to: "source.ip" }, - { from: "okta.event_type", to: "event.action" }, - { from: "okta.security_context.as.number", to: "client.as.number" }, - { from: "okta.security_context.as.organization.name", to: "client.as.organization.name" }, - { from: "okta.security_context.domain", to: "client.domain" }, - { from: "okta.security_context.domain", to: "source.domain" }, - { from: "okta.uuid", to: "event.id" }, - ], - ignore_missing: true, - fail_on_error: false, - }); - - var setEventOutcome = function(evt) { - var outcome = evt.Get("okta.outcome.result"); - if (outcome) { - outcome = outcome.toLowerCase(); - if (outcome === "success" || outcome === "allow") { - evt.Put("event.outcome", "success"); - } else if (outcome === "failure" || outcome === "deny") { - evt.Put("event.outcome", "failure"); - } else { - evt.Put("event.outcome", "unknown"); - } - } - }; - - // Update nested fields - var renameNestedFields = function(evt) { - var arr = evt.Get("okta.target"); - if (arr) { - for (var i = 0; i < arr.length; i++) { - arr[i].alternate_id = arr[i].alternateId; - arr[i].display_name = arr[i].displayName; - delete arr[i].alternateId; - delete arr[i].displayName; - delete arr[i].detailEntry; - } - } - }; - - // Set user info if actor type is User - var setUserInfo = function(evt) { - if (evt.Get("okta.actor.type") === "User") { - evt.Put("client.user.full_name", evt.Get("okta.actor.display_name")); - evt.Put("source.user.full_name", evt.Get("okta.actor.display_name")); - evt.Put("related.user", evt.Get("okta.actor.display_name")); - evt.Put("client.user.id", evt.Get("okta.actor.id")); - evt.Put("source.user.id", evt.Get("okta.actor.id")); - } - }; - - // Set related.ip field - var setRelatedIP = function(event) { - var ip = event.Get("source.ip"); - if (ip) { - event.AppendTo("related.ip", ip); - } - ip = event.Get("destination.ip"); - if (ip) { - event.AppendTo("related.ip", ip); - } - }; - - // Drop extra fields - var dropExtraFields = function(evt) { - evt.Delete("json"); - }; - - // Remove null fields - var dropNullFields = function(evt) { - function dropNull(obj) { - Object.keys(obj).forEach(function(key) { - (obj[key] && typeof obj[key] === 'object') && dropNull(obj[key]) || - (obj[key] === null) && delete obj[key]; - }); - return obj; - } - dropNull(evt); - }; - - var pipeline = new processor.Chain() - .Add(decodeJson) - .Add(setId) - .Add(parseTimestamp) - .Add(saveOriginalMessage) - .Add(dropOriginalMessage) - .Add(categorizeEvent) - .Add(convertFields) - .Add(copyFields) - .Add(setEventOutcome) - .Add(renameNestedFields) - .Add(setUserInfo) - .Add(setRelatedIP) - .Add(dropExtraFields) - .Add(dropNullFields) - .Build(); - - return { - process: pipeline.Run, - }; -} - -var oktaSystem; - -// Register params from configuration. -function register(params) { - oktaSystem = new OktaSystem(params.keep_original_message); -} - -function process(evt) { - return oktaSystem.process(evt); -} diff --git a/x-pack/filebeat/module/okta/system/ingest/pipeline.yml b/x-pack/filebeat/module/okta/system/ingest/pipeline.yml index 0da85185ca2..dc576e9c70c 100644 --- a/x-pack/filebeat/module/okta/system/ingest/pipeline.yml +++ b/x-pack/filebeat/module/okta/system/ingest/pipeline.yml @@ -4,6 +4,503 @@ processors: - set: field: event.ingested value: "{{_ingest.timestamp}}" + - script: + description: Drops null/empty values recursively + lang: painless + source: | + boolean drop(Object o) { + if (o == null || o == "") { + return true; + } else if (o instanceof Map) { + ((Map) o).values().removeIf(v -> drop(v)); + return (((Map) o).size() == 0); + } else if (o instanceof List) { + ((List) o).removeIf(v -> drop(v)); + return (((List) o).length == 0); + } + return false; + } + drop(ctx); + - remove: + field: message + ignore_missing: true + - convert: + field: json.uuid + target_field: _id + type: string + ignore_failure: true + if: ctx?.json?.uuid != null && ctx?.json?.uuid != "" + - date: + field: json.published + formats: + - ISO8601 + ignore_failure: true + - set: + field: event.kind + value: event + - rename: + field: json.displayMessage + target_field: okta.display_message + ignore_missing: true + ignore_failure: true + - rename: + field: json.eventType + target_field: okta.event_type + ignore_missing: true + ignore_failure: true + - append: + field: event.category + value: iam + if: | + ["group.user_membership.add","group.user_membership.remove", + "user.lifecycle.activate","user.lifecycle.create", + "user.lifecycle.deactivate","user.lifecycle.suspend", + "user.lifecycle.unsuspend"].contains(ctx?.okta?.event_type) + - append: + field: event.category + value: configuration + if: | + ["policy.lifecycle.activate","policy.lifecycle.create", + "policy.lifecycle.deactivate","policy.lifecycle.delete", + "policy.lifecycle.update","policy.rule.activate","policy.rule.add", + "policy.rule.deactivate","policy.rule.delete", + "application.lifecycle.create","application.lifecycle.delete", + "policy.rule.update","application.lifecycle.activate", + "application.lifecycle.deactivate","application.lifecycle.update"].contains(ctx?.okta?.event_type) + - append: + field: event.category + value: authentication + if: '["user.session.start","user.session.end","user.authentication.sso","policy.evaluate_sign_on"].contains(ctx?.okta?.event_type)' + - append: + field: event.category + value: session + if: '["user.session.start","user.session.end"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: info + if: | + ["system.org.rate_limit.warning","system.org.rate_limit.violation", + "core.concurrency.org.limit.violation"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: network + if: '["security.request.blocked"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: network + if: | + ["system.org.rate_limit.warning","system.org.rate_limit.violation", + "core.concurrency.org.limit.violation","security.request.blocked"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: start + if: '["user.session.start"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: end + if: '["user.session.end"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: group + if: '["group.user_membership.add","group.user_membership.remove"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: user + if: | + ["user.lifecycle.activate","user.lifecycle.create", + "user.lifecycle.deactivate","user.lifecycle.suspend", + "user.lifecycle.unsuspend","user.authentication.sso", + "user.session.start","user.session.end","application.user_membership.add", + "application.user_membership.remove","application.user_membership.change_username"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: change + if: | + ["user.lifecycle.activate","user.lifecycle.deactivate", + "user.lifecycle.suspend","user.lifecycle.unsuspend", + "group.user_membership.add","group.user_membership.remove", + "policy.lifecycle.activate","policy.lifecycle.deactivate", + "policy.lifecycle.update","policy.rule.activate","policy.rule.add", + "policy.rule.deactivate","policy.rule.update","application.user_membership.add", + "application.user_membership.remove","application.user_membership.change_username"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: creation + if: '["user.lifecycle.create","policy.lifecycle.create","application.lifecycle.create"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: deletion + if: '["policy.lifecycle.delete","application.lifecycle.delete"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: info + if: '["policy.evaluate_sign_on"].contains(ctx?.okta?.event_type)' + - rename: + field: json.uuid + target_field: okta.uuid + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.alternateId + target_field: okta.actor.alternate_id + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.displayName + target_field: okta.actor.display_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.id + target_field: okta.actor.id + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.type + target_field: okta.actor.type + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.device + target_field: okta.client.device + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.geolocation + target_field: client.geo.location + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.city + target_field: client.geo.city_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.state + target_field: client.geo.region_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.country + target_field: client.geo.country_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.id + target_field: okta.client.id + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.ipAddress + target_field: okta.client.ip + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.userAgent.browser + target_field: okta.client.user_agent.browser + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.userAgent.os + target_field: okta.client.user_agent.os + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.userAgent.rawUserAgent + target_field: okta.client.user_agent.raw_user_agent + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.zone + target_field: okta.client.zone + ignore_missing: true + ignore_failure: true + - rename: + field: json.outcome.reason + target_field: okta.outcome.reason + ignore_missing: true + ignore_failure: true + - rename: + field: json.outcome.result + target_field: okta.outcome.result + ignore_missing: true + ignore_failure: true + - rename: + field: json.target + target_field: okta.target + ignore_missing: true + ignore_failure: true + - rename: + field: json.transaction.id + target_field: okta.transaction.id + ignore_missing: true + ignore_failure: true + - rename: + field: json.transaction.type + target_field: okta.transaction.type + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.deviceFingerprint + target_field: okta.debug_context.debug_data.device_fingerprint + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.requestId + target_field: okta.debug_context.debug_data.request_id + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.requestUri + target_field: okta.debug_context.debug_data.request_uri + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.threatSuspected + target_field: okta.debug_context.debug_data.threat_suspected + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.url + target_field: okta.debug_context.debug_data.url + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.authenticationProvider + target_field: okta.authentication_context.authentication_provider + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.authenticationStep + target_field: okta.authentication_context.authentication_step + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.credentialProvider + target_field: okta.authentication_context.credential_provider + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.credentialType + target_field: okta.authentication_context.credential_type + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.externalSessionId + target_field: okta.authentication_context.external_session_id + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.interface + target_field: okta.authentication_context.authentication_provider + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.issuer + target_field: okta.authentication_context.issuer + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.asNumber + target_field: okta.security_context.as.number + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.asOrg + target_field: okta.security_context.as.organization.name + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.domain + target_field: okta.security_context.domain + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.isProxy + target_field: okta.security_context.is_proxy + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.isp + target_field: okta.security_context.isp + ignore_missing: true + ignore_failure: true + - convert: + field: okta.client.user_agent.raw_user_agent + target_field: user_agent.original + type: string + ignore_failure: true + - convert: + field: okta.client.ip + target_field: client.ip + type: string + ignore_failure: true + - convert: + field: okta.client.ip + target_field: source.ip + type: string + ignore_failure: true + - convert: + field: okta.event_type + target_field: event.action + type: string + ignore_failure: true + - convert: + field: okta.security_context.as.number + target_field: client.as.number + type: string + ignore_failure: true + - convert: + field: okta.security_context.as.organization.name + target_field: client.as.organization.name + type: string + ignore_failure: true + - convert: + field: okta.security_context.domain + target_field: client.domain + type: string + ignore_failure: true + - convert: + field: okta.security_context.domain + target_field: source.domain + type: string + ignore_failure: true + - convert: + field: okta.uuid + target_field: event.id + type: string + ignore_failure: true + - lowercase: + field: okta.outcome.result + target_field: okta.outcome.result_lower + ignore_missing: true + - set: + field: event.outcome + value: success + if: ctx?.okta?.outcome?.result_lower != null && (ctx?.okta?.outcome?.result_lower == "success" || ctx?.okta?.outcome?.result_lower == "allow") + - set: + field: event.outcome + value: failure + if: ctx?.okta?.outcome?.result_lower != null && (ctx?.okta?.outcome?.result_lower == "failure" || ctx?.okta?.outcome?.result_lower == "deny") + - set: + field: event.outcome + value: unknown + if: ctx?.event?.outcome == null + - remove: + field: okta.outcome.result_lower + ignore_missing: true + - script: + lang: painless + source: | + def arr = ctx?.okta?.target; + if (arr != null) { + for (def i = 0; i < arr.length; i++) { + arr[i]["alternate_id"] = arr[i]["alternateId"]; + arr[i].remove("alternateId"); + arr[i]["display_name"] = arr[i]["displayName"]; + arr[i].remove("displayName"); + arr[i].remove("detailEntry"); + } + } + - script: + lang: painless + source: | + def arr = ctx?.okta?.target; + if (arr != null) { + for (def i = 0; i < arr.length; i++) { + if (arr[i]["type"].toLowerCase().contains("user")) { + ctx["okta_target_user"] = arr[i]; + break; + } + } + } + if: ctx?.okta?.event_type != null && ctx?.okta?.event_type.contains("user.") + - script: + lang: painless + source: | + def arr = ctx?.okta?.target; + if (arr != null) { + for (def i = 0; i < arr.length; i++) { + if (arr[i]["type"].toLowerCase().contains("group")) { + ctx["okta_target_group"] = arr[i]; + break; + } + } + } + if: ctx?.okta?.event_type != null && ctx?.okta?.event_type.contains("group.") + - rename: + field: okta_target_user.display_name + target_field: user.target.full_name + ignore_missing: true + - rename: + field: okta_target_user.id + target_field: user.target.id + ignore_missing: true + - rename: + field: okta_target_user.login + target_field: user.target.email + ignore_missing: true + - rename: + field: okta_target_group.display_name + target_field: user.target.group.name + ignore_missing: true + - rename: + field: okta_target_group.id + target_field: user.target.group.id + ignore_missing: true + - remove: + field: + - okta_target_user + - okta_target_group + ignore_missing: true + - set: + field: client.user.id + value: "{{okta.actor.id}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.id != null + - set: + field: source.user.id + value: "{{okta.actor.id}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.id != null + - set: + field: client.user.full_name + value: "{{okta.actor.display_name}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.display_name != null + - set: + field: source.user.full_name + value: "{{okta.actor.display_name}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.display_name != null + - set: + field: user.full_name + value: "{{okta.actor.display_name}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.display_name != null + - append: + field: related.user + value: "{{okta.actor.display_name}}" + allow_duplicates: false + if: ctx?.okta?.actor?.display_name != null + - append: + field: related.user + value: "{{user.target.full_name}}" + allow_duplicates: false + if: ctx?.user?.target?.full_name != null + - append: + field: related.ip + value: "{{source.ip}}" + allow_duplicates: false + if: ctx?.source?.ip != null + - append: + field: related.ip + value: "{{destination.ip}}" + allow_duplicates: false + if: ctx?.destination?.ip != null + - remove: + field: json + ignore_missing: true - user_agent: field: user_agent.original ignore_missing: true diff --git a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json index 39d00244185..226b52efa7d 100644 --- a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json +++ b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json @@ -11,7 +11,8 @@ "client.user.id": "00u1abvz4pYqdM8ms4x6", "event.action": "user.session.end", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "okta.system", "event.id": "faf7398a-4f77-11ea-97fb-5925e98228bd", @@ -20,7 +21,8 @@ "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102nZHzd6OHSfGG51vsoc22gw\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"authnRequestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestId\":\"XkccyyMli2Uay2I93ZgRzQAAB0c\",\"requestUri\":\"/login/signout\",\"threatSuspected\":\"false\",\"url\":\"/login/signout?message=login_page_messages.session_has_expired\"}},\"displayMessage\":\"User logout from Okta\",\"eventType\":\"user.session.end\",\"legacyEventType\":\"core.user_auth.logout_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T22:18:51.843Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkccyyMli2Uay2I93ZgRzQAAB0c\",\"type\":\"WEB\"},\"uuid\":\"faf7398a-4f77-11ea-97fb-5925e98228bd\",\"version\":\"0\"}", "event.outcome": "success", "event.type": [ - "access" + "end", + "user" ], "fileset.name": "system", "input.type": "log", @@ -47,8 +49,12 @@ "okta.transaction.id": "XkccyyMli2Uay2I93ZgRzQAAB0c", "okta.transaction.type": "WEB", "okta.uuid": "faf7398a-4f77-11ea-97fb-5925e98228bd", - "related.ip": "108.255.197.247", - "related.user": "xxxxxx", + "related.ip": [ + "108.255.197.247" + ], + "related.user": [ + "xxxxxx" + ], "service.type": "okta", "source.as.number": 7018, "source.as.organization.name": "AT&T Services, Inc.", @@ -66,6 +72,7 @@ "tags": [ "forwarded" ], + "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", @@ -86,7 +93,8 @@ "client.user.id": "00u1abvz4pYqdM8ms4x6", "event.action": "user.session.start", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "okta.system", "event.id": "3aeede38-4f67-11ea-abd3-1f5d113f2546", @@ -95,7 +103,8 @@ "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "event.outcome": "success", "event.type": [ - "access" + "start", + "user" ], "fileset.name": "system", "input.type": "log", @@ -123,8 +132,12 @@ "okta.transaction.id": "XkcAsWb8WjwDP76xh@1v8wAABp0", "okta.transaction.type": "WEB", "okta.uuid": "3aeede38-4f67-11ea-abd3-1f5d113f2546", - "related.ip": "108.255.197.247", - "related.user": "xxxxxx", + "related.ip": [ + "108.255.197.247" + ], + "related.user": [ + "xxxxxx" + ], "service.type": "okta", "source.as.number": 7018, "source.as.organization.name": "AT&T Services, Inc.", @@ -142,6 +155,7 @@ "tags": [ "forwarded" ], + "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", @@ -171,7 +185,7 @@ "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"Evaluation of sign-on policy\",\"eventType\":\"policy.evaluate_sign_on\",\"legacyEventType\":null,\"outcome\":{\"reason\":\"Sign-on policy evaluation resulted in ALLOW\",\"result\":\"ALLOW\"},\"published\":\"2020-02-14T20:18:57.762Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":[{\"alternateId\":\"unknown\",\"detailEntry\":{\"policyType\":\"OktaSignOn\"},\"displayName\":\"Default Policy\",\"id\":\"00p1abvweGGDW10Ur4x6\",\"type\":\"PolicyEntity\"},{\"alternateId\":\"00p1abvweGGDW10Ur4x6\",\"detailEntry\":null,\"displayName\":\"Default Rule\",\"id\":\"0pr1abvwfqGFI4n064x6\",\"type\":\"PolicyRule\"}],\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3af594f9-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "event.outcome": "success", "event.type": [ - "access" + "info" ], "fileset.name": "system", "input.type": "log", @@ -214,8 +228,12 @@ "okta.transaction.id": "XkcAsWb8WjwDP76xh@1v8wAABp0", "okta.transaction.type": "WEB", "okta.uuid": "3af594f9-4f67-11ea-abd3-1f5d113f2546", - "related.ip": "108.255.197.247", - "related.user": "xxxxxx", + "related.ip": [ + "108.255.197.247" + ], + "related.user": [ + "xxxxxx" + ], "service.type": "okta", "source.as.number": 7018, "source.as.organization.name": "AT&T Services, Inc.", @@ -233,6 +251,7 @@ "tags": [ "forwarded" ], + "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", diff --git a/x-pack/filebeat/module/oracle/database_audit/config/config.yml b/x-pack/filebeat/module/oracle/database_audit/config/config.yml index 351a4c26f7d..09552183e0d 100644 --- a/x-pack/filebeat/module/oracle/database_audit/config/config.yml +++ b/x-pack/filebeat/module/oracle/database_audit/config/config.yml @@ -18,4 +18,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 3d3f0be207f..8fa5bd12958 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -209,4 +209,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 3bf76a0c5c1..42d2f4ff9c1 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -385,21 +385,25 @@ processors: - append: if: 'ctx?.source?.ip != null' field: related.ip + allow_duplicates: false value: - '{{source.ip}}' - append: if: 'ctx?.destination?.ip != null' field: related.ip + allow_duplicates: false value: - '{{destination.ip}}' - append: if: 'ctx?.source?.nat?.ip != null' field: related.ip + allow_duplicates: false value: - '{{source.nat.ip}}' - append: if: 'ctx?.destination?.nat?.ip != null' field: related.ip + allow_duplicates: false value: - '{{destination.nat.ip}}' @@ -528,43 +532,51 @@ processors: - append: field: related.user + allow_duplicates: false value: "{{client.user.name}}" if: "ctx?.client?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{source.user.name}}" if: "ctx?.source?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{server.user.name}}" if: "ctx?.server?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{destination.user.name}}" if: "ctx?.destination?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{url.username}}" if: "ctx?.url?.username != null && ctx?.url?.username != ''" allow_duplicates: false - append: field: related.hash + allow_duplicates: false value: "{{panw.panos.file.hash}}" if: "ctx?.panw?.panos?.file?.hash != null" - append: field: related.hosts + allow_duplicates: false value: "{{observer.hostname}}" if: "ctx?.observer?.hostname != null && ctx.observer?.hostname != ''" allow_duplicates: false - append: field: related.hosts + allow_duplicates: false value: "{{url.domain}}" if: "ctx?.url?.domain != null && ctx.url?.domain != ''" allow_duplicates: false diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index 54a45d4465e..a6777dca5e6 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -803,11 +803,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index cf6c021da90..10ea226c1ee 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -75,11 +75,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -176,11 +174,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -278,11 +274,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -380,11 +374,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -482,11 +474,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -584,11 +574,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -686,11 +674,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -787,11 +773,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -888,11 +872,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -989,11 +971,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1091,11 +1071,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1191,11 +1169,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1292,11 +1268,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1393,11 +1367,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1495,11 +1467,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1596,11 +1566,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1693,11 +1661,9 @@ "related.ip": [ "192.168.0.2", "78.159.99.224", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1795,11 +1761,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1895,11 +1859,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1995,11 +1957,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2096,11 +2056,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2196,11 +2154,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2294,11 +2250,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2389,11 +2343,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2484,11 +2436,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2579,11 +2529,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2674,11 +2622,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2769,11 +2715,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2864,11 +2808,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2959,11 +2901,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3054,11 +2994,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3149,11 +3087,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3244,11 +3180,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3338,11 +3272,9 @@ "related.ip": [ "192.168.0.2", "69.43.161.167", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3436,11 +3368,9 @@ "related.ip": [ "192.168.0.2", "202.31.187.154", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3534,11 +3464,9 @@ "related.ip": [ "192.168.0.2", "89.111.176.67", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3634,11 +3562,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3732,11 +3658,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3829,11 +3753,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3929,11 +3851,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4026,11 +3946,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4124,11 +4042,9 @@ "related.ip": [ "192.168.0.2", "89.108.64.156", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4221,11 +4137,9 @@ "related.ip": [ "192.168.0.2", "89.108.64.156", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4307,11 +4221,9 @@ "related.ip": [ "204.232.231.46", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4413,11 +4325,9 @@ "related.ip": [ "192.168.0.2", "216.8.179.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4509,11 +4419,9 @@ "related.ip": [ "192.168.0.2", "69.43.161.154", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4605,11 +4513,9 @@ "related.ip": [ "192.168.0.2", "208.91.196.252", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4702,11 +4608,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4801,11 +4705,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4900,11 +4802,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5000,11 +4900,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5100,11 +4998,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5200,11 +5096,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5289,11 +5183,9 @@ "related.ip": [ "173.236.179.57", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5395,11 +5287,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5484,11 +5374,9 @@ "related.ip": [ "91.209.163.202", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5579,11 +5467,9 @@ "related.ip": [ "122.226.169.183", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5684,11 +5570,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5773,11 +5657,9 @@ "related.ip": [ "109.201.131.15", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5865,11 +5747,9 @@ "related.ip": [ "91.209.163.202", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5968,11 +5848,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6065,11 +5943,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6162,11 +6038,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6251,11 +6125,9 @@ "related.ip": [ "173.236.179.57", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6357,11 +6229,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6456,11 +6326,9 @@ "related.ip": [ "192.168.0.6", "207.46.140.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6541,11 +6409,9 @@ "related.ip": [ "65.54.161.34", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6636,11 +6502,9 @@ "related.ip": [ "65.55.5.231", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6741,11 +6605,9 @@ "related.ip": [ "192.168.0.6", "65.54.71.11", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6825,11 +6687,9 @@ "related.ip": [ "74.125.239.17", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6924,11 +6784,9 @@ "related.ip": [ "192.168.0.2", "208.85.40.48", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7008,11 +6866,9 @@ "related.ip": [ "74.125.224.198", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7100,11 +6956,9 @@ "related.ip": [ "188.190.124.75", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -7194,11 +7048,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7285,11 +7137,9 @@ "related.ip": [ "74.125.239.3", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7376,11 +7226,9 @@ "related.ip": [ "74.125.239.3", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7467,11 +7315,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7566,11 +7412,9 @@ "related.ip": [ "192.168.0.2", "74.125.239.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7650,11 +7494,9 @@ "related.ip": [ "74.125.224.193", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7742,11 +7584,9 @@ "related.ip": [ "74.125.239.20", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7833,11 +7673,9 @@ "related.ip": [ "208.80.154.225", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7925,11 +7763,9 @@ "related.ip": [ "208.80.154.234", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8017,11 +7853,9 @@ "related.ip": [ "65.54.75.25", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8111,11 +7945,9 @@ "related.ip": [ "74.125.224.206", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8202,11 +8034,9 @@ "related.ip": [ "74.125.224.195", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8294,11 +8124,9 @@ "related.ip": [ "207.178.96.34", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8388,11 +8216,9 @@ "related.ip": [ "74.125.224.195", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8479,11 +8305,9 @@ "related.ip": [ "74.125.239.20", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8571,11 +8395,9 @@ "related.ip": [ "66.152.109.24", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8665,11 +8487,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8764,11 +8584,9 @@ "related.ip": [ "192.168.0.2", "74.125.224.201", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8848,11 +8666,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8939,11 +8755,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -9038,11 +8852,9 @@ "related.ip": [ "192.168.0.2", "208.85.40.48", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9122,11 +8934,9 @@ "related.ip": [ "74.125.224.201", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9213,11 +9023,9 @@ "related.ip": [ "74.125.224.201", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9304,11 +9112,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9395,11 +9201,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9487,11 +9291,9 @@ "related.ip": [ "74.125.224.198", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9578,11 +9380,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 44f7a7790ab..a4ae1b157d9 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -77,11 +77,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -176,11 +174,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -275,11 +271,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -377,11 +371,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -479,11 +471,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -578,11 +568,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -677,11 +665,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -779,11 +765,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -881,11 +865,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -983,11 +965,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1085,11 +1065,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1187,11 +1165,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1289,11 +1265,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1391,11 +1365,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1493,11 +1465,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1595,11 +1565,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1697,11 +1665,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1799,11 +1765,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1901,11 +1865,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2000,11 +1962,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2099,11 +2059,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2201,11 +2159,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2300,11 +2256,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2402,11 +2356,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2504,11 +2456,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2606,11 +2556,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2705,11 +2653,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2804,11 +2750,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2906,11 +2850,9 @@ "related.ip": [ "192.168.0.2", "98.149.55.63", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3008,11 +2950,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3107,11 +3047,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3209,11 +3147,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3311,11 +3247,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3410,11 +3344,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3509,11 +3441,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3611,11 +3541,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3713,11 +3641,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3812,11 +3738,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3911,11 +3835,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4008,7 +3930,6 @@ "related.ip": [ "192.168.0.100", "8.8.8.8", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4102,11 +4023,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4202,7 +4121,6 @@ "related.ip": [ "192.168.0.100", "50.19.102.116", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4299,11 +4217,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.19", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4401,11 +4317,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.24", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4498,7 +4412,6 @@ "related.ip": [ "192.168.0.100", "8.8.8.8", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4595,11 +4508,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4694,11 +4605,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4796,11 +4705,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4895,11 +4802,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4994,11 +4899,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5093,11 +4996,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5192,11 +5093,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5291,11 +5190,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5393,11 +5290,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5495,11 +5390,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5594,11 +5487,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5696,11 +5587,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5795,11 +5684,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5894,11 +5781,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5996,11 +5881,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.31", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6098,11 +5981,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6197,11 +6078,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6296,11 +6175,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6395,11 +6272,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6494,11 +6369,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6593,11 +6466,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6692,11 +6563,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6794,11 +6663,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6893,11 +6760,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6995,11 +6860,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7094,11 +6957,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7193,11 +7054,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7295,11 +7154,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7394,11 +7251,9 @@ "related.ip": [ "192.168.0.2", "8.5.1.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7493,11 +7348,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7592,11 +7445,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7694,11 +7545,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7786,11 +7635,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7888,11 +7735,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7990,11 +7835,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8082,11 +7925,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8174,11 +8015,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8276,11 +8115,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8375,11 +8212,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8474,11 +8309,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8576,11 +8409,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8675,11 +8506,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8767,11 +8596,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8866,11 +8693,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8968,11 +8793,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9067,11 +8890,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9166,11 +8987,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9265,11 +9084,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9367,11 +9184,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9469,11 +9284,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9571,11 +9384,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9663,11 +9474,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9765,11 +9574,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9867,11 +9674,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9969,11 +9774,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index d03e24e00c7..0d9b9000a97 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -81,8 +81,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -186,8 +185,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -291,8 +289,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -396,8 +393,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -501,8 +497,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -606,8 +601,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -711,8 +705,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -816,8 +809,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -921,8 +913,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1026,8 +1017,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1131,8 +1121,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1236,8 +1225,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1341,8 +1329,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1446,8 +1433,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1551,8 +1537,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1656,8 +1641,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1761,8 +1745,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1866,8 +1849,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1971,8 +1953,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2076,8 +2057,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2181,8 +2161,7 @@ "related.ip": [ "192.168.15.224", "23.72.137.131", - "192.168.1.63", - "23.72.137.131" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.137.131", @@ -2286,8 +2265,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2391,8 +2369,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2496,8 +2473,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2601,8 +2577,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2706,8 +2681,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2811,8 +2785,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2916,8 +2889,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3021,8 +2993,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3126,8 +3097,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3231,8 +3201,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3336,8 +3305,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3441,8 +3409,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3546,8 +3513,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3651,8 +3617,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3756,8 +3721,7 @@ "related.ip": [ "192.168.15.224", "151.101.2.2", - "192.168.1.63", - "151.101.2.2" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "151.101.2.2", @@ -3864,8 +3828,7 @@ "related.ip": [ "192.168.15.224", "54.192.7.152", - "192.168.1.63", - "54.192.7.152" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.192.7.152", @@ -3972,8 +3935,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4080,8 +4042,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4188,8 +4149,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4296,8 +4256,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4404,8 +4363,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4512,8 +4470,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4620,8 +4577,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4728,8 +4684,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4836,8 +4791,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4944,8 +4898,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5052,8 +5005,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5160,8 +5112,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5268,8 +5219,7 @@ "related.ip": [ "192.168.15.224", "216.58.194.98", - "192.168.1.63", - "216.58.194.98" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "216.58.194.98", @@ -5373,8 +5323,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5478,8 +5427,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5583,8 +5531,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5688,8 +5635,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5793,8 +5739,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5898,8 +5843,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6003,8 +5947,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6108,8 +6051,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6213,8 +6155,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6318,8 +6259,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6426,8 +6366,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6534,8 +6473,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6642,8 +6580,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6750,8 +6687,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6858,8 +6794,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6966,8 +6901,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7074,8 +7008,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7182,8 +7115,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7290,8 +7222,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7398,8 +7329,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7506,8 +7436,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7614,8 +7543,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7722,8 +7650,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7830,8 +7757,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7938,8 +7864,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -8046,8 +7971,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 200e02370d3..a6877841bd3 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -86,8 +86,7 @@ "related.ip": [ "192.168.15.207", "184.51.253.152", - "192.168.1.63", - "184.51.253.152" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5976, @@ -196,8 +195,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -309,8 +307,7 @@ "related.ip": [ "192.168.15.207", "17.253.3.202", - "192.168.1.63", - "17.253.3.202" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1035, @@ -419,8 +416,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -532,8 +528,7 @@ "related.ip": [ "192.168.15.196", "216.58.194.99", - "192.168.1.63", - "216.58.194.99" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1613, @@ -642,8 +637,7 @@ "related.ip": [ "192.168.15.224", "209.234.224.22", - "192.168.1.63", - "209.234.224.22" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 21111, @@ -752,8 +746,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -862,8 +855,7 @@ "related.ip": [ "192.168.15.224", "172.217.2.238", - "192.168.1.63", - "172.217.2.238" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 3732, @@ -972,8 +964,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 221, @@ -1082,8 +1073,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 221, @@ -1192,8 +1182,7 @@ "related.ip": [ "192.168.15.207", "17.249.60.78", - "192.168.1.63", - "17.249.60.78" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5469, @@ -1302,8 +1291,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 224, @@ -1412,8 +1400,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 117, @@ -1522,8 +1509,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 307, @@ -1632,8 +1618,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 365, @@ -1742,8 +1727,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -1852,8 +1836,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 161, @@ -1962,8 +1945,7 @@ "related.ip": [ "192.168.15.224", "98.138.49.44", - "192.168.1.63", - "98.138.49.44" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7805, @@ -2072,8 +2054,7 @@ "related.ip": [ "192.168.15.224", "72.30.3.43", - "192.168.1.63", - "72.30.3.43" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6106, @@ -2182,8 +2163,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 196, @@ -2292,8 +2272,7 @@ "related.ip": [ "192.168.15.224", "172.217.9.142", - "192.168.1.63", - "172.217.9.142" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 3245, @@ -2402,8 +2381,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 179, @@ -2515,8 +2493,7 @@ "related.ip": [ "192.168.15.224", "54.84.80.198", - "192.168.1.63", - "54.84.80.198" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 4537, @@ -2626,8 +2603,7 @@ "related.ip": [ "192.168.15.224", "199.167.55.52", - "192.168.1.63", - "199.167.55.52" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 0, @@ -2736,8 +2712,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -2842,8 +2817,7 @@ "related.ip": [ "192.168.15.210", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 130, @@ -2949,8 +2923,7 @@ "related.ip": [ "192.168.15.224", "172.217.9.142", - "192.168.1.63", - "172.217.9.142" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1991, @@ -3059,8 +3032,7 @@ "related.ip": [ "192.168.15.224", "151.101.2.2", - "192.168.1.63", - "151.101.2.2" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 523, @@ -3172,8 +3144,7 @@ "related.ip": [ "192.168.15.224", "216.58.194.66", - "192.168.1.63", - "216.58.194.66" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2428, @@ -3282,8 +3253,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -3392,8 +3362,7 @@ "related.ip": [ "192.168.15.210", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 196, @@ -3502,8 +3471,7 @@ "related.ip": [ "192.168.15.224", "184.51.253.193", - "192.168.1.63", - "184.51.253.193" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5003, @@ -3612,8 +3580,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 171, @@ -3723,8 +3690,7 @@ "related.ip": [ "192.168.15.224", "199.167.55.52", - "192.168.1.63", - "199.167.55.52" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 0, @@ -3836,8 +3802,7 @@ "related.ip": [ "192.168.15.224", "199.167.52.219", - "192.168.1.63", - "199.167.52.219" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2316, @@ -3949,8 +3914,7 @@ "related.ip": [ "192.168.15.224", "52.71.117.196", - "192.168.1.63", - "52.71.117.196" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 13966, @@ -4059,8 +4023,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 244, @@ -4169,8 +4132,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 205, @@ -4282,8 +4244,7 @@ "related.ip": [ "192.168.15.224", "35.186.194.41", - "192.168.1.63", - "35.186.194.41" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2302, @@ -4390,8 +4351,7 @@ "related.ip": [ "192.168.15.224", "35.201.124.9", - "192.168.1.63", - "35.201.124.9" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6757, @@ -4503,8 +4463,7 @@ "related.ip": [ "192.168.15.224", "100.24.131.237", - "192.168.1.63", - "100.24.131.237" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 9007, @@ -4613,8 +4572,7 @@ "related.ip": [ "192.168.15.224", "184.51.252.247", - "192.168.1.63", - "184.51.252.247" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 661, @@ -4726,8 +4684,7 @@ "related.ip": [ "192.168.15.224", "35.190.88.148", - "192.168.1.63", - "35.190.88.148" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -4839,8 +4796,7 @@ "related.ip": [ "192.168.15.224", "35.186.243.83", - "192.168.1.63", - "35.186.243.83" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -4949,8 +4905,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 182, @@ -5059,8 +5014,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 90, @@ -5172,8 +5126,7 @@ "related.ip": [ "192.168.15.224", "100.24.165.74", - "192.168.1.63", - "100.24.165.74" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6669, @@ -5282,8 +5235,7 @@ "related.ip": [ "192.168.15.224", "184.51.252.247", - "192.168.1.63", - "184.51.252.247" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 661, @@ -5390,8 +5342,7 @@ "related.ip": [ "192.168.15.224", "35.201.94.140", - "192.168.1.63", - "35.201.94.140" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -5496,8 +5447,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -5606,8 +5556,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 144, @@ -5716,8 +5665,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 206, @@ -5826,8 +5774,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 206, @@ -5936,8 +5883,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 169, @@ -6046,8 +5992,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 132, @@ -6156,8 +6101,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 127, @@ -6266,8 +6210,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 105, @@ -6376,8 +6319,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -6486,8 +6428,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 134, @@ -6596,8 +6537,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 179, @@ -6706,8 +6646,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 218, @@ -6816,8 +6755,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -6926,8 +6864,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 305, @@ -7039,8 +6976,7 @@ "related.ip": [ "192.168.15.224", "66.28.0.45", - "192.168.1.63", - "66.28.0.45" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 527, @@ -7149,8 +7085,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 153, @@ -7259,8 +7194,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 169, @@ -7369,8 +7303,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 128, @@ -7479,8 +7412,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 181, @@ -7589,8 +7521,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 121, @@ -7702,8 +7633,7 @@ "related.ip": [ "192.168.15.224", "23.52.174.25", - "192.168.1.63", - "23.52.174.25" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1246, @@ -7812,8 +7742,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 315, @@ -7922,8 +7851,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 130, @@ -8035,8 +7963,7 @@ "related.ip": [ "192.168.15.224", "54.230.5.228", - "192.168.1.63", - "54.230.5.228" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 288, @@ -8145,8 +8072,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 149, @@ -8255,8 +8181,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 202, @@ -8365,8 +8290,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 195, @@ -8475,8 +8399,7 @@ "related.ip": [ "192.168.15.195", "208.83.246.20", - "192.168.1.63", - "208.83.246.20" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 90, @@ -8584,8 +8507,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 192, @@ -8693,8 +8615,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 208, @@ -8802,8 +8723,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 100, @@ -8913,8 +8833,7 @@ "related.ip": [ "192.168.15.224", "35.185.88.112", - "192.168.1.63", - "35.185.88.112" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7237, @@ -9023,8 +8942,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 109, @@ -9133,8 +9051,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 116, @@ -9243,8 +9160,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 96, @@ -9356,8 +9272,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9469,8 +9384,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9582,8 +9496,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9692,8 +9605,7 @@ "related.ip": [ "192.168.15.224", "104.254.150.9", - "192.168.1.63", - "104.254.150.9" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7820, @@ -9805,8 +9717,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9918,8 +9829,7 @@ "related.ip": [ "192.168.15.224", "52.0.218.108", - "192.168.1.63", - "52.0.218.108" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10031,8 +9941,7 @@ "related.ip": [ "192.168.15.224", "52.6.117.19", - "192.168.1.63", - "52.6.117.19" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10144,8 +10053,7 @@ "related.ip": [ "192.168.15.224", "34.238.96.22", - "192.168.1.63", - "34.238.96.22" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10257,8 +10165,7 @@ "related.ip": [ "192.168.15.224", "130.211.47.17", - "192.168.1.63", - "130.211.47.17" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 280, @@ -10367,8 +10274,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -10477,8 +10383,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -10587,8 +10492,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -10697,8 +10601,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 170, @@ -10807,8 +10710,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -10917,8 +10819,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -11027,8 +10928,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 166, diff --git a/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml b/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml index 0b23c8ce377..33545d1ac54 100644 --- a/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml +++ b/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/rabbitmq/log/config/log.yml b/x-pack/filebeat/module/rabbitmq/log/config/log.yml index 8c1ba12a826..730ea5c04f3 100644 --- a/x-pack/filebeat/module/rabbitmq/log/config/log.yml +++ b/x-pack/filebeat/module/rabbitmq/log/config/log.yml @@ -18,4 +18,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/radware/defensepro/config/input.yml b/x-pack/filebeat/module/radware/defensepro/config/input.yml index 76a4ff73165..a2b133a9dc4 100644 --- a/x-pack/filebeat/module/radware/defensepro/config/input.yml +++ b/x-pack/filebeat/module/radware/defensepro/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/snort/log/config/input.yml b/x-pack/filebeat/module/snort/log/config/input.yml index b7fe0e504af..17aab4adc03 100644 --- a/x-pack/filebeat/module/snort/log/config/input.yml +++ b/x-pack/filebeat/module/snort/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/snyk/audit/config/config.yml b/x-pack/filebeat/module/snyk/audit/config/config.yml index 3a41b508690..73cd5423a02 100644 --- a/x-pack/filebeat/module/snyk/audit/config/config.yml +++ b/x-pack/filebeat/module/snyk/audit/config/config.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml index 7ce5c570372..ca371361192 100644 --- a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml +++ b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml @@ -96,4 +96,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/sonicwall/firewall/config/input.yml b/x-pack/filebeat/module/sonicwall/firewall/config/input.yml index 26340d167fc..6c6188a7022 100644 --- a/x-pack/filebeat/module/sonicwall/firewall/config/input.yml +++ b/x-pack/filebeat/module/sonicwall/firewall/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/sophos/utm/config/input.yml b/x-pack/filebeat/module/sophos/utm/config/input.yml index 07c7fdcbb18..0d4e59f4f42 100644 --- a/x-pack/filebeat/module/sophos/utm/config/input.yml +++ b/x-pack/filebeat/module/sophos/utm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/sophos/xg/config/config.yml b/x-pack/filebeat/module/sophos/xg/config/config.yml index 5a35058a55b..676d19f05d3 100644 --- a/x-pack/filebeat/module/sophos/xg/config/config.yml +++ b/x-pack/filebeat/module/sophos/xg/config/config.yml @@ -27,7 +27,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - add_fields: target: '_conf' fields: diff --git a/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml b/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml index bb2548bf941..a5c0b7c32cd 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml @@ -315,16 +315,18 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" - ############# ## Cleanup ## ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/atp.yml b/x-pack/filebeat/module/sophos/xg/ingest/atp.yml index df6ed8b35ca..c659264d633 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/atp.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/atp.yml @@ -206,14 +206,17 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml b/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml index a9dedb4070f..0b5f92c1e69 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml @@ -237,14 +237,17 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/event.yml b/x-pack/filebeat/module/sophos/xg/ingest/event.yml index 2565434a6f0..7d5c397587a 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/event.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/event.yml @@ -151,6 +151,11 @@ processors: field: source.user.name value: '{{sophos.xg.name}}' if: "ctx.sophos?.xg?.name != null" +- set: + field: user.name + value: '{{source.user.name}}' + ignore_empty_value: true + if: 'ctx.sophos?.xg?.log_subtype == "Authentication"' - rename: field: sophos.xg.usergroupname target_field: source.user.group.name diff --git a/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml b/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml index a9ad2eb988c..43ab892b8cc 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml @@ -401,22 +401,27 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.ip value: '{{source.nat.ip}}' + allow_duplicates: false if: 'ctx?.source?.nat?.ip != null' - append: field: related.ip value: '{{destination.nat.ip}}' + allow_duplicates: false if: 'ctx?.destination?.nat?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/idp.yml b/x-pack/filebeat/module/sophos/xg/ingest/idp.yml index f10f964eb13..efd049cb580 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/idp.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/idp.yml @@ -203,16 +203,17 @@ processors: - append: if: 'ctx?.source?.ip != null' field: related.ip - value: - - '{{source.ip}}' + value: '{{source.ip}}' + allow_duplicates: false - append: if: 'ctx?.destination?.ip != null' field: related.ip - value: - - '{{destination.ip}}' + value: '{{destination.ip}}' + allow_duplicates: false - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml index 8102bb92514..ef8599270e0 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml @@ -198,6 +198,11 @@ processors: } } ctx["host"]["name"] = name; +- append: + field: related.hosts + value: '{{host.name}}' + allow_duplicates: false + if: 'ctx.host?.name != null' ############# ## Cleanup ## diff --git a/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml b/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml index dce06fd1776..53f4a2f1884 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml @@ -106,14 +106,17 @@ processors: - append: field: related.ip value: "{{source.ip}}" + allow_duplicates: false if: "ctx.source?.ip != null" - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" - append: field: related.hash value: "{{file.hash.sha1}}" + allow_duplicates: false if: "ctx.file?.hash?.sha1 != null" - remove: field: diff --git a/x-pack/filebeat/module/sophos/xg/ingest/waf.yml b/x-pack/filebeat/module/sophos/xg/ingest/waf.yml index 3cbf1383467..8e58395a3bf 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/waf.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/waf.yml @@ -250,14 +250,17 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json index a78e3c1ccb0..044a0b01f33 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json @@ -32,6 +32,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "server.bytes": 0, "server.port": 0, "service.type": "sophos", @@ -104,6 +107,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "server.bytes": 0, "server.ip": "185.8.209.194", "server.port": 25, @@ -192,6 +198,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "server.bytes": 0, "server.ip": "185.8.209.194", "server.port": 25, @@ -280,6 +289,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "server.bytes": 0, "server.ip": "185.8.209.194", "server.port": 25, @@ -355,6 +367,9 @@ "observer.serial_number": "C44313350024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.233.61", "server.port": 25, @@ -423,6 +438,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.234.240", "server.port": 25, @@ -491,6 +509,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.17.121", "server.port": 25, @@ -557,6 +578,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.16.204", "server.port": 25, @@ -624,6 +648,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.17.121", "server.port": 25, @@ -688,6 +715,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.17.121", "server.port": 25, @@ -755,6 +785,9 @@ "observer.serial_number": "C44313350024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.233.61", "server.port": 110, diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json index 42590edbb33..65b2d6abdfd 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json @@ -46,6 +46,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.34.24", "13.226.155.93" @@ -124,6 +127,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.16.34.24", "13.226.155.18" @@ -199,6 +205,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "82.165.194.211", "186.8.209.194" @@ -284,6 +293,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "23.254.247.78", "185.7.209.194" @@ -365,6 +377,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.16.121", "10.198.234.240" @@ -436,6 +451,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.16.121", "10.198.234.240" @@ -509,6 +527,9 @@ "observer.serial_number": "SFDemo-2df0960", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.146.13.49", "10.8.142.181" @@ -574,6 +595,9 @@ "observer.serial_number": "SFDemo-2df0960", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.146.13.49", "10.8.142.181" diff --git a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json index 38c2694478e..a0230cb1dc4 100644 --- a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json @@ -40,6 +40,9 @@ "observer.serial_number": "C44310050024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.71", "46.161.30.47" @@ -112,6 +115,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.16.34.24", "13.226.155.22" @@ -180,6 +186,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.34.24", "13.226.155.22" @@ -245,6 +254,9 @@ "observer.serial_number": "C30006T22TGR89B", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.32.89", "82.211.30.202" diff --git a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json index 84dc15e1aeb..c8bb6001058 100644 --- a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json @@ -38,6 +38,9 @@ "observer.serial_number": "C44310050024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.71", "182.79.221.19" @@ -114,6 +117,9 @@ "observer.serial_number": "S110000E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "5.5.5.15", "216.58.197.44" @@ -189,6 +195,9 @@ "observer.serial_number": "S110016E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "5.5.5.15", "74.125.130.188" @@ -270,6 +279,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.34.10", "13.79.168.201" @@ -344,6 +356,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.34.15", "40.90.137.127" @@ -416,6 +431,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.34.15", "91.228.167.133" @@ -471,6 +489,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.108.108.49" ], @@ -537,6 +558,9 @@ "observer.serial_number": "C01001K234RXPA1", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "192.168.73.220", "64.233.189.147" @@ -609,6 +633,9 @@ "observer.serial_number": "C01001K234RXPA1", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "192.168.73.220", "64.233.188.94" diff --git a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json index 89d6878ec6f..a237d2d2a36 100644 --- a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json @@ -27,6 +27,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.35.116" ], @@ -50,7 +53,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2020-05-18T14:38:58.000-02:00", @@ -80,6 +84,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "83.20.132.250", "214.167.51.66" @@ -137,6 +144,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.connectiontype": "0", "sophos.xg.device": "SFW", @@ -180,6 +190,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "83.9.140.96" ], @@ -211,7 +224,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2020-05-18T14:39:01.000-02:00", @@ -239,6 +253,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -274,6 +291,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -318,6 +338,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "217.250.157.135" ], @@ -349,7 +372,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2020-05-18T14:39:04.000-02:00", @@ -372,6 +396,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.user": [ "elastic.user@elastic.test.com" ], @@ -420,6 +447,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "91.67.201.4" ], @@ -452,7 +482,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "hendrikl" }, { "@timestamp": "2020-05-18T14:39:06.000-02:00", @@ -473,6 +504,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -510,6 +544,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.66.35.15" ], @@ -556,6 +593,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -591,6 +631,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.backup_mode": "'appliance' ", "sophos.xg.device": "SFW", @@ -637,6 +680,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "10.84.234.38" ], @@ -663,7 +709,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2018-06-06T11:12:10.000-02:00", @@ -684,6 +731,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "SG430", diff --git a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json index 7f1e5d9190b..35557e557da 100644 --- a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json @@ -60,6 +60,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.34.15", "91.228.167.86", @@ -174,6 +177,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.66.155", "91.228.165.117", @@ -276,6 +282,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.35.113", "172.20.4.52" @@ -359,6 +368,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.82.234.6", "192.168.0.1" @@ -453,6 +465,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "51.77.56.9", "185.7.209.207" @@ -547,6 +562,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.35.101", "192.168.5.11" @@ -636,6 +654,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.36.105", "10.84.234.14" @@ -718,6 +739,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.82.234.9", "10.82.234.11" @@ -805,6 +829,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.84.234.7", "172.16.34.50" @@ -896,6 +923,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "192.168.1.254", "172.17.32.19" @@ -983,6 +1013,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.17.35.119", "172.16.34.10" @@ -1074,6 +1107,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.32.19", "8.8.8.8" @@ -1154,8 +1190,10 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ - "0.0.0.0", "0.0.0.0" ], "rule.id": "0", @@ -1235,6 +1273,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.38.184", "10.198.39.255" @@ -1318,6 +1359,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.32.19", "10.198.32.48" @@ -1396,6 +1440,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.37.23", "10.198.36.48" @@ -1483,6 +1530,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.12.19", "8.8.8.8" @@ -1564,6 +1614,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "fe80::59f5:3ce8:c98e:5062", "ff02::1:2" @@ -1644,6 +1697,9 @@ "observer.serial_number": "SFDemo-9a04c43", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.37.57", "10.198.32.19" @@ -1736,6 +1792,9 @@ "observer.serial_number": "SFDemo-9a04c43", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.37.57", "72.163.4.185" diff --git a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json index d92a2b2e7e4..2dcaffd634e 100644 --- a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json @@ -32,6 +32,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "89.40.182.58", "172.16.68.20" @@ -104,6 +107,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "117.50.11.192", "172.16.66.155" @@ -178,6 +184,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "77.61.185.101", "172.16.68.20" @@ -250,6 +259,9 @@ "observer.serial_number": "SFDemo-f64dd6be", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.0.0.168", "10.1.1.234" @@ -315,6 +327,9 @@ "observer.serial_number": "SFDemo-f64dd6be", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.0.1.31", "10.1.0.115" diff --git a/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json index ed32ee3f213..acae45ad376 100644 --- a/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json @@ -28,6 +28,9 @@ "observer.serial_number": "C44310050024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "CR750iNG-XP", @@ -77,6 +80,9 @@ "related.hash": [ "83cd339302bf5e8ed5240ca6383418089c337a81" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.112" ], @@ -130,6 +136,9 @@ "observer.serial_number": "C44313350024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "CR750iNG-XP", @@ -178,6 +187,9 @@ "related.hash": [ "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.112" ], @@ -237,6 +249,9 @@ "related.hash": [ "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.112" ], @@ -296,6 +311,9 @@ "related.hash": [ "d910c4a81122c360fe57f67a04999425a65249db" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "172.16.34.24" ], diff --git a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json index ceed76baef1..9a3920dc168 100644 --- a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json @@ -42,6 +42,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "89.68.140.204", "185.8.209.207" @@ -123,6 +126,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "89.68.140.204", "185.8.209.207" @@ -196,6 +202,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "10.198.235.254", "10.198.233.48" @@ -264,6 +273,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.198.235.254", "10.198.233.48" @@ -339,6 +351,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "83.97.20.30", "216.167.51.72" diff --git a/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json index 64aa8a24494..0568deab20f 100644 --- a/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json @@ -18,6 +18,9 @@ "observer.serial_number": "S110016E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.ap": "A40024A636F7862", "sophos.xg.clients_conn_ssid": "2", @@ -53,6 +56,9 @@ "observer.serial_number": "S110016E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.ap": "A40024A636F7862", "sophos.xg.clients_conn_ssid": "3", diff --git a/x-pack/filebeat/module/squid/log/config/input.yml b/x-pack/filebeat/module/squid/log/config/input.yml index c7baa2772dc..16d64b095c6 100644 --- a/x-pack/filebeat/module/squid/log/config/input.yml +++ b/x-pack/filebeat/module/squid/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/suricata/eve/config/eve.yml b/x-pack/filebeat/module/suricata/eve/config/eve.yml index 8ce69929983..bac91dff1d7 100644 --- a/x-pack/filebeat/module/suricata/eve/config/eve.yml +++ b/x-pack/filebeat/module/suricata/eve/config/eve.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/tomcat/log/config/input.yml b/x-pack/filebeat/module/tomcat/log/config/input.yml index 7cf2dd7ce0a..d8c776349f3 100644 --- a/x-pack/filebeat/module/tomcat/log/config/input.yml +++ b/x-pack/filebeat/module/tomcat/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml index 73d374965aa..66a028f309d 100644 --- a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml +++ b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml @@ -22,4 +22,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/connection/config/connection.yml b/x-pack/filebeat/module/zeek/connection/config/connection.yml index 179f20a9043..71169efdf28 100644 --- a/x-pack/filebeat/module/zeek/connection/config/connection.yml +++ b/x-pack/filebeat/module/zeek/connection/config/connection.yml @@ -102,4 +102,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml index f86600e146d..b14165562ea 100644 --- a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml +++ b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml index 9e659922486..b59227d30df 100644 --- a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml +++ b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml @@ -120,4 +120,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml index 89a389c597e..6cd83108b41 100644 --- a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml +++ b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml @@ -68,4 +68,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dns/config/dns.yml b/x-pack/filebeat/module/zeek/dns/config/dns.yml index 9381f616b89..73130461034 100644 --- a/x-pack/filebeat/module/zeek/dns/config/dns.yml +++ b/x-pack/filebeat/module/zeek/dns/config/dns.yml @@ -210,4 +210,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml index 6d14aa2cd4d..b7a9c30ec10 100644 --- a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml +++ b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/files/config/files.yml b/x-pack/filebeat/module/zeek/files/config/files.yml index af6fdedb326..19dfddb9bf5 100644 --- a/x-pack/filebeat/module/zeek/files/config/files.yml +++ b/x-pack/filebeat/module/zeek/files/config/files.yml @@ -42,4 +42,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml index db39c759637..6acba2ed0c8 100644 --- a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml +++ b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml @@ -86,4 +86,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/http/config/http.yml b/x-pack/filebeat/module/zeek/http/config/http.yml index d44f361b8af..25bdbf709d1 100644 --- a/x-pack/filebeat/module/zeek/http/config/http.yml +++ b/x-pack/filebeat/module/zeek/http/config/http.yml @@ -76,6 +76,7 @@ processors: - {from: "destination.address", to: "destination.ip", type: "ip"} - {from: "destination.port", to: "url.port"} - {from: "http.request.method", to: "event.action"} + - {from: "url.username", to: "user.name"} ignore_missing: true fail_on_error: false - add_fields: @@ -93,4 +94,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/http/test/http-json.log b/x-pack/filebeat/module/zeek/http/test/http-json.log index 733495725a3..82b680f7275 100644 --- a/x-pack/filebeat/module/zeek/http/test/http-json.log +++ b/x-pack/filebeat/module/zeek/http/test/http-json.log @@ -1,2 +1,2 @@ -{"ts":1547687130.172944,"uid":"CCNp8v1SNzY7v9d1Ih","id.orig_h":"10.178.98.102","id.orig_p":62995,"id.resp_h":"17.253.5.203","id.resp_p":80,"trans_depth":1,"method":"GET","host":"ocsp.apple.com","uri":"/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=","version":"1.1","user_agent":"com.apple.trustd/2.0","request_body_len":0,"response_body_len":3735,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F5zuip1tSwASjNAHy7"],"resp_mime_types":["application/ocsp-response"]} -{"ts":1547707019.757479,"uid":"CMnIaR2V8VXyu7EPs","id.orig_h":"10.20.8.197","id.orig_p":35684,"id.resp_h":"34.206.130.40","id.resp_p":80,"trans_depth":1,"method":"GET","host":"httpbin.org","uri":"/ip","version":"1.1","user_agent":"curl/7.58.0","request_body_len":0,"response_body_len":32,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FwGPlr1GcKUWWdkXoi"],"resp_mime_types":["text/json"]} \ No newline at end of file +{"ts":1547687130.172944,"uid":"CCNp8v1SNzY7v9d1Ih","id.orig_h":"10.178.98.102","id.orig_p":62995,"id.resp_h":"17.253.5.203","username":"user","id.resp_p":80,"trans_depth":1,"method":"GET","host":"ocsp.apple.com","uri":"/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=","version":"1.1","user_agent":"com.apple.trustd/2.0","request_body_len":0,"response_body_len":3735,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F5zuip1tSwASjNAHy7"],"resp_mime_types":["application/ocsp-response"]} +{"ts":1547707019.757479,"uid":"CMnIaR2V8VXyu7EPs","id.orig_h":"10.20.8.197","id.orig_p":35684,"id.resp_h":"34.206.130.40","id.resp_p":80,"trans_depth":1,"method":"GET","host":"httpbin.org","uri":"/ip","version":"1.1","user_agent":"curl/7.58.0","request_body_len":0,"response_body_len":32,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FwGPlr1GcKUWWdkXoi"],"resp_mime_types":["text/json"]} diff --git a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json index 200950e922a..0b101cda6e1 100644 --- a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json @@ -43,6 +43,9 @@ "10.178.98.102", "17.253.5.203" ], + "related.user": [ + "user" + ], "service.type": "zeek", "source.address": "10.178.98.102", "source.ip": "10.178.98.102", @@ -53,6 +56,8 @@ "url.domain": "ocsp.apple.com", "url.original": "/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=", "url.port": 80, + "url.username": "user", + "user.name": "user", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "com.apple.trustd/2.0", @@ -66,5 +71,74 @@ "zeek.http.tags": [], "zeek.http.trans_depth": 1, "zeek.session_id": "CCNp8v1SNzY7v9d1Ih" + }, + { + "@timestamp": "2019-01-17T06:36:59.757Z", + "destination.address": "34.206.130.40", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "34.206.130.40", + "destination.port": 80, + "event.action": "get", + "event.category": [ + "network", + "web" + ], + "event.dataset": "zeek.http", + "event.id": "CMnIaR2V8VXyu7EPs", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "http", + "http.request.body.bytes": 0, + "http.request.method": "GET", + "http.response.body.bytes": 32, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 574, + "network.community_id": "1:Ol0Btm49e1mxnu/BXm1GM8w5ixY=", + "network.transport": "tcp", + "related.ip": [ + "10.20.8.197", + "34.206.130.40" + ], + "service.type": "zeek", + "source.address": "10.20.8.197", + "source.ip": "10.20.8.197", + "source.port": 35684, + "tags": [ + "zeek.http" + ], + "url.domain": "httpbin.org", + "url.original": "/ip", + "url.port": 80, + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0", + "zeek.http.resp_fuids": [ + "FwGPlr1GcKUWWdkXoi" + ], + "zeek.http.resp_mime_types": [ + "text/json" + ], + "zeek.http.status_msg": "OK", + "zeek.http.tags": [], + "zeek.http.trans_depth": 1, + "zeek.session_id": "CMnIaR2V8VXyu7EPs" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/zeek/intel/config/intel.yml b/x-pack/filebeat/module/zeek/intel/config/intel.yml index 15fa51970d2..d48dec70d0e 100644 --- a/x-pack/filebeat/module/zeek/intel/config/intel.yml +++ b/x-pack/filebeat/module/zeek/intel/config/intel.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/irc/config/irc.yml b/x-pack/filebeat/module/zeek/irc/config/irc.yml index cfc251d8616..58e1d861b13 100644 --- a/x-pack/filebeat/module/zeek/irc/config/irc.yml +++ b/x-pack/filebeat/module/zeek/irc/config/irc.yml @@ -72,4 +72,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml index 40ec169b7b1..6035aa9fba2 100644 --- a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml +++ b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml @@ -104,4 +104,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml index c1a4e8980b6..759dfc78536 100644 --- a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml +++ b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml index ebd1675c36c..b3f5d82d489 100644 --- a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml +++ b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml @@ -72,4 +72,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml index ce2de353549..d5552af6d29 100644 --- a/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml @@ -80,6 +80,10 @@ processors: field: event.type value: end if: "ctx?.zeek?.mysql?.cmd != null && ctx.zeek.mysql.cmd == 'connect_out'" +- append: + field: event.category + value: session + if: "ctx?.zeek?.mysql?.cmd != null && (ctx.zeek.mysql.cmd == 'connect' || ctx.zeek.mysql.cmd == 'connect_out')" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zeek/notice/config/notice.yml b/x-pack/filebeat/module/zeek/notice/config/notice.yml index 8d5fd59ecda..4b09b7bc41f 100644 --- a/x-pack/filebeat/module/zeek/notice/config/notice.yml +++ b/x-pack/filebeat/module/zeek/notice/config/notice.yml @@ -104,4 +104,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml index 5cbc5f40514..bcdf04d899f 100644 --- a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml +++ b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml @@ -86,4 +86,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml index 7094312427d..d929f70633f 100644 --- a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml +++ b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml @@ -64,4 +64,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/pe/config/pe.yml b/x-pack/filebeat/module/zeek/pe/config/pe.yml index b0bc5a71b43..34b81b46117 100644 --- a/x-pack/filebeat/module/zeek/pe/config/pe.yml +++ b/x-pack/filebeat/module/zeek/pe/config/pe.yml @@ -33,4 +33,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/radius/config/radius.yml b/x-pack/filebeat/module/zeek/radius/config/radius.yml index 87eb92ff92d..0779807c8fe 100644 --- a/x-pack/filebeat/module/zeek/radius/config/radius.yml +++ b/x-pack/filebeat/module/zeek/radius/config/radius.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml index 27757d6279f..f29a099da6b 100644 --- a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml +++ b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml @@ -88,4 +88,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml index b518662dcce..0f974ac07d7 100644 --- a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml +++ b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/sip/config/sip.yml b/x-pack/filebeat/module/zeek/sip/config/sip.yml index 09501c99ff8..3530b53ce8b 100644 --- a/x-pack/filebeat/module/zeek/sip/config/sip.yml +++ b/x-pack/filebeat/module/zeek/sip/config/sip.yml @@ -95,4 +95,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml index 514e086e76b..7b0ba2dd6dc 100644 --- a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml +++ b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml @@ -101,4 +101,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml index e61da9cb365..aa530a6f0de 100644 --- a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml +++ b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml @@ -61,4 +61,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml index c1e7908205d..414432e30a6 100644 --- a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml +++ b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml index f6abbf96616..cf31baf7d0c 100644 --- a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml +++ b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml index 1b4587e3298..b508ee874df 100644 --- a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml +++ b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml @@ -69,4 +69,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/socks/config/socks.yml b/x-pack/filebeat/module/zeek/socks/config/socks.yml index 72ef4e99d53..cc486a60c40 100644 --- a/x-pack/filebeat/module/zeek/socks/config/socks.yml +++ b/x-pack/filebeat/module/zeek/socks/config/socks.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml index c72f4424988..14e673c3e04 100644 --- a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml +++ b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml @@ -76,4 +76,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml index c64a851913d..cf3281a5d76 100644 --- a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml +++ b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml @@ -94,4 +94,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/stats/config/stats.yml b/x-pack/filebeat/module/zeek/stats/config/stats.yml index 3bbd773979e..a8fcb0ce6b9 100644 --- a/x-pack/filebeat/module/zeek/stats/config/stats.yml +++ b/x-pack/filebeat/module/zeek/stats/config/stats.yml @@ -97,4 +97,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml index cecb93d857d..167e7ea9569 100644 --- a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml +++ b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml index 47bc7d2f99c..35671bd15a4 100644 --- a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml +++ b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml @@ -45,4 +45,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml index 0186311141c..8bf2bd3ed48 100644 --- a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml +++ b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/weird/config/weird.yml b/x-pack/filebeat/module/zeek/weird/config/weird.yml index 4d3248b4515..317001ec2e4 100644 --- a/x-pack/filebeat/module/zeek/weird/config/weird.yml +++ b/x-pack/filebeat/module/zeek/weird/config/weird.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/x509/config/x509.yml b/x-pack/filebeat/module/zeek/x509/config/x509.yml index 25b4c0a5419..0f9b418e4fa 100644 --- a/x-pack/filebeat/module/zeek/x509/config/x509.yml +++ b/x-pack/filebeat/module/zeek/x509/config/x509.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index 6c2ed13fdba..34f0d4a6a54 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -34,4 +34,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml index c5368f0ab05..605ea1974ff 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml @@ -37,10 +37,80 @@ processors: field: zoom.object target_field: zoom.account ignore_missing: true +# +# set user.target from account.owner_* fields (create / delete account). +# +- set: + field: user.target.id + value: '{{zoom.account.owner_id}}' + ignore_empty_value: true +- set: + field: user.target.email + value: '{{zoom.account.owner_email}}' + ignore_empty_value: true + +# +# set user.target from old_values.account_* fields (updated account). +# +- set: + field: user.target.id + value: '{{zoom.old_values.id}}' + if: 'ctx.zoom?.old_values?.id != null' +- set: + field: user.target.email + value: '{{zoom.old_values.account_email}}' + if: 'ctx.zoom?.old_values?.account_email != null' +- set: + field: user.target.full_name + value: '{{zoom.old_values.account_name}}' + if: 'ctx.zoom?.old_values?.account_name != null' +- set: + field: user.target.name + value: '{{zoom.old_values.account_alias}}' + if: 'ctx.zoom?.old_values?.account_alias != null' + +# +# set user.changes from account.account_* fields (updated account). +# +- set: + field: user.changes.id + value: '{{zoom.account.id}}' + if: 'ctx.zoom?.account?.id != null && ctx.zoom?.old_values?.id != ctx.zoom?.account?.id' +- set: + field: user.changes.email + value: '{{zoom.account.account_email}}' + if: 'ctx.zoom?.account?.account_email != null && ctx.zoom?.old_values?.account_email != ctx.zoom?.account?.account_email' +- set: + field: user.changes.full_name + value: '{{zoom.account.account_name}}' + if: 'ctx.zoom?.account?.account_name != null && ctx.zoom?.old_values?.account_name != ctx.zoom?.account?.account_name' +- set: + field: user.changes.name + value: '{{zoom.account.account_alias}}' + if: 'ctx.zoom?.account?.account_alias != null && ctx.zoom?.old_values?.account_alias != ctx.zoom?.account?.account_alias' + +# +# Append to related.user array +# - append: field: related.user value: "{{zoom.account.owner_id}}" - if: ctx?.zoom?.account?.owner_id != null + allow_duplicates: false + if: ctx.zoom?.account?.owner_id != null +- append: + field: related.user + value: "{{user.target.id}}" + allow_duplicates: false + if: ctx.user?.target?.id != null +- append: + field: related.user + value: "{{user.changes.id}}" + allow_duplicates: false + if: ctx.user?.changes?.id != null + +# +# Cleanup +# - remove: field: zoom.time_stamp ignore_missing: true diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml index 8f3140d2799..98d6fcbcd90 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml @@ -44,6 +44,7 @@ processors: if: ctx?.zoom?.chat_channel?.timestamp != null - foreach: field: zoom.chat_channel.members + ignore_missing: true processor: append: field: related.user diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml index e0012edf8e4..9291add3593 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml @@ -45,10 +45,47 @@ processors: target_field: url.full ignore_missing: true if: ctx?.url?.full == null + +# +# Set user.* from participant, if any. +# +- remove: + field: + - user + ignore_missing: true + if: 'ctx.zoom?.participant != null' +- set: + field: user.id + value: '{{zoom.participant.id}}' + ignore_empty_value: true +- set: + field: user.full_name + value: '{{zoom.participant.user_name}}' + ignore_empty_value: true + +# +# Set user.id to be the meeting's host, unless already set. +# +- set: + field: user.id + value: '{{zoom.meeting.host_id}}' + ignore_empty_value: true + override: false + +# +# Append to related.user +# +- append: + field: related.user + value: "{{zoom.participant.id}}" + allow_duplicates: false + if: 'ctx.zoom?.participant?.id != null' - append: field: related.user value: "{{zoom.meeting.host_id}}" - if: ctx?.zoom?.meeting?.host_id != null + allow_duplicates: false + if: 'ctx.zoom?.meeting?.host_id != null' + - date: field: zoom.meeting.start_time target_field: event.start diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml index 2e363e3da42..b836cd9c96c 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml @@ -140,19 +140,30 @@ processors: - append: field: related.user value: "{{zoom.phone.callee.user_id}}" + allow_duplicates: false if: ctx?.zoom?.phone?.callee?.user_id != null - append: field: related.user value: "{{zoom.phone.callee_user_id}}" + allow_duplicates: false if: ctx?.zoom?.phone?.callee_user_id != null - append: field: related.user value: "{{zoom.phone.caller.user_id}}" + allow_duplicates: false if: ctx?.zoom?.phone?.caller?.user_id != null - remove: field: zoom.phone.date_time ignore_missing: true if: ctx?.event?.action == 'phone.voicemail_received' +- set: + field: source.user.id + value: '{{zoom.phone.caller.user_id}}' + ignore_empty_value: true +- set: + field: destination.user.id + value: '{{zoom.phone.callee.user_id}}' + ignore_empty_value: true on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml index 95c95cba215..4c114b5e08c 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -43,7 +43,18 @@ processors: - append: field: related.user value: "{{zoom.operator_id}}" - if: "ctx?.zoom?.operator_id != null" + if: "ctx.zoom?.operator_id != null" +# Set user.id from operator data (user who performs an action). +- set: + field: user.id + value: "{{zoom.operator_id}}" + if: "ctx.zoom?.operator_id != null" +# Set user.name from operator data only when user.id also set above. +- set: + field: user.email + value: "{{zoom.operator}}" + ignore_empty_value: true + if: "ctx.zoom?.operator_id != null" # Removing some fields that have complex nested arrays that might impact performance - remove: field: diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml index 9e5ba923b12..715f46bcbd9 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml @@ -46,13 +46,21 @@ processors: - UNIX_MS if: ctx?.event?.action == 'recording.renamed' ignore_failure: true +- remove: + field: zoom.recording.recording_file.recording_start + if: 'ctx.zoom?.recording?.recording_file?.recording_start == ""' +- remove: + field: zoom.recording.recording_file.recording_end + if: 'ctx.zoom?.recording?.recording_file?.recording_end == ""' - set: field: event.start value: '{{ zoom.recording.recording_file.recording_start }}' + ignore_empty_value: true if: ctx?.event?.action == 'recording.started' - set: field: event.end value: '{{ zoom.recording.recording_file.recording_end }}' + ignore_empty_value: true if: ctx?.event?.action == 'recording.stopped' - script: lang: painless @@ -74,12 +82,32 @@ processors: if: "ctx?.zoom?.recording?.host_id != null" - append: field: related.user - value: "{{zoom.recording.registrant.id}}" - if: "ctx?.zoom?.recording?.registrant?.id != null" + value: "{{zoom.registrant.id}}" + if: "ctx?.zoom?.registrant?.id != null" - remove: field: zoom.time_stamp ignore_missing: true if: ctx?.event?.action == 'recording.renamed' +- set: + field: 'user.email' + value: '{{zoom.registrant.email}}' + ignore_empty_value: true + if: 'ctx.user?.id == null && ctx.zoom?.registrant != null' +- set: + field: 'user.full_name' + value: '{{zoom.registrant.first_name}} {{zoom.registrant.last_name}}' + ignore_empty_value: true + if: 'ctx.user?.id == null && ctx.zoom?.registrant != null' +- set: + field: 'user.id' + value: '{{zoom.registrant.id}}' + ignore_empty_value: true + if: 'ctx.user?.id == null && ctx.zoom?.registrant != null' +- set: + field: 'user.id' + value: '{{zoom.recording.host_id}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant == null' on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml index 2f7a82bfc75..bf5f4afea4f 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml @@ -5,11 +5,11 @@ processors: value: configuration if: "['user.settings_updated'].contains(ctx?.event?.action)" - append: - field: event.type + field: event.category value: iam if: "!['user.signed_in', 'user.signed_out'].contains(ctx?.event?.action)" - append: - field: event.type + field: event.category value: authentication if: "['user.signed_in', 'user.signed_out'].contains(ctx?.event?.action)" - append: @@ -59,6 +59,129 @@ processors: - zoom.time_stamp - zoom.user.date_time ignore_missing: true + +# +# set user.* from operator. +# +- set: + field: user.id + value: '{{zoom.operator_id}}' + ignore_empty_value: true +- set: + field: user.email + value: '{{zoom.operator}}' + ignore_empty_value: true + +# +# set user.* from user object when there's no operator. +# +- set: + field: user.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.operator == null && ctx.zoom?.operator_id == null' +- set: + field: user.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + if: 'ctx.zoom?.operator == null && ctx.zoom?.operator_id == null' +- set: + field: user.full_name + value: '{{zoom.user.first_name}} {{zoom.user.last_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.operator == null && ctx.zoom?.operator_id == null && ctx.zoom?.user?.first_name != null' + +# +# set user.target.* from old_values +# +- set: + field: user.target.id + value: '{{zoom.old_values.id}}' + ignore_empty_value: true +- set: + field: user.target.id + value: '{{zoom.old_values.id}}' + ignore_empty_value: true +- set: + field: user.target.email + value: '{{zoom.old_values.email}}' + ignore_empty_value: true +- set: + field: user.target.email + value: '{{zoom.old_values.email}}' + ignore_empty_value: true +- set: + field: user.target.full_name + value: '{{zoom.old_values.first_name}} {{zoom.old_values.last_name}}' + if: 'ctx.zoom?.old_values?.first_name != null' + +# +# set user.target.* from user.* without overriding old_values. +# This is necessary because some fields doesn't exist in old_values. +# +- set: + field: user.target.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null' +- set: + field: user.target.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null' +- set: + field: user.target.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null' +- set: + field: user.target.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null' +- set: + field: user.target.full_name + value: '{{zoom.user.first_name}} {{zoom.user.last_name}}' + if: '(ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null) && ctx.zoom?.user?.first_name != null' + override: false + +# +# set user.changes.* from user object when there's old_values +# +- set: + field: user.changes.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.old_values?.id != null && ctx.zoom?.old_values?.id != ctx.zoom?.user?.id' +- set: + field: user.changes.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + if: 'ctx.zoom?.old_values?.email != null && ctx.zoom?.old_values?.email != ctx.zoom?.user?.email' +- set: + field: user.changes.full_name + value: '{{zoom.user.first_name}} {{zoom.user.last_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.old_values?.first_name != null && ctx.zoom?.old_values?.last_name != null && (ctx.zoom?.old_values?.last_name != ctx.zoom?.user?.last_name || ctx.zoom?.old_values?.first_name != ctx.zoom?.user?.first_name)' + +# +# append to related.user +# +- append: + field: related.user + value: "{{zoom.user.id}}" + allow_duplicates: false + if: "ctx.zoom?.user?.id != null" +- append: + field: related.user + value: "{{zoom.old_values.id}}" + allow_duplicates: false + if: "ctx.zoom?.old_values?.id != null" + on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml index f136fab304e..0cd605fbf16 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml @@ -68,14 +68,73 @@ processors: - ISO_INSTANT if: ctx?.event?.action == 'webinar.participant_left' ignore_failure: true + +# +# set user.* from participant +# +- set: + field: user.id + value: '{{zoom.participant.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.participant != null' +- set: + field: user.full_name + value: '{{zoom.participant.user_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.participant != null' + +# +# set user.* from registrant +# +- set: + field: user.id + value: '{{zoom.registrant.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant != null' +- set: + field: user.email + value: '{{zoom.registrant.email}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant != null' +- set: + field: user.full_name + value: '{{zoom.registrant.first_name}} {{zoom.registrant.last_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant != null' + +# +# set user.* from operator +# +- set: + field: user.id + value: '{{zoom.operator_id}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant == null && ctx.zoom?.participant == null' +- set: + field: user.email + value: '{{zoom.operator}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant == null && ctx.zoom?.participant == null' + +# +# append to related.user +# - append: field: related.user value: "{{zoom.webinar.host_id}}" - if: "ctx?.zoom?.webinar?.host_id != null" + allow_duplicates: false + if: "ctx.zoom?.webinar?.host_id != null" +- append: + field: related.user + value: "{{zoom.registrant.id}}" + allow_duplicates: false + if: "ctx.zoom?.registrant?.id != null" - append: field: related.user - value: "{{zoom.webinar.participant.user_id}}" - if: "ctx?.zoom?.webinar?.participant?.user_id != null" + value: "{{zoom.participant.id}}" + allow_duplicates: false + if: "ctx.zoom?.participant?.id != null" + on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml b/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml index 5c464b8ddd5..8a7370ed246 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml @@ -16,10 +16,6 @@ processors: field: zoom.object target_field: zoom.zoomroom ignore_missing: true -- append: - field: related.user - value: "{{zoom.user.id}}" - if: "ctx?.zoom?.user?.id != null" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index 34d5e7363e7..cb63b4bead7 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -28,6 +28,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "youramazingemailhere@somemail.com", + "user.id": "uLohghhRgfgrbTayCX6r2Q_qQsQ", + "user.target.email": "thesubaccountowneremail@somemail.com", + "user.target.id": "e2ZHO5RSGqyfrmFnElxw", "zoom.account.owner_email": "thesubaccountowneremail@somemail.com", "zoom.account.owner_id": "e2ZHO5RSGqyfrmFnElxw", "zoom.master_account_id": "lq8KK_EoRCq6ByEyA73qCA", @@ -56,13 +60,21 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "iKoRgfbaTazDX6r2Q_eQsQL" + "iKoRgfbaTazDX6r2Q_eQsQL", + "eFs_EGRCq6ByEyA73qCA" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.changes.full_name": "Michael Harris", + "user.changes.name": "MH", + "user.email": "theoperatoremail@someemail.com", + "user.id": "iKoRgfbaTazDX6r2Q_eQsQL", + "user.target.full_name": "Mike Harris", + "user.target.id": "eFs_EGRCq6ByEyA73qCA", + "user.target.name": "", "zoom.account.account_alias": "MH", "zoom.account.account_name": "Michael Harris", "zoom.master_account_id": "abKKcd_IGRCq63yEy673lCA", @@ -102,6 +114,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "youremail@someemail.com", + "user.id": "gdjfdhjLsuhfvhjd", + "user.target.email": "theowneremail@someemail.com", + "user.target.id": "eZbcHO5RSGqyKAUmFnElxw", "zoom.account.owner_email": "theowneremail@someemail.com", "zoom.account.owner_id": "eZbcHO5RSGqyKAUmFnElxw", "zoom.master_account_id": "aBcd_dgfoeq6ByEyA73qCA", diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json index 100d3fbeea9..97dfbf0338d 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -25,6 +25,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", "zoom.account_id": "vbbvnvAdsfe", "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", "zoom.chat_channel.name": "Delivering Happiness", @@ -32,6 +34,72 @@ "zoom.operator": "somememai@gmtsffjdfhail.com", "zoom.operator_id": "z8dfgdfguQrdfgdf" }, + { + "event.action": "chat_channel.updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 403, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Building Happy", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, + { + "event.action": "chat_channel.deleted", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "deletion" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 683, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Building Happy", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, { "event.action": "chat_channel.member_invited", "event.dataset": "zoom.webhook", @@ -57,6 +125,74 @@ "zoom-webhook", "forwarded" ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Delivering Happiness", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, + { + "event.action": "chat_channel.member_joined", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1311, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Delivering Happiness", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, + { + "event.action": "chat_channel.member_left", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1603, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", "zoom.account_id": "vbbvnvAdsfe", "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", "zoom.chat_channel.name": "Delivering Happiness", diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json index 86cf03b6423..348ffc2bac6 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -24,6 +24,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someoperatoremail@somekindofmailservice123.com", + "user.id": "zfdgdfgdfgfp8uQ", "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", @@ -59,6 +61,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someoperatoremail@somekindofmailservice123.com", + "user.id": "zfdgdfgdfgfp8uQ", "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", @@ -94,6 +98,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someoperatoremail@somekindofmailservice123.com", + "user.id": "zfdgdfgdfgfp8uQ", "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index 858f739d55a..123de911c51 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -24,6 +24,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", "zoom.meeting.issues": "Unstable audio quality", @@ -52,7 +53,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -60,6 +60,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": 111111111, @@ -98,6 +100,8 @@ "forwarded" ], "url.full": "https://zoom.us/j/00000000", + "user.email": "someemail@email.com", + "user.id": "BBBBBBBBBB", "zoom.account_id": "AAAAAAAAAAA", "zoom.meeting.id": 155184668, "zoom.meeting.start_time": "2019-07-11T20:00:00Z", @@ -133,7 +137,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "BBBBBBBBBB", "BBBBBBBBBB" ], "service.type": "zoom", @@ -141,6 +144,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "BBBBBBBBBB", "zoom.account_id": "AAAAAAAAAA", "zoom.meeting.host_id": "BBBBBBBBBB", "zoom.meeting.id": 809321987, @@ -178,6 +183,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", @@ -212,6 +218,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", @@ -248,6 +255,7 @@ "forwarded" ], "url.full": "https://zoom.us/w/someendpointhere", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, @@ -302,6 +310,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "somemail@email.com", + "user.id": "Lobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, @@ -342,6 +352,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, @@ -375,6 +386,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "s0AAAASoSE1V8KIFOCYw", "z8yCxTTTTSiw02QgCAp8uQ" ], "service.type": "zoom", @@ -382,6 +394,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", @@ -417,6 +431,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "s0AAAASoSE1V8KIFOCYw", "z8yCxTTTTSiw02QgCAp8uQ" ], "service.type": "zoom", @@ -424,6 +439,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", @@ -466,6 +483,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Shrijana Shrijana", + "user.id": "z8yCxjjyTAAAA2QgCfp8uQ", "zoom.account_id": "EPeQti9EQsiyO30GVYxHMA", "zoom.meeting.host_id": "z8yCxjjyTAAAA2QgCfp8uQ", "zoom.meeting.id": "5590000000", @@ -500,6 +519,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Tom Harry", + "user.id": "zf8yCxjjyTSdteriw02QgCfp8uQ", "zoom.account_id": "APeeQti9ErttQsiyO30GVYxHMA", "zoom.meeting.host_id": "zf8yCxjjyTSdteriw02QgCfp8uQ", "zoom.meeting.id": "5594913504", @@ -527,6 +548,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "iFxeBPYun6SAiWUzBcEkX", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -534,6 +556,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", @@ -564,6 +588,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "iFxeBPYun6SAiWUzBcEkX", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -571,6 +596,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json index c5ef97dac47..507943735b2 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -20,6 +20,7 @@ "cadsd32wA" ], "service.type": "zoom", + "source.user.id": "cadsd32wA", "tags": [ "zoom-webhook", "forwarded" @@ -56,6 +57,7 @@ "cajhdsf3wA" ], "service.type": "zoom", + "source.user.id": "cajhdsf3wA", "tags": [ "zoom-webhook", "forwarded" @@ -93,6 +95,7 @@ "z8yCxjgjsuyd58uQ" ], "service.type": "zoom", + "source.user.id": "z8yCxjgjsuyd58uQ", "tags": [ "zoom-webhook", "forwarded" @@ -108,6 +111,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" }, { + "destination.user.id": "z8yCDSSQWSSWuQ", "event.action": "phone.callee_answered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -145,6 +149,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" }, { + "destination.user.id": "z66jfgjdg2QgCfp8uQ", "event.action": "phone.callee_missed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -178,6 +183,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { + "destination.user.id": "z66jfgjdg2QgCfp8uQ", "event.action": "phone.callee_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -215,6 +221,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { + "destination.user.id": "z66jfgjdg2QgCfp8uQ", "event.action": "phone.caller_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -252,6 +259,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { + "destination.user.id": "sfcg43FOCYw", "event.action": "phone.callee_rejected", "event.dataset": "zoom.webhook", "event.duration": 6000000000, @@ -288,6 +296,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" }, { + "destination.user.id": "543234", "event.action": "phone.voicemail_received", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index f7a97693de5..f9be7349ab4 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,4 +1,116 @@ [ + { + "event.action": "recording.started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.start": "2019-07-31T22:41:02Z", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.id": "uLobbbbbbbbbb_qQsQ", + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_file.recording_start": "2019-07-31T22:41:02Z", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "event.action": "recording.paused", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 359, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.id": "uLobbbbbbbbbb_qQsQ", + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_file.recording_start": "2019-07-31T22:41:02Z", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "event.action": "recording.resumed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 717, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.id": "uLobbbbbbbbbb_qQsQ", + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_file.recording_start": "2019-07-31T22:45:02Z", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, { "event.action": "recording.stopped", "event.dataset": "zoom.webhook", @@ -25,6 +137,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 8, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -63,6 +176,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_email": "somemeail@someemailservice.fjdjf", @@ -101,6 +215,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "shrifdfdh@kjdmail.com", + "user.id": "zdhghgCfp8uQ", "zoom.account_id": "EPhgfhfghfYxHMA", "zoom.old_values.id": 7000000, "zoom.old_values.topic": "My Fancy Recording Title", @@ -139,6 +255,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -177,6 +294,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -215,6 +333,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -253,6 +372,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -283,13 +403,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 120, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -322,13 +446,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 120, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -361,13 +489,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 120, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json index 3921a3c7104..f643dda0471 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -1,15 +1,15 @@ [ { "event.action": "user.created", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" ], "event.module": "zoom", "event.timezone": "-02:00", - "event.type": [ - "iam" - ], "fileset.name": "webhook", "input.type": "log", "log.offset": 0, @@ -23,6 +23,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAA", "zoom.creation_type": "create", "zoom.operator": "anawesomeuser@email.com", @@ -34,6 +38,9 @@ }, { "event.action": "user.invitation_accepted", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -41,7 +48,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation" ], "fileset.name": "webhook", @@ -57,6 +63,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "maria@maria.developer.dfgfdgf", + "user.full_name": "Maria CoolPerson", + "user.id": "sbyjt3ODg", "zoom.account_id": "EPjyjVYxHMA", "zoom.user.email": "maria@maria.developer.dfgfdgf", "zoom.user.first_name": "Maria", @@ -66,6 +75,9 @@ }, { "event.action": "user.updated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -73,7 +85,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -91,6 +102,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "shrija2016+dev_ma@gmail.com", + "user.id": "uLobbbbbbbb_qQsQ", + "user.target.id": "uLobbbbbbbb_qQsQ", "zoom.account_id": "lAA_EBBBBBBB", "zoom.old_values.company": "NotZoom", "zoom.old_values.id": "uLobbbbbbbb_qQsQ", @@ -102,7 +116,8 @@ { "event.action": "user.settings_updated", "event.category": [ - "configuration" + "configuration", + "iam" ], "event.dataset": "zoom.webhook", "event.kind": [ @@ -111,7 +126,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -129,6 +143,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "iamtheoperator@gmail.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", + "user.target.id": "uL34AAbbbbAAAAAAQsQ", "zoom.account_id": "CAl6ByEyAq8KK_CCCCCC", "zoom.old_values.id": "uL34AAbbbbAAAAAAQsQ", "zoom.old_values.settings.in_meeting.private_chat": true, @@ -140,7 +157,8 @@ { "event.action": "user.settings_updated", "event.category": [ - "configuration" + "configuration", + "iam" ], "event.dataset": "zoom.webhook", "event.kind": [ @@ -149,7 +167,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -167,6 +184,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "somememail@randommailer28.com", + "user.id": "fdhjfdhsj536274gfd", + "user.target.id": "fdhjfdhsj536274gfd", "zoom.account_id": "EPbbbbb@@@@@2sfdfdA", "zoom.old_values.id": "fdhjfdhsj536274gfd", "zoom.old_values.settings.meeting_authentication": true, @@ -177,6 +197,9 @@ }, { "event.action": "user.deactivated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -184,7 +207,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -202,6 +224,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -213,6 +240,9 @@ }, { "event.action": "user.activated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -220,7 +250,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -238,6 +267,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -249,6 +283,9 @@ }, { "event.action": "user.disassociated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -256,7 +293,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -274,6 +310,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -285,6 +326,9 @@ }, { "event.action": "user.deleted", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -292,7 +336,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "deletion" ], @@ -310,6 +353,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -321,6 +369,9 @@ }, { "event.action": "user.presence_status_updated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -328,7 +379,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -345,6 +395,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "sfdhfghfgh@dkjdfd.com", + "user.id": "z8ycx1223fq", "zoom.account_id": "EPjfyjxHMA", "zoom.user.email": "sfdhfghfgh@dkjdfd.com", "zoom.user.id": "z8ycx1223fq", @@ -352,6 +404,9 @@ }, { "event.action": "user.personal_notes_updated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -359,7 +414,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -376,6 +430,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "sdfsgdfg@fjghg.ghm", + "user.id": "z8aggp8uq", + "user.target.email": "sdfsgdfg@fjghg.ghm", + "user.target.id": "z8aggp8uq", "zoom.account_id": "EPfhhdrYxHMA", "zoom.old_values.personal_notes": "this is the old note", "zoom.user.email": "sdfsgdfg@fjghg.ghm", @@ -384,6 +442,9 @@ }, { "event.action": "user.signed_in", + "event.category": [ + "authentication" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -391,7 +452,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "authentication", "creation", "start" ], @@ -408,6 +468,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "awesomeuser@awesomemeail.ghkgf", + "user.id": "djkglfdgkjdflghfdpe", "zoom.account_id": "dsjfosdfpdosgifdjg", "zoom.user.client_type": "android", "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", @@ -416,6 +478,9 @@ }, { "event.action": "user.signed_out", + "event.category": [ + "authentication" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -423,7 +488,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "authentication", "creation", "end" ], @@ -440,6 +504,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "awesomeuser@awesomemeail.ghkgf", + "user.id": "djkglfdgkjdflghfdpe", "zoom.account_id": "dsjfosdfpdosgifdjg", "zoom.user.client_type": "android", "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index 1bef0aa4e15..0c59a8beb21 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -17,7 +17,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -25,6 +24,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", @@ -62,6 +63,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "BBBBBBBBBB", "zoom.account_id": "AAAAAAAAAAA", "zoom.old_values.id": 155184668, "zoom.old_values.join_url": "https://zoom.us/j/00000000", @@ -97,7 +100,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -105,6 +107,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", @@ -142,6 +146,7 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.webinar.duration": 0, @@ -178,6 +183,7 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.webinar.duration": 0, @@ -241,13 +247,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "z8yCxTTTTSiw02QgCAp8uQ" + "z8yCxTTTTSiw02QgCAp8uQ", + "s0AAAASoSE1V8KIFOCYw" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", "zoom.participant.sharing_details.content": "application", @@ -284,13 +293,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "z8yCxTTTTSiw02QgCAp8uQ" + "z8yCxTTTTSiw02QgCAp8uQ", + "s0AAAASoSE1V8KIFOCYw" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", "zoom.participant.sharing_details.content": "application", @@ -327,13 +339,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.registrant.address": "", "zoom.registrant.city": "", @@ -383,13 +399,17 @@ "observer.vendor": "Zoom", "related.user": [ "Lobbbbbbbbbb_qQsQ", - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.operator": "somemail@email.com", "zoom.operator_id": "Lobbbbbbbbbb_qQsQ", @@ -425,13 +445,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.operator": "coolemail@email.com", "zoom.registrant.email": "coolemail@email.com", @@ -465,13 +489,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.operator": "coolemail@email.com", "zoom.registrant.email": "coolemail@email.com", @@ -504,13 +532,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ" + "uLoRgfbbTayCX6r2Q_qQsQ", + "iFxeBPYun6SAiWUzBcEkX" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", @@ -543,13 +574,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ" + "uLoRgfbbTayCX6r2Q_qQsQ", + "iFxeBPYun6SAiWUzBcEkX" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", diff --git a/x-pack/filebeat/module/zscaler/zia/config/input.yml b/x-pack/filebeat/module/zscaler/zia/config/input.yml index c24ac2c43d0..cf61c0a28f7 100644 --- a/x-pack/filebeat/module/zscaler/zia/config/input.yml +++ b/x-pack/filebeat/module/zscaler/zia/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/functionbeat/docs/fields.asciidoc b/x-pack/functionbeat/docs/fields.asciidoc index d3eef749804..4da5e828392 100644 --- a/x-pack/functionbeat/docs/fields.asciidoc +++ b/x-pack/functionbeat/docs/fields.asciidoc @@ -2040,7 +2040,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2093,7 +2093,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3284,6 +3284,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -4358,6 +4371,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -4528,6 +4554,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -7679,6 +7718,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -7854,6 +7894,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -7864,6 +8017,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -7967,6 +8233,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8083,6 +8462,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/x-pack/functionbeat/include/fields.go b/x-pack/functionbeat/include/fields.go index 8b3b7c24a1e..5ff059a6edd 100644 --- a/x-pack/functionbeat/include/fields.go +++ b/x-pack/functionbeat/include/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h79+U2cmRP+P/zFAh2xGdpPqpEUndv9E7IlDytHfkyLbn7nJmekMAqkESrCNAFlGj2xkbsa+zr7ZNsIBNAoS6UKFm0ZLUcPRMiWQUgE4lEZuKHzDW1bn+0jZoGi7HgWQ3Koje6qj1ZBZnOa/z4j0ILOL4A+I7axiGwaP0gQmOdYwYIWyJTs2xCWr69ltEfsKsFzbpRiMrAVQTyZX+2XqJV3sxVTS02C9uirUNLbVIKVekipMNGQM5KHaD/DFTYFoM8NeCE/p4LFAo4r8JgoX27qbGCtULqWpNDUMFmGhHhWHWp+9j8piOhfCSGUS+aJESxCRWax3h69AX2WCoI+4Lwx3ZJqXOsjT/MU/PYNTfk8j9YcaBsCGUZlNMoQmku3Jn5PobGcXZtClShbiPBeKc9qVSapylhGH3DHDZYVNP41EHsFRg25EEZSTqdZnKacapZOr+Lc43B4FUZTiD1uPXZifHRZ6DBK5jJgI9ymat0jtIM73gtD8esyt9fT7mCOsUnH9uEunAbRIhzwb8QJY2cRIT8V8FZms7oXGG8vbxl05kbk5P7y8h+cYksK9towlhRxclykrs8WBDJjvj00gzlMsJhXbZJwqYMgvZEWpuBSBEEEs12WkH4UBWJ3BgJS8zLIpCPTcuD7RCaQpXkokQKzbUUciJz5eryA9+Lr/0AXWlwbGjt8Oz9ei0RDgCUaTwuIk3ISkSIsoYdeqe7e1ClOQzDPO2EC8vDij4ENDXD7f4m5Shl5PS0X+JHA1pnGYRo+Fo5ByPgciB5C1TgCfS9FQlU0fWp2i9XqEbBvmVk9zr0x9Fg++Wg9IjJKOZ6vqo0gH2u582z804KnbFKEV8YjhSaCyZWlprwfSkloe2sNr73MtNjcggIE9owyFzobH7BlWxIKvQwrMMuyMnZB7iBUBth/3DhsFY1m3ZIjRPap4ImdU65IvK3DGfE5AU45039nkox4jpPcL9OqYYP9YDv/yStVIrWa7KxtxXtdrf3tzpt0kqpbr0m2zvRTmfnoLtP/ter2iBXGMR59UmxbMPtx5UAJ/U19tuEYsgBrTA5JKOMijylWZh8VI/ZnMSQe82YnaVUaHbf1OWgEc/QooqZwIMFuEKQSoRPDVhWpK1ypm2xQ+HwUjIdzxU3f2BgsU1it6xDcNp7qQ2fzINogYPBaja+CWyQIyYdtfXoxkAqLcVGEtfmJmMjLsUqV9rP0MNNC23jH/1F41rRUrNjalxp/8jZgJUZVT3GrI2h+QizQC34ss64V6ydfLzeNvbWycfr3fXynjGh8QoIfnfYbx5LNYe6jr7izPbVufEdrTcFl0tC639AjdC+Pzz3TrVNtMatuVUsREmmGb+mmpGjd/9cDwzZ8gIAFy2VNCEDmlIRwxIMzvxkRjKZm5VZsVQNnVO51CWOO12WCBkAV+aeLgvQLb2DqVarAM30/Qyzyq2e2jR85Y0iy/ZFIo7QTJax5KLJJHzACuMAmxyNmdJBp45H2HcbCJlOWeKHnA+cJemn/G1xIaMdQI6hOetGDmVGWkMpI/tcFMtJi3BFWuEX1fTdeDhqgVQJw6SKkGKNxVwZR8mWxATXNeVX9soSHvypfDjkX3yL8MzaWOvp681NfASfMA7SekTOEcqkJXr9X/jER5kHc6L4ZJrOiaZXxbyiq5tSpYmeSZLSAUsVetVCaoCoYBJRQ/356ZHyKOVWLKP8qlXfCANulKTCs32V0uA7AaH3RsowN6v5c05TzCIbAHEcbCIwGgpYDEJR2JeYTdG4AZAEvIZneGVRseIeEXIiCCVTmmkexMFIbQSgPGyCaPM/+7uFVnhLCkyePLXXRGMqikAYKctVO+CAreeq6gQNWCpnzWLevCbK6ybkbWs2m0WMKh1N5rYFFAxcGVTpVuRbPLGpsLGVMS3yzCKtCK933RSI+JbKB71I5YNuafG1S0JcDK+UmdRVtS3aaLVxzQlJdEZ5apbMlGVcNiTKNgR4YbvlpEDL6QWQ8Q20HhsOGWRHN71aQbHUr7Hz06P1Np7lXQk5Ey6IWxoWscql7eLkoASMyDpZCRZJVFeQ1X59s8HdNjNLIAfft2YErbhIKRYzsZx6hO9LcpMrlkWrFZkwYlBcYfOIu+Dwkcjhom2RCnJ6dPjRqKxDpPjINxXKyqs6dWxCeboi4ox7SqADZ37XYYuR0Z4PfJH/0QKHhuBXqtgQwAG+ARGSDlimyTEXSjMrYiXewDnAowkgHgWvXAKRyJUdgy9OdW+Puu1JOETMNx0As0FQcZwrDOeEM4Gd1QexyuwollOgdwA1rmVQMz7EzCC0HxWUIFRIMZ/wPwJQJbLQf/yEZXL4kFwCFVArPrMfDHWX3hiIpRjiXFVxOiJpsK+MG9gkVLcmangYUbKzBV3WB/Fw8ZtH02hnY+NRCpttOpUjLupEByqNgkqrsyKT6cruMft6ayCQ0JOLeEKiCTvehUjeKz6ggl7QZMJFq01aGQMrWowuoBzabfDeELzhsosF6A331Y2Xoph7u4YF0OFviGaGiEMBUUyopnaEM6pILNOUxZBMw357PmbKNwzXSOYyJ0MuElxUfomncqTs2vaFKFzfcJ0O4TB3OKpm0zGbsIymK6xlcuz6qC1Mrvzw1/gQrg5jVbT1WimvBJYJRJYQVaBcvY2MQXIShcVMLm2DoMISyZSxO+um5D7dHu50OsMSM1aikxpKuXiIkhAI4sEROx/PsYQryO6TcRUobjnES3JCJsxG9EskF4foPsMGCAwY4Amr10jz3l6tDks4GHujf0KvmCJck6lUig8wzYaXz8KlMHJqBHLCdMZjlFm4GF6R2vJVM7NgwPGP85RmMF7fJJtw7eoOVUGe76W2yA6Od+IEs2UAGSteULguS8OAmIQssb3wjAMMCV7NQFOEanJp3rP7otkm4aPhPhiKtMEZTrb22A4bDFmHst14+2CvlwzYwbDT3dum3d2tvcFgv7e9N9wtyeOKjhdKFqUTNoTeBNoJuFVB0oqGF6FWiV2ZoN/hQqGVF5qmcobTn3ClMz7Iw6sdtg17RyfL4daSj2vArbWyjYNxFweIUppCYgGIWxcrRPhwTTD8E/w2pgooODbeKY/tTb7SKnLmThgBwYBxrrRHj5DAuX/DqFZNjaCLbLclKEI09dlP/KNmIi8Lwwxvnw7NwsAYW1DCqSHIEtKxYZdbWYhkwlZ6xumkiXqRgC4reiaQBD2TqIu8KJkW3MtOKzqz3/wGyzTAfIeZgSAdAOBs8LpkO5gER7pXi8UR5cAVnvKN2u3Ej8xdjXWtLSdLFZUcDKEuUZUBmGdxzgMAcFlQrQxGZgime3fFtLSSJVPi1avCvoT8hBbwANFYIM731q5EZ2XmBmkvFIaZFAs7VsKK5mKUczX2s1YsSljSZr8g+bS01dt9TiozVBK6CzY/jOWLYMqdP3mVUDRf0UJlqSkUjJOedbKBWsHz2BI1oQJRo4o1mAmuv42O/dcta2gVXEV/ULAF5jfA9iu0lv2YFeUKAZPXXUq48z4BL1byb6Iz32DPluwEv0MHhrmjJOjk2E3QyRAbkZlvg2asMrrqCl2gemfOcrosadXLW7RuaToaIe8PMyO/lDO+ugnxuNmSb1GflUIHa0lSKa+MC0btVVmmsaJoxbcIksx67V7nxlbUi7ZDPwvgtSU3q/jmBi8Ln3J+kLs/XMNaE8Xg/Ai1mINTW6zxJh4cR02elRGMAPxsBIOW8dhte+4c3qAAnK1ViOGhLo6qNIgQm17kvgiJCgDet0C7w3N5i+8uaFqEYA56iaVQPMFamWMGJhIU8QySayF89z/8lorYZ4iIijLdalGHjg1lZjpZD6H6J4GPj+crvm3nGcU0vPtpse0w3uKOBcHwASZnaH7OccFTifeyPLufJpDb8vcFyP0C5H4Bcj8RIDeuSZfssFB7j4jmxiG9oLlf0NwPM6QXNPfyPHtBc7+gub8nNDfuFU8DzQ1jWTGa2xJ8C4qZptZlKJai9ADnRiRzcCvY+DTgFIvRk0d2L2RH9JX8eILI7uUttW8I726Q+UeHd4f24wu8+wXe/QLvfoF3v8C7X+DdL/DuF3j3gw3iBd79IAL4Au9+gXe/wLtf4N0v8O4beVaq74ekW9jBefHNYthBy1YHM4stpUrx4dzhRSnUVYDs4zSOJabcg8Se2BfR9IsUcjL/zY7wN2/kGILfnZz/fEwOz8//v/7foebmMKMTBpUcfhM1ZIJZ04be0kiKhu048KDdey0882nOMaZzcnTWJu//9vbXNiQEX3dQMkpiOZkYXWuHHBVNA2IHCIo0jTWPo7/AiHzhjzCV+5iPxta69Wk7pXPTTBtFuzii31p8MqWx/q21HpW6YvEY1nP0l5ANtU7hTLho9IoLCFeAsUrjMaTN9HmzIfatEQGD/bRhwuJYTqYpVwj1HEma4uiKdn9rBVnXhVF+xuFCyIsZOtZHXQY04Gf5G2xTVg59l0W14zzD8sUu3zgeuDi5KlnyOOnwu58Uj1GHtei5GZG3vivbFi8dChHntvgatQCAhUyjYuRz1hNmfBwsZqYJFyOmNCgLDBwynUk1RechiBFoOhoheS5RYUWZhCuu7ICiXK/MyGkZweYYR0NulmTSMe+/bBWWXDFCa/rhN0/ob7aVdsllJGvsS+RTAVOtaXwVTbjOGKQCxlfU5vlhp9PpbZL1VpU9+EsTY1ZoVbVK8uoQhcsyKeRJTZ9+PZPqPCrXj6qwadU5sUGMfCdQFOIJMStsvs64ZVsp89VvAt9kaXrt9rWr0zV0N3a6t9Tmebezc9AgffD9Ag49Ex+9VbpIcucZCachlO5VzUhfTibUXsQ7QyrECJFb04y5+yD12XokVbE0P0M+1oV9dfxc/t0FjFX54FtpDYgjoeoIe/1aTRy29XXs7XS6i5RI1Fm+iscC5j5phbNYp9xxqm5UK6ueqo9yxrKzMUvTr5yrx1E3S7M6ZG/z9rpyVt/t/SVDDjYDuYs32PIbd6lETqEgUZgxvxQZGMo4Vy5GWpT3cLn0CdeKpUPYnThU7oV8/+mc0GvJobDZRsKmeuxrHxSOHQ7hS7TTObCtxiyzOHy4DMDuUAs95tPxykrcnWHVaC4ScDZtIQvsEsUuyTP/tb06FbC0piBPzy6O+0c/HV/8fHZ48evJ+U8Xh8dnF93e/kX/Tf/i7KfD3s7usgvS5hEMeLciLnw8frfhap4rTUWyQVMpWGnWJFyK9EXE7NjgVNGvQAiY4BWUSY4lEzbYlzjNFb8GBXpZJ+kiHlMuLoniIraHg2FJXIJHqnh332fjT7mqx/venZxE0dIVGheNZNWRzJDXQee1W40l7hchkDFcuVg8F/eag+KimpsFqu1RcfnS/5BnSpfEwt1gHnvUeDkCi5PSahP31x0q5uE4x1SNo0mys6KJ6Zc0kxgZ45sLHZS1eXe0QxIOcSQ5JEfHP/v5K1/JgwwKSyyZt3gNVnGlmYjtibstbUrV2FYSDnEW/uC+mA08PSlK9ufTKcvg2jDwqzoTnbd7u/29t73+zs6bt0d7R/vH+2/2326/efvmbad/cNy/z5yoMe0+2qSc/XTY/e5n5eB462Dr6GCru7W/v79/1Nvf7+3u9ntHB92dXnf7qHvU7feP3/QO7zk7xVbzKPPT29ltniHPw+AS6NfPUNEqztTDrJvd/b23u7u7h52d7eO33b3Dzv5x722vu9s7Pnyz3X/T7xz1dneOu0d7+3s7b473tt+83ervdXv9w4Pe0eHbpcv9WRq5UvnKbJ2j4lI9S0Kf5ncWe/wRjsB9AhOucSOy5Xpqs1QLcrz/0d6oJj9LqUn/sE0+fPrxRAwzqnSWx3ASc87opE2O+j961MFR/0eHZVyefb/TrVVt3/bYHDLBFFfvsF+bJsTY0mOE+M3JlGVG1IyInZ2dbhb2NSFjKhI1pld11EiyzXYG3f1kd7CzE+91e3u9/YOtXq8bH+wOaG/7rtIkpL6gQ72UQCXF5JaFhmq2ec4Bsult5NmYCXc7tmQMKCIkwJpZFlwTDlcmT+pWQq/T6250zH/nnc5r+C/qdDr/vKulYOgdQKaOb0iwNYmWJrZ7sNd5CGLxRvIDw6sq5b+VJDGFm9tGjN+fWJ2qWZqWCpDh5VpXqt34nvVai5Z7XBGKVYPtibd1poiWEfkVb157tW0eLlXDRD3u2x0xw/kpt3eAQ3S+vQVc4z8gZzHHQhTLu/IcdeVj6ueaRi40sWfLrRp5MsffQBUflYqUPpAmVvkUT3cv0JdeOUDEdtNsO5ScePxmzNJUNjksCzz43s7uxd/674wHv7W/bfyZ4sHj/tFNj/p5ad3L//my0zmIaAoXajS/ZrDkV8XPU47WmpO6oF8LY187O3y/HiFUwPRj1mo2N/xuMhOw+jrXc8QIBGIL57WDXFv0CF6GApxYcd/MWHFH789ISDEha6apGU+TmGaJWm9D0yUsKquf37/6S7Ds7zUFaBlFONxV6l03BxZWA4pgrf8eqmGaQRhJDjnpeVwj2llexhgnP/HRmBwqlWfU+Pi2elf/rs5FmRdw1XflfMALxWv9dbh6qapkflq6NHEDDUmodVc5rQ3qfe3oPrPa//HTWZt88Hb1iYhBkcPWVtwBaIe2d4ME+PX0EJIAV4CLS8irEgXXjdNFp+tV5rwzwmK0yC+czb6CoDAlxoqJCrtSZO3DVyz0ExE/EM00vcgFX5Wp00Q6TYnp0XDg0z1YUJH+r2ADZEa7kNkFAM1Wd/Dl91rMxJYR15/fac/b5Axgax9rct6nKR/KTHB6H0ofwjMEH4nqIBvxEq7gAq+o1+l1Njp7G91d0tl63d15vXXw/4NrdF/ivtoNvJW6qt+3kLLuwUZnHyjrvt7uvO7t3J8yvGN1ccXmFzQdmXUwnqzM+bPtN9XH9xfCrlh9If58dq+NJKAtzrPrVS26czzHuw4PlRlhaWoeiO1PBXXE87l+1OV/8lntarwQXOnpTm9puMQChrAvUymKe/T3yUp1bJvw05mwjF/XJtOfIS1B3O7OztaeY75I2JcqjOJ+xCr+xzKTv4hQuJDM//C40GAu1ZTGcGI14A0I315ne/8+Q1cs4zS9WDpv2FdcT8GuXEYw2K4KT7dxl6wGzQtn1CV0KSIt6XRMRQ65jNrlXGtF0HzG9ViC05YaY8V4Xj6C7puOxzSjMSRoqDJ5Z+ftmzcH/b2j4zdvOwf7nYOjbq/fP7yXxlB8JKjODfdWrAxPyjfMQlb7QYSa4ldGMmbcN2b4o8L7rbi1D2UOsAryN0lOqRiRfjafaklSPshoNo/IGWMeVjLiepwPjFGzOZIpFaPNkdwcpHKwOZLdqLu9qbJ4M4YGNg1j4P+ikfzhdGtrb+N0a2erNg14OrNxT1VtgwOP4wor7wu7YVSJU2OasSQapXJAU28TFjUm70nrY7i6D+PpOhqegqtbVVUu0IRJoxb4umfnPxb2bpuc/nhGBXlrvFiuYhn4wm3jAUXg+a5ECp6Mm1tiwNdQ9Nh+7qJFXJrQhyLwCTi1FXrvRdKfwEG1yIDVWlVB2mvTqTVzaqK4tTQBK/RbFgAVC0/GX32HygJ4HNLGg0s6hVS5TXkKFIunvZ3dbGkPhSlNByko9iUoHUiZMiqaCHqDP5FhSktk2cQ856dnRLCR1BzPpWYU0nzETKlhnhrD05tUkAyam6cs7lUQJsAeMp9zIVi69HIT7Iu+cBDYbzqVHnc7YPAVjJslEfloMx4hrIUESV8g0e/h+0ObUMjYDc5mnM1mEaeCAgyZKmOlTpjQalOnagMoMZJvaNjAdhf+EH0Z60n6A02nYsONcYMnar0ChcLMZYHTkMoZ3BJVdakzo9zsRksLXcZUPlmpwHFVAUuDwNl+4Wq0p9aI1xc0cKpSurSY2frcTxLZa8d2V2RvnaTHQvYuGsmKWLxKZG84F/eag6eJ7LXjfDbIXjdN3zOyN5yT54HsfcxZeWhkb2V2ngmyd8kZKlr9DpG9lsaVInvP7oThrWF3iz0Cx1pz5b4Jhtd2/jvdWhlYrBnEix0/GIh362B7e7tLB7s7ezvbrNfr7A26rDvY3tkbbO1ud5M78uOhjmqVppNpDdNqAZxPAcQb0Psgp7d3Ifibg3gtsasFlJ4tDR2tKOQGBVADF61MAbzgHR8P7xhOwZ8d79jIi+8M79hAw1M4BPrO8I4NXHwyB0H3wjs2EPTY50ArxzveQvMTOBr6JnjHBjY80+OkkNJnh3esEvd88I4hZc8N77iAtj8v3nEBQ54n3nEBsd8D3jEc+gve8RviHUuMf8E7fju8Y4nxzxzv2Ezr94V3bKLhKbi63w/esYmDT8bNvRfesYmix/ZzHxTveBuBT8CpvSvesYmkP4GD+l3iHcvH8Q9ejABNs1J1NHesPKWZsrgs+F5mfMSN8CEKreHAJuotHQR3c7FiGOB7w/2U/8EShMrBUbVHAcImEpJ5G4kuYehCAr3YTalw2Y2baKpTtICexhJD9Qo6pj9XKwQ+xxIz9Rs1oTMaM19O6BAfzpg9mIJzfDk1bjhA8lzBEUB8UsDpFfUKKcnY5xyqPUhCBcAHbLu22AasXAqlrgeG2Z9zls1tiaFC+ofDA7p/sN8d7MVxskP/YwmWIhXfkKdVtsFnzKMalHe0tWawil/BMgtIGzDjUhItR8ywqlxt0LZsK0E5xo6pSFJ0wXwnUM93wwInWeJ4rap83R4MD3rDrZ29vcHWdkJ36VbMDnoHSYd12Pbe1m6ZnW6s35iprtul5TV8x5Z0dLVxfSFRKGkyYVTlmfUoQYi9UFoB9iwPxdhtEhVmdjrDzu4epZ0BPej0BnsB8/IMFZZNHPzp51P4uDhx8KefT11KYFtZhdjsPej8SdOl3Q+xtqp5ReExpH3SDd7QP8gYlHQkiZwJIx6SqHjMJqzt669OqR7b9yVxsNllcgGvtl7eEVazc0WwsjQohlrOGxXW1TwRREmoEKuY0UKGnxM6x5TWFo9+8tFQu2lYaPiKxfjSedvHF2i1oKeAAqAnNh2WaRsrgAbF2GcQrhhJV5z60ua8Qs7Vi2A2pL7yqH4H/F4VayHnPVSI9QVyEXVq1JTrvGE/t2vBswUmBUCvicOjpYwmKG66VO201jpXBM7dFdOEm+VsscdtM8FCaqMvszkkIB/DflJ+v9K46xaL2JJJrjQ0MvDFjZOGAq4YfYKHB4y0pmIU5Icyr7ci813Q13upLWx3htnRLF1gIJSq+fqRKrLm/D9Ns2j0x3obKPdt+iKrUoQIOlsXKyFrrdEfrTaOB1tordflaWrDPEF1qtFkuajtvWToY1EA2a5PAmc6KPw/XAarVctpqzJflz9c4iFNud6uG3Sl0uAwTx/Q7nu0iignQ6w0YRQ21EDjE6OAbB20ucwhyXmhXuaBNCgtQyQUF+Qyz1Io6noJF4sAnwnqCVc2VxAFFIgIYgl6UGDIOTA5WCS+ybCMfUM6/bK+er29vbWpGM3i8V8//2i/x88/aDktzZ5TH89gBl99EhOZYPlyrxVB9BVRjIkSZz1HG7QHF0QwjbaIFFxL40WgUpIDsDISv3UNmC3fbr6Buc4YVaEoULiJRVI5UtiGeRVKAGgmyO9Gv3kr3iJyYdev1qP2kuOL8/nXfLNUGV09o8oPtF2ySoTUdeV0LyEyrS34uSRfU6pUIDUPfmnHNl8UVIBNMKqMQa+qXOxHqseVvgPdahnUqgxHZnc8rsPow2vrzzaOQxZ6ujaO7e16mH97e6s0KHDwVmnSQAdWiPHXAUPLBn+xl+KaaPDrwPC0Imy1veuvsHeh3RPGPcJeIqPt0fz0NpaQ5l1YoVmhexCrEIwdXoVnsCa06W+Qa/9UO+gMiUXLybeIReMFYZOpLsYDQ8cnL+3btoSjP5TlcCFAaE41IwOmZ4yV7zfqmUTLurJB45VHlrHkGxT+dy5d0SmoYOfOGHqnU+bXq8oH+NOiktooDL4tW0XbeFutoZQhrKcFlfzDL77fiv5mKqGqv1pU1n+5Yv5V1JMPbIGXuSo5OIPWF6tF2HCqhjsez1++bjQ9cbwLtq4yZU6gVinkvhPQ5dbQRjNgTj7nNEUjJCj57hydQg8U5YNtyJx9idkUt/KxVLbcdC4Sa7XXVnEE/jR1kYbAZ6mOAIJ53NWqZe53LBlbBF+0K7YGPderjBcrph1wwCvQGkEDluLtkPoCbl7tZY0Q8hZjClTpaDK3LaDI45qnSreiIspgy/hjKyW/D2hV9rDF6yQnlyof9CKVD7oltdIuLc9ieKjdrRPgAOpFGy2MWJiNQWeUp4UD3LBMqVr67FHL6QWQ8Q2UORsOsfyv6dUKiqV+jZ2fHq238WLylZAz4QpuV6IzqBTbLuQH6i1c2sEiaQgCVPv1zYalyWI5ATn4vnU+6PtF6r6YieUUP3xfkptcsWyF5/qfbPMNhng4Agxf2nir+7w44ApSCHF1G3Z1liPhAo1ioyDoQOaoOOFR9OGgvhu7pt6JtqE/WwDffmlLwRn5GNNrBlEeBjgLmQXhIqEzzpQ1G6ETUCsSyrFTAa/xxGkKFxumglC48W69StwBAkU5sRP3+PHcsDw0hlxlNi9YCqbuhAG2TA4X2WpUkNOjw4+GdYcorEe+qXCZl81TuJ6zQqks3/+JarGrB0a7PFr4w9D6ShU7eNts+b4mRM0BPEwHLNPkmAulGS8X2gZJjB5L4qD3lYoc0reysrX1YzOfcQhIs4UksQz/5jSl2uiyqGGIK1TYIf+xs1L/wWXyB5/6T75UqU0rALVNMiyGWdLsQziFRhUkCBVSzCf8jyDUiozzHz8pNsxTI/iX5qWIJ5dGNPCDIezSW2qxFEOcIZqWdxORNBi/xg2vSFFVfuLiWsFDyo6L4St329QnYKoJx31H8Gg662wsM+vpyIykchScKaqG27UUlFY5uiHTlV159flq8Gjf9EQoWhqaF8vHmhSVsb76V+uKD6igFzSZcNFqk1bGwKcRowvT4K1ZYELD6YKO3HlAYD6R4tsljChsw5lSAkA1cLl2wjBORskgk7MAxuCX1vmYzW3EWo3ljBgFLciMDdzZPMS3TVPGAPZBN4vKyf1QXcDrDnYPM81/K01oe6vOJf84loLdsvpWMqCCdXWkNh3SjJcG9eRPcyq6LpCPi5J8VGl9J//gaUo3d6IOWcPZ+G+k//GTnRny4Yx0exdddODe0dh88Z/r5HA6TdmvbPB3rjd3OztRN+ru+OGt/f2n83enbXznbyy+kusO97fZ7UUd8k4OeMo2uzvH3e19y+7N3c62zcbmma6iIZ3wdFXh8w9nBNsna87vy1gyprpNEjbgVLTJMGNsoJI2mXGRyJlar9fLgydr434eZ7cfEPcmRtamcvavCMEPPs9OBvh5tAtrcoai807+Tq9ZlVtXLBNsVa5KjQbszQ8bYXt0tmiFbEfbUWej2+1twG08HldH/0zcnAVz7dBBwUwvmtz/rHLGWeDfamZdf3Y9x0xoqdokH+RC5zetYZrNeG0NrxZaXBv8svLY7UTdqqZc7VADzPYtO6fR7oF9dZ1azWgtq19OD98vY1OZ55w1RbPiqM4a73Oy3+lF3c9E09GaWsczgimNr5j2oFGFIT6qCBcjgKpBxhL8E9qnSsmY25sRpgnhzvbBJwKnyVCt3V0P6q9l2s5Q4xV1+O1z7xHiEBnqm6jIWCyzxDTHxSi11Go6gtMEwELkgCiCFKFu8saIkDED/bzBxcZnwkRMpyrHUaq2demaRkZKsAU9n/I4ONawQTVA1FKPz1BMKJmRNRaNIvJPxq7a5FeeMTWm2dU6gA/4NUvnxFve4HxndAi3Viuc4EKwbOGsYhMEH7LEFROsyJoLF9pW7W9l+tcXEHkzeUifbfeuVN5AXqlGKAD+3IGz8baThFvJcuMpyYoRdMwYxRw7NB2NQBfYJj8MXEq3QLid9EahlNuMvQ3y5x63TXrZDl12gPv5VWGx3M7RT7iKMwaBheoKs23CCIL2Fs3LkGdsRtNUtUkGwq/a6LbShAxoSkXMMnUH12ZlASgg6OQILUUsLuruAnvu1/X1zc7oN/F8PkztzSigAOICd6FB5lrx5JZb5l7r56lgGR1wf2vPqf/aD4v3AbMNlBpa4qCCNnRNaqcWLj13EVtYRqTMahzJ1SJ5ID2XHDqDwOjzLB5zzTC3GRCia3yhcIKlimPa8zFTzGHonEm04df32jCM8x6B+2L6Ovt0drxu/sCkEyk86BstXnA3V2RG3tp1u146YCwygH/OaTpXo5xmSYR/w43qzzM2GLN0ujmUFwAFTTevhJylLBkx0/RmicALy3rOVDTWk3/9AxryAyszo3j23+uNMD8He3ZHSPUTvlf/ajm67lQo12wW7ux/RVICiTRKHflLaSUuqFhmhWVZmpzCSQ/RiZBYBfK0x9dKbdYvFv5ytvQt6GDET9YrqnE1+KKZpbD47J6l/BZOU9gNw96a3l6wPOJrFk24zhhmyDc6bHNIP4OYpz/E1+wCTkwvgsGpizhjVLPkX324nu+7DXUrZ7gXH3+ZSmU0R/+X45DCf9fm90SQCY0/nBHM4UN6UbcX7bZDPF6ZHRbx+/PH/h2SojPIdLHqBeK0aBDpD4pTcHXD1NQXR9MUNayO42VZsDLLxFDuKLaqYe3kaN2hQ2z6khKqqmmzJHhIH5GT8Fyd5OXDE9uBbdSdwdX5Wt09lhX92ZjqC64uzBLgybqV9aqM+9Zrsn5y9O+GOdrAvFCdTucORR8AGrqy296HJGOIl1+sYEr2s9U2eHFtwjUfofvjeeEmw0t/UpmXKmOaZyQe8Y0BF+ZbCOfFI/5X88ePno+73e4d2GgE72Klwm+9SJkRFVPRLKqNmcK6ne5+dBehMO0LlkXXTCRyVffkzy3ab9EGD0MgOIQaWedM0EG6fFKoWGYsGhTphG4iZphKqhtN2DPTDEJ+MipG9uirE3WMxd3tRB0L3DN/ugozY0YmUmmi2DXLwksjb4yJqWyL0nifxmJTiik1gbM20NrTVHLtmDJhOuOxImtUaxpfkWuAKxQoQ7yv8YXreZtMM37NUzZi9g6pPQnXLMOLtOttwidTGuui1fBc27Th2zWvjTJo1jRlkSEwJpsoF67vLjACGswvZ6qD6G4kMs4Nyes1S3Un2rnbFDNxzTMJVXiWOsr6RnN9HA7rtkmnYk78bSSQEjtDbXKfGYIDWZ4xqEz0BKZIs8lUZk9pds7tiG6bGDj7mVCdI6MNSxMeIKHbpf3azVX8cOtiSQ6vNlYOjvx7l4emFPEoXOe1978crRebPcDGNST89jyCaQD5pOKKixGEqFuncgbFbljC80kLpbn1Ex+NWzAFxk0j1z0zqV59+hZBElQ1AIkZ131fGroq2tqKOhZ+PIcYYsKGXJRvZJoWiodLcxRIETzBFZEzwRK0XqigI4w9vT35+ew8+pCNMPUQWYMvjPIkn842sCaCkFD7a8gDVytI+tMms7E0yoArd9FaSzJm6RT0PkTUFYtBOI1lC3rCWF9TKYLDMs3oRBEaZ1Kh4TyTWZosEFFxnUSCKx2N5DXELDasKgJxrSsDPBxZTlTtlKzQuvCz3mhhAHDXcA8UhdsEKWTQg/T0qefZNOMy49pOBMnYiGZwOByogPtxsGbEm25i3/UtccgvO52DMPwI+Yb6lYT5N55EcWWsgBQ3BzyDQU/ELCwXkDSL5UulqoEqZS4NI5Ucc6Gkc5LK0cjm4oAabkaZ4klOwkccdkKX57BIXug5wuJcGxuPDLigGTd2zNnmu5N3x+XehAXpDmQCz8AGStO5gnuycIvfjVJCRP/Kr9lf3VX/MHUcQgkV5gUxb7fh8rYee3ZQTS7ND5BT6jKCZmyLY6rGTDl5C4sqlRJpZqxA1+JlhUvz5iUkzYHMCaXjlQEjUznNzbgSf+6H51Y4kKBg0eW6J+/42k4q1QV0sVR6rBpedmdHxcGaapeH4liBma2QH+FFIxuANrNtQ1nkUqcqCrJwXdokHbZF+DkoSnp5h1OQl/oVj1K/4s9es+J7rVPxUpvC/rvvjD+ZRJ33qkfxZ6lB8SeuO/G8a008u/oSz6umxHOrI/FSO6LMhOdZL+L7qxHxUhfim9WFeKkF8Q1rQTz3+g/fa82HlzoPXzHbT8ZlvF9th2dZz+GZ1HB43nUbvptaDRum59dkwOComop4LDP8uBE7BKM9n3mDz5SG8N+h7b5LhWX3JPO6P29wRwVwspmmNgsphJnNUBsj43B5aSyVDhQ18omm3GcZnVI9dg8HDzYM0Pw7YtOMxXAKsQEnAcWLcOwCn3j5HhMV7iJVaXyGvkjzCfvDXY5ePDzEsVcenvAR4ixfE53lrNw6cqTUrAxLgOOHiya5WUC6nx+A0cDR/ijPYFKwsyb6lmC9maHwuRvJgkbvO6c3tmyYa8x9piIulA6CpbfyCMIP+C5x7xKeuGURpzJPihXQNx8dLiAjE6ZpQjVtXhTv7K8I7ohLrwKAsPBHaJJcwAMXrknzZMyUQvBYuEZKlMNLEZ/QESuyuhRJIyZ8gw7ipNvbatQfhYCcmBbIyZGHJ+JwHUesePxADs1MwUMyTUJBdQMy449wVI7WW6a68eEbpzvoww2wgC7e3I0nyD9/556WkN5KX8uKcdDbhMZjLhis8aU6sy9EwQvL9hWirS6WUGg3v7Vsr9NMghZbcuLs43eft4yNCqvv5j5Kjza279RCIuMrkFWrF47c54blhb+B3WH2xzTFEiigFPA3s8LVWGb6AjVzYU+47Rj72/A6YcG26YdFGk6gy6+UlAjuDpA1yP/YxKyAYc2vNDJtQVdG49y9N9B0wYK6Y6+VN5fr9P7d2Uy25Ady/uHow2vyk5wZ82JCp0bJKvbX2lhKGz25ebMni/U58TodhxA5yTX7byG3P+GnhkZOxFCG0mq3BcjP6nRNIKDm+0bxtPvGcf8svFnskoiqiMUqmk/SyD6HV+NohjFVIcVG8WYlTZf0mUMXS/riqSnl0nJNDKRMGRVLsndYcAQu4BTTXu9XqmiQ87TeZX1G/e7d6u4fdTsHreWG8+GMQA8hLqZ5ILFMWOM6uGksSmdMx+PlB+N6wWR8Yu4l8CofsEwwDVAAK4d/D79raLf43dtcZQOqaJSEUnizVi1eulWzlgZ9s8xVOT6VSbPaudNiDjgwlRhWqk+u6Spv0OH37emjTMink6N6R+AyT2n8cEQVLdY7k0lN5X9lZy4LzoLOKk7K13foGmy60216/L//+/8om/amPiSrwf/y1XtF8PPFhE6nXIzss62/LLmwA5rs3jah0/qQIYkgxsCe3LiDsTUP3uZ1ixRL4YLK0yPhzGae8yNsJiRj05THVDH9sMunaHfBIkrYNJXzScWF//qOi3YXdAzBvWGePjjJQcMLur7Fxrxvx77ZW7ttNqi/vl9s127edp8sdu6P/ouGdu2PxZ7tAwZNe2zRNrnTBsu+LGvS2x6iAp19g1lvKf5dpvKK0w2aa5lwBZdrCvL/B/5KjuwvcxI+R4Koxq0BooamQgvHjsM3uSh0ap+LMIJWvktzh4ihCy3b43M59AMIEks198lvCmwv6O6YxmObJxPL6vkLzRYYZPPYMw4FxXxumiTHPAqaZjqfujM2bAirpUzwLrWPeWpbGphOmDaEZfZ+Fcwb0+DuYLpz+MJ8bNsLuzA0uJVBU8jkrxA1cfIRn7DiRXjSBig9XLgqDQmuZ2gFnGlmoUWaTzOZ5LG+OyMBjuPXrm3GmOCetpu6vbe4lLp9pXyutLWg5/Vbug4u696xZ3zXn7B68gNZUCTLhTATzUXzOFxN1Dv3/unnUzKGeh/GDYTurLTCSG5iepxnlWOgsgu6oNdffV09R9+MKi/i1l2nuR4zoX0eEqyB5tTaMBdwQ8Ke+1h19rb8bdh9oG7+XwAAAP//BlN+iA==" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3tk2N5Eij6Pf9FQom4jbsNYVtMC99Y+4GbWCHu/TLM9A7z/PsbIBcJduaLkuekgrw3DgR52+cv3d+yQllSirVi8EG3NA9TMxMYLtKykylUpmpfEl5PGuhZoIaAd5vu1PXWE+ws5c6+zHldsKK1vahX836PC8/WZF/eYJa1qJ0yvMXIvvBHSMzHxnhaQRHgirOBLSFgsOAM7XQcVAWmPVjodNu43+L0m61oXAXQVPlLZKxa66qqsOAGayBd8DZYatJ1VGL7sHJx1YAhUMT6bz45g4j6dA+ZxY5YUMu8BYHL2jA/2R+E4R64yGWQtjlGXpFHU0ekrERzcCbqhiYJ6oVPI/rP+B434rydJjKG7hmy5LCYjqRGbnof7KjYp9Z5cFE2GLGr4uoHC645jQl5//1AbpJMb2uNuyPdlAzYAEL3tUgL3qlqzqTFZDprEaPvxRSwNEFgu+oHRwci9YOIjTWOVaAsC0yNcsmZM2Pt2bkB5xqwbAOClEBXEXAX/ZnayVa4c1c19TisLAj2j601BalUJUpQjysB+S8NAHaz4CFHTGoUwNG6G+5QKaA+yp0Ftq3mwYrSCukrg05BBFslhEjHKsmdR+H33IolK/E0OtFk4QoNqFC8xhvj27hjKWCsFsMf2yVhDpX4Ckb5ql57JobdF1HZ7DbDaIsg3YahSvNuTszP8fQGM5uTIEi1B0k6O+0N5VK8zQlDL1vWMMGm2oamzrwvQLBhjxoI0mn00xOM041S2fLGNfoDF6V4gRcj0efXRjvfQYcvICZDPgol7lKZ8jN8I6X8nDNqnz+esoV9Ck+/dQi1LnbwEOcC35LlDR8EhHyXwVlaXpDZwr97eUjm944mBzfX0X2C9vPu6yjCaNFFTfLSe7qYIEnO+LTKwPKVYRgXbVIwqYMnPZEWp2BSBE4Es1xWonwoSoSuVESFliXeUE+tiwPjkNoCl2SixYpNNdSyInMlRUFSPfiaw+gayGPA60fnn/YqBXCgQBlGo8LTxOSEiNEWcMJ3evsHlRxDt0wL7vgwuJhRR8DnJrD7f4u5Shl5OysX6JHQ7TOIhGi4WvlGowQlwPFW6ADTyDvLUugiK4v1X65QzUy9j2QPejSH6HB8ctO6RGTUcz1bFVlAPtcz5pX570UOmOVJr4AjhSaCyZWVprwQ6kkoZ2sBt8HmekxOYQIE9oAZC50NrvkSjYUFXoa0uEU5PT8I2Qg1CDsH84Fa1WraUFqXNA+FTSpU8o1kb8HnBGTl2CcN817JsWI6zzB8zqlGj7UHb7/P1lLpVh7Szb3tqPdzs7+drtF1lKq196SnV7Ua/cOOvvkf7ypAblCJ86bz4plm+48rjg4qe+x3yIUXQ6ohckhGWVU5CnNwuKjesxmJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXxqwLKibJVTbYsTCsFLyXQ8U9z8gY7FFondtg6D0z5IbehkHkQNHBRWc/BN4IAcMemwrXs3BlJpKTaTuLY2GRtxKVa5036GGe7aaJv/0Z8H14q2moWpcaf9R84GrEyo6jVmDYbmK8wiasG3dcazYv300/WO0bdOP13vbpTPjAmNV4Dw+8N+MyzVGuo6esSd7ZsLYztaawqSS0Ltf0AN0344vPBGtS20xq26VWxESaYZv6aakaP3/70RKLLlDQAmWippQgY0pSKGLRjc+cmMZDI3O7OiqRo8p3KhJI6lkiVCAkDK3MslAZqlS6hqtQ7QTD9MMatk9dSW4ZEZRZbs81gcQzNZxpLLJpXwCTuMQ9jkaMyUDiZ1NMK5W4DIdMoSD3I+cJqkX/KTIiGjFYQcw3DWjBzKjKwNpYzsc1EsJ2uEK7IWflEt342XozaQKmFYVBFKrLGYK2Mo2ZaYYLqm/ItNWcKLP5UPh/zWjwjPrI+1nr7d2sJH8AljIG1E5AJDmbREq/+WT7yXeTAjik+m6Yxo+qVYVzR1U6o00TeSpHTAUoVWtZAaQlSwiKjB/uLsSPko5bVYRvmXtfpBGFCjxBWe7KvkBj8JML1XUoa52c2/5zTFKrJBII4LmwiUhiIsBkNR2G3MpqjcQJAEvIZ3eGVWseweEXIqCCVTmmke+MFIDQIQHrZAtPnP/m5DK7wmBSpPnto00ZiKwhFGynzVCihg+7mqOkIDlsqbZjZv3hPlfRPSdu3m5iZiVOloMrMjIGPgzqBKr0V+xFNbChtHGdOiziziiuH1bpoiIn5N5YNupPJBp7T5WiUmLsArVSZ1XW2LMdZauOeEJDqjPDVbZsoyLhsKZRsEPLPdc1Og5fQS0PgKUo8Nhwyqo5tZLaNY7NfZxdnRRgvv8r4IeSOcE7cEFrHCpeX85CAEDMs6Xgk2SVQXkNV5/bBBbptZJeCDb1syglScJxSLlVhMPML3Jb7JFcui1bJM6DEoUth8xF1w+UjkcN6xSAU5Ozr8ZETWIWJ85IcKeeVNHTs2oTxdEXLGPCUwgVO/62GLkZGeT5zI/2yOQ4PwG1UcCGAA3xERkg5YpskxF0ozy2Il2sA9wLMxIF4Fr5wDEcmVXYPPL3Vvr7rtTTh4zLdcAGYDoyKcK3TnhCuBk9WBWGV1FEspkDsQNa5l0DM+jJnB0H4UUIJQIcVswv8IgiqRhP7jZ2yTw4fkCrCAXvGZ/WCwu/LKQCzFENeqGqcjkgb9ypiBTUx1b6GGp2Elu1owZR2Ip/PfPJtEOx8bi1LYatOpHHFRRzoQaRREWp0UmUxXlsfs+60BQ8JMzuMJhSYsvHMjeb/wARX0kiYTLtZaZC1joEWL0SW0Q7svvDcM3nDVxYLoDffVnUlRzL1diwXQ4W8YzQwehyJEMaGaWghvqCKxTFMWQzEN++3FmCk/MKSRzGROhlwkuKn8Fk/lSNm97RtRuLkhnQ7DYZa4qmbTMZuwjKYr7GVy7OaobUyuPPjrfAipw9gVbaPWyiuBbQKeJYwqUK7fRsagOInCZiZXdkAQYYlkyuiddVVyn+4Me+32sESMlcikhlYuPkRJCAziQYidjedIwhVU98m4CgS3HGKSnJAJsx79EsrFJbqvsAEMAwp4wuo90ry1V+vDEgJjM/on9AtThGsylUrxAZbZ8PxZmBSGTw1DTpjOeIw8C4nhFa4tp5qZDQOGf5ynNAN4/ZBswrXrO1QN8vwgtY3s4JgTJ5htA8hY8YLCfVkCA3wSskT2wjIOYkgwNQNVEarJlXnPnovmmISPhvqgKNIGYzjZ3mM9NhiyNmW78c7BXjcZsINhu7O3Qzu723uDwX53Z2+4W+LHFV0vlDRKx2wYehNIJ6BWJZJWNLwIvUrszgT5DgmFll9omsobXP6EK53xQR6mdtgxbI5OlkPWkvdrQNZaWcdBv4sLiFKaQmEB8FsXO0R4d00A/il+G1MFGBwb65THNpOvtIucuhN6QNBhnCvto0dIYNy/Y1SrpkHQRLbHEjQhmvrqJ/5Rs5BXhWKG2adDszHQxxa0cGpwsoR4bNrtVmYimbCV3nE6bqKeJWDKipwJOEHfSJRFnpXMCO5lJxWd2m9+g20axHyHlYGgHADE2WC6ZCtYBIe6F4vFFeXANZ7yg9rjxEPmUmPdaIvxUkUkByDUOaoCgHkW1zwIAC4zquXByIBgpncppqWdLJkSb94U+iXUJ7QBD+CNBeT8bK2Kd1ZmDkibUBhWUiz0WAk7motRztXYr1qxKWFLm/OC5NPSUW/POakMqCQ0F2x9GEsXwZS7f/IioRi+IoXKXFMIGMc9G2QTpYKnsUVqQgVGjSrWoCa4+Tbb9p9OWUKrIBX9SYMtsL4Bjl/BtWzHrKhWCKi8Lilh6XMCXqzU30RjvkGfLekJ/oQOFHOHSTDJsVug0yEOIjM/Bs1YBbrqDp0jem+c5nRVkqpX90jd0nI0hrw/zYr8s1zx1S2Ij5st2Rb1VSlksJYklfKLMcGoTZVlGjuKVmyLoMisl+51amxH3WgntLMgvLZkZhXf3GFl4VPODnL5w7VYa6IY3B+hFHPh1DbWeAsvjqMmy8owRhD8bBiDluOxW/beOcyggDhbKxDDS12EqgREGJte1L4IkQoCvO8J7Q7v5W18d4HTvAjmYJZYCsUT7JU5ZqAiQRPPoLgWhu/+xR+pGPsMHlFRxlvNm9CRoUxMx+thqP5pYOPj/Yof21lGMQ1zP21sO8Bb5FgQdB9gcYbm5xwVPJaYl+XJ/TIDuS19XwO5XwO5XwO5X0ggN+5JV+ywEHvPGM2NIL1Gc79Gcz8NSK/R3IvT7DWa+zWa+1uK5saz4mVEcwMsK47mtgjfE8VMU2syFFtR+gDnxkjmICvY2DRgFIvRi4/snkuO6JH0eIGR3Ytral8xvLuB5589vDvUH1/Du1/Du1/Du1/Du1/Du1/Du1/Du1/Du58MiNfw7idhwNfw7tfw7tfw7tfw7tfw7jtpVurvh6jbsIOL4pv5YQdrtjuY2WwpVYoPZy5elEJfBag+TuNYYsk9KOyJcxFNb6WQk9mvFsJfvZJjEH5/evHzMTm8uPi/+v+AnpvDjE4YdHL4VdQiE8yeNviWICkGtnDgRbu3Wnjmy5yjT+f06LxFPvz95JcWFATfcKFklMRyMjGy1oIcFUNDxA4gFGkaax5HfwWIfOOPsJT7mI/GVrv1ZTulM9PMGMW4CNGva3wypbH+dW0jKk3F4jHs5+ivIRlqk8KdcDHoFy7AXQHKKo3HUDbT180G37fGCBicpwULFsdyMk25wlDPkaQpQleM++taUHVdGOFnDC4MeTGgY3/URYIG/Cp/hWPK8qGfsuh2nGfYvtjVG8cLF8dXJU0eFx1+94viY9RhL3pqRuTET2XH4qVLIeLMFt+jFgJgodKoGPma9YQZGwebmWnCxYgpDcICHYdMZ1JN0XgIfASajkaInitUWBEm4Y4rG6DI1ytTctYMY3P0oyE1SzzpiPdftgtLrhihNfnwq0f0VztKq2QyknV2G/lSwFRrGn+JJlxnDEoB4ytq6+Kw3W53t8jGWpU8+EsTYVaoVa2V+NVFFC5KpJAmNXn6eCLVaVTuH1Uh06prYgMb+UmgKcQLIlY4fJ1wi45Spqs/BL7K1vTS7bG70w20HDndW2rrotPuHTRwH3w/h0LfiY2+VkokWXpFwmUIuXtVK9KXkwm1iXjniIUYYeTWNGMuH6S+Ws8kKhamZ0jHOrOvjp6LvzuHsCoffC2pAX4kFB3hrI+VxOFYjyNvu92ZJ0Si9uJdPOYQ90ULnPkyZcmlulOsrHqpPskblp2PWZo+cq2eR9wsTOqQvM3H68pJvdz7C7ocbAVy52+w7TeW6UROoSFRWDG/5BkYyjhXzkdatPdwtfQJ14qlQzidOHTuhXr/6YzQa8mhsdlmwqZ67HsfFIYdgnAb9doHdtSYZTYOH5IB2BK90GM+Ha+sxd05do3mIgFj0zaywCmR7ZI881/b1KmApDUBeXZ+edw/+un48ufzw8tfTi9+ujw8Pr/sdPcv++/6l+c/HXZ7u4tuSFtHMKDdiqjw6fj9put5rjQVySZNpWClVZOQFOmbiFnY4FbR70BwmGAKyiTHlgmb7DZOc8WvQYBe1VG6jMeUiyuiuIjt5WDYEpfglSrm7vtq/ClXdX/f+9PTKFq4Q+M8SFbtyQxpHUxey2osUb9wgYwh5WL+WjxoDYpENbcKVNur4nLS/5BnSpfYwmUwj33UeNkDi4uy1iLuryU65iGcY6rG0STprWhh+iXJJEZG+eZCB21t3h/1SMLBjySH5Oj4Z79+5ZQ8qKCwwJY5wTRYxZVmIrY37ra1KVVj20k4jLPwF/fFauDtSdGyP59OWQZpw0Cv6kq0T/Z2+3sn3X6v9+7kaO9o/3j/3f7JzruTdyft/sFx/yFrosa082yLcv7TYeebX5WD4+2D7aOD7c72/v7+/lF3f7+7u9vvHh10et3OzlHnqNPvH7/rHj5wdYqj5lnWp9vbbV4hT8MgCfTxK1SMiiv1NPtmd3/vZHd397Dd2zk+6ewdtvePuyfdzm73+PDdTv9dv33U3e0dd4729vd67473dt6dbPf3Ot3+4UH36PBk4XZ/FkeuVL4yXeeoSKpnSWjT/MZiH3+EELhPoMI1HkS2XU9tlWpOjg8/2oxq8rOUmvQPW+Tj5x9PxTCjSmd5DDcxF4xOWuSo/6OPOjjq/+hiGRcn3290e1XHt702h0owReodzmvLhBhdeowhfjMyZZlhNcNi5+dnW4V+TciYikSN6Zd61Eiyw3qDzn6yO+j14r1Od6+7f7Dd7Xbig90B7e4sy01C6ks61AsxVFIsbplpqGZbFxxCNr2OfDNmwmXHlpQBRYSEsGaWBWnC4c7kSV1L6La7nc22+fei3X4L/0btdvu/l9UUDL4DqNTxFRG2KtHCyHYO9tpPgSxmJD9xeFWl/beSJKaQuW3Y+MOplamapWmpARkm17pW7cb2rPdatNTjilDsGmxvvK0xRbSMyC+Yee3Ftnm41A0T5bgfd8QM5afc5gCH0fk2C7hGf4icxRoLUSyXpTnKyueUzzWJXEhiT5Z7JfJkhr+BKD4qNSl9Ikms8ine7l6iLb3yABE7TbPuUDLi8ZsxS1PZZLDMseC7vd3Lv/ffGwt+e3/H2DPFg8f9o7se9euy9iD757bXPohoCgk1ml8z2PKroucZR23NcV0wrw1jXz8//LARYaiAmcfs1Wxm6N2kJmD3da5nGCMQsC3c1w5ybaNHMBkK4sSKfDOjxR19OCchxoSsm6FueJrENEvURguGLsWisvr9/Zu/Btv+QUuAmlGE4K5S7ro1sGE1IAjW+x+gG6YBwnBySElP4xrSTvMyyjj5iY/G5FCpPKPGxrfdu/rLGhdlWkCq78rpgAnF6/0NSL1UVTQ/L9yauAGHJJS6q1zWBvG+fvSQVe3/+Pm8RT56vfpUxCDI4WgrcgBaoe7dwAF+Pz0FJ0AKcJGEvCpWcNM4WXS2USXOe8MsRor8k7ObRyAUlsRYMVLhVIqsf3zERj8V8RPhTNPLXPBVqTpNqNOUmBkNBT4/gAQV7n8EGaAy2qXMLiHQbHUXX/6sxUpsGXHz+ZP2okXOIWztU43P+zTlQ5kJTh+C6VNYhmAjUR1UI17AFJxjFXXb3fZme2+zs0va2287vbfbB/83mEYPRe7RZuC92FXtvrmYdQ422/uAWeftTvttt/dwzDDH6vILm13SdGT2wXiyMuPPjt/UH98nhH1h9Y348/mDDpIAtzjPrle16S7wHu86vFRmhKWpeSC2PxXYEU/n+lWX/8lXtavRQnClp73uwuEScwjCbqdSFHn0D6lKdWyH8MuZsIxf1xbT3yEtgNxur7e954gvEnZbDaN4GLKK/7HI4s9DFBKS+R8+LjRYSzWlMdxYDXhDhG+3vbP/ENAVyzhNLxeuG/aI9BScylUEg+OqsHQbT8mq07wwRl1Bl8LTkk7HVORQy6hVrrVWOM1vuB5LMNpSo6wYy8t70P3Q8ZhmNIYCDVUi93on794d9PeOjt+dtA/22wdHnW6/f/ggiaH4SFCdG+qtWBieljPMQlJ7IEJJ8QsjGTPmGzP0UWF+Kx7tQ5lDWAX5uyRnVIxIP5tNtSQpH2Q0m0XknDEfVjLiepwPjFKzNZIpFaOtkdwapHKwNZKdqLOzpbJ4K4YBtgxh4H/RSP5wtr29t3m23duuLQPezmw+UFRb58DzmMLK28IOjCpyakwzlkSjVA5o6nXCosfkA3F9DlP3aSxdh8NLMHWroso5mrBo1Bxb9/zix0LfbZGzH8+pICfGiuUqloEt3DIWUASW70q44MWYuSUCPAaj57Zz523i0oI+FYIvwKit4PsglP4EBqqNDFitVhWUvTaTWjWnxorbCyOwQrtlTqBiYcn41HfoLIDXIS28uKRTKJXbVKdAsXja7e1mC1soTGk6SEGwL4DpQMqUUdGE0Dv8iQxTWkLLFua5ODsngo2k5ngvdUOhzEfMlBrmqVE8vUoFxaC5ecrGvQrCBOhD5nMuBEsX3m6C3epLFwL7VZfSx90OGHwFcLMkIp9sxSMMayFB0Rco9Hv44dAWFDJ6g9MZb25uIk4FhTBkqoyWOmFCqy2dqk3AxHC+wWETx537Q3Q71pP0B5pOxaaDcZMnaqMSCoWVywKjIZU3kCWq6lxnoNzqRAszXcZUPlkpw3FVCZYGhrPzQmq0x9aw1y0qOFUuXZjNbH/uFxnZa2FbNrK3jtJzRfbOg2RFJF5lZG+4Fg9ag5cZ2Wvh/G4ie90yfcuRveGafB+Rvc+5Kk8d2VtZne8ksnfBFSpG/QYjey2OK43sPV8qhrcWu1ucEQhrzZT7KjG8dvLf6PbKgsWag3hx4icL4t0+2NnZ6dDBbm+vt8O63fbeoMM6g53e3mB7d6eTLEmPp7qqVZpOprWYVhvA+RKCeAN8n+T2dhmEv3oQr0V2tQGl5wuHjlYEcoMAqAUXrUwAvMY7Pl+8Y7gEf/Z4x0ZafGPxjg04vIRLoG8s3rGBii/mIuhB8Y4NCD33PdDK4x3vwfkFXA19lXjHBjJ8p9dJIabfXbxjFbnvJ94xxOx7i3ecg9ufN95xDkG+z3jHOch+C/GOIeiv8Y5fMd6xRPjXeMevF+9YIvx3Hu/YjOu3Fe/YhMNLMHW/nXjHJgq+GDP3QfGOTRg9t537pPGO9yH4AozaZeMdm1D6Exio32S8Y/k6/smbEaBqVuqO5q6VpzRTNi4LvpcZH3HDfBiF1nBhE3UXdoK7tVhxGOAHQ/2U/8ESDJWDq2ofBQiHSIjmfSi6gqFzEfRsN6XCVTduwqmO0Rx8GlsM1TvomPlcrxD4HEus1G/EhM5ozHw7oUN8OGP2Ygru8eXUmOEQkucajkDEJ4U4vaJfISUZ+z2Hbg+SUAHhA3Zc22wDdi6FVtcDQ+zfc5bNbIuhgvuHwwO6f7DfGezFcdKjf1mApIjFV6RplWzwGeuoBu0dba8Z7OJXkMwGpA2YMSmJliNmSFXuNmhHtp2gHGHHVCQpmmB+Eujnu2kDJ1niaK2qdN0ZDA+6w+3e3t5geyehu3Q7Zgfdg6TN2mxnb3u3TE4H61cmqpt2YX4N37EtHV1vXN9IFFqaTBhVeWYtSmBiz5SWgT3JQzZ2h0SFmO32sL27R2l7QA/a3cFeQLw8Q4FlCwd//vkMPs4vHPz55zNXEth2ViG2eg8af9JMac9D7K1qXlF4DWmfdMAb/AcZg5aOJJE3wrCHJCoeswlr+f6rU6rH9n1JXNjsIrWAV9sv7wi72bkmWFkaNEMt140K+2qeCqIkdIhVzEghQ88JnWFJaxuPfvrJYLtlSGjois340lnL+xdotaGngAagp7YclhkbO4AGzdhvwF0xkq459ZWteYWUCyFEhAxgRXtaknLNMppC83Y/JhNxKq2j8OpfV7BGV/++Iuunxxcn5OeTvh+0u7fd3UCYwgcLX4jzp0CU74C5rkuJCyx14PoREexa786Gil0+GcHFq6+KI6BUPzS29YTDYFkjXd3kDWqI3cIeNeAliNVNXBhdymiCu0SXmrTWRueKQLiAYppwI4VsyHTL8KWQ2oj5bAZ108dwDJbfrwzupsXeu2SSKw2DDHxP5qSh7yw6zeDhASNrUzEKylqZ19ci810w1wepbbTxDRZ1s3iBXlNqQuwhVWTdma2aZtHoj40WYO7H9L1hpQgD/zxjra+N/lhrITw4wtpGnZ+m1jsVNNUaTRZzNj+Ihz4VfZutWCFwFYWb4IerQMhoOV2rrNfVD1d4t1RuE+yArjRIHObpE6qrz9bI5XSIDTLMOQOt2/jEyE3bvm0mc6jNXkjFWcANSsswgIsLcpVnKfSivYJ8KAgrBamKO5srcF4KDGRiCRp+oH86UQWKlB8y7L7f0AWgLK/e7uxsbylGs3j8t99/tN/j5x+0nJZWz4mP72AF33wWE5lg13UvFYH1FVGMiRJlPUUbpAcXRDCNKpQUXEtj/KBQkgNQjhJ/4g6Y7TpvvoG1zhhVIStQSCAjqRyplj8ToXOBZoL8ZuSbNz5sIDEoK9U22p5zfE9B/5ofliojq2+o8oC2SsqUkLounB7ERGa0OT+X+GtKlQq45slzjezwRR8IOASjCgx6VV1uP1E9rswdyFZLoLUKODJb8pYRnSZvrRneCIcs5HQNjp2d+u3Ezs52CSiwS1ep0sAElonx1wFDzQZ/sbl8TTj4fWBoWmG22tn1Nzi7UO8J3TXhLJGR9rSsnApp3oUdmhWyB0MsAtgjq9lmeJ8H8w1y7Z9qBZMhsqg5+RGx170gbDLVBTwAOj55Zd+2nSf9XTKHPAahOdWMDJi+YayclqlvJBoElQMaMzVZxpLL1doyF4ElWkwKIthZYQbf6ZT5/aryAf40rxM4MoMfyzb/Nkbi2lDKMBppzSzIWvhFVYKiRmnpmjDNsgkXLDEnb8wVS20SCIWEQOvCKG63VT4c8ls/IjwDua9vt7bwEXwiktloIyIX2cz1151OM3nLJxjXwZWxcxSfTNMZ0WC11pVNs5QpHbBUkRuepqCKwXl0w9IUsL84O1KFoIlllH9Zq4v2arCW98eBcbwqPjiH0eeLRThwqoo7RhVcvW1UPRHeOUdXGTPHUKtkcj8JyHKraKMaMCO/5zRFJSToVO8MnUIOFF2Praef3cZsikf5WCrbJTsXidXaa7s4AjcAdQ6SwGapQgA+SO5a7DL3O3a6LXxG2vWIg5nrzdGLHdMKKFBY91WEBizFpJb6Bm7e7WWJENIWXSFU6WgysyMgy+Oep0qvRVXXgx2lZPcBrsreEXmZ5PhS5YNupPJBpyRWWqXtWYCH0t0aAS6uvhhjDR0t5mDQGeVpYQA3bFOqFr4y1XJ6CWh8BWHOhkPsWmxmtYxisV9nF2dHGy30tHwR8ka4PuEVpxIKxZbzVIJ4C7d2sEkanADVeQvHTdBRLZYT4INvW+aDvJ8n7ouVWEzww/clvskVy1YYjvDZDt+giIcQwKvOTew+z/cTAxfCdYD1FjvNkXCBSrEREHQgcxSc8CjacNCWjl1Tb0Rbj6Xt22+/tB3sDH+M6TUDLw+D8BCZBe4ioTPOlFUbYRIQKxK6yFMBr/HESQrn0qaCUEjUt1YlngCBoJzYhVuoJd2YihFT0Wp3fdjdGj3GMpsVpAWVd8IgNE4O5+lsVJCzo8NPhoSHyLRHfqhwuy9eEt3iDglIK2TgcobT4vWSLHjm8HzikJ9Vthk1GL9RxZHfMjqC731RsxgP0wHLNDnmQmnGxbLEAe5+Nu6F2Z+bfZEEK2vyW79k9PWZAHvbdlPNlGaTrWlKtRGhS3M5YrHCoyRcRZxsWRCDBP4n57HPvj2sLeUA/WQybEBaOpaGcPOPclMQKqSYTfgfgZ8Yye8/flZsmKdmE16ZlyKeXBkexA8GwSuvZsZSDHGdaVo+CkXSoLnniiXLs2uVUeMi2+MpmdTdUagiCXhhEOtc+FAgVyloz8cys/aczEgqR8GFr2pIfaYgaZelRSbTlaUs+3pDGJphZiIUVS7Ni91qdasKOm/+tfaFD6iglzSZcLHWImsZA+NOjC7NgEtU8fnutB9/rewU/D+lgldg/0JVvALAVyXvTvL8idW8KhG+VUWviseLVPUKIF+VvccoewUdX7C6VwD5qvCF1PhTqHzPoRGEsU0v+7BfPDzmCTQBB+f3esiX8XuR53cZxK9/NLv5X0/duaeuI9FzHai+rvhLPSsXl1mPOEh99Muf4YzUNBsx/ad0HVjUX6jfwEL38vWIZ3AaWNp8r8rEshR4kerGski8SF+BhfBVZXmMo8AS8QV7CSyEL1bt+YouAkuK71j3CYOKLunI5coEoUWk+HaBACMcw4UZCciTh3q5E4Yx5JQMMnkTZCb7PXoxZjObzaHG8oaY80SQGzZw6baQ+2GG4mJUBKTbRPvcg+qCwRePCUqYGf5rCV07W3Ut+aexFOwey2MlABWkqxdfokOa8RJQLz7TqSISA/64LPFHFdf38g+epnSrF7XJOq7G/0P6nz7blSEfz0mne9nB4Mb3NDZf/OcGOZxOU/YLG/yD663ddi/qRJ2eB2/9Hz9dvD9r4Tt/Z/EXueFKeWx1ulGbvJcDnrKtTu+4s7Nvyb21296xDZY80VU0pBOeriq15OM5wfHJuouJzFgyprpFEjbgVLTIMGNsoJIWueEikTdqo0ZAfLIG9/eR1/gRS1mIkVXwnEIvwsRg3zojg5JYqMbW+AxZ5738jV6zKrW+sEywVRlgNRxwNg82VuKgN/N2yE60E7U3O53uJhTY5HEV+hdtmj16rV3Cf7DS8xb3P6uUcebA11pZN5/dzzETWqoWyQe50Plde5hmN7y2hw1gK1P5FYaKX9l5bA0E0PypZiOZ8T/wCVlFkgst/eIaEW0PtEEmaQKF+FgWGyUeZBtnKrAHPvrHFSNDmabyxoxsO/UVOcmQN7buq/xsvCUpF/lti0xoDBQV/LZIbbB0rRdw+HhOZjJ/8yYz5z+FLAYImLdJOjalNuVKt2zCfZAVgUn+fsipnObGHkoi8illVDGSMk1yBfkDZDAzhBJmBiqw8CZOddw/bxmqTjM5lYoRHmTT0SSBLoz1CHhAc1F9WapotYWlany+qOjqtKNO9VBdLahBxa57lCyjCASq+HVqD1GrhP/z7PDDIuq3ec4p3jQrMh6tOTgj++1u1PmdaDpaVxuYajWl8RemfckghZkSVBEuRlBUBPpV4J8wPlVKxtzWxTNDCJciDXY4GOoGa78xqS/KayfDw9H1avQ75QNmikcG+yYsMhbLLDHDcTFKLbaajiApC6RDDoUZoEGkW7wxFhowgP6+ycXm74SJmE5VjlCqlnUjNEFGStnfejblcZAdZnMToNgK9WnuigklM7LOolFE/puxLy3yC8+YGtPsywbkcPNrls6IN9LAaZTRIdQsrlCCC8GyuauKQxB8yCJXLLAi6y7rwo5qfyvjvzEHybvRQ/zsuMtieQd6KO3+4sR5OvPylwsvoQzuooFXDKNjvyDmyKHpaASywA75ceAaegXM7bg3CrncngIN/Ocet0N63g7dRFA1xe8KW8nLOZcSruKMgTOrusPsmABBMN68dRnyjN3QNFUtkgHzqxb6QGhCBjSlImaZWsIKXpnjFBA6PUKjwrBEUQnaU78urxc9c1ZoJH+c2rqYgAE4mZbBQeZa8eSeGuNe6uepYBkdcF+z1Yn/2g/zzwFzDJQGWiDfizZMTWrJX645c+GGWijZChW4lRZEgOZMcugUAiPPs3jMNcPOVoCIrtGFQvCPKrJdL0ARtKVInPa86ff3+jC8wTgCS9fMdf75/HjD/IEtB1J40A9avODqFsqMnNh9u1HK0yz6P/+e03SmRjnNkgj/hnrav9+wwZil062hvISKOumW0fdSloyYGXqrhOCl052ZisZ68q//gIE8YGViFM/+e6OxWoqrHuUy8epq4pt/rTm8lrhvjVNzWLgU6hVxCbRRKE3kS5KWqKBimRWaZWlxCn9OWOQF2mpAl+74WqmtelnZf54vXAM7gPjFGtA1qgZfNJMUNp89s5Q/wmkKp2E4W9Pbc7ZHfM2iCdcZw/7oRoZtDenvwObpD/E1u4TE08sAOHUZZ8wYTP/qQ3F2P20oWznDs/j4diqVkRz9fx6HGP67tr6nwlhHH88JdnAh3ajTjXZbYVmTMjmslffzp/4SLbEZ9DlY9QZxUjS4OwLNB684ubpjaeqbo2mJGnbH8aIkWJlmYjB3GFvRsH56tOGS7G3zilJxiqbDkmCuc0ROw/Rkkpev4+wEdlB3d1yna/X0WJT1b8ZUX3J1abYATzYsr1d5vDD5q7x+evTvhjXaxK5A7XZ7iZb/UGFnZbW+D0nGsOzYfAFT0p+ttMGypROu+QjNH08Ltxie+5PKulQJ07wi8YhvDrgw34LnNx7xv5k/fvR03O10liCjYbzLlTK/tSJlRlRMRTOrNvaJ6rQ7+9EyTGHGFyyLrplI5KqqpF/YoinzDngAgSAINbQumKCDdPGWQLHMWDQomsnchcwwlVQ3qrDnZhisnJBRMbK3pO2obTTuTjtq2/on5k8yYO6mYSKVJopdsyysvffOqJjKjiiN9Wk0NqWYUhO4lgWpPU0l144oE6YzHiuyTrWm8RdyDYE4hUcTy97dcj1rkWnGr3nKRsxWELbRF5plWEZ5o0X4ZEpjXYwaxlKYMfy45rVRBsOaoWxUFMBk26RC8eY5SkCD+uVUdWDdzUTGuUF5o6ap9qLeckvMxDXPpDCjLXTr+ZXW+jgE675Fp2JGfFFH4BK7Qi3ykBWCu3ueMTO+egFLpNlkKrOXtDoXFqL7FgauCSdU50hoQ9KEBwWlWqXz2q1V/HT7YkEKr9ZXDob8B9eFpOTxKEzn9Q//PNooDnuovqWh3bOnESwD8CcVX7gYgYt67UzerLXI2nuW8Hyyhty89hMfjddgCYyZRq67ZlG9+PQjAieoqgMS4vyKuTRMVYy1HbVtFacZ+BATNuSiXNjWjFA8XFqjgIvgCa6IvBEsQe2FCjpC39PJ6c/nF9HHbISNZ8g6fGGEJ/l8vokd8YUUm9NMDnlgagUtX1rkZiyNMODK1avWkoxZOgW5Dx51xWJgTqPZgpww2tdUiuBeVTM6UYTGmVSoON/ILE3msKi4TiLBlY5G8hp8FptWFAG71oUBXo4sxqp2SVaoXfhVb9QwoP6RoR4ICncIUuifBs3JU0+zacZlxrVdCJKxEc0gjiAQAQ+jYE2JN9PEfup7/JC3vfZB6H6EbjP9Srv0O2+iuDJaQIqHA97BoCViNpZzSJrNclvpaa9KfStDTyXHThjpjKRyNLKdGMjF2TkxwhRvchI+4nASui53Res6TxEW59roeGTABc240WPOt96fvj8uzyZslPpAJvAMHKA0nSkoNwzF0B2UEjz6X/ye/cVVTA8bh2H4qsKuEObtFtTA9ve8EPF3ZX6AjkJXEQxjRxxTNWbK8dvR8c+bTJhTo9yi3ogZH1luS/ubN6+gZQoUoC9drwxYcY3s7/3w3goBMS9Haky7vd2rDY/e8bVdVKqLcNmw2WzNvezujoqLNdUqg+JIgX2NkB5hvUbrgDarbV1Z5EqnKgp6MF3ZFg12RPg5TjkT2hJ08VsQmsJGNccKZBqsKu7TN6yyTeWCeW3dx/Xzww8bEUbqmXkUuabZzEj+uLIdQT1wfTRRUQjWBFw7A2iEabYhRGPiyhUNKQyXH304JyHGhKyboW54msQ0S5RVy0sJHKzeNvPNX4Pq1wtrGb5L/zO0afRdGh/WyLyhX/3yfeo9/s/RulFVUVu8d6OF+yW0a1xu9bBbo+/GaFSoFvn4+cdKb3boz3jHSvu98tAVfzFtGt8bpjBS4Z+c3SyJxHN3ZnzYxj0V8SPwfAENGpdDu8LZS6L+nTZyFFJfQkuXBdB5cP99IaELAcsW6cHfbW+296AH//bbTu/t9sFyPfgNQngftUqMwMewCDadg832PmDTebvTftvtLYdN0Gt91Y2zD30XeRfyg1f6utZ4vorlEq2pA3ygff8KLVUYH3GxgSosTc0Dsf0p6DYf9AMPLDCyYHN9Y4tOe92FrwICIjDb6n8BOsxron9shyg6PLAMSm2XFw3DGRZDaLfX297zZmjCbqv34IsjqPgfiyzyPOTA5cD/8BcawZqpKY2NwUUGXNe18G57Z39xt0nGabra/rU2NRGncnegcLR49mw+xcAFAoJGaSbi0D89tDfTUJocVnY6pgJbz7YI10EUN1ql2noOJBhDqVEg4BpjOsXgbj900QmvRthe7+Tdu4P+3tHxu5P2wX774KjT7fcPF29O79wTKxdop+VE5VIncwdEuPN/YRDkOJkwuNoJi6vj0evcKeTvkpxRMSJ9aORPUj7IaDaLyDlj/mZ0xPU4H0Dk0kimVIy2RnJrkMrB1kh2os7OlsrirRgG2DI2OvwvGskfzra39zbPtnv1XjtG/e7tbi4hbr/77v/fasf/1y7/j1jtF2MyPqyz/3fZzf876eD/fXft/2Y69W+amd+SAYOrairisczw42bsIhjt/cw7fKYEwv8LY/ddRyF7JpnX/X2DuyqAm800tc0cwc1sQG30jEPy0lgqHQhqpBNNuW/WOKV67B4OHmwA0PxzxKYZi+EWYhNuAooX4doFPvFyHhMVLpGqBJ/BL9J8wv5wefTzwcM49srDEz7COMu3RGc5K4+OFCkNK2Gz2K/ww2UT38xB3a8PhNHA1f4oz2BRcLIm/BYgvVmh8Lk70YJBH7qmd45siGvUfaYiLpQOnKX30gjcD/guce8SnrhtEacyT4od0DcfXVxARiZM04Rq2rwp3ttfMbgjLr0KAYSFPUKT5BIeuHRDmidjphQGj4V7pIQ5vBTxCR0F1WCLCiQTvkkHcdLpbjfKj4JBTs0I5PTIhyciuI4ilj1+IIdmpeAhmSYhozqADPwRQuVwvWepGx++c7mDORyAReji3dN4hPzzS8+0APdW5lqUjYPZJjQec8Eug2zouyezL4Tp04vOFUZbXS4g0O5+a9FZp5kEKbbgwtnHl1+3jI0Kre/uOUqPNo7vxEIi4y/Aq1YuHLnPDdsLfwO9w5yPacqgfTQIBfzN7HA1lpm+RMlc6BPuOMb5Nr1MmHNserBIww10+ZWSEMHTASpV+R+biBUQrPmVRqLNmcpInOVnA0kXbKglZ628udikD5/ONgQlP5CLj0cf35Kf5I1RLyZ0itUA/laDpXTQk7sPezJfnhMv0xGEyHGuOX8Lvv0JPzUMciqGMuRWeyxAm0snawIGNd83sqc9N47752FmsevFqCIWq2g2SSP7HKbG0Qx9qkKKzeLNSjVb6Rswzuf0+UtTqt/mhhhImTIqFiTvsKAIJOAUy16fV6pokPO0PmV9Rf3pvdbZP+q0D9YWA+fjOYEZwriYZkBimbDGfXAXLEpnTMfjxYFxs2AhSjHzHPglH7BMMA2hAJYP/xF+1zBu8bvXucoKVDEoCbnwbqlavHSvZC0BfTfPVSk+lUmz2FlqMwcUmEp0K9UX10yVN8jwh870SSbk8+lRfSIwmac0fjqkihHrk8mkJvIfOZkrmDRnsoqR8vgJ3YBNOd1mxv/9P/+XshWS6iBZCf7XR58Vwc+XEzqdcjGyz679dcGNHeBkz7YJndZBhsKV6AN7cXAHsDUDb0sARoqlkKDy8lA4t0UKPYTNiGRsmvKYqnKFTfJobi7GnbOJEjZN5WxSMeEfP3Ex7pyJwbk3zNMnRzkYeM7U9+iYD53YD3vvtM0K9ePnxXHt4W3PyeLk/uS/aBjX/lic2d5h0HTGFmOTpQ5YdruoSm9niIro7DvUeovxbzKVXzjdpLmWCVeQXFOg///hr+TI/jIj4XMk8Grc6yBqGCrUcCwcfsh5rlP7XIQetHIuzRIeQ+dattfncugBCApLNc/J73Jsz5numMZjW1J1TEsJzTYwyLYDZ1yPC7omJMmxjoKmmc6n7o4NB+JQuXmCudTe5wnx4lOa0QnTBrHM5lfBujEN5g52jYYvzMeWTdgF0CArg6bQEF1h1MTpJ3zCshfhSQtC6SHhqgQSpGdoBZRpJqGNNJ9mMsljvTwhIRzH7107jFHBPW53TftgdilN+0b5Wmnrwcwb90wdJOsuOTO+629YPfoBLyiS5QIq1XHRDEeepQ+b/fPPZ2RsDPuxMQNhOsutAMldRI/zrHINVDZB58z6y5jBNijwu6HKs7g112mux0xoX4ckI0Jqb4UNcwEZEvbex4qzk/K34fSBuPk/AQAA//+81PJM" } diff --git a/x-pack/heartbeat/include/fields.go b/x-pack/heartbeat/include/fields.go index 739136c1c49..41c3feec2cd 100644 --- a/x-pack/heartbeat/include/fields.go +++ b/x-pack/heartbeat/include/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9j72uU2ciTB//MUCHbEWZqjSqS+5Yu+CVmSp3Xjr7Xk7t2dnqDAKpBEqwhUF1CS2XcXca9xr3dPcoFMAIX6oETKoiW75ejdEckqIDORSGQm8mNNrdsf7aBmwBIWvKtBXvRKV30mKyDTWYMefymlgKMLBN9ROzg4Fq0dRGisC6wAYVtkapZPSceP1zHyA061YFgHhagBriLgL/uztRKt8Gaua2p5WNgRbR9aaotSqNoUIR7WA3JemQDtZ8DCjhjUqQEj9LdCIFPAfRU6C+3bbYOVpBVSN4YcgQg2y4gRjnWT+hiH33QoVK/E0OtFk4QoNqVC8xhvjz7DGUsFYZ8x/LFbEeoce+OPitQ8ds0NuvwPVl4oG0RZDu00Sleac3fmfo6RMZzdmAJFqDtI0N9pbyqV5mlKGHrfsIYNNtU0NnXgewWCjXjQRpJmWS6znFPN0tkyxjU6g1elOAHX49FnF8Z7nwEHL2CmQz4uZKHSGXIzvOOlPFyzKp+/nnIFfYrPPnQJde428BAXgn8mSho+iQj5j5KyNL2hM4X+9uqRTW8cTI7vLyP7xSWSrKqjCaNFlTfLSeHqYIEnO+LZpQHlMkKwLrskYRkDpz2RVmcgUgSORHOc1iJ8qIpEYZSEBdZlXpCPLcuD4xCaQpfkskUKLbQUcioL5fryA93Lrz2ArjU4DrR2dP5uvVEIBwKUaTwpPU1ISowQZS0n9G5/77COc+iGedoFFxYPK3of4NQebvd3KccpI2/eHFfo0RKts0iEaPhatQYjxOVA8RbowBPIe8sSKKKbS3VQ7VCNjH0HZPe69EdocPyqU3rMZBRzPVtVGcBjrmftq/NWCp2zWhNfAEcKzQUTKytN+K5SktBO1oDvncz1hBxBhAltAbIQOp8NuJItRYUehnQ4BTk7fw8ZCA0Ij4/mgrWq1bQgtS7oMRU0aVLKNZG/A5wxkwMwztvmfSPFmOsiwfM6pRo+NB2+/5N0Uik6L8nG/na019852O51SSeluvOS7OxGu73dw/4B+d8vGkCu0Inz4pNi+YY7j2sOTup77HcJRZcDamFyRMY5FUVK87D4qJ6wGYmh9ppROyul0Oy5qatOI56jRhUzgRcLkEKQSgyfGrK8LFvlVNvyhELwUpJNZoqbP9Cx2CWx29ZhcNo7qQ2dzIOogYPCag6+KRyQYyYdtk3vxlAqLcVGEjfWJmdjLsUqd9pHmOG2jbbxb8fz4FrRVrMwte60fyvYkFUJVb/GbMDQfoVZRi34ts54VqydfbjeMfrW2YfrvfXqmTGl8QoQfnt03A5LvYa6jr7gzvbFhbEdrTUFySWh9j+khmnfHV14o9oWWuNW3So3oiRZzq+pZuTk7X+uB4psdQOAiZZKmpAhTamIYQsGd34yJ7kszM6saaoGz0wulMSxVLJESABImXu6JECzdAlVrdEBmun7KWa1rJ7GMnxhRpEl+zwWx9BMlrNk0KYSPmCHcQibHE+Y0sGkjkY4dxcQyTKWeJCLodMk/ZK/LhMyukHIMQxnzciRzElnJGVkn4tiOe0Qrkgn/KJevhsvR20gVcKwqCKUWGMxV8ZQsi0xwXRN+ZVNWcKLP1WMRvyzHxGeWZtonb3c3MRH8AljIK1H5AJDmbREq/8zn3ov83BGFJ9m6YxoelWuK5q6KVWa6BtJUjpkqUKrWkgNISpYRNRgf/HmRPko5U4so+Kq0zwIA2pUuMKTfZXc4CcBpvdKyqgwu/n3gqZYRTYIxHFhE4HSUIbFYCgK+xyzDJUbCJKA1/AOr8oqlt0jQs4EoSSjueaBH4w0IADhYQtEm/+zv9vQCq9JgcpTpDZNNKaidISRKl91AwrYfq6qidCQpfKmnc3b90R134S07dzc3ESMKh1NZ3YEZAzcGVTpTuRHPLOlsHGUCS3rzCKuGF7vpikj4juqGG5Fqhj2K5uvW2HiErxKZVLX1bYco9PFPSck0TnlqdkyGcu5bCmUbRDwzHbHTYGW2QDQ+ApSj41GDKqjm1kto1js19jFm5P1Lt7lXQl5I5wTtwIWscKl6/zkIAQMyzpeCTZJ1BSQ9Xn9sEFum1kl4INvWzKCVJwnFMuVWEw8wvcVvikUy6PVskzoMShT2HzEXXD5SORo3rFIBXlzcvTBiKwjxPjEDxXyyosmdmxKeboi5Ix5SmACp343wxYjIz0fOJH/0RyHBuEXqjwQwAC+JSIkHbJck1MulGaWxSq0gXuAR2NAvApeOQcikiu7Bp9f6t5eddubcPCYb7oAzBZGRThX6M4JVwInawKxyuoollIgdyBqXMugZ3wYM4Oh/SigBKFCitmU/xEEVSIJ/cdP2CaHj8glYAG94nP7wWB36ZWBWIoRrlU9TkckLfqVMQPbmOrOQg0Pw0p2tWDKJhAP5795NIl2PjEWpbDVplM55qKJdCDSKIi0Jilyma4sj9n3WwOGhJmcxxMKTVh450byXvEhFXRAkykXnS7p5Ay0aDEeQDu0u8J7w+ANV10siN5wX92aFMXc241YAB3+htHM4HEoQxQTqqmF8IYqEss0ZTEU07DfXkyY8gNDGslMFmTERYKbym/xVI6V3du+EYWbG9LpMBxmiatqlk3YlOU0XWEvk1M3R2NjcuXBX+MjSB3GrmjrjVZeCWwT8CxhVIFy/TZyBsVJFDYzubQDgghLJFNG72yqkgd0Z7Tb640qxFiJTGpp5eJDlITAIB6E2Nl4jiRcQXWfnKtAcMsRJskJmTDr0a+gXF6i+wobwDCggCes2SPNW3uNPiwhMDajf0qvmCJck0wqxYdYZsPzZ2lSGD41DDllOucx8iwkhte4tppqZjYMGP5xkdIc4PVDsinXru9QPcjzndQ2soNjTpxgtg0gY+ULCvdlBQzwScgK2UvLOIghwdQMVEWoJpfmPXsummMSPhrqg6JIW4zhZHuf7bLhiPUo24t3Dve3kiE7HPX6+zu0v7e9PxwebO3sj/Yq/Lii64WKRumYDUNvAukE1KpF0oqWF6FXid2ZIN8hodDyC01TeYPLn3Clcz4swtQOO4bN0ckLyFryfg3IWqvqOOh3cQFRSlMoLAB+63KHCO+uCcA/w29jqgCDU2Od8thm8lV2kVN3Qg8IOowLpX30CAmM+1eMatU2CJrI9liCJkSZr37iHzULeVkqZph9OjIbA31sQQunFidLiMeG3W5VJpIJW+kdp+Mm6lkCpqzJmYAT9I1EWeRZyYzgXnZS0an95jfYpkHMd1gZCMoBQJwNpkt2g0VwqHuxWF5RDl3jKT+oPU48ZC411o22GC/VRHIAQpOjagCYZ3HNgwDgKqNaHowMCGZ6l2Ja2cmSKfHiRalfQn1CG/AA3lhAzs/WrXlnZe6AtAmFYSXFUo+VsKO5GBdcTfyqlZsStrQ5L0iRVY56e85JZUAloblg68NYugim3P2TFwnl8DUpVOWaUsA47lknGygVPI0tUlMqMGpUsRY1wc230bP/+lUJrYJU9AcNtsD6Bjh+DdeqHbOiWiGg8rqkhKXPCXixVn8TjfkWfbaiJ/gTOlDMHSbBJKdugc5GOIjM/Rg0ZzXo6jt0jui9cZrTZUWqXt4hdSvL0Rry/jAr8nO14qtbEB83W7EtmqtSymAtSSrllTHBqE2VZRo7itZsi6DIrJfuTWpsR1vRTmhnQXhtxcwqv7nFysKnnB3k8ocbsdZEMbg/QinmwqltrPEmXhxHbZaVYYwg+NkwBq3GY3ftvXOYQQFxtlYghpe6CFUFiDA2vax9ESIVBHjfEdod3svb+O4Sp3kRzMEssRSKJ9grc8JARYImnkFxLQzf/Ys/UjH2GTyiooq3mjehI0OVmI7Xw1D9s8DGx/sVP7azjGIa5n7a2HaAt8yxIOg+wOIM7c85KngsMS/Lk/tpBnJb+j4Hcj8Hcj8Hcj+RQG7ck67YYSn2HjGaG0F6juZ+juZ+GJCeo7kXp9lzNPdzNPe3FM2NZ8XTiOYGWFYczW0RviOKmabWZCi3ovQBzq2RzEFWsLFpwCgW4ycf2T2XHNEX0uMJRnYvrql9xfDuFp5/9PDuUH98Du9+Du9+Du9+Du9+Du9+Du9+Du9+Du9+MCCew7sfhAGfw7ufw7ufw7ufw7ufw7tvpVmlvx+ibsMOLspv5ocddGx3MLPZUqoUH81cvCiFvgpQfZzGscSSe1DYE+cimn6WQk5nv1oIf/VKjkH47dnFx1NydHHxX47/AT03RzmdMujk8KtoRCaYPW3wrUBSDmzhwIt2b7Xw3Jc5R5/O2cl5l7z7++tfulAQfN2FklESy+nUyFoLclQODRE7gFCkaax5HP0VIPKNP8JS7hM+nljt1pftlM5MM2OU4yJEv3b4NKOx/rWzHlWmYvEE9nP015AMjUnhTrgc9IoLcFeAskrjCZTN9HWzwfetMQIG5+nCgsWxnGYpVxjqOZY0RejKcX/tBFXXhRF+xuDCkBcDOvZHXSRowK/yVzimLB/6Kctux0WO7YtdvXG8cHF8VdHkcdHhd78oPkYd9qKnZkRe+6nsWLxyKUSc2eJ71EIALFQaFWNfs54wY+NgMzNNuBgzpUFYoOOQ6VyqDI2HwEeg6XiM6LlChTVhEu64qgGKfL0yJadjGJujHw2pWeFJR7z/sF1YCsUIbciHXz2iv9pRuhWTkayxz5EvBUy1pvFVNOU6Z1AKGF9RmxdHvV5va5Osd+rkwV/aCLNCrapT4VcXUbgokUKaNOTplxOpSaNq/6gamVZdExvYyE8CTSGeELHC4ZuEW3SUKl39IfBVtqaXbl+6O91Ay5HTvaU2L/q93cMW7oPv51DoO7HRO5VEkqVXJFyGkLtXtSLHcjqlNhHvHLEQY4zcynLm8kGaq/VIomJheoZ0bDL76ui5+LtzCKuK4deSGuBHQtERzvqlkjgc68vI2+v15wmRqLd4F485xH3SAme+TFlyqW4VK6teqg/yhuXnE5amX7hWjyNuFiZ1SN7243XlpF7u/QVdDrYCufM32PYby3Qip9CQKKyYX/EMjGRcKOcjLdt7uFr6hGvF0hGcThw690K9/3RG6LXk0NhsI2GZnvjeB6VhhyB8jnZ7h3bUmOU2Dh+SAdgSvdBjnk1W1uLuHLtGc5GAsWkbWeCUyHZJkfuvbepUQNKGgHxzPjg9PvnpdPDx/Gjwy9nFT4Oj0/NBf+tgcPzqeHD+09HW7t6iG9LWEQxotyIqfDh9u+F6nitNRbJBUylYZdUkJEX6JmIWNrhV9DsQHCaYgjItsGXCBvscp4Xi1yBAL5soDeIJ5eKSKC5iezkYtsQleKWKufu+Gn/KVdPf9/bsLIoW7tA4D5JVezJDWgeTN7IaK9QvXSATSLmYvxb3WoMyUc2tAtX2qria9D/iudIVtnAZzBMfNV71wOKidLrE/bVExzyEc0LVJJomuytamOOKZBJjo3xzoYO2Nm9PdknCwY8kR+Tk9KNfv2pKHlRQWGDLvMY0WMWVZiK2N+62tSlVE9tJOIyz8Bf35Wrg7UnZsr/IMpZD2jDQq74Svdf7e8f7r7eOd3dfvT7ZPzk4PXh18Hrn1etXr3vHh6fH91kTNaH9R1uU85+O+t/8qhyebh9unxxu97cPDg4OTrYODrb29o63Tg77u1v9nZP+Sf/4+PTV1tE9V6c8ah5lfbZ299pXyNMwSAL98hUqR8WVeph9s3ew/3pvb++ot7tz+rq/f9Q7ON16vdXf2zo9erVz/Oq4d7K1t3vaP9k/2N99dbq/8+r19vF+f+v46HDr5Oj1wu3+LI5cqWJlus5JmVTPktCm+Y3FPv4IIXCfQIVrPYhsu57GKjWcHO9+tBnV5KOUmhwfdcn7Tz+eiVFOlc6LGG5iLhiddsnJ8Y8+6uDk+EcXy7g4+X6j26s6vu21OVSCKVPvcF5bJsTo0hMM8ZuRjOWG1QyLnZ+/2Sz1a0ImVCRqQq+aUSPJDtsd9g+SveHubrzf39rfOjjc3trqx4d7Q7q1syw3CakHdKQXYqikXNwq01DNNi84hGx6HflmwoTLjq0oA4oICWHNLA/ShMOdyZOmlrDV2+pv9Mx/F73eS/gv6vV6/7mspmDwHUKljq+IsFWJFka2f7jfewhkMSP5gcOrau2/lSQxhcxtw8bvzqxM1SxNKw3IMLnWtWo3tmez16KlHleEYtdge+NtjSmiZUR+wcxrL7bNw5VumCjH/bhjZiifcZsDHEbn2yzgBv0hchZrLESxXJbmKCsfUz43JHIpiT1Z7pTI0xn+BqL4pNKk9IEksSoyvN0doC298gARO0277lAx4vGbCUtT2WawzLHgt3b3Bn8/fmss+O2DHWPPlA+eHp/c9qhfl8697J/Pu73DiKaQUKP5NYMtvyp6vuGorTmuC+a1Yexr50fv1iMMFTDzmL2azwy929QE7L7O9QxjBAK2hfvaYaFt9AgmQ0GcWJlvZrS4k3fnJMSYkDUz1A1Pk5jmiVrvwtCVWFTWvL9/8ddg299rCVAzihDcVcpdtwY2rAYEwdrxO+iGaYAwnBxS0tO4gbTTvIwyTn7i4wk5UqrIqbHxbfeu42WNiyotINV35XTAhOK143VIvVR1ND8t3Jq4BYcklLqrXNYW8b52cp9VPf7x03mXvPd69ZmIQZDD0VbmAHRD3buFA/x+eghOgBTgMgl5VazgpnGy6M16nThvDbMYKfIzZzdfgFBYEmPFSIVTKbL2/gs2+pmIHwhnmg4KwVel6rShTlNiZjQU+HQPEtS4/wvIAJXRBjIfQKDZ6i6+/FmLldhy4ubzJ+1Fl5xD2NqHBp8f05SPZC44vQ+mD2EZgo1EdVCNeAFTcI5VtNXb6m309jf6e6S3/bK/+3L78L+CaXRf5L7YDLwTu7rdNxez/uFG7wAw67/c6b3c2r0/ZphjNbhiswFNx2YfTKYrM/7s+G398X1C2BVrbsSP5/c6SALc4iK/XtWmu8B7vOvwUpkRlqbmgdj+VGJHPJ2bV13+J1/VrkELwZXOdrcWDpeYQxD2OZOizKO/T1WqUzuEX86E5fy6sZj+DmkB5PZ2d7f3HfFFwj7Xwyjuh6zifyyy+PMQhYRk/oePCw3WUmU0hhurIW+J8N3q7RzcB3TFck7TwcJ1w74gPQWnchXB4LgqLd3WU7LuNC+NUVfQpfS0pNmEigJqGXWrtdZKp/kN1xMJRltqlBVjeXkPuh86ntCcxlCgoU7k3d3Xr14dHu+fnL563Ts86B2e9LeOj4/uJTEUHwuqC0O9FQvDs2qGWUhqD0QoKX5hJGfGfGOGPirMb8WjfSQLCKsgf5fkDRVjcpzPMi1Jyoc5zWcROWfMh5WMuZ4UQ6PUbI5lSsV4cyw3h6kcbo5lP+rvbKo83oxhgE1DGPh/0Vj+8GZ7e3/jzfbudmMZ8HZm456i2joHHscUVt4WdmDUkVMTmrMkGqdySFOvE5Y9Ju+J62OYug9j6TocnoKpWxdVztGERaPm2LrnFz+W+m6XvPnxnAry2lixXMUysIW7xgKKwPJdCRc8GTO3QoAvweix7dx5m7iyoA+F4BMwamv43gulP4GBaiMDVqtVBWWvzaRWzWmw4vbCCKzQbpkTqFhaMj71HToL4HVIFy8uaQalctvqFCgWZ1u7e/nCFgpTmg5TEOwLYDqUMmVUtCH0Cn8io5RW0LKFeS7enBPBxlJzvJe6oVDmI2ZKjYrUKJ5epYJi0Nw8ZeNeBWEC9CHzuRCCpQtvN8E+64ELgf2qS+njbocMvgK4WRKRD7biEYa1kKDoCxT6PXp3ZAsKGb3B6Yw3NzcRp4JCGDJVRkudMqHVpk7VBmBiON/gsIHjzv0h+jzR0/QHmmZiw8G4wRO1XguFwsplgdGQyhvIElVNrjNQbvajhZkuZ6qYrpThuKoFSwPD2XkhNdpja9jrMyo4dS5dmM1sf+4nGdlrYVs2sreJ0mNF9s6DZEUkXmVkb7gW91qDpxnZa+H8biJ73TJ9y5G94Zp8H5G9j7kqDx3ZW1ud7ySyd8EVKkf9BiN7LY4rjew9XyqGtxG7W54RCGvDlPsqMbx28t/o9sqCxdqDeHHiBwvi3T7c2dnp0+He7v7uDtva6u0P+6w/3NndH27v7fSTJenxUFe1StNp1ohptQGcTyGIN8D3QW5vl0H4qwfxWmRXG1B6vnDoaE0gtwiARnDRygTAc7zj48U7hkvwZ493bKXFNxbv2ILDU7gE+sbiHVuo+GQugu4V79iC0GPfA6083vEOnJ/A1dBXiXdsIcN3ep0UYvrdxTvWkft+4h1DzL63eMc5uP154x3nEOT7jHecg+y3EO8Ygv4c7/gV4x0rhH+Od/x68Y4Vwn/n8Y7tuH5b8Y5tODwFU/fbiXdso+CTMXPvFe/YhtFj27kPGu94F4JPwKhdNt6xDaU/gYH6TcY7Vq/jH7wZAapmle5o7lo5o7mycVnwvcz5mBvmwyi0lgubaGthJ7hbixWHAb4z1E/5HyzBUDm4qvZRgHCIhGjehaIrGDoXQc92GRWuunEbTk2M5uDT2mKo2UHHzOd6hcDnWGKlfiMmdE5j5tsJHeHDObMXU3CPLzNjhkNInms4AhGfFOL0yn6FlOTs9wK6PUhCBYQP2HFtsw3YuRRaXQ8NsX8vWD6zLYZK7h+NDunB4UF/uB/HyS79ywIkRSy+Ik3rZIPPWEc1aO9oe81gF7+SZDYgbciMSUm0HDNDqmq3QTuy7QTlCDuhIknRBPOTQD/fDRs4yRJHa1Wn685wdLg12t7d3x9u7yR0j27H7HDrMOmxHtvZ396rktPB+pWJ6qZdmF/Dd2xLR9cb1zcShZYmU0ZVkVuLEpjYM6VlYE/ykI3dIVEjZq836u3tU9ob0sPe1nA/IF6Ro8CyhYM/fXwDH+cXDv708Y0rCWw7qxBbvQeNP2mmtOch9lY1ryi8hrRPOuAN/sOcQUtHksgbYdhDEhVP2JR1ff/VjOqJfV8SFza7SC3g1fbLO8Fudq4JVp4GzVCrdaPCvppngigJHWIVM1LI0HNKZ1jS2sajn30w2G4aEhq6YjO+dNb1/gVab+gpoAHomS2HZcbGDqBBM/YbcFeMpWtOfWlrXiHlmk0wW0pf+ah+F/i9KtJCzXvoEOsb5GLUqRFTbvKW89zuBU8WWBQIek1cPFrKaILspivdThujc0Xg3l0xTbjZzjb2uGsWWEht5GU+gwLkEzhPqu/XBnfTYhNbMi2UhkGGvrlx0tLAFb1P8PCQkU4mxkF9KPN6JzLfBXO9k9qG7d5gdTSLFygIlW6+HlJF1pz9p2kejf9Y7wLmfkzfZFWKMILO9sVKyFpn/Eeni/DgCJ31Jj9l1s0TdKcaTxfz2t6Lhz6UDZDt/iRwp4PM/8NlsFu1zDq19br84RIvaar9dh3QtU6DoyJ9QL3v0TqinI2w04QR2NADjU+NALJ90GaygCLnpXiZBdygtAwjobggl0WeQlPXS0gsgvhMEE+4s7kCL6DAiCCWoAUFipwLJgeNxA8ZtrFvKadflVcvd3a2NxWjeTz52+8/2u/x8w9aZpXVc+LjO1jBF5/EVCbYvtxLRWB9RRRjokJZT9EW6cEFEUyjLiIF19JYESiU5BC0jMQfXUNm27ebb2Ctc0ZVyAoUMrFIKscKxzCvQgsAzQT5zcg3r8XbiFw49ev9qD3n+OZ8/jU/LFVGVt9Q5QHtVrQSIXVTON2Licxoc36u8FdGlQq45sGTduzwZUMFOASjGgx6Ve1iP1A9qc0dyFZLoE4NHJkveV2H3oeX1p5thUOWcroBx85O082/s7NdAQoMvFWqNDCBZWL8dchQs8FfbFJcGw5+Hxia1pitcXb9Dc4u1HtCv0c4S2SkPaqfXscS0rwLOzQvZQ/GKgSww6vwDPaENvMNC+2f6gaTIbKoOfkRsWm8IGya6RIeAB2fvLRv2xaO/lKWQ0KA0JxqRoZM3zBWzW/UNxI169oBjSmPLGfJV2j870y6clIQwc6cMfhmGfP7VRVD/GleS21kBj+W7aJtrK3OSMowrKcDnfzDL77djv5mKaGrv5rX1n+xZv71qCfv2AIrc1V8cA6jzxeLcODUFXe8nr982ap6Irxzjq4qZo6hVsnkfhKQ5VbRRjVgRn4vaIpKSNDy3Rk6pRwo2wdblzn7HLMMj/KJVLbddCESq7U3dnEE9jR1nobAZqlDAM487nrVMvc7towtnS/aNVuDmZtdxssd0w0o4AVoA6EhSzE7pLmB23d7VSKEtEWfAlU6ms7sCMjyuOep0p2o9DLYNv44SsXuA1yVvWzxMsnxpSqGW5Eqhv2KWOlWtmcJHkp3awS4APVyjA56LMzBoHPK09IAbtmmVC1896hlNgA0voIwZ6MRtv81s1pGsdivsYs3J+tdTEy+EvJGuIbbNe8MCsWuc/mBeAu3drBJWpwA9Xn9sGFrslhOgQ++bZkP8n6euC9XYjHBD99X+KZQLF/hvf4nO3yLIh5CgO5L6291n+c7XIELwa9u3a5OcyRcoFJsBAQdygIFJzyKNhz0d2PX1BvR1vVnG+DbL20rOMMfE3rNwMvDIM5C5oG7SOicM2XVRpgExIqEduxUwGs8cZLC+YapIBQy3q1ViSdAICinduEe358btodGl6vMZyVJQdWdMogtk6N5uhoV5M3J0QdDuiNk1hM/VLjNq+oppOeskCur+T9Rw3f1wNEuj+b+MLi+UOUJ3jVHvu8J0TAAj9IhyzU55UJpxquNtoETo8fiOJh9pSyH+K2sbW3z2sxXHALUbCNJbMO/maVUG1kWtYC4QoEd0h8nq8wfJJM/+NJ/8q1KbVkB6G2SYzPMimQfwS00iiBBqJBiNuV/BK5WJJz/+EmxUZEaxr80L0U8uTSsgR8MYpdeU4ulGOEK0bR6moikRfk1ZniNi+r8E5dpBQ/JO86Hr1y2qS/A1GCO+0LwaDLrfCJza+nInKRyHNwpqpbsWgpCq+rdkOnKUl59vRq82jczEYqahubl9rEqRQ3WF//sXPEhFXRAkykXnS7p5AxsGjEemAHvrAITKk4DOnb3AYH6RMpvF1CicAynSgkIqoHk2ilDPxklw1zeBGEMfmtdTNjMeqzVRN4QI6AFuWFDdzcP/m0zlFGAvdPNRuUUHlTn8FpC72Fm+K8lCe1s9bXkHyZSsDt230oAKknXjNSmI5rzClBP/janJusC/hhU+KOO61v5B09Turkb9cgarsZ/I8cfPtmVIe/PSX9r0EcD7i2NzRf/vk6Osixlv7DhP7je3OvtRv2ov+vBW/vHTxdv33Txnb+z+Equu7i/zf5W1CNv5ZCnbLO/e9rfObDk3tzr7dhqbJ7oKhrRKU9X5T5/f05wfLLm7L6cJROquyRhQ05Fl4xyxoYq6ZIbLhJ5o9ab/fLgyQbc38fd7XuMexNjq1M5/VeEwQ++zk4O8fOoFzb4DFnnrfyNXrM6ta5YLtiqTJUGDjibBxvD9ujNvB2yE+1EvY1+f2sDsvF4XIf+OzFz5qy1iw4KVnre4v57nTJOA/9aK+vms/s5ZkJL1SXFsBC6uG0P0/yGN/bwakOLG8Avyo/9XtSvS8rVghrEbN9xchrpHuhX16mVjFaz+vnN0btFdCrznNOmaF5e1VnlfUYOeltR/3ei6XhNreMdQUbjK6Z90KhCFx9VhIsxhKpBxRL8E8anSsmY28wIM4Rwd/tgE4HRZLDWLteD+rRMOxlKvLIPv33uHYY4RAb7NixyFss8McNxMU4ttpqO4TYBYiEKiCiCEqFu8SYYIWMA/X2Di43fCRMxzVSBUKquNenaICOVsAU9y3gcXGtYpxpE1FIfn6GYUDInaywaR+Q/Gbvqkl94ztSE5lfrEHzAr1k6I17zBuM7pyPIWq1RggvB8rmrikMQfMgiVy6wImvOXWhHtb9V8V+fg+Tt6CF+dtxlsbwFvUqPUAj4cxfOxtpOEm45y8FT4RXD6FgxijlyaDoegyywQ74fupJuAXM77o1CLrcVe1v4zz1uh/S8HZrsEO7nd4WN5XaGfsJVnDNwLNR3mB0TIAjGm7cuI56zG5qmqktyYH7VRbOVJmRIUypilqslTJuVOaAAobMT1BSxuajLBfbUb8rr243Rr2L5vM9sZhRgAH6BZXCQhVY8uSPL3Ev9IhUsp0Pus/ac+G/8MP8cMMdAZaAFLipoy9SkcWvhynOXvoVFWMrsxrFcbSQPlOeSI6cQGHmexxOuGdY2A0R0gy4UbrBUeU17MWGKuRg6pxJt+P29Ngr9vCdgvpi5zj+dn66bP7DoRAoP+kHLF1zmiszJa7tv1ysXjGUF8N8Lms7UuKB5EuHfkFH9+w0bTliabY7kAEJB080rIW9SloyZGXqzguDAkp4zFU309J//BgN5wKrEKJ/913prmJ8Le3ZXSM0bvhf/7Di8lmqUaw4Ld/e/Ii6BQhqViXxSWoUKKpZ5qVlWFqc00sPoRCisAnXa42ulNpuJhT+fL5wFHUD8ZK2iBlWDL9pJCpvPnlnKH+E0hdMwnK3t7TnbI75m0ZTrnGGFfCPDNkf0d2Dz9If4mg3gxnQQAKcGcc6oZsk/jyE9308bylbO8Cw+/ZxJZSTH8c+nIYb/aqzvmSBTGr8/J1jDh2xF/a1orxvG41XJYSN+P344XqIoOoNKF6veIE6KBp7+oDkFV7csTXNztC1Ry+44XZQEK9NMDOYOYysa1s5O1l10iC1fUomqajssCV7SR+QsvFcnRfXyxE5gB3V3cE261k+PRVn/ZkL1gKuB2QI8Wbe8XudxP3qD189O/tWyRhtYF6rX6y3R9AFCQ1eW7X1Ecobx8vMFTEV/ttIGE9emXPMxmj+eFm4xPPcntXWpE6Z9ReIx3xhyYb4Fd1485n8zf/zo6bjX7y9BRsN4g5Uyv7UiZU5UTEU7q7ZWCuv3+gfRMkxhxhcsj66ZSOSq8uQvbLTfvAMeQCAIQgOtCyboMF28KFQscxYNy3JCtyEzSiXVrSrsuRkGQ35yKsb26qsX9YzG3e9FPRu4Z/50HWYmjEyl0kSxa5aHSSOvjIqp7IjSWJ9GY1OKKTWFuzaQ2lkquXZEmTKd81iRNao1ja/INYQrlFGGmK/xmetZl2Q5v+YpGzObQ2pvwjXLMZF2vUv4NKOxLkcN77XNGH5c89o4h2HNUDYyBGCyhXIhfXeOEtCifjlVHVh3I5FxYVBeb2iqu9HuckvMxDXPJXThWegq6yut9WkI1l2LTsWM+Gwk4BK7Ql1ynxWCC1meM+hM9ASWSLNpJvOntDoXFqK7FgbufqZUF0hoQ9KEB5HQ3cp57dYqfrh9sSCFV+srB0P+natDU/F4lKbz2rufT9bLwx7CxjUU/PY0gmUA/qTiiosxuKg7b+QNNLthCS+mHeTmzk98POnAEhgzjVxvmUX14tOPCJyg6g5IrLju59IwVTnWdtSz4ccz8CEmbMRFNSPTjFA+XFmjgIvgCa6IvBEsQe2FCjpG39Prs4/nF9H7fIylh8gafGGEJ/l0voE9EYSE3l8jHphaQdGfLrmZSCMMuHKJ1lqSCUszkPvgUVcsBuY0mi3ICaN9ZVIEl2Wa0akiNM6lQsX5RuZpModFxXUSCa50NJbX4LPYsKII2LUpDPByZDFWtUuyQu3Cr3qrhgGBu4Z6ICjcIUihgh6Up089zbKcy5xruxAkZ2Oaw+VwIALuR8GGEm+mif3Ud/ghP+/2DkP3I9QbOq4VzL/1JoorowWkeDjgHQxaImZjOYek2Syfa10NVKVyaeip5FgLJZ2RVI7HthYH9HAzwhRvchI+5nASujqHZfFCTxEWF9roeGTIBc250WPON9+evT2tziZskO5QJvAMHKA0nSnIk4UsfgelBI/+ld+zv7hU/7B0HIYSKqwLYt7uQvK2nnhyUE0uzQ9QU+oygmHsiBOqJkw5fgubKlUKaeasjK7FZIVL8+YlFM2BygmV65UhI5nMCgNX4u/98N4KAQkaFl2ue/ROr+2iUl2GLlZaj9Xdy+7uqLxYU90qKI4UWNkK6REmGlkHtFlt68oilzpVUVCF69IW6bAjws9BU9LLJW5BnvtXPEr/ij97z4pvtU/Fc28K++++K/5kCnXeqx/Fn6UHxZ+478T33Wviu+sv8X31lPje+kg8946oEuH77Bfx7fWIeO4L8dX6Qjz3gviKvSC+9/4P32rPh+c+D1+w2k/GZLxfb4fvsp/Dd9LD4fvu2/DN9GrYMDO/JEMGV9VUxBOZ48eN2EUw2vuZV/hMBYT/DmMfu1JY9kwyr/v7BndVADebaWqrkIKb2YDa6hmH5KWJVDoQ1EgnmnJfZTSjeuIeDh5sAdD8O2FZzmK4hdiAm4DyRbh2gU+8msdEhUukqsBn8Is0n7I/XHL0fPAwjr328JSPMc7yJdF5waqjI0Uqw8qwBTh+GLTxzRzU/fpAGA1c7Y+LHBYFJ2vDbwHSmxUKn7sVLRj0vmt668iGuEbdZyriQunAWXonjcD9gO8S9y7hidsWcSqLpNwBx+ajiwvIyZRpmlBN2zfFW/srBnfElVchgLC0R2iSDOCBgRvSPBkzpTB4LNwjFczhpYhP6ZiVVV3KohFTvkGHcdLf2m6VHyWDnJkRyNmJD09EcB1FLHv8QI7MSsFDMk1CRnUAGfgjhMrhesdStz5863IHczgAy9DF26fxCPnnl55pAe6tzbUoGwezTWk84YLBHl9oMvtCFLyw6FxhtNVgAYF2+1uLzprlEqTYggtnH19+3XI2LrW+2+eoPNo6vhMLiYyvgFetXDhxn1u2F/4Geoc5H9MUW6CAUMDfzA5XE5nrAUrmUp9wxzHOt+Flwpxj04NFWm6gq69UhAieDlA1yP/YRqyAYO2vtBJtzlRG4iw/G0i6YEMtOWvtzcUmvf90tpIt+YFcvD95/5L8JG+MejGlmRGyiv2tAUvloCe3H/ZkvjwnXqYjCJHjXHP+lnz7E35qGeRMjGTIrfZYgPqsTtYEDGq+b2VPe26cHp+HmcWuiKiKWKyi2TSN7HOYGkdz9KkKKTbKN2tluqSvHDqf0+cvTaWWlhtiKGXKqFiQvKOSIpCAUy57c16pomHB0+aUzRX1p3enf3DS7x12FgPn/TmBGcK4mHZAYpmw1n1wGyxK50zHk8WBcbNgMT4x8xx4VQxZLpiGUADLh/8Iv2sZt/zd61xVBaoclIRceLtULV+6U7JWgL6d5+oUz2TSLnaW2swBBTKJbqXm4pqpihYZft+ZPsiEfDo7aU4EJnNG44dDqhyxOZlMGiL/CydzVXDmTFYzUr58QjdgW063mfH//Z//q2zZmyZIVoL/9YvPiuDnwZRmGRdj+2znrwtu7AAne7ZNadYEGYoIog/sycEdwNYOvK3rFimWQoLK00Ph3Fae8xC2I5KzLOUxVUw/7PYpx52ziRKWpXI2rZnwXz5xOe6cicG5NyrSB0c5GHjO1HfomPed2A9757TtCvWXz4vj2sPbnpPlyf3Bf9Eyrv2xPLO9w6DtjC3HJksdsOzzoiq9nSEqo7NvUestxr/JVF5xukELLROuILmmRP9/4K/kxP4yI+FzJPBq3Okgahkq1HAsHH7Iea5T+1yEHrRqLs0SHkPnWrbX53LkAQgKS7XPyW9zbM+Z7pTGE1snE9vq+YRmGxhk69gzDg3FfG2apMA6CprmusjcHRsOhN1SpphL7X2e2rYGplOmDWK5za+CdWMazB0sdw5fmI9dm7ALoEFWBk2hkr/CqImzD/iEZS/Cky6E0kPCVQUkSM/QCijTTkIbaZ7lMilivTwhIRzH7107jFHBPW63TXtvdqlM+0L5Wmlrwczrd0wdJOsuOTO+629YPfoBLyiSF0KYheaiHQ7XE3Xp2T99fEMm0O/DmIEwneVWgOQ2osdFXrsGqpqgc2b9xffVc/jdUOVZ3JrrtNATJrSvQ4I90Lxju3a307Ep/BNGcw3XN7YBXKcmu+aIHfv0XOE992ICZrVvVy8j5kv8wMk5b71umdOtm5sUN2OrjfNgk1RWp+5PaimdUsM3rF8SgtPyA2QP/cHyl9h1o0Vl+FIDsYIWFN3/TQ5t0S0XA+jZKHpERJOiUsuEtDJmA9kLqWkatD8kmindNtZtiBSqFY0g9q517hN3QHFBpjzOpWKxFIlq0XTDPlbkDr2nyNOo8UJd35kDUnXtj2xb4SJPXWuqSuLgpY6zyy5kRZn/mWhtPppjD/5Wly0bLfDkLYJIrR3OPRH5yVnkcuQLeaMiYFfeaAHHKMYhZVWMwZPlnuXVBfYvGeY/+9CCJc8aOPK5PFjzNH64FcqzEKoqJM7v0K2MBxl7PLtsa7acMyXTa5YQnvke0v5OsMhz0NCk0i0YGhupwvc2cz9prMt9nNlYcBHbeTnJHUPMJcSDu9hpRwktoYhY2QSkaTlNWHw1qIuCe4B2RLS8YsKprNiRnRthRwWThUpnhItrecUS1wVjhJMrrH5a1g6FHqpl852zD+gth4fdqe6Kkp68O7elgJqowX14RpuCz5BpAHnmC4p6PmW2QgFoNxlmDVsHFmjdoDtj2Tu88MS/AWZQS+Apo0QzkQQPw9e+bRr7rEGeJEXKEnw5+ovTVVQxnVIIOXTKylvLAPaXBXWUchxyt47S+VDtSgydqjB0hU05xPda44NaeLFHkudNXOGgk1KSSS5sJ3Fb9QlXnesJuZzKBMReehl17lB/WhgWCmiwfPEDvLTrPGCYaquKOGYsCW5HytvFmyZHPdzEI8pTlvhFt4IoWHQjskkq5VWRLbjg5RgLLHgJajBR5epp/oo82SPsoc+h8kgoRHkrOObXTMw7FnLdJM2tCphXgtz5gTVxYSkJhVRicJi4wy16LJ3MiaeZ0BOmeRy4xTrn/kuMdFtURIVjtdNrzgIFE2INgGRB3l3ImPI+Ohpf0TEbVB0Fd78HqS1fJjzOzBDYMgM5DwotYtdBo7HLPEG54mMMq+sNcpwrOItd9ZMmerNU0qZ91HD3Y/2upF7K34e6pXLYGAQKQczmIYu/YgmFOhjhsIMpX94uNe/4uotmFGLD1qrjK82a0qG+V2/bYjXLlsy33+YxBpnLHKX3pMgFm31tOJPW5+fxO8tzma8GxOZSh3FPSlVvARZATWkaX81/xQWOaJ2Fh/HFxYclXUR2hHZyzDuKzTTLybPSj0cWOIqDPjDkvgexu44zRrFzgFjSNEVMo6LRfZhjKJNZ64rVB5k3UGVdyoZ3zQHbuO1Ogrh/P1E1qfRXdsgDAt6+9kmwYB25ZxQqxhiKHdPUVqeJWgmSM+yk2H7EtyNxBwIuYcAPTUYyTeUNwkpzyPyEMHdfZVjoiLwxdgKH8uDWcOAYIKStq9gcXXCn0ZjREMUNZN5QE3kj2vGdMJqw2s00mX9ckflH1kK0APc+FVLgQuDkbmVLj4Pdrbh+Lay/rCZY03fN6CmdQUM6o37qnGdo6y6qAjpXwcJ7pwLO/2rQxeuGQ6ZvGBM2WX0403DSWnpAQzmrmt/kxnaEXouN0crdAY/a6ySUJxZymUfBpFB3TQpC05zRhkQgQepFszRSoKm7f9iMno/KyVxHejO8AQk4VObYMYOSLGfQ4VpPeH3juX/W3Eskw5GwU3zOMmtdY6tro79BX0FRNT1ryyQBEHgHBMiSgq5hAJDbjACyvHOWtLDaYClZvSi/yXCRqnYSxep9Fa9Yy6GD/5CMz5xAVsgJZsuzgRUD9+KEW/lAWb+arX6XpUyziuRpkRhNSYES5A6J8YSJ7Dh8gIfTw5AZ3Z9udzkZHxLcezHDLw3xW4Q7HgNmbwanBHgyKuemlf5mPcqVa27cmuz/dlfOaU73dM9U1wgEg845u2aJDwawXlwAhVhYonZgQAA9uLQOwXNBIo5RiM6pUFjUOiLnhp9Q820Mhy52Dm2bL44/VPqHac2mmY7IqUis3gyVhkr53Rgt4dbPXjkgnvJZ8FS42BrEOg7tYbMgoJsuaAzj22QZW9hM4fa2VYOXMowzmS/jpK49/kWWMVT+dyX+H9ou8KS/t1lgd9L99n3TWmrd90xpOky5mhBa371L6PGlC/6p7IYV2Fm3ULTUe80npVlWUo99xsobNfI+FUK52wIZX6nd8Kbg/fE/znfNufB54YtMN0Y7UefdEAQT1UTHyztEx5fu0DfnT2uHNpSGcHcGO/OaU0c285C9sLxFGfMbNRhEywrpnwo/+nMsDe+tzFIxAcWSoDHAMkdauvSlVcAYSx1lQRGdgZB6ADKhWouQVIIeKnzqykC8JPvRgS/53qRcWS+CCzKi1xhiWi8IHZVlEC8jckrzlBs9XzfrGnqWeKEqtcghyKNS1fAuTMMyknfhNIcI90QUZr6MyBuqHxDLR5cvEyoSNaFXD3ZiNSTMiAsjXgyofrIFrLjGwE/vYKvPU+laO5+INRbUEP7RKNQf1ti4HdFbK+/UgZl3rTG37s4cuG+vwFP+a9TiCcdrqcrjhDOPp6GVcXb89sOC0ti+2U7/eVVAPmCE12JC2Ho0VGOll7rWf2frM46IQY6cxhP50Q4MTpWHsBf8yORj4IX5yDJjdFYlxoLy4qFjSf5/AAAA///hv5ds" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3tU2N5EiD3/dXKJiIa9gzhc07fTG3QQO9wy3dzdPQM8/z7GyAXCXbGsqSp6QCPHcXcX/j/t79kgtlSirVi6EMuKF76NgXbFdJmalUKjOVLymPpx3UTFAjwPttd+oa6wl29lxnP6bcjlnR2j70q1mf58WpFfkX71HLakunPH8hsh/cMTLzkRGeRnAkqOJMQFsoOAw4U62Og7LArB8LvW4X/9uWdosNhTsPmiqvkYxdc1VVHfrMYA28A84OW02qjlp0D04+tgIoHJpIZ8U3dxhJ+/Y5s8gJG3CBtzh4QQP+J/ObINQbD7EUwi7PwCvqaPKQjA1pBt5UxcA8UZ3geVz/Psf7VpSng1TewDVblhQW03uZkfODUzsq9plVHkyELWb8uojK4YJrTlNy9h8foZsU08tqxf5oBzUDFrDgXQ3yole6qjNZAZlOa/T4SyEFHF0g+I7awcGxaO0gQmOdYwUI2yJTs2xMlvx4S0Z+wKkWDOugEBXAVQT8ZX+2VqIV3sx1TS0OCzui7UNLbVEKVZkixMN6QM5KE6D9DFjYEYM6NWCE/pYLZAq4r0JnoX27abCCtELq2pADEMFmGTHCsWpSH+Dwaw6F8pUYer1okhDFxlRoHuPt0S2csVQQdovhj52SUOcKPGWDPDWPXXODruvoDHa7QZRl0E6jcKU5d2fm5xgYw9mNKVCEuoME/Z32plJpnqaEofcNa9hgU01jUwe+VyDYgAdtJOlkkslJxqlm6XQe4xqdwYtSnIDr8eizC+O9z4CDFzDjPh/mMlfpFLkZ3vFSHq5Zlc9fT7mCPsXHpx1CnbsNPMS54LdEScMnESH/UVCWpjd0qtDfXj6y6Y2DyfH9ZWS/sP28yzqaMFpUcbOc5K4OFniyIz65NKBcRgjWZYckbMLAaU+k1RmIFIEj0RynlQgfqiKRGyWhxbrMCvKxZXlwHEJT6JJctEihuZZCjmWurChAuhdfewBdC3kcaHn/7ONKrRAOBCjTeFR4mpCUGCHKGk7ord72XhXn0A3zsgsutA8r+hTg1Bxu93cphykjJycHJXo0ROu0iRANXyvXYIS4HCjeAh14AnlvWQJFdH2pdssdqpGx74HsQZf+CA2OX3ZKD5mMYq6niyoDeMD1tHl1PkihM1Zp4gvgSKG5YGJhpQk/lkoS2slq8H2UmR6RfYgwoQ1A5kJn0wuuZENRoachHU5Bjs8+QQZCDcKD/ZlgLWo1LUiNC3pABU3qlHJN5O8BZ8jkBRjnTfOeSDHkOk/wvE6phg91h+//JEupFEtvyerORrTd29zd6HbIUkr10luyuRVtdbf2ervkf7+pAblAJ86bL4plq+48rjg4qe+x3yEUXQ6ohckBGWZU5CnNwuKjesSmJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXyqz7KibJVTbYsTCsFLyWQ0Vdz8gY7FDondtg6D0z5KbehkHkQNHBRWc/CN4YAcMumwrXs3+lJpKVaTuLY2GRtyKRa50z7DDHdttNV/O5gF14K2moWpcaf9W876rEyo6jVmDYbmK8wiasG3dcazYvn49HrT6FvHp9fbK+UzY0zjBSD8Yf+gGZZqDXUdPeLO9s25sR2tNQXJJaH236eGaT/un3uj2hZa41bdKjaiJJOMX1PNyOGH/1wJFNnyBgATLZU0IX2aUhHDFgzu/GRGMpmbnVnRVA2eE9kqiWOuZImQAJAy93JJgGbpHKparQM00w9TzCpZPbVleGRGkSX7LBbH0EyWseSiSSV8wg7jEDY5HDGlg0kdjXDuDiAymbDEg5z3nSbpl/x9kZDRCUKOYThrRg5kRpYGUkb2uSiW4yXCFVkKv6iW78bLURtIlTAsqggl1ljMlTGUbEtMMF1TfmVTlvDiT+WDAb/1I8IzyyOtJ2/X1vARfMIYSCsROcdQJi3R6r/lY+9l7k+J4uNJOiWaXhXriqZuSpUm+kaSlPZZqtCqFlJDiAoWETXYn58cKh+lvBTLKL9aqh+EATVKXOHJvkhu8JMA03slZZCb3fx7TlOsIhsE4riwiUBpKMJiMBSF3cZsgsoNBEnAa3iHV2YVy+4RIceCUDKhmeaBH4zUIADhYQtEm//a321ohdekQOXJU5smGlNROMJIma86AQVsP1dVR6jPUnnTzObNe6K8b0LaLt3c3ESMKh2Np3YEZAzcGVTppciPeGxLYeMoI1rUmUVcMbzeTVNExC+pvL8eqbzfK22+TomJC/BKlUldV9tijKUO7jkhic4oT82WmbCMy4ZC2QYBz2z33BRoObkANL6C1GODAYPq6GZWyygW+2V2fnK40sG7vCshb4Rz4pbAIla4dJyfHISAYVnHK8EmieoCsjqvHzbIbTOrBHzwbUtGkIqzhGKxEu3EI3xf4ptcsSxaLMuEHoMihc1H3AWXj0QOZh2LVJCTw/1TI7L2EeNDP1TIK2/q2LEx5emCkDPmKYEJnPpdD1uMjPR84kT+Z3McGoTfqOJAAAP4joiQtM8yTY64UJpZFivRBu4Bno0B8Sp44RyISC7sGnx2qXt71W1vwsFjvuYCMBsYFeFcoDsnXAmcrA7EIqujWEqB3IGocS2DnvFhzAyG9qOAEoQKKaZj/kcQVIkk9B+/YJscPiCXgAX0is/sB4PdpVcGYikGuFbVOB2RNOhXxgxsYqp7CzU8DSvZ1YIp60A8nf/m2STa2chYlMJWm07lkIs60oFIoyDS6qTIZLqwPGbfbw0YEmZyHk8oNGHhnRnJe8X7VNALmoy5WOqQpYyBFi2GF9AO7b7w3jB4w1UXC6I33Fd3JkUx93YtFkCHv2E0M3gcihDFhGpqIbyhisQyTVkMxTTst+cjpvzAkEYylTkZcJHgpvJbPJVDZfe2b0Th5oZ0OgyHmeOqmk1GbMwymi6wl8mRm6O2Mbny4C/zAaQOY1e0lVorrwS2CXiWMKpAuX4bGYPiJAqbmVzaAUGEJZIpo3fWVcldujnY6nYHJWIsRCY1tHLxIUpCYBAPQuxsPEcSrqC6T8ZVILjlAJPkhEyY9eiXUC4u0X2FDWAYUMATVu+R5q29Wh+WEBib0T+mV0wRrslEKsX7WGbD82dhUhg+NQw5ZjrjMfIsJIZXuLacamY2DBj+cZ7SDOD1Q7Ix167vUDXI86PUNrKDY06cYLYNIGPFCwr3ZQkM8EnIEtkLyziIIcHUDFRFqCaX5j17LppjEj4a6oOiSBuM4WRjh22x/oB1KduON/d21pM+2xt0ezubtLe9sdPv765v7gy2S/y4oOuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNU3mDy59wpTPez8PUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8ZvY6oAgyNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPt3jGrVNAiayPZYgiZEE1/9xD9qFvKyUMww+3RgNgb62IIWTg1OlhCPVbvdykwkE7bQO07HTdSzBExZkTMBJ+gbibLIs5IZwb3spKJT+81vsE2DmO+wMhCUA4A4G0yX7ASL4FD3YrG4ouy7xlN+UHuceMhcaqwbrR0vVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx5k2hX0J9QhvwAN5YQM7P1ql4Z2XmgLQJhWElxUKPlbCjuRjmXI38qhWbEra0OS9IPikd9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzQlZRKngaW6TGVGDUqGINaoKbb7Vr//XKEloFqehPGmyB9Q1w/AquZTtmQbVCQOV1SQlznxPwYqX+JhrzDfpsSU/wJ3SgmDtMgkmO3AIdD3AQmfkxaMYq0FV36AzRe+M0p8uSVL28R+qWlqMx5P1pVuTncsVXtyA+brZkW9RXpZDBWpJUyitjglGbKss0dhSt2BZBkVkv3evU2IjWo83QzoLw2pKZVXxzh5WFTzk7yOUP12KtiWJwf4RSzIVT21jjNbw4jposK8MYQfCzYQxajsfu2HvnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwvie0O7yXt/HdBU6zIpiDWWIpFE+wV+aIgYoETTyD4loYvvsXf6Ri7DN4REUZbzVrQkeGMjEdr4eh+seBjY/3K35sZxnFNMz9tLHtAG+RY0HQfYDFGZqfc1TwWGJelif3ywzktvR9DeR+DeR+DeR+IYHcuCddscNC7D1jNDeC9BrN/RrN/TQgvUZzt6fZazT3azT3txTNjWfFy4jmBlgWHM1tEb4nipmm1mQotqL0Ac6NkcxBVrCxacAoFsMXH9k9kxzRI+nxAiO722tqXzG8u4Hnnz28O9QfX8O7X8O7X8O7X8O7X8O7X8O7X8O7X8O7nwyI1/DuJ2HA1/Du1/Du1/Du1/Du1/DuO2lW6u+HqNuwg/Pim9lhB0u2O5jZbClVig+mLl6UQl8FqD5O41hiyT0o7IlzEU1vpZDj6a8Wwl+9kmMQ/nB8/vmI7J+f/5eDf0DPzUFGxww6OfwqapEJZk8bfEuQFANbOPCi3VstPPNlztGnc3x41iEf//7+lw4UBF9xoWSUxHI8NrLWghwVQ0PEDiAUaRprHkd/BYh844+wlPuID0dWu/VlO6Uz08wYxbgI0a9LfDyhsf51aSUqTcXiEezn6K8hGWqTwp1wMegVF+CuAGWVxiMom+nrZoPvW2MEDM7TgQWLYzmepFxhqOdQ0hShK8b9dSmoui6M8DMGF4a8GNCxP2qboAG/yl/hmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoRee+nsmPx0qUQcWaL71ELAbBQaVQMfc16woyNg83MNOFiyJQGYYGOQ6YzqSZoPAQ+Ak2HQ0TPFSqsCJNwx5UNUOTrhSk5S4axOfrRkJolnnTE+w/bhSVXjNCafPjVI/qrHaVTMhnJMruNfClgqjWNr6Ix1xmDUsD4ilo73+92u+trZGWpSh78pYkwC9Sqlkr86iIK2xIppElNnj6eSHUalftHVci06JrYwEZ+EmgK8YKIFQ5fJ1zbUcp09YfAV9maXro9dne6geYjp3tLrZ33ult7DdwH38+g0Hdioy+VEknmXpFwGULuXtSKHMjxmNpEvDPEQgwxcmuSMZcPUl+tZxIVrekZ0rHO7IujZ/t3ZxBW5f2vJTXAj4SiI5z1sZI4HOtx5O12e7OESNRt38VjBnFftMCZLVPmXKo7xcqil+pU3rDsbMTS9JFr9TzipjWpQ/I2H68LJ/V877d0OdgK5M7fYNtvzNOJnEJDorBifskzMJBxrpyPtGjv4WrpE64VSwdwOnHo3Av1/tMpodeSQ2Oz1YRN9Mj3PigMOwThNtrq7tlRY5bZOHxIBmBz9EKP+WS0sBZ3Z9g1mosEjE3byAKnRLZL8sx/bVOnApLWBOTJ2cXRweFPRxefz/Yvfjk+/+li/+jsore+e3Hw7uDi7Kf99a3tthvS1hEMaLcgKpwefVh1Pc+VpiJZpakUrLRqEpIifRMxCxvcKvodCA4TTEEZ59gyYZXdxmmu+DUI0Ms6ShfxiHJxSRQXsb0cDFviErxSxdx9X40/5aru7/twfBxFrTs0zoJk0Z7MkNbB5LWsxhL1CxfICFIuZq/Fg9agSFRzq0C1vSouJ/0PeKZ0iS1cBvPIR42XPbC4KEsd4v6ao2MewjmiahSNk60FLcxBSTKJoVG+udBBW5sPh1sk4eBHkgNyePTZr185JQ8qKLTYMu8xDVZxpZmI7Y27bW1K1ch2Eg7jLPzFfbEaeHtStOzPJxOWQdow0Ku6Et33O9sHO+/XD7a23r0/3DncPdp9t/t+8937d++7B3tHBw9ZEzWivWdblLOf9nvf/KrsHW3sbRzubfQ2dnd3dw/Xd3fXt7cP1g/3elvrvc3D3mHv4ODo3fr+A1enOGqeZX3Wt7abV8jTMEgCffwKFaPiSj3Nvtne3Xm/vb29393aPHrf29nv7h6tv1/vba8f7b/bPHh30D1c39466h3u7O5svTva2Xz3fuNgp7d+sL+3frj/vnW7P4sjVypfmK5zWCTVsyS0aX5jsY8/QgjcJ1DhGg8i266ntko1J8fHH21GNfkspSYH+x3y6cuPx2KQUaWzPIabmHNGxx1yePCjjzo4PPjRxTK2J99vdGNRx7e9NodKMEXqHc5ry4QYXXqEIX5TMmGZYTXDYmdnJ2uFfk3IiIpEjehVPWok2WRb/d5ust3f2op3eus767t7G+vrvXhvu0/XN+flJiH1BR3oVgyVFItbZhqq2do5h5BNryPfjJhw2bElZUARISGsmWVBmnC4M3lS1xLWu+u91a75z3m3+xb+E3W73f+cV1Mw+PahUsdXRNiqRK2R7e3tdJ8CWcxIfuLwqkr7byVJTCFz27Dxx2MrUzVL01IDMkyuda3aje1Z77VoqccVodg12N54W2OKaBmRXzDz2ott83CpGybKcT/ukBnKT7jNAQ6j820WcI3+EDmLNRaiWM5Lc5SVzymfaxK5kMSeLPdK5PEUfwNRfFhqUvpEkljlE7zdvUBbeuEBInaaZt2hZMTjNyOWprLJYJlhwa9vbV/8/eCDseA3djeNPVM8eHRweNejfl2WHmT/3G519yKaQkKN5tcMtvyi6HnCUVtzXBfMa8PYl8/2P65EGCpg5jF7NZsaejepCdh9nespxggEbAv3tf1c2+gRTIaCOLEi38xocYcfz0iIMSHLZqgbniYxzRK10oGhS7GorH5//+avwbZ/0BKgZhQhuIuUu24NbFgNCILlg4/QDdMAYTg5pKSncQ1pp3kZZZz8xIcjsq9UnlFj49vuXQfzGhdlWkCq78LpgAnFywcrkHqpqmh+ad2auAGHJJS6i1zWBvG+fPiQVT348ctZh3zyevWxiEGQw9FW5AB0Qt27gQP8fnoKToAU4CIJeVGs4KZxsuhkpUqcD4ZZjBT5mbObRyAUlsRYMFLhVIosf3rERj8W8RPhTNOLXPBFqTpNqNOUmBkNBb48gAQV7n8EGaAy2oXMLiDQbHEXX/6sxUpsGXHz+ZP2vEPOIGzttMbnBzTlA5kJTh+C6VNYhmAjUR1UI25hCs6wita7693V7s5qb5t0N972tt5u7P1XMI0eityjzcB7savafTMx6+2tdncBs97bze7b9a2HY4Y5VhdXbHpB06HZB6Pxwow/O35Tf3yfEHbF6hvx89mDDpIAtzjPrhe16c7xHu86vFRmhKWpeSC2PxXYEU/n+lWX/8lXtavRQnClJ1vrrcMlZhCE3U6kKPLoH1KV6sgO4ZczYRm/ri2mv0Nqgdz21tbGjiO+SNhtNYziYcgq/kebxZ+FKCQk8z98XGiwlmpCY7ix6vOGCN/17ubuQ0BXLOM0vWhdN+wR6Sk4lasIBsdVYek2npJVp3lhjLqCLoWnJZ2MqMihllGnXGutcJrfcD2SYLSlRlkxlpf3oPuh4xHNaAwFGqpE3tp6/+7d3sHO4dG799293e7eYW/94GD/QRJD8aGgOjfUW7AwPC5nmIWk9kCEkuIXRjJmzDdm6KPC/FY82gcyh7AK8ndJTqgYkoNsOtGSpLyf0WwakTPGfFjJkOtR3jdKzdpQplQM14ZyrZ/K/tpQ9qLe5prK4rUYBlgzhIH/iYbyh5ONjZ3Vk42tjdoy4O3M6gNFtXUOPI8prLwt7MCoIqdGNGNJNExln6ZeJyx6TD4Q1+cwdZ/G0nU4vARTtyqqnKMJi0bNsHXPzn8s9N0OOfnxjAry3lixXMUysIU7xgKKwPJdCBe8GDO3RIDHYPTcdu6sTVxa0KdC8AUYtRV8H4TSn8BAtZEBi9WqgrLXZlKr5tRYcaM1Agu0W2YEKhaWjE99h84CeB3SwYtLOoFSuU11ChSLJ+tb21lrC4UpTfspCPYWmPalTBkVTQi9w5/IIKUltGxhnvOTMyLYUGqO91I3FMp8xEypQZ4axdOrVFAMmpunbNyrIEyAPmQ+50KwtPV2E+xWX7gQ2K+6lD7uts/gK4CbJRE5tRWPMKyFBEVfoNDv/sd9W1DI6A1OZ7y5uYk4FRTCkKkyWuqYCa3WdKpWARPD+QaHVRx35g/R7UiP0x9oOhGrDsZVnqiVSigUVi4LjIZU3kCWqKpznYFyrRe1ZrqMqXy8UIbjqhIsDQxn54XUaI+tYa9bVHCqXNqazWx/7hcZ2Wthmzeyt47Sc0X2zoJkQSReZGRvuBYPWoOXGdlr4fxuInvdMn3Lkb3hmnwfkb3PuSpPHdlbWZ3vJLK35QoVo36Dkb0Wx4VG9p7NFcNbi90tzgiEtWbKfZUYXjv5b3RjYcFizUG8OPGTBfFu7G1ubvZof3trZ2uTra93d/o91utvbu30N7Y3e8mc9Hiqq1ql6XhSi2m1AZwvIYg3wPdJbm/nQfirB/FaZBcbUHrWOnS0IpAbBEAtuGhhAuA13vH54h3DJfizxzs20uIbi3dswOElXAJ9Y/GODVR8MRdBD4p3bEDoue+BFh7veA/OL+Bq6KvEOzaQ4Tu9Tgox/e7iHavIfT/xjiFm31u84wzc/rzxjjMI8n3GO85A9luIdwxBf413/IrxjiXCv8Y7fr14xxLhv/N4x2Zcv614xyYcXoKp++3EOzZR8MWYuQ+Kd2zC6Lnt3CeNd7wPwRdg1M4b79iE0p/AQP0m4x3L1/FP3owAVbNSdzR3rTyhmbJxWfC9zPiQG+bDKLSGC5tovbUT3K3FgsMAPxrqp/wPlmCoHFxV+yhAOERCNO9D0RUMnYmgZ7sJFa66cRNOdYxm4NPYYqjeQcfM53qFwOdYYqV+IyZ0RmPm2wnt48MZsxdTcI8vJ8YMh5A813AEIj4pxOkV/QopydjvOXR7kIQKCB+w49pmG7BzKbS67hti/56zbGpbDBXcPxjs0d293V5/J46TLfqXFiRFLL4iTatkg89YRzVo72h7zWAXv4JkNiCtz4xJSbQcMkOqcrdBO7LtBOUIO6IiSdEE85NAP99VGzjJEkdrVaXrZn+wtz7Y2NrZ6W9sJnSbbsRsb30v6bIu29zZ2C6T08H6lYnqpm3Nr+E7tqWj643rG4lCS5MxoyrPrEUJTOyZ0jKwJ3nIxu6QqBCz2x10t3co7fbpXne9vxMQL89QYNnCwV8+n8DH2YWDv3w+cSWBbWcVYqv3oPEnzZT2PMTequYVhdeQ9kkHvMG/nzFo6UgSeSMMe0ii4hEbs47vvzqhemTfl8SFzbapBbzYfnmH2M3ONcHK0qAZarluVNhX81gQJaFDrGJGChl6jukUS1rbePTjU4PtmiGhoSs240unHe9foNWGngIagB7bclhmbOwAGjRjvwF3xVC65tSXtuYVUi6EEBEygBXtaUnKNctoCs3b/ZhMxKm0jsLLf17CGl3+65IsHx+dvyef3x/4Qdd3NtZXEKbwwcIX4vwpEOXbZ67rUuICSx24fkQEu9a7s6Fil09GcPHqi+IIKNUPjW094TBY1khXN3mDGmK3sEcNeAlidRMXRpcymuAu0aUmrbXRuSIQLqCYJtxIIRsy3TF8KaQ2Yj6bQt30ERyD5fcrg7tpsfcuGedKwyB935M5aeg7i04zeLjPyNJEDIOyVub1pch8F8z1UWobbXyDRd0sXqDXlJoQe0gVWXZmq6ZZNPxjpQOY+zF9b1gpwsA/z1jLS8M/ljoID46wtFLnp4n1TgVNtYbjds7mB/HQadG32YoVAldRuAl+uAyEjJaTpcp6Xf5wiXdL5TbBDuhKg8RBnj6huvpsjVyOB9ggw5wz0LqNj43ctO3bpjKH2uyFVJwG3KC0DAO4uCCXeZZCL9pLyIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6u3m5saaYjSLR3/7/Uf7PX7+QctJafWc+PgOVvDNFzGWCXZd91IRWF8RxZgoUdZTtEF6cEEE06hCScG1NMYPCiXZB+Uo8Sdun9mu8+YbWOuMURWyAoUEMpLKoer4MxE6F2gmyG9GvnnjwwYSg7JSbaPtOcf3FPSv+WGpMrL6hioPaKekTAmp68LpQUxkRpvxc4m/JlSpgGuePNfIDl/0gYBDMKrAoBfV5faU6lFl7kC2WgItVcCR2Zy3jOg0eWvN8EY4ZCGna3BsbtZvJzY3N0pAgV26SJUGJrBMjL/2GWo2+IvN5WvCwe8DQ9MKs9XOrr/B2YV6T+iuCWeJjLSnZeVUSPMu7NCskD0YYhHAHlnNNsP7PJivn2v/VCeYDJFFzcmPiL3uBWHjiS7gAdDxyUv7tu086e+SOeQxCM2pZqTP9A1j5bRMfSPRIKgc0JipyTKWXCzWljkPLNFiUhDBzgoz+E4mzO9Xlffxp1mdwJEZ/Fi2+bcxEpcGUobRSEtmQZbCL6oSFDVKS9eEaZaNuWCJOXljrlhqk0AoJARaF0Zxu63ywYDf+hHhGch9fbu2ho/gE5HMhisROc+mrr/uZJLJWz7GuA6ujJ2j+HiSTokGq7WubJqlTGmfpYrc8DQFVQzOoxuWpoD9+cmhKgRNLKP8aqku2qvBWt4fB8bxovjgDEafLRbhwKkq7hhVcPm2UfVEeGccXWXMHEMtksn9JCDLraKNasCU/J7TFJWQoFO9M3QKOVB0PbaefnYbswke5SOpbJfsXCRWa6/t4gjcANQ5SAKbpQoB+CC5a7HL3O/Y6bbwGWnXIw5mrjdHL3ZMJ6BAYd1XEeqzFJNa6hu4ebeXJUJIW3SFUKWj8dSOgCyPe54qvRRVXQ92lJLdB7gqe0fkZZLjS5X31yOV93slsdIpbc8CPJTu1ghwcfXFGEvoaDEHg84oTwsDuGGbUtX6ylTLyQWg8RWEORsMsGuxmdUyisV+mZ2fHK500NNyJeSNcH3CK04lFIod56kE8RZu7WCTNDgBqvMWjpugo1osx8AH37bMB3k/S9wXK9FO8MP3Jb7JFcsWGI7wxQ7foIiHEMCrzk3sPs/2EwMXwnWA9RY7zZFwgUqxERC0L3MUnPAo2nDQlo5dU29EW4+l7dtvv7Qd7Ax/jOg1Ay8Pg/AQmQXuIqEzzpRVG2ESECsSushTAa/xxEkK59KmglBI1LdWJZ4AgaAc24Vr1ZJuRMWQqWixuz7sbo0eY5lNC9KCyjtmEBonB7N0NirIyeH+qSHhPjLtoR8q3O7tS6Jb3CEBaYEMXM5wal8vyYJnDs8nDvlZZJtRg/EbVRz5HaMj+N4XNYtxP+2zTJMjLpRmXMxLHODuZ+NemP252RdJsLAmv/VLRl+fCbC3bTfVVGk2XpukVBsROjeXIxYLPErCVcTJ5gUxSOB/ch774tvD2lIO0E8mwwakpWNpADf/KDcFoUKK6Zj/EfiJkfz+4xfFBnlqNuGleSniyaXhQfxgELz0amYsxQDXmablo1AkDZp7rlgyP7tWGTUusj2ekkndHYUqkoBbg1jnwocCuUhBezaSmbXnZEZSOQwufFVD6jMFSTsvLTKZLixl2dcbwtAMMxOhqHJpXuxWq1tV0Hnzz6Ur3qeCXtBkzMVShyxlDIw7MbwwA85Rxee70378tbJT8P+UCl6B/QtV8QoAX5W8O8nzJ1bzqkT4VhW9Kh4vUtUrgHxV9h6j7BV0fMHqXgHkq8IXUuNPofI9h0YQxja97MO+fXjME2gCDs7v9ZAv4/ciz+8yiF//aHbzv566M09dR6LnOlB9XfGXela2l1mPOEh99Muf4YzUNBsy/ad0HVjUX6jfwEL38vWIZ3AaWNp8r8rEvBR4kerGvEi8SF+BhfBVZXmMo8AS8QV7CSyEL1bt+YouAkuK71j3CYOKLujQ5coEoUWk+LZFgBGO4cKMBOTJQ73cMcMYckr6mbwJMpP9Hj0fsanN5lAjeUPMeSLIDeu7dFvI/TBDcTEsAtJton3uQXXB4O1jghJmhv9aQtfOVl1LfjqSgt1jeSwEoIJ09eJLdEAzXgLqxWc6VURiwB8XJf6o4vpB/sHTlK5tRV2yjKvx38jB6Re7MuTTGemtX/QwuPEDjc0X/75C9ieTlP3C+v/gem27uxX1ot6WB2/5Hz+dfzjp4Dt/Z/GVXHGlPNZ661GXfJB9nrK13tZRb3PXknttu7tpGyx5oqtoQMc8XVRqyaczguOTZRcTmbFkRHWHJKzPqeiQQcZYXyUdcsNFIm/USo2A+GQN7u8jr/ETlrIQQ6vgOYVehInBvnVGBiWxUI2t8Rmyzgf5G71mVWpdsUywRRlgNRxwNg82VuKgN7N2yGa0GXVXe731VSiwyeMq9C/aNHv0WruE/2ClZy3uv1cp48yBr7Wybj67n2MmtFQdkvdzofO79jDNbnhtDxvAFqbyKwwVv7Tz2BoIoPlTzYYy43/gE7KKJBda+sU1ItoeaP1M0gQK8bEsNko8yDbOVGAPfPKPK0YGMk3ljRnZduorcpIhb2zZV/lZeUtSLvLbDhnTGCgq+G2R2mDpWi/g8OmMTGX+5k1mzn8KWQwQMG+TdGxKbcqV7tiE+yArApP8/ZATOcmNPZRE5DRlVDGSMk1yBfkDpD81hBJmBiqw8CZOdXRw1jFUnWRyIhUjPMimo0kCXRjrEfCAZlt9WaposYWlanzeVnT1ulGveqguFtSgYtc9SpZRBAJV/Dq1h6hVwn8+2f/YRv02zznFm2ZFxqM1B6dkt7se9X4nmg6X1QqmWk1ofMW0LxmkMFOCKsLFEIqKQL8K/BPGp0rJmNu6eGYI4VKkwQ4HQ91g7Tcm9UV57WR4OLpejX6nfMRM8chg34RFxmKZJWY4LoapxVbTISRlgXTIoTADNIh0izfCQgMG0N9XuVj9nTAR04nKEUrVsW6EJshIKftbTyc8DrLDbG4CFFuhPs1dMaFkRpZZNIzIfzJ21SG/8IypEc2uViCHm1+zdEq8kQZOo4wOoGZxhRJcCJbNXFUcguBDFrligRVZdlkXdlT7Wxn/lRlI3o0e4mfHnRfLO9BDafcXJ87TqZe/XHgJZXAXDbxiGB37BTFHDk2HQ5AFdshPfdfQK2Bux71RyOX2FGjgP/e4HdLzdugmgqopflfYSl7OuZRwFWcMnFnVHWbHBAiC8Waty4Bn7IamqeqQDJhfddAHQhPSpykVMcvUHFbwwhyngNDxIRoVhiWKStCe+nV53fbMWaCR/Gli62ICBuBkmgcHmWvFk3tqjHupn6eCZbTPfc1WJ/5rP8w+B8wxUBqoRb4XbZia1JK/XHPmwg3VKtkKFbiFFkSA5kxy4BQCI8+zeMQ1w85WgIiu0YVC8I8qsl3PQRG0pUic9rzq9/fyILzBOARL18x19uXsaMX8gS0HUnjQD1q84OoWyoy8t/t2pZSnWfR//j2n6VQNc5olEf4N9bR/v2H9EUsnawN5ARV10jWj76UsGTIz9FoJwQunOzMVjfT4n/8GA3nAysQonv3XSmO1FFc9ymXi1dXEN/9ccnjNcd8ap+awcCnUC+ISaKNQmsiXJC1RQcUyKzTL0uIU/pywyAu01YAu3fG1Umv1srI/n7WugR1A/GIN6BpVgy+aSQqbz55Zyh/hNIXTMJyt6e0Z2yO+ZtGY64xhf3Qjw9YG9Hdg8/SH+JpdQOLpRQCcuogzZgymfx5AcXY/bShbOcOz+Oh2IpWRHAc/H4UY/qu2vsfCWEefzgh2cCHrUW892u6EZU3K5LBW3ufTgzlaYjPoc7DoDeKkaHB3BJoPXnFydcfS1DdH0xI17I6jtiRYmGZiMHcYW9GwfHy44pLsbfOKUnGKpsOSYK5zRI7D9GSSl6/j7AR2UHd3XKdr9fRoy/o3I6ovuLowW4AnK5bXqzxemPxVXj8+/FfDGq1iV6ButztHy3+osLOwWt/7JGNYdmy2gCnpz1baYNnSMdd8iOaPp4VbDM/9SWVdqoRpXpF4yFf7XJhvwfMbD/nfzB8/ejpu93pzkNEw3sVCmd9akTIjKqaimVUb+0T1ur3daB6mMOMLlkXXTCRyUVXSz23RlFkHPIBAEIQaWudM0H7aviVQLDMW9YtmMnchM0gl1Y0q7JkZBisnZFQM7S1pN+oajbvXjbq2/on5k/SZu2kYS6WJYtcsC2vvvTMqprIjSmN9Go1NKabUGK5lQWpPUsm1I8qY6YzHiixTrWl8Ra4hEKfwaGLZu1uupx0yyfg1T9mQ2QrCNvpCswzLKK90CB9PaKyLUcNYCjOGH9e8NsxgWDOUjYoCmGybVCjePEMJaFC/nKoOrLuayDg3KK/UNNWtaGu+JWbimmdSmNFa3Xp+pbU+CsG6b9GpmBJf1BG4xK5QhzxkheDunmfMjK9ewBJpNp7I7CWtzrmF6L6FgWvCMdU5EtqQNOFBQalO6bx2axU/3b5oSeHF+srBkP/oupCUPB6F6bz88efDleKwh+pbGto9exrBMgB/UnHFxRBc1Esn8mapQ5Y+sITn4yXk5qWf+HC0BEtgzDRyvW4W1YtPPyJwgqo6ICHOr5hLw1TFWBtR11ZxmoIPMWEDLsqFbc0IxcOlNQq4CJ7gisgbwRLUXqigQ/Q9vT/+fHYefcqG2HiGLMMXRniSL2er2BFfSLE6yeSAB6ZW0PKlQ25G0ggDrly9ai3JiKUTkPvgUVcsBuY0mi3ICaN9TaQI7lU1o2NFaJxJhYrzjczSZAaLiuskElzpaCivwWexakURsGtdGODlSDtWtUuyQO3Cr3qjhgH1jwz1QFC4Q5BC/zRoTp56mk0yLjOu7UKQjA1pBnEEgQh4GAVrSryZJvZT3+OHvN3q7oXuR+g2c1Bpl37nTRRXRgtI8XDAOxi0RMzGcg5Js1luKz3tValvZeip5NgJI52SVA6HthMDOT85I0aY4k1OwoccTkLX5a5oXecpwuJcGx2P9LmgGTd6zNnah+MPR+XZhI1S78sEnoEDlKZTBeWGoRi6g1KCR//K79lfXMX0sHEYhq8q7Aph3u5ADWx/zwsRf5fmB+godBnBMHbEEVUjphy/HR59XmXCnBrlFvVGzPjIclva37x5CS1ToAB96Xqlz4prZH/vh/dWCIh5OVIjur61fbni0Tu6totKdREuGzabrbmX3d1RcbGmOmVQHCmwrxHSI6zXaB3QZrWtK4tc6lRFQQ+mS9uiwY4IP8cpZ0Jbgra/BaEpbFRzrECmwaLiPn3DKttULpjX1n1cPtv/uBJhpJ6ZR5Frmk2N5I8r2xHUA9dHExWFYE3AtdOHRphmG0I0Jq5c0ZDCcPnhxzMSYkzIshnqhqdJTLNEWbW8lMDB6m0z3/w1qH7dWsvwXfqfoU2j79L4sEbmDf3q5+9T7/F/jtaNqopa+96NFu6X0K5xvtXDbo2+G6NRoTrk05cfK73ZoT/jHSvt98pDV/zFtGn8YJjCSIWfObuZE4nn7sz4sI17LOJH4PkCGjTOh3aFs+dE/Ttt5CikvoCWLi3QeXD/fSGhCwHL2vTgX++udnegB//G297W2429+XrwG4TwPmqRGIGPoQ02vb3V7i5g03u72X27vjUfNkGv9UU3zt73XeRdyA9e6eta4/kqlnO0pg7wgfb9C7RUYXzExQaqsDQ1D8T2p6DbfNAPPLDASMvm+sYWnWytt74KCIjAbKv/FnSY1UT/yA5RdHhgGZTaLi8ahjO0Q2h7a2tjx5uhCbut3oO3R1DxP9os8izkwOXA//AXGsGaqQmNjcFF+lzXtfD17uZue7dJxmm62P61NjURp3J3oHC0ePZsPsXABQKCRmkm4tA/PbA301CaHFZ2MqICW892CNdBFDdapdp6DiQYQ6lRIOAaYzLB4G4/dNEJr0bYra33797tHewcHr17393b7e4d9tYPDvbbN6d37omFC7TjcqJyqZO5AyLc+b8wCHIcjxlc7YTF1fHode4U8ndJTqgYkgNo5E9S3s9oNo3IGWP+ZnTI9SjvQ+TSUKZUDNeGcq2fyv7aUPai3uaayuK1GAZYMzY6/E80lD+cbGzsrJ5sbNV77Rj1e2t7dQ5x+913//9WO/6/dvl/xGq/GJPxYZ39v8tu/t9JB//vu2v/N9Opf9XM/Jb0GVxVUxGPZIYfV2MXwWjvZ97hMyUQ/juMfeA6Ctkzybzu7xvcVQHcbKapbeYIbmYDaqNnHJKXRlLpQFAjnWjKfbPGCdUj93DwYAOA5t8hm2QshluIVbgJKF6Eaxf4xMt5TFS4RKoSfAa/SPMx+8Pl0c8GD+PYKw+P+RDjLN8SneWsPDpSpDSshM1iv8IPF018MwN1vz4QRgNX+8M8g0XByZrwa0F6s0Lhc3eiBYM+dE3vHNkQ16j7TEVcKB04S++lEbgf8F3i3iU8cdsiTmWeFDvgwHx0cQEZGTNNE6pp86b4YH/F4I649CoEEBb2CE2SC3jgwg1pnoyZUhg8Fu6REubwUsTHdBhUgy0qkIz5Ku3HSW99o1F+FAxybEYgx4c+PBHBdRSx7PED2TcrBQ/JNAkZ1QFk4I8QKofrPUvd+PCdyx3M4QAsQhfvnsYj5J+fe6YW3FuZqy0bB7ONaTzigl0E2dB3T2ZfCNOn284VRltdtBBod7/VdtZJJkGKtVw4+/j865axYaH13T1H6dHG8Z1YSGR8Bbxq5cKh+9ywvfA30DvM+ZimDNpHg1DA38wOVyOZ6QuUzIU+4Y5jnG/Vy4QZx6YHizTcQJdfKQkRPB2gUpX/sYlYAcGaX2kk2oypjMSZfzaQdMGGmnPWypvtJn34dLYhKPmBnH86/PSW/CRvjHoxphOsBvC3Giylg57cfdiT2fKceJmOIESOc835W/DtT/ipYZBjMZAht9pjAdpcOlkTMKj5vpE97blxdHAWZha7XowqYrGKpuM0ss9hahzN0KcqpFgt3qxUs5W+AeNsTp+9NKX6bW6IvpQpo6IleQcFRSABp1j2+rxSRf2cp/Up6yvqT++l3u5hr7u31A6cT2cEZgjjYpoBiWXCGvfBXbAonTEdj9oD42bBQpRi6jnwKu+zTDANoQCWD/8RftcwbvG717nKClQxKAm58G6pWrx0r2QtAX03z1UpPpFJs9iZazMHFJhIdCvVF9dMlTfI8IfOdCoT8uX4sD4RmMwTGj8dUsWI9clkUhP5j5zMFUyaMVnFSHn8hG7AppxuM+P/+z//V9kKSXWQrAT/66PPiuDnizGdTLgY2meX/tpyYwc42bNtTCd1kKFwJfrAXhzcAWzNwNsSgJFiKSSovDwUzmyRQg9hMyIZm6Q8pqpcYZM8mpuLcWdsooRNUjkdV0z4x09cjDtjYnDuDfL0yVEOBp4x9T065kMn9sPeO22zQv34eXFce3jbc7I4uU/9Fw3j2h+LM9s7DJrO2GJsMtcBy27bqvR2hqiIzr5DrbcY/yZTecXpKs21TLiC5JoC/f+Bv5JD+8uUhM+RwKtxr4OoYahQw7Fw+CFnuU7tcxF60Mq5NHN4DJ1r2V6fy4EHICgs1Twnv8uxPWO6IxqPbEnVES0lNNvAINsOnHE9KuiakCTHOgqaZjqfuDs2HIhD5eYx5lJ7nyfEi09oRsdMG8Qym18F68Y0mDvYNRq+MB87NmEXQIOsDJpCQ3SFURPHp/iEZS/Ckw6E0kPCVQkkSM/QCijTTEIbaT7JZJLHen5CQjiO37t2GKOCe9zumvbB7FKa9o3ytdKWg5lX7pk6SNadc2Z819+wevQDXlAkywVUquOiGY48Sx82+5fPJ2RkDPuRMQNhOsutAMldRI/zrHINVDZBZ8z6y4jBNijwu6HKs7g112muR0xoX4ckI0Jqb4VV73aWbAr/iNFMw/XNWAquZbZUkV0zxI59eqbwnnkxAbPat8uXEbMlfuDknLVed8zp1s1Nipux0cZ5sklKq1P1JzWUTqngG9YvCcFp+AGyh/5g2VuiIDWqjthjDcQSWtBw4jfZt0W3XAygZ6PoGRFN8lItE9LImDVkz6WmqUMQMm+Z0k1j3YVIrhrRCGLvGuc+dAcUF2TM40wqFkuRqAZNNx6x1q7MPEuj2gtVfWcGSOW138dcHDOiBaGcOHip48llB7KizP+NtDYfzbEHf6vLho0WePLaIFJqO/JgRH5yFrkc+JrvqAjYlTdawAGKcUhZFUPwZLlneXmB/UuG+Y9PG7DkkxqOfCYPVjyNp3dCeRxCVYbE+R06pfEgY49PXPXb2F0OYw6ckuk1SwifuMSr4k4wzzLQ0GRQSr9sfJX43mbuJ7V1eYgzGwsuyswsgpPcMcRcQjy4i512lNASiogVDXDqltOIxVcXVVHwAND2iZZXTDiVFTIvFTfCjgomc5VOCRfX8oolrnvLACdXWP20qB16A9WcXDVNcnyK3nJ42J3qrijp4cczWwqojhrch09oXfAZMl1AnnlLUc/HzFYoAO1mglnD1oEFWjfozlj2Di888W+AGdQSeMoo0UwkwcPwtVPZBLvVIE+SPGUJvhz9xekqKh+PKYQcOmXlg2UA+0tLHaUYh9yvoyydZkxZMwLqJVOlbegKG3OI77XGB7XwgtFQ8CausF9MJpKJ5EKrDqy6Clad6xG5HMsExF56GS3do/40MCwU0GBZ+wO8sOs8YJhqq/I4ZiwJbkeK28WbOkc93cQDylOW+EW3gihYdCOySSrlVT5pueDFGC0WvAA1mKh09TR7RV7sEfbU51BxJOSiuBUc8msmZh0Lma6T5k4FzCtB7vzAmriwlIRCKjE4TNzhFj2XTubE01ToEdM8DtxiS2f+S4x0ayuiwrGa6TVjgYIJsQZA0pJ3WxlT3kdH4ys6ZBdlR8H970Fqy+OEx7EZArurIOdBoUVQ0EFjl1mCcsXHGJbXG+Q4V3AWu+ondfSmqaR1+6jm7sf6XUm164MPdUtlvzYIFIKYzkIWf8USClUwwmEvxnx+u9S84+sumlGIDVsrj680q0uH6l69a4tVLFsy236bxRhkJnMU3pM8E2z6teFMGp+fxe8sy2S2GBDrSx3GPSlVvgVogZrSNL6a/YoLHNF6Eh7G5+enc7qI7AjN5Jh1FJtp5pNnhR+PtDiKg5ZB5KEHsbuOM0axc4BY0tRFTK2i0UOYoy+TaeOKVQeZNVBpXYomi/UBm7jtXoK4fz9RNXIqPjiKHPKAgLevfRIsWEfuGWW7liToxExtdZqokSAZwx6hzUd8MxL3IOASBvzQtnULwkozyPyEMHdfZVjoiJwYO4FDefCi0YrT9798PoGjC+40ajMaoriBzBtqJG9EM74jRhNWuZkms48rMvvIakULcO9TIQUuBE7uVrbwONjdiuvXwPrzaoIVfdeMntIp9C406qfO+ARt3bYqoHMVtN47JXD+V40uXjfsM33DmLDJ6v2phpPW0gN6D1rV/CYztiP096yNVuwOeNReJ6E8sZDLLAomhbprUhCaZozWJAIJUi/qpZECTd39+yi1OekGxWSuZ5AZ3oAEHCoz7JhBySRjA37bAb2qUQAQZ+4lkuFIRgxAuw5rXUPzSdDfoAWlKJuelWWSAAj2XTICZE5BVzMAyF1GAJnfOUsaWO1iLlndlt9kuEhlO4li9b6SV6zh0MF/SMZXTiAL5ASz5dmFFQMP4oQ7+UBZv5qtfjdJmWYlydMgMeqSAiXIPRLjBRPZcfgFHk5PQ2Z0f7rd5WR8SHDvxQy/NMRvEO54DJi9GZwS4MkonZtW+pv1KFauvnErsv/bXTmnOT3QPVNeIxAMOuPsmiU+GMB6cQEUYmGJmoEBAfTk0joEzwWJOEYhOqNCYVHriJwZfkLNtzYcutg5tAo/Pzgt9Q/Tmo0nOiJHIrF6M1QaKuR3bbSEWz976YB4yWfBS+FiaxDrOLSHzYKAbtrSGMa3yTy2sJnC7W2rBs9lGE9kNo+TuvL4oyxjqPzvSvw/tV3gSf9gs8DupIft+7q11LjvmdK0n3I1IrS6e+fQ4wsX/EvZDQuws+6gaKH3mk9Ks0lBPXaLlTcq5H0phHK3BTK+UlvhTcGng3+cbZlz4bb1RaYbo5mos24IgokqouPtPaLjsTv05Oxl7dCa0hDuzmBnXnPqyGYesheWdyhjfqMGg2hZIv1L4Ud/jqXhvZVZKiagWBI0BpjnSEvnvrQKGGOuoywoonMhpL4AmVCuRUhKQQ8lPnVlIN6SnWjXl3yvU66oF8EFGdBrDDGtFoSOijKIlxE5olnKjZ6v63UNPUu8UaVa5BDkUapqeB+mYRnJ+3CaQYQHIgozX0bkhOonxPLZ5cuIikSN6NWTnVg1CTPgwogXA6qfrIUVVxv45R1s1XlKXWtnE7HCghrCP2qF+sMaG3cjemflnSows641ZtbdmQH33RV4in+1WjzheA1VeZxw5vE4tDKODz6ctpTG9s1m+s+qAnKKEV7thLD1aKjaSs91rf/R1mccEIMcOYpH8rMdGJwqT2Ev+JHJ58AL85lNjNFZlhgt5cVTx5L8/wAAAP//XfMLPw==" } diff --git a/x-pack/metricbeat/cmd/root.go b/x-pack/metricbeat/cmd/root.go index de67f5f3799..c1822a428b8 100644 --- a/x-pack/metricbeat/cmd/root.go +++ b/x-pack/metricbeat/cmd/root.go @@ -31,7 +31,7 @@ const ( Name = "metricbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd to handle beats cli diff --git a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js index 4ef1155086b..698b12711bf 100644 --- a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js +++ b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js @@ -333,11 +333,9 @@ var powershell = (function () { var userParts = evt.Get("winlog.event_data.UserId").split("\\"); evt.Delete("winlog.event_data.UserId"); if (userParts.length === 2) { - evt.Delete("user"); evt.Put("user.domain", userParts[0]); evt.Put("user.name", userParts[1]); evt.AppendTo("related.user", userParts[1]); - evt.Delete("winlog.event_data.UserId"); } }; @@ -346,7 +344,18 @@ var powershell = (function () { evt.Delete("winlog.event_data.Connected User"); if (userParts.length === 2) { evt.Put("powershell.connected_user.domain", userParts[0]); + if (evt.Get("user.domain")) { + evt.Put("destination.user.domain", evt.Get("user.domain")); + } + evt.Put("source.user.domain", userParts[0]); + evt.Put("user.domain", userParts[0]); + evt.Put("powershell.connected_user.name", userParts[1]); + if (evt.Get("user.name")) { + evt.Put("destination.user.name", evt.Get("user.name")); + } + evt.Put("source.user.name", userParts[1]); + evt.Put("user.name", userParts[1]); evt.AppendTo("related.user", userParts[1]); } }; @@ -541,6 +550,18 @@ var powershell = (function () { ignore_missing: true, fail_on_error: false, }) + .Convert({ + fields: [ + { + from: "winlog.user.identifier", + to: "user.id", + type: "string", + }, + ], + mode: "copy", + ignore_missing: true, + fail_on_error: false, + }) .Add(normalizeCommonFieldNames) .Add(addEngineVersion) .Add(addPipelineID) @@ -583,6 +604,18 @@ var powershell = (function () { ignore_missing: true, fail_on_error: false, }) + .Convert({ + fields: [ + { + from: "winlog.user.identifier", + to: "user.id", + type: "string", + }, + ], + mode: "copy", + ignore_missing: true, + fail_on_error: false, + }) .Add(normalizeCommonFieldNames) .Add(addFileInfo) .Add(addScriptBlockID) @@ -594,6 +627,18 @@ var powershell = (function () { .Add(addRunspaceID) .Add(addScriptBlockID) .Add(removeEmptyEventData) + .Convert({ + fields: [ + { + from: "winlog.user.identifier", + to: "user.id", + type: "string", + }, + ], + mode: "copy", + ignore_missing: true, + fail_on_error: false, + }) .Build(); var event4105 = new processor.Chain() diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json index e040dd0d8f4..c6c186bd12e 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json @@ -1,6 +1,12 @@ [ { "@timestamp": "2020-05-15T08:11:47.8979495Z", + "destination": { + "user": { + "domain": "VAGRANT", + "name": "vagrant" + } + }, "event": { "action": "Executing Pipeline", "category": [ @@ -72,8 +78,15 @@ "related": { "user": "vagrant" }, + "source": { + "user": { + "domain": "VAGRANT", + "name": "vagrant" + } + }, "user": { "domain": "VAGRANT", + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000", "name": "vagrant" }, "winlog": { @@ -196,6 +209,7 @@ }, "user": { "domain": "VAGRANT", + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000", "name": "vagrant" }, "winlog": { diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json index 5926c0f789e..3c2af006185 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json @@ -28,6 +28,9 @@ "sequence": 1, "total": 1 }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{fb13c9de-29f7-0001-18e0-13fbf729d601}", "api": "wineventlog", @@ -85,6 +88,9 @@ "sequence": 1, "total": 1 }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{fb13c9de-29f7-0000-79db-13fbf729d601}", "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json index 2cbd24255ea..f19c03b5abc 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json @@ -26,6 +26,9 @@ }, "runspace_id": "9c031e5c-8d5a-4b91-a12e-b3624970b623" }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{dd68516a-2930-0000-5962-68dd3029d601}", "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json index e598bb408ee..117c907387e 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json @@ -26,6 +26,9 @@ }, "runspace_id": "3f1a9181-0523-4645-a42c-2c1868c39332" }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{e3200b8a-290e-0002-332a-20e30e29d601}", "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js index 44d0e8eb34d..e624a819beb 100644 --- a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js +++ b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js @@ -179,7 +179,7 @@ var security = (function () { "4634": [["authentication"], ["end"], "logged-out"], "4647": [["authentication"], ["end"], "logged-out"], "4648": [["authentication"], ["start"], "logged-in-explicit"], - "4657": [["configuration"], ["change"], "registry-value-modified"], + "4657": [["registry", "configuration"], ["change"], "registry-value-modified"], "4670": [["iam", "configuration"],["admin", "change"],"permissions-changed"], "4672": [["iam"], ["admin"], "logged-in-special"], "4673": [["iam"], ["admin"], "privileged-service-called"], @@ -250,8 +250,8 @@ var security = (function () { "4770": [["authentication"], ["start"], "kerberos-service-ticket-renewed"], "4771": [["authentication"], ["start"], "kerberos-preauth-failed"], "4776": [["authentication"], ["start"], "credential-validated"], - "4778": [["authentication"], ["start"], "session-reconnected"], - "4779": [["authentication"], ["end"], "session-disconnected"], + "4778": [["authentication", "session"], ["start"], "session-reconnected"], + "4779": [["authentication", "session"], ["end"], "session-disconnected"], "4781": [["iam"], ["user", "change"], "renamed-user-account"], "4798": [["iam"], ["user", "info"], "group-membership-enumerated"], // process enumerates the local groups to which the specified user belongs "4799": [["iam"], ["group", "info"], "user-member-enumerated"], // a process enumerates the members of the specified local group @@ -1351,7 +1351,7 @@ var security = (function () { "16903": "Publish", }; - // Trust Types + // Trust Types // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4706 var trustTypes = { "1": "TRUST_TYPE_DOWNLEVEL", @@ -1360,7 +1360,7 @@ var security = (function () { "4": "TRUST_TYPE_DCE" } - // Trust Direction + // Trust Direction // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4706 var trustDirection = { "0": "TRUST_DIRECTION_DISABLED", @@ -1369,7 +1369,7 @@ var security = (function () { "3": "TRUST_DIRECTION_BIDIRECTIONAL" } - // Trust Attributes + // Trust Attributes // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4706 var trustAttributes = { "0": "UNDEFINED", @@ -1899,35 +1899,58 @@ var security = (function () { }) .Build(); - var copyTargetUser = new processor.Chain() - .Convert({ - fields: [ - {from: "winlog.event_data.TargetUserSid", to: "user.id"}, - {from: "winlog.event_data.TargetUserName", to: "user.name"}, - {from: "winlog.event_data.TargetDomainName", to: "user.domain"}, - ], - ignore_missing: true, - }) - .Add(function(evt) { - var user = evt.Get("winlog.event_data.TargetUserName"); - if (user) { - if (/.@*/.test(user)) { - user = user.split('@')[0]; - evt.Put('user.name', user); - } - evt.AppendTo('related.user', user); + + var copyTargetUser = function(evt) { + var targetUserId = evt.Get("winlog.event_data.TargetUserSid"); + if (targetUserId) { + if (evt.Get("user.id")) evt.Put("user.target.id", targetUserId); + else evt.Put("user.id", targetUserId); + } + + var targetUserName = evt.Get("winlog.event_data.TargetUserName"); + if (targetUserName) { + if (/.@*/.test(targetUserName)) { + targetUserName = targetUserName.split('@')[0]; } - }) - .Build(); + + evt.AppendTo("related.user", targetUserName); + if (evt.Get("user.name")) evt.Put("user.target.name", targetUserName); + else evt.Put("user.name", targetUserName); + } + + var targetUserDomain = evt.Get("winlog.event_data.TargetDomainName"); + if (targetUserDomain) { + if (evt.Get("user.domain")) evt.Put("user.target.domain", targetUserDomain); + else evt.Put("user.domain", targetUserDomain); + } + } + + var copyMemberToUser = function(evt) { + var member = evt.Get("winlog.event_data.MemberName"); + if (!member) { + return; + } + + var userName = member.split(',')[0].replace('CN=', '').replace('cn=', ''); + + evt.AppendTo("related.user", userName); + evt.Put("user.target.name", userName); + } var copyTargetUserToGroup = new processor.Chain() .Convert({ fields: [ {from: "winlog.event_data.TargetUserSid", to: "group.id"}, + {from: "winlog.event_data.TargetSid", to: "group.id"}, {from: "winlog.event_data.TargetUserName", to: "group.name"}, {from: "winlog.event_data.TargetDomainName", to: "group.domain"}, ], ignore_missing: true, + }).Add(function(evt) { + if (!evt.Get("user.target")) return; + evt.Put("user.target.group.id", evt.Get("group.id")); + evt.Put("user.target.group.name", evt.Get("group.name")); + evt.Put("user.target.group.domain", evt.Get("group.domain")); }) .Build(); @@ -2194,16 +2217,10 @@ var security = (function () { var groupMgmtEvts = new processor.Chain() .Add(copySubjectUser) .Add(copySubjectUserLogonId) + .Add(copyMemberToUser) .Add(copyTargetUserToGroup) .Add(renameCommonAuthFields) .Add(addEventFields) - .Add(function(evt) { - var member = evt.Get("winlog.event_data.MemberName"); - if (!member) { - return; - } - evt.AppendTo("related.user", member.split(',')[0].replace('CN=', '').replace('cn=', '')); - }) .Build(); var auditLogCleared = new processor.Chain() diff --git a/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json index 5500629ef45..1c7d689ef4b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json index c34a17a1723..a19ba89ec83 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json index 0280c715784..be20ce400a4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", + "name": "testdistlocal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json index e5da6a98154..c903452389d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", + "name": "testdistlocal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json index 78d9a0146b6..3d620a576f0 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json index fd968769219..c1409cf7411 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json index 4933fc9371a..aabca7b49f0 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json index 52db79ef538..0e9aa901699 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", + "name": "testglobal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json index c4eaab12820..76fb4727e1f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", + "name": "testglobal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json index 401a7005e4c..df5d283bb3c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json index 1519fe28c2c..ed306992f89 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json index 2e2445dd16c..b3842d0b7c7 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json index 353394a452a..3c177519316 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", + "name": "testuni2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json index 688e0f7c5aa..b31bf25e3f8 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", + "name": "testuni2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json index 431f161b48b..cb288f808ee 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json index f7944a0c686..8f3d01584d6 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json @@ -4,7 +4,8 @@ "event": { "action": "session-reconnected", "category": [ - "authentication" + "authentication", + "session" ], "code": 4778, "kind": "event", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json index 93f89a592a6..0c8fb8171a0 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json @@ -4,7 +4,8 @@ "event": { "action": "session-disconnected", "category": [ - "authentication" + "authentication", + "session" ], "code": 4779, "kind": "event", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json index c849ac7c402..cdd1450d86c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1110", "name": "DnsUpdateProxy" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json index 489ea32ae30..c7e1105ac1c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", + "name": "test_group2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json index 971694737da..c9bf1f23969 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", + "name": "test_group2v2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json index e538fa47a1a..0c22e3a226d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json index a7021cfd3a2..dfd76b52414 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json index 5cdec92fafb..3768dc8e845 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", + "name": "test_group1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json index bf4540b62cb..43dafddae90 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", + "name": "test_group1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json index e47e1e32cca..24089b7f65c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1v1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json index dc4d99b087e..37c7ec70a68 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1v1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json index 7827d002a2c..0eb1d5a9b48 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json index 2389eb533ea..63dd5670366 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json index 83035c20d46..22a5fd75508 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json index d4ec0369bf8..3402221270b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", + "name": "Test_group3v2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json index d54323688b8..76560110630 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", + "name": "Test_group3v2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json index 685292a5c0d..54dd5ddcf7e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json index 17ca0872e47..ff37d528888 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json index bbac172350c..caca7eca7f2 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "Builtin", + "id": "S-1-5-32-544", "name": "Administrators" }, "host": { diff --git a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js index 17f1d0a914f..372912027a5 100644 --- a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js +++ b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js @@ -330,13 +330,16 @@ var sysmon = (function () { }; var addUser = function (evt) { + var id = evt.Get("winlog.user.identifier"); + if (id) { + evt.Put("user.id", id); + } var userParts = evt.Get("winlog.event_data.User"); if (!userParts) { return; } userParts = userParts.split("\\"); if (userParts.length === 2) { - evt.Delete("user"); evt.Put("user.domain", userParts[0]); evt.Put("user.name", userParts[1]); evt.AppendTo("related.user", userParts[1]); @@ -1192,7 +1195,7 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - category: ["configuration"], + category: ["configuration", "registry"], type: ["change"], }, target: "event", @@ -1231,7 +1234,7 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - category: ["configuration"], + category: ["configuration", "registry"], type: ["change"], }, target: "event", @@ -1270,7 +1273,7 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - category: ["configuration"], + category: ["configuration", "registry"], type: ["change"], }, target: "event", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json index d5d5c494791..5f333e3aee2 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json @@ -55,6 +55,7 @@ }, "user": { "domain": "VAGRANT-2012-R2", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { @@ -127,6 +128,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "LOCAL SERVICE" }, "winlog": { @@ -198,6 +200,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json index 5dcbcaab942..5da24c16db5 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json @@ -3,7 +3,8 @@ "@timestamp": "2020-05-05T14:57:40.589Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -67,7 +68,8 @@ "@timestamp": "2020-05-05T14:57:44.714Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -125,7 +127,8 @@ "@timestamp": "2020-05-05T14:57:44.714Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -189,7 +192,8 @@ "@timestamp": "2020-05-05T14:57:46.808Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -247,7 +251,8 @@ "@timestamp": "2020-05-05T14:57:46.808Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json index 7b102704685..678f5fe9fdf 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json @@ -57,6 +57,7 @@ }, "user": { "domain": "VAGRANT", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json index 71e0fcc639d..82df773ae15 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json @@ -144,6 +144,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -236,6 +237,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -422,6 +424,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -506,6 +509,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -581,6 +585,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -656,6 +661,7 @@ }, "user": { "domain": "VAGRANT-2012-R2", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { @@ -731,6 +737,7 @@ }, "user": { "domain": "VAGRANT-2012-R2", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { @@ -806,6 +813,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -884,6 +892,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -962,6 +971,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1036,6 +1046,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1110,6 +1121,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1187,6 +1199,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1264,6 +1277,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1338,6 +1352,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1413,6 +1428,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1491,6 +1507,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1569,6 +1586,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1647,6 +1665,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { From e332d9d27786ef8b301144ae3c87139c773aa812 Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Tue, 16 Feb 2021 17:57:30 -0600 Subject: [PATCH 10/13] Add Zeek Signatures (#23772) Add the Signature fileset to the Zeek module for Filbeat. Co-authored-by: Andrew Kroh --- CHANGELOG.next.asciidoc | 2 + filebeat/docs/fields.asciidoc | 67 ++++++++++++++ x-pack/filebeat/filebeat.reference.yml | 4 +- x-pack/filebeat/module/zeek/_meta/config.yml | 4 +- x-pack/filebeat/module/zeek/fields.go | 2 +- .../module/zeek/signature/_meta/fields.yml | 35 ++++++++ .../zeek/signature/config/signature.yml | 50 +++++++++++ .../module/zeek/signature/ingest/pipeline.yml | 89 +++++++++++++++++++ .../module/zeek/signature/manifest.yml | 19 ++++ .../zeek/signature/test/signature-json.log | 1 + .../test/signature-json.log-expected.json | 48 ++++++++++ x-pack/filebeat/modules.d/zeek.yml.disabled | 4 +- 12 files changed, 321 insertions(+), 4 deletions(-) create mode 100644 x-pack/filebeat/module/zeek/signature/_meta/fields.yml create mode 100644 x-pack/filebeat/module/zeek/signature/config/signature.yml create mode 100644 x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/zeek/signature/manifest.yml create mode 100644 x-pack/filebeat/module/zeek/signature/test/signature-json.log create mode 100644 x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e42f4d99c23..6d94b576e15 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -840,6 +840,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] - Added string splitting for httpjson input {pull}24022[24022] - Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771] +- Added Signatures fileset to Zeek module {pull}23772[23772] - Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819] - Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709] - Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875] @@ -861,6 +862,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929] - Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118] + *Heartbeat* - Add mime type detection for http responses. {pull}22976[22976] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index bdb00d656b3..902d79382d8 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -159840,6 +159840,73 @@ type: integer Height of the screen that is being shared. +type: integer + +-- + +[float] +=== signature + +Fields exported by the Zeek Signature log. + + + +*`zeek.signature.note`*:: ++ +-- +Notice associated with signature event. + + +type: keyword + +-- + +*`zeek.signature.sig_id`*:: ++ +-- +The name of the signature that matched. + + +type: keyword + +-- + +*`zeek.signature.event_msg`*:: ++ +-- +A more descriptive message of the signature-matching event. + + +type: keyword + +-- + +*`zeek.signature.sub_msg`*:: ++ +-- +Extracted payload data or extra message. + + +type: keyword + +-- + +*`zeek.signature.sig_count`*:: ++ +-- +Number of sigs, usually from summary count. + + +type: integer + +-- + +*`zeek.signature.host_count`*:: ++ +-- +Number of hosts, from a summary count. + + type: integer -- diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 17718427099..db79f9abb8c 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -2138,7 +2138,7 @@ filebeat.modules: http: enabled: true intel: - enabled: true + enabled: true irc: enabled: true kerberos: @@ -2161,6 +2161,8 @@ filebeat.modules: enabled: true rfb: enabled: true + signature: + enabled: true sip: enabled: true smb_cmd: diff --git a/x-pack/filebeat/module/zeek/_meta/config.yml b/x-pack/filebeat/module/zeek/_meta/config.yml index 3be38969bb4..cc4572f6874 100644 --- a/x-pack/filebeat/module/zeek/_meta/config.yml +++ b/x-pack/filebeat/module/zeek/_meta/config.yml @@ -20,7 +20,7 @@ http: enabled: true intel: - enabled: true + enabled: true irc: enabled: true kerberos: @@ -43,6 +43,8 @@ enabled: true rfb: enabled: true + signature: + enabled: true sip: enabled: true smb_cmd: diff --git a/x-pack/filebeat/module/zeek/fields.go b/x-pack/filebeat/module/zeek/fields.go index 8154c14a542..d048c716bf6 100644 --- a/x-pack/filebeat/module/zeek/fields.go +++ b/x-pack/filebeat/module/zeek/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZeek returns asset data. // This is the base64 encoded gzipped contents of module/zeek. func AssetZeek() string { - return "eJzsvW1vIze2J/5+PgUx+APdAdruSe7N/PcG2Ltw7O7ESNvx2M7M3X0jUFVHEsdVZIVkWVZwP/yCh2Q9qKpUVImSu3vHwGS62xL549Ph4Xn4nTPyBJsfyB8AT38iRDOdwQ/k/9i/paASyQrNBP+B/OefCCHkRqRlBmQhJFlRnmaML0kmlooUUqRlAimZb/Dr73+U4k+ELBhkqfoBv3tGOM2h6sv86E0BP5ClFGXh/qWnT/PzEdshCynyqnnbMV1okIQLmdOM/UHNF923mn03+1egFBN8xtLqVx7JE2zWQjb/fQCP+bkgJWe/l0BYClyzBQNJxILoFfguOl0ntNClhFkmlOp03pyGka7ddMBLIaS2k266NTPT6sNMUeOL2zPShKbVLIVM09YvPTTGNSxBbv2uBfC/t35JyOMKiGY5kBQyuiFz0GsATvSKKZIDVaWEHLgmlKeIPqNKn1et9IIsoANiaOECAF5z7BeeDQq9ouY/IIFQCSQvM82KDIjZaIwrTXkCOJ9Ls+e1sOtMcyArofQ7O6yUKc34smRqBYoATVYImayZXhGmFWE8Zc8sLWmGIxoZ7pIWKt563Jb53G7RnCkFKbm4/MUdKTOWQsIzE2V7bUxH8plmI0Bp8hQR6KPQZn4quIhTmb3D+MFQC5AJcG2Oh+6FnIpynsF+iO9so3QJbbxr3E8Gcko1JXMwe+fi8hdIyZoq/kbjx867ckJwDoluipBhKbGgZaZneLZ/IAuaKThciFxWAPYQIZlIaDYTki17J3YuRAaU75rZ/+w5oylLqAZl5tIcz6Z8JUwR0x3j1AwA+882IxvAopSgihOiNN0JngaDtCd0Nt9o6D9YmeDbszyC8cYeemwSL/AGxBE0SlO9fSKC5W4XyaVIASVhQjUKUwPEdLF1fYagmuWgFF1GRPc4DQ1L8v4NtX1gycApajZmvtn55W6ZGjAy83N9eXNH3JxhewPDIi1plJ4CjelmZJJXTGkhN/EW+2NGl2p7L7pe9lv/56wjNIKvwC6uv3+6uG3olWN7j3OQs1Mj8L2nCcxkkbzSTXV1+WF2f3e5xzUldf/FP0lXuRelUV8lK6yuW6lTEn4vQWmvKdoLQME5uV4QYNUd4T8mZPWRpmrg9Mo1yzIyB8LLbEy/Mf9NZwXrCJADFOV7yIUGYhoNUVuBp4VgvH+WJwH44FrEDkgmxBOkpCzq2S5Llo6gEgVIuqVSHQjrV99kSzs193tXpUtXSfFaR+Tny7s9zkcqcsomz1JXklxhe2TJnoF7XArkM0gzYwK/R779fmT50nLH6k3R2a9cg17M4yx5lU1CIUEZ4efuhPbhXjDZeT2Q+loV1Xv2nRmigkTwVI3dbUJp86d4E39rDks17UnG7DOJ/Ox6qub+uxFo9quzxe9pxG3x8W9Xt33oLu2f8NcO4P/4dkynB6pgZtYo3gV4fUdomkpQyjZfPTDDl9R9P1gtHEF0YZuD5mOYKbtx4SVZUb5siGb7M6ZpUqXYksP22jXmbhtkANCt6fN9tA9/iOKJW+EAaN1TvwXNnX3bEd7NlGhJuaL28WsemDzbEOo3qAKess7Ty7V7+/HX+xsvBpRpmTuTElOEi2ofLYTMrezxy5YSJXA1extmiqwgKxZlZmTLExdrsl4JgwVNVlWP5+Qn0CiyKK+G6LZJb8O4O0gqQKEiwtBYYe1g1YBFKRNQhGqEr4ngTlb2v7zsT6kQBeGCn82loGlivuogBax8TpPBZe+XNiRsW1rp8kaRFZXpmkrYA5TT1Y57WKpO/Glxe3Mcnj1Wx8TWvil3HOJqGVW/KWjqm7hvF0fYFJ+Y2deL1ra2/bUlbVfIDqK1ZqnoouutU0sIW5BCZCzZvC+k0CIRmXpvVMz3uVqemc7P51IYwZEJmkL6TW9rj6tq+9tz3zCmofHaz0Wl+ORqeW4nBpfrcBkeuG79s3FTLxVDqxqhSSLygnIGqTW6U1zU2dWHy0/Xtx+slK1kW9J5MDtokGVNNXW92hCmiYR/QmLmppauhx/LE03A7cUv5u7IoCXczVXS2/D2iBtP1TGrnFhoI1ejnftjbqDx4+SHE3KcHtxnzeuh9QqrlVvzt2fgqZCzJKNGpCK+V95Gn/k0VGau7eEdsKmYTEr2eruqnJ+JQquQ6bxIUzuFeDtJ9KXSJXCtyHrFkhXRIHMU2kStmU5WkBIhSQEyp7z/5BA/fnVOrjUBnojUqHjcNnyGPooet7b7Fl4HA2LDALIixy33mRZnTowWNHkCTdbUaDkJsGdIz8ljJbp6l4MQtRJlltYvckKJFKU2qKQbsX2aLWgCzmsYpMzlQsMMB/xFbAOyzMQcJ6obdkD9HmltDy38Z/D89TZrpwGNDwR4urXSIXKpnJuZmL+ibNpjFtG5UyEm11fmC5Q806xElxQUwM2U+XkoVhtltifhoNdCPvUfJsEXbOnNSahiULNNk1JpkYN8497o7c8llJO5s8/0ayGoq+QkEVJCorONeULmVGvUSJxjeYPRCh5mtvGuY0h7TJC8+Lc/bS/OiUyQt3f/tocJclHybe/3MOKhxkj36XacLWo2lbWn2U3j0Vfqs7vxditQbbhFtu3lOjnYYtRLPXAhT44W8h6QN8pKdI7GNuubE3xYttcb/GhRVVe3D/sEU0nK1WxgeqYZ0W8f2oapUN/gkLdr3GTeBdFxdrkogt9LkBuM46rcXLtB4RfiTY7ZO9ZrYbc2yl+m7BOunJs3TGW7uH2wvY8hRL20F+L+oRcG398uP108PLibRhWQsMXGOxecDryoJzMI3Syuu+Ci/sCzkxF+gfcH2BPBMHX2LsjfHv/33Yf+qTON7g3sdBO3LzzZE2txyK6rfMqm3UrNwVNQ/aqyHgdAO93M9SAfAXhx0QssIKCr/za6KPVKSKYpgrvgag2SzM3zp+msr6z9dmMyULUJ3UV99fkLcKzeC2qfXq67TTUFTZHmbmVUIKzDOQl4MT9eTp2S/u30KEvuLmMzET1D9lqEeeRp+2kY88zfX8VduHtISolu3CtQTJqbnKHZgVbhFrWy4wP3tvwenYbX1DyppG362a4dS/x+ZSroeN9H3qL1SC+eKcvoPIPmWNtbtG+wPceZ+G2pysIoQs1BmzGyUUlB8aj0X57TQ/IA73AJ1iHV/IpqnA7UQ0z3Yyfj8VM/wCl60SNGfSQrcyl5L3F1XVKlRMLQpn5/r1xT81q9dLO106BevwusPTbeqe6PXK20JGescVbgEP9tpQILTbPZrq0wySuPSQVb8eHVnpCQCJmqfZ4wFqb5JBuItD0NTH9Ix6zrdD0bVp4n7YB/NNZ9UWZZY/FXVJE5AN+KUh9E1vdsjY3MztYAsuohWHRze05k6Li72uOdSDnNNn9Mz2np33i+VSvml8BBUu/EeWYiowGaw4KyrJQwk0DV9JC5gYMBL7qkGbFtV+oOwlZM+b7HEjnQmjxTsMy79/UBQX09BseFpDmshXxS79MifW97PnM9n7mcoDHz4wVJViV/qiyLdGM+adcoF0qTjD1BtjFioszMclXJLtba2bd01WqxDI5m+vhoGjeb+jxwVy/KmJaPCxxd1+g9JthfZquhFJ+O9z1g06KF3OpNknK1ACndkTLwxu7to4HxjpRQJHXyY3T9DBt2uuWKPoNVi0Mw4bUY7wRf1OaxpBXi6e5fb/k02yqlmp6TD+fLc8I0yTFPkVBv7q8OX6cPYeMCWLIy37OvnWpbvCNCEmpTfWw3BdUr93GrUVH7ISVyIMLccp0eGC9KH341FhsLhV5Nshr0TJ6zEmjRcLnha9R0YufOLauRUBKsTEJnk1YeL7nm5OHm8e5dn1fPWeYaDQK5ub75QKjWNFlhNp/gzecktvfzo22v7/udPvxDb830ygnSR+uC4UEvZ3+HRjwlF/4NU110NpImFRxIWkpv0sKp9Z8ZzRPLYTZoa5sE84blbbtVwAk2HzlC7HLzoLIFof6NG5Thd0geYk+ucFeCVKdANQRGvcHe+Y9Aljae3mxR5YN2hUodflVFXFkh4psXknAxFoLD1Gc+ePfNTj82PxYljlNA/IyIOgahzkxtWQrTUY3gwAyCAbeDd+dW4zLy3UmP1Oi25+RWOAm6lXEQmOYIwKMmgtZ54DYXtJDimaVGhRBd+UOALxmvzbIBwsA+qWMi3k4It7itl12CNVQpO4BE5IVkCupHYwDinCnF+PIAzP3muW3ErLFNlJZAczuINUhA5Blo8wRw+fmNO6GQIulmEpDmbTKW/vQMcpGJ9esOkgtNUsjYM0i7Xu4T9Z4zd+52EoPpiCmSYCDQHHAsGS0KMzu2UyGbmwI/yN9o81nzyFSQz7NRM7RmOaSi7NfSDzdgtE4V9kVEqZtx9clex6ygEpNyDnhs9Uj6RkxRbbd0gaSJ4JoyDtIOBq8oF4K2wkQJK/zgRUtq42SVQWl0nk5Heys66fcRNTFObq6+JylbgtItLcMMEbgeQ6NW9NuYiuHDzxffHgbnu+//GhnQd9//9QBI1SaIh+pT9Zzy8Sv1Tgs4L9WHZ0mpxWJ7S0awobdM6DhZVqGpYZrjkZRmQhdkBebAG4FY/76+A4IHo9gfMR3G29K8xqYFSZl6Gs391VIU/UbgqTpWM2EqBa6Y3jS0QdyN/W+V6nmiXyv19uPjPpm3pYpJb/SbArkVxlFKibmVj3eBymdBlerp+QBUd67FXaDMO8HRWI1d2onIc8oj4ru0DbbTlXfmYFUmA9n/5Jpmw5LLEg0h1TQ5XGyBFy1TFmHAw7wX1JQgyh5RQ3aJm4Bhmp8H9kfnqd8acfV8pPb33tIWkkc4YB8hcYIpHzhbLCDFbiqbyY67iOy2kkdC1fRgzKmCRsD0Qhfv0VkQEiz9sWF3v74adU0P+f4m5WdEoJzpn5x79B9iUFFlY6nZCKqYCfcWdnswZKd1Uh1JnNW8b7qHD8dcWUOoprNkRTmHbet2YIJ6D03HS2EDBYwsR8Yz18G+Wenm2mHPwzugX00LnFD/Kru7ePg7yZGLShEtlsvMGmxQqZAi64IfxOvNVIwv+xw95OC8z7bTx9PBMM40q3mL7IyPWbhJ69DarXNK0DRJoIiB2ahbx5ERBrhp3TzO/QPXAxcYr5cxpYGbQVTBekEDqeTbOqbK4jSotZBPBlLKJCTIYOXivJhqctExfk5+3JCcPlWLYHVf5/l5c/7mHVkDJqj4u9e2VPIMlEKnlcZgp1yg4YonEjQeo5SpRDjjjo8xgxfLiknmpWniiYs1b2BkiognI7vK0bDxJE+HlKwJ0sprej5a3Cmi2YasKdN+bWlPTLv9Gb3D8iPd75fBl1J3tiJBGFNPzUN3l35KWgbu349zjC9FybV5jgujMiZPZCXWJKd849Eq66fGQCJ4gaQcj1UtLP/HzLfQuxknJcD8rYQS3P3j0NWudBfrxDUeIi402YBusEpqgZZwHCakZAUB4TN9V+whTqJtL09L5BCaYBi1kL5nvHrHDrzjMt75DJ2E9gps2mwN1/dRXVT+BVqH+IZlwGdU6Rkt9Wo2RBhygKzfrdovJUsXumgr911r+ickYyn1Crh2IRLvFSQlRp/nYPQeprzZniojmXvSCVc6yKwyyW7y8+NehhObbzUcBjEphvPehz/YcIOCFZAxDqkLPGC80rdrj+SitVHe16p5nboVwGpaqtkQc8oky+kDtlm9ISToUobyMdUckwsxG8xOmTTBuA2RYOXbl5emlQ9jA6tn2nS4USdxHO1B86vpcnKsSV8Uj4s1cQqckGgifaYSebOp1pLNSyOsGxqbTeDLqLP2UnTesKTMaPcC7uzwgrKxIR5qTOyuSWVMtOKQJWdGqhnRV4A0CwRpI6EoRHh7oX/wldOTwnm8K6eQ4oXF9LVcZJk3ya2ApiCdMpLTTf0mcKNAWV3FW1Hl0YwZjChfwqw/MTtKQgNrC2N8z1ClyhzId3/5q93cNPMuhKYlJYwO0U4MZsRFPLmPSI2SuIgXnFvbEXauWtExnrbuVvjP4AuuGyZgdEPGk6xMnXL4jvyzVLqxvrb10VAUI8g+g4E7iXqygQvJluhpjxkOyImQKQreetiLlsm1UZ2hDoQKgVqZvY+NtzJ8T4bq/bmnmFm7kfYHauTC6y5/aIwbIn3V1d8L6SsufijO+jxFfl54q13tcccYaPMk06yOo2rdrl7DnIt0NJO82gmvinsrBbUNvFbWdcsJcUoP/bXpeyy7ZeA27BD3THd4VXp65xNRGC5tGIWGLGNLjDup+gsw0FWfjeJJHQboHahoSterBsg6FSGEcXGnM+MglC4QusaFkI3Oi9vohx8urq7u3xFH/FsFQHv13o0hqOQGHyYPjTEEnGMDvPH+c7kSdCuOu2XhsLmrnpRtKYglohJo7bW69EtV9ACTa8YHi2RWxxntP9oFmNoDDoDGd/mhD97wvJHkYHpq1IvKqXa5QnvhjRBTcJRtU7K99ozvzrTgkwjqQPWtohi01CKn2vGfLViW2dDakBiMwckSyBp0vLkyGsm7OuRl8Fi5MU88WTFiTKKNsX8P7Bqg76U5RYs4O6H3RsdDF9OM8sGWFhQt9kp7tJ2a1LqUcTZRQ3VXoLO/h6TfW5r2eNAfHO+79X+rsigyBqmD6K1TOJSxELSo2cDI0F/n2WzFqCOo1pSumK/N6LIGzS7cI8refGR2hCy7i0bMGFt0t8LK5jm2zLEI15+J/2/RFYwHycXWiA36eIP9iO8XdK1j8Jnnvqy5UPxlQJG+xocVGIEQMOC2kjU+7Eqvla9VtOr6fp+CVZwl28SjB9jZblnyxOvKMLUDPzB0JX6Q8iFoPqP4XzRBxgPydwzG2Y6vmBCWnKb9AX4Tc+s3pkXmHF+N6yA48DDplyxTXs094c27G9zVaLPhXl6sZuPDyhMJC04xP3eDznwmk/dpkpwp4OmYN9//XF1e1tkxVejBDi2RjMd2k7H47lcbbTNq3IzcB4UTWtVzbHpgd1j6yOnixYejN/adgt7I81CdJmrK4O4x9QSbdwc0FGjuAT+BnIMUIQw3x7itf3Hd71Nj0h6/yErjva8padb7DAkq6wge8uAYCd9ePHxDhCSPDOn2f5LUlrGrfv/408M3QS7OeMhdUTc+XjzS8SpGfMi4YYf0XSY9WdYHOKP9gllOp7HUOSk75t/XzaDof/p/MDh3VeslcdMidqEIY817plnE2iED1S9cjmO3UnbggNxxRazYR4i5j2vW5SaKjAU7CQCT0s1wfa6DdlzNWGH6QMGsLUKm/ISNOnETVnRplg4hvbIIgCdyU1gKkOFy2tXeEXJNZUq7ebAHSJmPdaN+XsbUv/qe4rCOi+beN7kvFvvxaMeUlh2vJ4kjen6myvJO2fGVjnrEETj/USnf78ejPpuAOfTV4oqPdzs88Zery7GjA51MmwMupt31vA55tfW9wNut7/Fs659LUiszZlYsxdyui5CMm+Mjw2tr02bhkxpw6HOwHPJ/RAb7UJdnSPaZ1nZI2pe8mx5sIueXs5vUVMCvsal2ga10VJHOy9d6XNrO96NX3VEcaXLoJd9VE6jhiRq1N8IL5nfGxlc1690lVWwROoICSYMxQWq2qy73pNytux01yuwCv8eez3LIczqan3Nj94RNWutUGq227Ub9/lpRUzebh7992mfTdpMhD9wPSTN702wBplQ5qmNG5ehArm2fCGm73y8H/0B7QxdRk3DMTxB2Aun4U0CsI56INpcQXSwsMYDp5B1yefKQAEZzvuOtl7tpnVDrwqiDfnTbAhU1te0WW9/r7FTOsKglxa479T29t7kRuBNGE8SSvDgRtuvLm1DyIjSFR6Ui562imx2CPMX4MnPhKj6rvOHBR2e13VwhyB3B35Gm9XB6v5Ax/Iva+0Bqb5zF08Sf2J3ZH3USctD+xTo8ODdfHIfvAj/z5TH5uuPy9dP54kD/xek7egkdsRTJ9VWVYjpddHLR8dEc4pPYKjkZpGxEzZJHzqcypxwvQnQDVNRlTvwEgVLl/KigVDk/C3Me9tsxJpQxrRWuRJRcO03C8j3scqfW1DMu6TbexPgqC64KvOnBlZWhTPnwyqD1QnDYWy86DS/bdr+xNXNFohofq3bQATitNyZy7RvXqNMCa8Ie6oKm99L9Iacsm81Fupm5Ip/9aMemtCvZf7She3xpK1FZ0lx40Z7KxGgKGeSAexPtCLY5G68LLwXlKRHcDaN7e1XXuKM9NgMZldB2uClkdDPT4gmmr03Pa8GO1hwye/Wa9qvVUOBI6RJaOjVjXrJMnzFuUSEFmDOF0ozpbkV2LQgixwAzf7njdwmwyhJju61K1pnD9gypVyTx452Wq09j+w0aC19zNbUluH1NibEHevXwi7nza127oYGuV2bnN67EugBddX5LadQ8dOhDWhYZPub40u+s0buhKCQoNVsMxMtMI5rueTkYsBnwpaszxHxtcdw/Tg1wA3WZLXOo4I1u/VSKojhGMc+Kgcs+na7vvBHZpurYbpHuJQVutpJ/SlG0R/bAri5DnTVjX05pcr59/HSzj9XMVk+Ot92vGtWY94/CXgml497dP7sWJ4CJHufWYcC3dYosbWY7ShG9SLb/RTkUVtTMNYg7a1v5BnvNWp+reXocxECI+eF+67RzhbbbjuJivbp96DkKNSkxJZc/X3z69OH2pw+B3mEOes7ECaDfgv7x+tfY8LWEEwQLPEqA/YFXXBaJilsI4b+Dpfevlw/bhH6E/MozxoFc1s55T1V354uevjVf/ObcfHRDEgmoR1RuVqeg9vtSd/rQWQYHWNa7qiaGSbDUP7xxuFv1p5v9r6jqp+SYFOmWLYVkejUclXpQ0gKGj1V9VOFuXq2znk9pnpL2kzx1//QLbMy/hDBM4OePIg1Pk8lThdit/Hy8wZxoo9WWoFZGxxqOP9/G/ATdp8ZpIBflPGOJ6WD8MmQ0m1lDYbxj9IDNNuyPqEF47/F4yFGbRTMiLiuWpgOS8Cye4pXiME+RweMSEvc9QHxuXjgt0vPGCJ17y4wjhIqit3I4iSOS7uvK4VOhVipm0TNdByzMqsfDFGFhMOR9e3Gc7dA5sFZijVnulmBdi4YhKhFSQhLCiMG7VqVY+DPzpNZbw+CwbtV3onNR6ubgvAOuubg+03tHPdjaLvlKz9VivxCPyPlWj9Wj5o0izyCRiNtawUYtRfFQtJQiprCmAlrfLdk6/jGkPCdNVozHdpNQuQTt266rFVTcEonIC+ZKgownoZuPznqk8uDBCYHYsDc1gTktmI49WDuPqQOnTMLvJZOQElEYzQ+FzkZpGMpUavhy7OfiwqmabcTaOIBaEFny4AL0TM3gJWIKzLVqOuEbux19PkhASrmjGMJP/a9RfH/993mnknoshOSv/342Z7qBcwRPqUDNqMr6Fb9p5MgCGpAwDkBqcuHMlg8FTYB8ohtzOdxTnoqc/YEXRgjSFLZv8ehAr6im5APOn5G0dxKegYfiS0QKM4yylF0nQzSoYG7ZBCynetUbSVaQPKkQmAr6n6wRsJUK4wrKxLJf17HeK4p+lRF4K6pmLDcLMdNxk9naMFGhopzYvkjIUTHQrH5wGmi2r2BoRq06DbCKcr6lyoXiTGFeLmc9RfMj4yTYURAs55w9jAZ7oAgrUtVWVeKtE/gdYY7adoe6K2nKXi2V5R4730ftPdS+3x+95FvFCO/dnJsNFTMehpuLS+9w2wPCQtIcUsxN6YXSqcIWkp3g7k9rLHaxgW1nn7Mdt4BaZyjG/GYbQsmKcV0zJ99fXF3/9uBtzjYHY6BVYoMeWorZSnDnBu5ktvTOi41NmXWGP21W7m2kS+0S7R94IrLMmniqYT+WnEN2ZpM/zz7wtBBmWiq5NvpGwAjSmXnsxttql7ZVfELvsdfQMn1IeZS+id1VpjJZ0SwDvoR6ihc1KZxaOYuFdqe35TQcfbJado14Q3mo3JNGXV9gFMuWG3MszUz3U25NTqXxYR5kDnoN4MMxparS6/EgNoJO/nyBgzi7wKqFf65WRkhUE6QUssGv6YI4IC/05h2GywPlLvKy0ajvCxmZG+l35owHkFRmYrmcHu+wK92JKYyYoZkEmm6s0cv2hvPi+AbZkgvZV8pKpq9VIPz+6m6/VCDxxCJel5fYniv8iJ6dlkfcm0fqU6s3hWNWpNU9e+rjaQ2Dttk+xkByrd8oQknOXqrzYuaZw1Joe4xctqg/FQp3yU+Xl5W8QhtLh79+vECKLaI2G0guOcgz4uqz+aZJshJq2wU8gu8JNnNBZTrL8CkdD90vrmFiGyZvM8qXJV3CN5UBt72hRi7LYXPoFKP8vGTZkWpxmn3lhubNrDuOUf+ouyPvC/ONBPi2kee9N7pCirRMenLSIoG7s+07ooG9t00K6kmLfkVxyr5Zs3QHh8xBtUmvLFTbxeT1WAFbro5UBNkjtH1MhpiITMjeGiQkzp6xyeCZkK4uY0U3tHUGXQ7Lii1XswYouwlOSYDTk8gXaSquO8lqzHsHHU2Vz/bkFKuxGulVE1i1ibJ9HokZu2ukHI5pbc2WKHcQ/BxcmbsODjDQHDs6+a/z7//yH6jo1UygHKvSyLbJKVlRFkLHVIDMKd9FVXRQFfpOudwqgLoJVsgudlfe0ILDKHLICyGpHIvZqFc62l7O4BmGCegO2swfamI17KWbihlCPwh6JY50WTUA2m6CEdYhygNezUmvoUekC6nd5ub9Y04tqigVpFEVVvUrrZMgvS12EKPItHjvQ+1nSmVtVpRvOo19zOiyI98WPkcbK7Ni6vbDw6eeF95i/lovvI8/7vPCc1pktBN6RLq1nP6zt14ViRuodmO6qbTrlh4SGE+XM34SoKabvYGegMnsNRdq57u0A/QVFyroAd1DKjn9aPanYZA4+sU/2pkYU7IwyIku0jbZyxZSd7XuUD2r6VxRCbNFRiNyULQIlew7Au2MnMBLkpXKKNE2jdd0ngYS07h36kHJvD2FPRove5VIayW2gTE+QpAOVxHb9eY9wHj9j+b7djqq3ofuAbB+bj1qg3BV24y9lq344XovW3GDfTZ2DdD7qhyjfbqwAjLGIXVPcJdP3KZNaVfjrgvHj5Pk1jfk7yXwATqhKQI4jlDrz9b5O8i5NQU6w4NZPe8/eXt9+/frxw/vyP2Hn64fHj/cE9DJ+RApfxNyb8B9JMiXthJ6FXlw+QC//+DLZFcevaBcuVKyqYKtJ2fv/ro1k2E18QfDuqcVMNiamyuqYeLc7Cp5H52PPuqG8Nv3oxR5NfhbYWbChtQu/6dzJRlR+kaRUpXWV1QUwBv0RLYei5G1SkuG2chisUAnjFFWrOcu4DTobVf6kQb+KPxwQwxH9FjE448NA6xnZjXSEwmPBMee35EmR1u9NS38kPK5SD1hs94HhzFQDWiKkLF/P/uEHU4+Uju4Ij/3M+Xuwf/nDlU18s/odKkWRejXf7qCHr02WqizLSLephg8dDa6DyqbFs2yqLyYnWmjWXZ2fTVRGvXznEeE5/jNp+pmCuSMLuPWd9pC+JsCeXZh+pg6h8MJnJ9XNaSHmr+rU1lj1PY1TMFG4sg0h87Ls70AVhYBKjnrCKSIm+UftoPQw2+/HZkPdUhwPmKTY2Kz2rX5fNZmOj+lfcD1vl88WeTyqU1q9ialaqjgnB0FkSrnw6D2iJv1bO/x0PlysxWP/AC+cb706CnvVhXCy7+itfcppWH89lL3z9Q4P1dPfLEoeUqMYmvzIquz6B+lDqLXKkeg7XKzTSvXW3sTHm5+3LMmbvw8iEZtSEjbGRG70qbJbkabAwBdL6rokhZHqullK/BEQqPiCBp+qtkspcQaQUGzahqaHVhPsl+e+NgYhPo2ZerJmovfkUIabUL6vxogKdpH3+008TV5aYKVnjD+bC/4JCxAAk8gdcy074jSQgJhmqygWTnF/hzEX3WQP+ijL2LMFhXr/I7o8iYo2lcZJxKsC2vIxq2aiSWRkAhp5tXbwgPw9ZdsigDutzpksrHQO3KfyRY53SCsQxzP+qX314PJO3sMmFh+T0xvcgN3r3WNmelmTIFeZ3lSlBISYM8jEBsK5bczsTALms5SRjNIdMQ7frgkt8rn5n/fnuWU8bF6RVcOGHFI91P68vl3YUM8uDZT/xi/izrG5lMAi1+/0mPAKCFGkO6Vj9krPg94VU0VmfV12P8QmOS0vL6qRKOl6g0jhzhEL+unRNnjbtth9TwAxB3VK1KUWdY0YTq1y5fY2Kp7YpQ1IXfVJa5zBOCZiVJFpiq/9tITZ89u1Gr2nALpiYF8UvcbVaEhAYlKiv3RD3h/svcfNxqwvT3K8ptnTbjFayyN3DSmaV6ofgT2Z5RZECOEOil7ZC9GqGFru1sjlzJsxh8SXb6ivJtFGBmS7SQYkmXkOTIkm5IWCCkXKbKEHxcT9rLZhalSfKMW4vjttyFhbuTq1eWH9/d3l/13cm5rjLzerTy7cVVO9riX44r/ZqAYSn3TfAD58QHP6N2lSiS0y3dFf1bbdBfUx2axqaiQ5MwRUTXwBwUrHmLD3mliebj58bt3PizRzrO/HBlPstKouOSjkOaD375r5fvgVzpt+2+nkJaJy6r2LRGqyBqyrO/A6VcLlrt5/Fyi5S5sRhSyknnNF4HaaDkfGddyOjsFBxmdXVnBRjDdegUSSF5mmhVZI4sZ6zE1tLbRqMrsiE7dnyETYS4dLAHSE3JxAJgPWITDcXyAIgs0H7sAspuL60/k4/2vN2HwZFLoqO7vneDuL+8eyeOvYdAGg9z2Zxzsi3ALAxF35bZxfDQPlCAcx4xQeAzcyslkHqEAn+Rl4H49TbxG6JTkannUYI0btby+CoPC+Oz4k3PNz3w8SxiqU8WLhKF5mfnyl4wvh2iXosD6r7Nf657Oru8CpQ2TSs+sFXWATGYqlVILnWXXuXf9BK4kJIKnJwBnO9oTXUZx4oqsn2NysjfMtFtrL56v1oXSWWVHhNuDB986UwjQIgfyxQuh6nEgY4xnJ35qWviUziJWlb9u1MNyi9vQRVdUEbVmOllZK2Fp1FXy+Olh1E6INVCrwzKsAB4I2uXX/9kfFquw/Nkvta/cpbR74jhg49ozVTNH12K09ecDuFtH4LuYb99LXRzO2j7npcYI3w2MRPlWIrRkaUQvUjPLu+Ni0cV7dIOMZXdfOHJLSMkzJK70crvcqkvyplpTv9l0fcbHOZ7XMO+ptRdzj3lxY+3S+MqTolyuCCWuc3xBygVtloGsbg+ev9pr+fZmr9ey56Prf3tMKr8HhOb4TPaV9rpUdwVNnkCTOWSC23qOVr0x4F3mZcVH6aoNCA4h/pUDw4H6x9NIMEaIoyQqzai8kg/Jk+kFAXyzvh5mS9NBiG6GaV2rFuli7H1uU1srKjiMzKGKFFRqP8Y3irx9/hYX4fm75BtC05xxprREA9x7z49myU7XQj6dkwcAcv/xknz77ff/PxHS/vk//vLtyBwtIV4GlQshG87EPihCuM1Z80wlw8IHc4bU1lhc+yfQ9y4v8ifQt/Di/0rurn5zYq8qALozxZi0aM+yp9nnMLYfy+wpxoB8bN8rL5QF8d7/Ye8h1a+Fr2gLP8DkPVtdKkwVGd3MrHSKJ/suvHm+8bnqaWyknt1XRssGR+s7pv8XM8WGMpEPKPbRqu4zAI0kGWW5Iky/cVpgWRBE06NRiOTp1QJQfr385SEW883EyB/HlNm8iA2qgNddPO24qjjqC+dVhL1mcljFe1xI8TIW411QpXoQHBIB5lqMge5IEeiO0crLEqo15IU2Z8U+NUPhxc673hk1eVAwp+UYbzAZ2rPk+dLJpS81TXlNY04RltGg5mLQndvEb87soddFIH7T1cjqzEU5kPXxea2N25QI98tZkRbqgNVIaKFLCbOdAmfSm/kKNMic8QbxoRdB3sfsOvdh/zVpSM8F1yqjetLr7eHnL7PAW8okHBTm2bOmvskeBsQqDcHKhDVVeLUkNMNDWrEUMt6Td448S9rcn/bTPs7Pn7Zff3v88dffbq/OyfUt/qH+lYKKG7zTrCgKoRhG6OkyhM/f9D3rVmU9cP2shfyNMi0QvSrzOYa5BETiTNdPRpDstZMOVNi6UMyZylskcm+/NeLzu7H4nqEKyJPDJy9ZsQJZt6saBDRMdd8z9mc0CxlbPfReGn6i1QSvjXrNDBnJQ6IYRV5IO7DjQWx0MgXjwEGMCNC5rVA2PcHmjaphBuB7gs0MXmz06PEwGnnhe5kyi91qRxHBKbZE4+zbm4vLb0LRVQc5Jr+ieykcbBMJoaLeYi20XSuyBiLmuKXSc/MNifHO2ZpuFKF9uh4hGVBrt35nX/VEidxvS0Vy5K3zZQe56HZMaDMSr/mDZTFs7TpqnbJcaOexRY7IzJMsKyBUgq+SoZpIelv26FydJ6LX4mxB0Ytj8JG3cL48rxW9i9srUpTzJ9iEUJ5Fosns37EX7emzRUX69Mzs1fTMT7GMKJPUg4eHT+8fPz1UN3KVmBvkaey98SKgse0SVTIN+0Iq5XPEOOYPWWZ+mdh2t7GQ9Qq4s1N8uLz6+b35z4dxNqsyj1knyTJnC+LZtv3Ly/vMbLV07JRIqK0q5p7JqbY1+f2Fg1pQz3EDKjMGMpz9nMOLPrhQTk90O7zoukiObtYgEwoaNiNaFJk/9xndgERE9VfNy4MHmK1BaTrPmFpNX7KeqPLeJTOqp8qqdaviABoQGrS+2ZhF7JlmLB32407iNO6zAZI42sW9rfjkCj/4mgj1IGp7wV41AnZyA50c8DtXrJEq8msB3Ij/xhcM1pAoL5oNVSyZdKY+GZUE26wFHDp40lL64xR87nc8YKfsuOPxELQispwFDXNnXNyHkNV9VMsKcq2rQ6ua4mcAJ2kEVdUmEmfwGn6DN2cAi/hiaZDjbONLrDrS3sWdPGg3Si38dgXCtK2in4GunwWh5VfqQc36wpUiDa036qh5WG1OWUVQXrshxuciYJBMqXIC538I8ZcL+fXxomzJ7UMFA29trZxmnZndA6h/QlgfEpHnrjBy7+fGVy5wkMQRKAnuLO1RBjsytpJr2Wd/iD4u7MgSy51gYGiS7YYcHWFkn1xPpxiVkEvK2R99Os4RRvZro7dTj45ms5KzfpPC0QZJM2I6PcVYjWJ5AnHyoF3ZLSzHxRM4qmTZnQFCjnARfOWi/ysS9l+LeP/aBPrXLcK/QqF92JACHPiTCIk/hzebe3D+6822T522z/XNtj2A+udLuLgPHOzne40fc2BfzJttr1G9/hV/qtF9Dhf+Mcf6WVz/sQf4Gb7ZvmzR/xUJ+69FvH9tAv3rFuFfodDee0hN9K+V8YR970XrBzETje4AC9VSTZbAQVqKfce8e05uhNLZBp9CSVYqPU5ykUMuOoL0gHSsiyq927bs2fyzjYsNNP938+NoClTyBAME0VMe4hXbw+BFHlKNq9+BfFuFBzrUdW8uok57+hS7d5Ac4JmGFGROpSiKE6F2fe3GTNiCSKApUluyZ+RcWSxYEpTX28uXc5zBYNyCsLQCGeNPUUdVZTNt9B5cvuPJvSeYH4RcdXWUWalDROLNjU76lOzdKniIVoxkK7vvweHwYRI2+ebn8fKuOS9toWgF5T6a7+kB43myu2WaJCvTL3sFf7v6wlZwG/DBK8iS/MtewuvLmy9sDTuIJy1iFcL6DPykOtVBmRf1nWVxR9Sqfi+hPBls1NVX9BlsEK/te9IQqsuQ5SBjVs3s38tRJ8NiJipZQVpm1QRMW79BgREjq90VH6uTfmrMdhCjzJVZRKXwJIuDkA+/IE67LBa07TPbONqtABKwlKshuqTPfJmubh8qBqAvbbVa2OmaMizfRS2L8WimDFUK8nm2mQ0Wb4n9qIgyfF8axijTKdXUqBn1YALWqKdQ4JEgYn2DaRglHS5rHBWjo60zHWIR1UlwS/7ExXo4HiMqYtdZD1Ly1hdxEDzbkLvrCzIvFwuQRGLuJxfrsXR47Yv/zLLOChxgwPtEly1SxjXNMpJkInlCwj+3CLquPDRqJaisthuVideqyWI738duu6AJ63HMHJLXaDH4hquIlTBuUwXPII+Bxze8Jx73qXhwHldAiowyTjS86C6KauOXnMPrZeruxQijo9Yvb1WlxVkYy7SPXOqvCaAiKsYXjkjwNZ12l2sNTL5WsfR/mL73Wa8e//gBzhpkD2g4vHAqhuarfwHTlDkPJOOLyfUMevw0VcPENCxzxyyQJCIvKN/4hD8LOag2ORd6qHjUQcTLVVasxYLkQpkSRJeSY6Iylpi2vY/5laL64lBgVf44X1DBO+QQbU2ku4KsWJRmtr1rjqRQZGKTo5nAzDCS7LKkzGjlviNcpIBfp1hNVkukXSZaYIM+AHLjGCX7Pz1Gml0FUcacGizVBlmKBb+Fo1x/ZqlPl6d+a6mGJ9PfQEUpC6Hw3KSQli6Fmy/tdxSybDRwe6pjR/I+r+jETXtVaSXGlaY8aZ/G8y2oniExhQXj0IGaCJ5AoUuaZRtCiYdmBWJdh9I23RGFL9//5T9eSRKarvcRhDFruXy0obpVDayGx3/Ml1R/MvjZNwLmR6pY0pZ5c1Hq7dDhfVmf+ik5yL7viv5Qir87Wg77ng4JW0M2h0EwB0VmP1imiHAsRw+hmx4Td+IoskoCuipgzdAXtT2WEeivFM4XbwivEPgWD/wrRrsdZxCvGuIWb0ivFtd22BCOn3ZyjS1/FZLSTpLF/SWLywnj+Mxk5oQRfKaC88CRfLbSc8K4PksRGjiOsPMeQQlGrqS3uVCaqAISA/Mb1ytCCMCI2ZjHEPWX2zRUaKSrDPYTr4Cewm1txAO15gNBm59Hj5HMYSGke323twFyWOKoArdzyXWnGtjxgNOFBjkZd4Ngdu+NERRpNcCg3O4hyvFulp9/gk0Qvy7ZbTg/AspfYIPNvSNsgTALKhXYsjcbIgrgSmXkLTC9Akmkou9IqqiRWpDsYjVtjiQDvuzw3bbHskew2O6x2L6MAJ0zPRSp0gSn2JJTLAKwa29EEJi3W8l62OlerMvwUgjezc6PhO+Dax13wv3Dxdm4kYqM8I1GQnZpmkZYHy4DUFUr2zG3TzaZ+UxFmiFLv2bPzq1REeJVJQGmG9DSTrh4pPn7xJT2ISjAtWRgS1ld3IaEC0h2XFS/3V/vjwp6KlxGxoVd7I+sU763htX7qz0QXd/tD0cYuW0t6Ueiln6UZcW027zxE8E1ZRxSi+Ed3v8SErHk7A/zr9LeNak9SRbiWL4JVSyZJYIrLSnbJ5Y3yCbeaDjqyW58dUZLvRI9UQyRVuPygiwyusS6IEKaOQ/YJAXVq9ngLR3BfH9DX1he5tiRu6LH6F3FcpYMkbtOcqbe1dV7C5GxZNOs36uy95lYnq2E0qZXdSZ4tmnX8u00+MmVdNmiZWEKeeuljdRmC1wKLcjH8z/93wAAAP//uQKAiA==" + return "eJzsvW1v3Di2J/5+PgUx+ANJA7Yz6Xt7/nsb2Ltw20m30bHjsd0zd/dNgSWdquJYItUkZbsa98MvePggqSSVVCpWOcmOgelJ4iryx6fDw/PwO6fkEdY/kj8AHv9EiGY6gx/J/7F/S0ElkhWaCf4j+c8/EULItUjLDMhCSLKiPM0YX5JMLBUppEjLBFIyX+PX3/0kxZ8IWTDIUvUjfveUcJpD6Mv86HUBP5KlFGXh/qWjT/PzEdshCyny0LztmC40SMKFzGnG/qDmi+5b9b7r/StQigk+Y2n4lUfyCOtnIev/3oPH/JyTkrPfSyAsBa7ZgoEkYkH0CnwXra4TWuhSwiwTSrU6r0/DQNduOuClEFLbSTfdmplp9GGmqPbFzRmpQ9NqlkKmaeOXHhrjGpYgN37XAPjfG78k5GEFRLMcSAoZXZM56GcATvSKKZIDVaWEHLgmlKeIPqNKn4VWOkEW0ALRt3AjAF5x7BeeDAq9ouY/IIFQCSQvM82KDIjZaIwrTXkCOJ9Ls+e1sOtMcyArofSJHVbKlGZ8WTK1AkWAJiuETJ6ZXhGmFWE8ZU8sLWmGIxoY7pIWKt563JT53G7RnCkFKTm/+NUdKTOWQsITE2VzbUxH8olmA0Bp8hgR6IPQZn4CXMSpzN5hfG+oBcgEuDbHQ3dCTkU5z2A3xLe2UbqEJt5n3E8Gcko1JXMwe+f84ldIyTNV/I3Gj5215YTgHBJdFyH9UmJBy0zP8Gz/SBY0U7C/ELkIAHYQIZlIaDYTki07J3YuRAaUb5vZ/+w4oylLqAZl5tIcz7p8JUwR0x3j1AwA+8/WAxvAopSgiiOiNN0Jno4GaU/obL7W0H2wMsE3Z3kA47U99NgkXuA1iANolKZ680SMlrttJBciBZSECdUoTA0Q08XG9TkG1SwHpegyIrqHaWhYkndvqM0DS3pOUb0x883WL7fL1BEjMz9XF9e3xM0ZttczLNKQRukx0JhuBiZ5xZQWch1vsT9mdKk296LrZbf1f8paQmP0FdjG9fdP5zc1vXJo73EOcnZsBL73NIGZLJJXuqkuLz7M7m4vdrimpO6++CfpKneiNOqrZIXVdYM6JeH3EpT2mqK9ABSckasFARbuCP8xIcNH6qqB0yufWZaRORBeZkP6jflvOitYS4DsoSjfQS40ENPoGLUVeFoIxrtneRKAD65F7IBkQjxCSsqimu2yZOkAKlGApBsq1Z6wPvsmG9qpud/bKl26SorXOiK/XNzucD5SkVM2eZbakuQS2yNL9gTc41Ign0CaGRP4PfL+h4HlS8stqzdFZ790DXoxj7PkVTYJhQRlhJ+7E5qHe8Fk6/VAqmtVhPfsiRmigkTwVA3dbUJp86d4E39jDkuY9iRj9plEfnE9hbn/fgCa/eps8XsacVt8/NvlTRe6C/sn/LUD+D/eD+n0QBXMzBrFuwCvbglNUwlK2ebDA3P8krrvj1YLBxCd2+ag/hhmym5ceElWlC9rotn+DGmaVCm25LC5drW52wQ5AujG9Pk+mod/jOKJW2EPaO1TvwHNnX3bEd7NlGhJuaL28WsemDxbE+o3qAKestbTy7V78/Hz3bUXA8q0zJ1JiSnCRdhHCyFzK3v8sqVECVzNzoaZIivIikWZGdnyyMUzeV4JgwVNVqHHM/IzaBRZlIchum3S2TDuDpIKUKiIMDRWWDtYGLAoZQKKUI3wNRHcycrul5f9KRWiIFzw07kUNE3MVx2kESuf06R32bulDRm3La10eaPIisr0mUrYAZTT1Q57WEIn/rS4vTkMzx6rQ2Jr3pRbDnFYRtVtCpr6Ju7axRE2xSdm9vWisa1tf01J2xayvWitWSq66Hrr1BLCFqQQGUvW7woptEhEpt4ZFfNdrpanpvOzuRRGcGSCppB+19nawypsf3vua8Y0NF77uQiKT66WZ3ZicLn2l+Ej1617Nq6rpWJoVSM0SUReUM4gtUZ3ios6u/xw8enq5oOVskG2Ja0Hs4MGWVZXU59Xa8I0kfBPSMzcVNJ1/2N5pAm4Of/V3B0ZNIS7uUo6G94cce2pOmSVEwtt5Gq0c3/IDTR8nPxwxhyne/dZ83povMIq5db87Ql4KuQsyagRqYjvlbfRFz4Nwcy1Obw9NhWTScleb1eV81NRaDVmOs/T1E4h3k4Sfal0CVwr8rxiyYpokDkKbaKemU5WkBIhSQEyp7z75BA/fnVGrjQBnojUqHjcNnyKPooOt7b7Fl4HPWLDALIixy33qRanTowWNHkETZ6p0XISYE+QnpGHILo6l4MQtRJlllYvckKJFKU2qKQbsX2aLWgCzms4SpnLhYYZDvir2AZkmYk5TlQ77ID6PdLYHlr4z+D562zWTgMaHwjwdGOlx8ilcm5mYv6KsmmHWUTnTkBMri7NFyh5olmJLikogJsp8/NQrNbKbE/CQT8L+dh9mARfsKU3J6GKQc02TUqlRQ7yjXujNz+XUE7mzj7TrYWgrpKTREgJic7W5gmZU61RI3GO5TVGK3iY2dq7jiHtMEHy4t/+tLk4RzJB3tz+2w4myEXJN73f/Yj7GiPtp9thtqjZVNaeZjeNRx/UZ3fjbVegmnCLbNPLdXSwxaCXuudCnhwt5D0gb5SV6ByNbdY3J3i/bK82+MGiqi5v7ncJppKUq1nP9Ewzot/cNw1TY32Dfd6uYZN5G0TL2eWiCH4vQa4xjiu4ubaDwi/Emxyzd6zXwm5tlL9M2SdcOTdvmGC7uLm3vQ8hRL20E+LuoRcG398uPp3f37ubRhWQsMXaOxecDryoJnMUullcd8F59YEnJyP8Au8OsCOCYersnZO/Pfzv2w/dU2ca3RnY8SZuV3iyI9Zin10XfMqm3aDm4CkIvwrW4xHQjjdzHcgHAJ6fdwIbEdDVfRudl3olJNMUwZ1z9QySzM3zp+6sD9Z+uzEZqMqE7qK+uvwFOFbvBbVPL9fdOkxBXaS5WxkVCOtwTka8mB8upk5J93Z6kCV3l7GZiI4hey3CPPK0/TQMeebvLuMu3B0kpUQ37iUoJs1NztDsQEO4RaXs+MC9Db9Hq+Fnap5U0jb9ZNeOJX6/MjXqeN9F3qLVSM+fKMvoPIP6WJtbtGuwHceZ+G2pysIoQvVBmzGyQUlB8ah0X57TQ/IA73AJ1iFV/4qqnQ7UQ0z3Qyfj4VM3wCl60QNGfSQrcyl5L3G4LqlSImFoU7+7U66peaVeutnaalCv3gXWHhvvVHdHrgYtyRlrnBV4jP82qMBC02y2bStM8spjUsFGfHjYExISIVO1yxPGwjSfZD2RtseB6Q/pkHWdPs/6ledJO+AftXVflFlWW/wVVWQOwDei1HuRdT1bYyOzs9WDLDwEi3Zuz5EMHbeXO7wTKafZ+o/pOS3dG8+3asX8EjhI6p04T0xkdITmsKAsKyXMJFA1PWSu52DAiy5pRmzbQd1B2Iop3/dQIgdak2cKlnn7vt4jqK/D4LiQNIdnIR/Vu7RI39meT13Ppy4naMj8eE6SVckfg2WRrs0n7RrlQmmSsUfI1kZMlJlZrpDsYq2dXUsXVotlcDDTx0fTuNnUZyN39aKMafk4x9G1jd5Dgv1ltupL8Wl530dsWrSQW71JUq4WIKU7Ugbe0L19MDDekTIWSZX8GF0/w4adbrmiT2DV4jGY8FqMd4LPK/NY0gjxdPevt3yabZVSTc/Ih7PlGWGa5JinSKg394fD1+pD2LgAlqzM9+xrJ2yLEyIkoTbVx3ZTUL1yH7caFbUfUiIHIswt1+qB8aL04VdDsbFQ6NUkq0HH5DkrgRY1lxu+Rk0ndu7cshoJJcHKJHQ2aeXxkitO7q8fbk+6vHrOMldrEMj11fUHQrWmyQqz+QSvPyexvV8ebHtd32/14R96z0yvnCB9sC4YPurl7O/QiKfk3L9hwkVnI2lSwYGkpfQmLZxa/5nBPLEcZr22tkkwr1netFuNOMHmIweIXa4fVLYg1L9xR2X47ZOH2JEr3JYg4RSomsCoNtiJ/whkae3pzRYhH7QtVKrwqxBxZYWIb15IwsVQCA5TX/jg3Tdb/dj8WJQ4TgHxMyKqGIQqM7VhKUwHNYI9Mwh63A7enRvGZeS7kx6p0W3PyI1wEnQj42BkmiMAj5oIWuWB21zQQoonlhoVQrTlDwG+ZLwyy44QBvZJHRPxZkK4xW297BKsoUrZASQiLyRTUD0aRyDOmVKML/fA3G2e20TMattEaQk0t4N4BgmIPANtngAuP792JxRSJO1MAlK/TYbSn55ALjLx/LqD5EKTFDL2BNKul/tEtefMnbuZxGA6YookGAg0BxxLRovCzI7tVMj6psAP8jfafNY8MhXk82zQDK1ZDqkou7X0/Q0YjVOFfRFR6npcfbLTMSuoxKScPR5bHZK+FlNU2S1dIGkiuKaMg7SDwSvKhaCtMFHCCj940ZLaOFllUBqdp9XRzopO+kNETYyT68sfSMqWoHRDyzBDBK6H0KgVfR9TMbz/5fz9fnC+/+GvkQF9/8Nf94AUNkE8VJ/Cc8rHr1Q7bcR5CR+eJaUWi80tGcGG3jCh42RZhaaCaY5HUpoJXZAVmANvBGL1++oOGD0Yxf6I6TDelOYVNi1IytTjYO6vlqLoNgJP1bHqCVMpcMX0uqYN4m7sfquE54l+rdTbjw+7ZN6WKia90W8K5EYYRykl5lY+3I5UPguqVEfPe6C6dS1uA2XeCY7GaujSTkSeUx4R34VtsJmuvDUHK5gMZPeTa5oNSy5LNISEaXK42AIvWqYswhEP805QU4IoO0QN2SZuRgzT/NyzP1pP/caIw/OR2t97S9uYPMIe+wiJE0x5z9liASl2E2wmW+4ist1KHglV3YMxpwpqAdMLXbxDZ8GYYOmPNbv71eWga7rP9zcpPyMC5Uz35Nyh/xCDioKNpWIjCDET7i3s9uCYndZKdSRxVvOu7h7eH3OwhlBNZ8mKcg6b1u2RCeodNB0vhQ0UMLIcGc9cB7tmpZtrhz3174BuNW3khPpX2e35/d9JjlxUimixXGbWYINKhRRZG3wvXm+mYnzZ5eghe+d9Np0+ng6GcaZZxVtkZ3zIwk0ah9ZunWOCpkkCRQzMRt06jIwwwE3r5nHuH7geuMB4vYwpDdwMIgTrjRpIkG/PMVUWp0E9C/loIKVMQoIMVi7Oi6k6Fx3jZ+SnNcnpY1gEq/s6z8+bszcn5BkwQcXfvbalkmegFDqtNAY75QINVzyRoPEYpUwlwhl3fIwZvFhWTDIvTROPXDzzGkamiHg0sqscDBtP8rRPyZogrbym56PFnSKarckzZdqvLe2Iabc/g3dYfqD7/WL0pdSerUgQhtRT89Ddpp+ShoH798Mc4wtRcm2e48KojMkjWYlnklO+9miV9VNjIBG8QFIOx6oWlv9j5lvo3IyTEmD+VkIJ7v5x6CpXuot14hoPERearEHXWCW1QEs4DhNSsoIR4TNdV+w+TqJNL09D5BCaYBi1kL5nvHqHDrzjMt76DJ2E9hJs2mwF1/cRLir/Aq1CfMdlwGdU6Rkt9WrWRxiyh6zfrtovJUsXumgq921r+ickYyn1Crh2IRLvFCQlRp/nYPQeprzZniojmTvSCVd6lFllkt3kl4edDCc236o/DGJSDOedD3+w4QYFKyBjHFIXeMB40Lcrj+SisVHeVap5lbo1gtW0VLM+5pRJltN7bDO8ISToUo7lY6o4Jhdi1pudMmmCcRsiwcr7l5e6lQ9jA8MzbTrcqJM4jHav+dV0OTnWpCuKx8WaOAVOSDSRPlGJvNlUa8nmpRHWNY3NJvBl1Fl7KTpvWFJmtH0Bt3Z4QdnQEPc1JrbXJBgTrThkyamRakb0FSDNAkFaSygaI7y90N/7yulI4TzclVNI8cJi+lrOs8yb5FZAU5BOGcnpunoTuFGgrA7xVlR5NEMGI8qXMOtOzI6S0MCawhjfM1SpMgfy/V/+ajc3zbwLoW5JGUeHaCcGM+IintwHpEZJXMQLzq3tCDtXjegYT1t3I/xn8AXXDhMwuiHjSVamTjk8If8sla6tr219MBTFCLIvYOBOoh5t4EKyJXraY4YDciJkioK3GvaiYXKtVWeoAqHGQA1m70PjDYbvyVC9P/cYM2s30u5AjVx43eUfG+OGSF919XdC+oqLPxZndZ4iPy+81a7yuGMMtHmSaVbFUTVuV69hzkU6mEkedsKr4t5IQW0Cr5R13XBCHNNDf2X6Hspu6bkNW8Q90x1eQU9vfSIKw6UNo9CQZWyJcSehvxEGuvDZKJ7UfoDegYqmdL2qgaxSEcYwLm51ZuyF0gVCV7gQstF5cRv9+OP55eXdCXHEvyEA2qv3bgyjSm7wfvLQGEPAOTbAa+8/lytBN+K4GxYOm7vqSdmWglgiKoHWXqtLv4SiB5hcMzxYJLM6zGj/0SzA1BzwCGh8mx967w3Pa0kOpqdavaicapcrtBPeCDEFB9k2Jdtpz/juTAs+iaAKVN8oikFLLXKqHf/ZgmWZDa0dE4PRO1kCWYMON1dGIzmpQl56j5Ub88STFSPGJNoYu/fAtgH6XupTtIizEzpvdDx0Mc0oH2xpQdFgr7RH26lJjUsZZxM1VHcFOvv7mPR7S9MeD/q94323/m9VFkXGIHUQvXUKhzIUghY1GxgZ+qs8m40YdQTVmNIV87UZXdag2YU7RNmbj8wOkGV3XosZY4v2VljZPMeGORbh+jPx/y3agnEvudgYsUEfb7Af8f2CrnUMPvPclxUXir8MKNLX+LACIxBGDLipZA0PO+i18rWKVl3d7VKwirNkk3h0DzvbDUseeVUZpnLgjwxdiR+kvA+aLyj+F02Q8YD8HYNxNuMrJoQlp2l3gN/E3Pq1aZE5x1ftOhgdeJh0S5Ypr+aO8ObtDW5rtN5wJy9WvfF+5YmMC04xP7e9znwmk3dpkpwq4OmQN9//XF5cVNkxIfRgi5ZIhmO7yVB896uNth41bkbug8IJDfUc6x7YLZY+crx48f7ojV2noDPyfKxOEzVlcPuYOoLN2wPqCzT3gB9BzkGKMQw3h7itf3Xd71Jj0h6/yErjna8padb7FAkqqwgecu8YCd+e339HhCQPDOn2f5bUlrELv3/4+f67US7OeMhdUTc+XDzS8SpGfMi4YY/pu0w6sqz3cEb7BbOcTkOpc1K2zL+vm0HR/fT/YHBuq9ZL4qZFbEMxjjXviWYRa4f0VL9wOY7tStkjB+SOK2LFPsaY+7hmbW6iyFiwkxFgUrrur8+1146rGCtMHyiYtUXIlJ+wQSduwoo2zdI+pFcWAfBErgtLAdJfTjvsHSGfqUxpOw92DynzsWrUz8uQ+lfdUxye46K5803uisV+PNoxpWXL60niiJ5fqLK8U3Z8paMecQTOfwTl+91w1GcdMIeuWlzx8W6GJ/56eTF0dKCVabPHxbS9ntc+r7auF3iz9R2ebd1zSSplxsyKpZjbdhGSYXN8ZHhNbdosfFIBHvscLPv8H5HB3lflGZJdprUZkvY176Z7m8j59ewmNRXwa2yqbWCDjirSeflaj0vb+W70qluKI00OveTbagLVPFGD9kZ4wfzO2PhCs95dEmKL0BE0kjQYE6Rm2+pyT8rdut1So8wu8Dvs+TSHPKeD+TnXdk/YpLVWpdGwbdfq99eKmrpe3//t0y6btp0Mued+SOrZm2YLMKXKQR0zKkcHcm37REjb/W45+HvaG9qI6oRjfoKwE0iHnwLiOeKJaHIJ0cXCEgOYTk6Qy5OPCWA05zveermb1gm1Nowq6Ec3LVBRU9tusPWdzk5whkUtKXbVqu/pvc21wJ1xNEEsyYsjYbu6uB5LXoSm8KhU5LxRdLNFkKcYX2YuXMVnldc8+OistptrDHJH8Hegad2f3m/MGP5F7b0ntTfO4nHiT+zO7I46GXPQ/sU63Ds3Xx2H7wI/8/Ux+brj8u3T+eJA/8XpO3gJHbAUydVlSDGdLjq5aPlo9vFJbJScHKVsRM2SR86nMqccL0J0AwTqMid+RoFS5fygoFQ5Px3nPOy2Y0woY1opXIkouXaahOV72OZOrahnXNJtvInxVRZcFXjTgysrQ5ny4ZWj1gvBYW+d6DS8bNr9htbMFYmqfSzsoD1wWm9M5No3rlGnBVaEPdQFTe+k+0NOWTabi3Q9c0U+u9EOTWlbsv9kQ/f40laisqS58KI9lYnRFDLIAfcm2hFsczZeF14KylMiuBtG+/YK17ijPTYDGZTQdrgpZHQ90+IRpq9Nx2vBjtYcMnv1mvbDaihwpHQJLZ2aMS9Zpk8Zt6iQAsyZQmnGdLsiuxYEkWOAmb/c8bsEWLDE2G5DyTpz2J4g9YokfrzVcvg0tl+jsfA1V1NbgtvXlBh6oIeHX8ydX+naNQ30eWV2fu1KrArQhfNbSqPmoUMf0rLI8DHHl35nDd4NRSFBqdmiJ15mGtF0x8vBgM2AL12dIeZri+P+cWqAG6jLbJlDgDe49VMpiuIQxTwDA5d9Ol3deiOyTdWx3SLdSwrcbCX/lKJoj+yAHS5DndVjX45pcr55+HS9i9XMVk+Ot90va9WYd4/CXgml497dv7gWJ4CJHufWYsC3dYosbWYzShG9SLb/RdkXVlTPNYg7axv5BjvNWpereXocRE+I+f5+67R1hTbbjuJivby57zgKFSkxJRe/nH/69OHm5w8jvcMc9JyJI0C/Af3T1efY8LWEIwQLPEiA3YEHLotExS2E8N+jpffni/tNQj9CPvOMcSAXlXPeU9Xd+qKnb80XvzszH12TRALqEcHN6hTUbl/qVh86y2APy3pb1cQwCZb6hzcOd6P+dL3/FVXdlByTIt2ypZBMr/qjUvdKWsDwsdBHCHfzap31fErzlLSf5Kn7p19hbf5lDMMEfv4g0vA4mTwhxG7l5+MN5kQbrbYEtTI6Vn/8+SbmR2g/NY4DuSjnGUtMB8OXIaPZzBoK4x2je2y2Zn9EDcJ7j4dDjposmhFxWbE0HZCEJ/EYrxSHeYr0Hpcxcd89xOfmhdMgPa+N0Lm3zDjGUFF0Vg4ncUTSXVU5fCrUoGIWHdO1x8KsOjxMERYGQ943F8fZDp0DayWeMcvdEqxrUTNEJUJKSMYwYvC2VSkW/sw8qfXGMDg8N+o70bkodX1w3gFXX1yf6b2lHmxll3yl52qxW4hH5Hyrh/CoeaPIE0gk4rZWsEFLUTwUDaWIKaypgNZ3S7aOfxxTnpMmK8Zju0moXIL2bVfVCgK3RCLygrmSIMNJ6Oajsw6p3HtwxkCs2ZvqwJwWTIcerK3H1J5TJuH3kklIiSiM5odCZ6009GUq1Xw59nNx4YRma7E2DqAWRJZ8dAF6pmbwEjEF5krVnfC13Y4+HyQgpdxRDOGn/tcgvr/++7xVST0WQvLXfz+dM13DOYCnVKBmVGXdit80cmQBNUgYByA1OXdmy/uCJkA+0bW5HO4oT0XO/sALYwzSFDZv8ehAL6mm5APOn5G0txKegI/Fl4gUZhhlKdtOhmhQwdyyCVhO9dAbSVaQPKoxMBV0P1kjYCsVxhWUiWW/rmK9VxT9KgPwVlTNWG4WYqbjJrM1YaJCRTmxfZExR8VAs/rBcaDZvkZDM2rVcYAFyvmGKjcWZwrzcjnrKJofGSfBjkbBcs7Z/Wiwe4qwIlVtqBJvncAnhDlq2y3qrqQpe7VUljvsfBe1d1/7fnf0km8VI7y3c27WVMx4GK7PL7zDbQcIC0lzSDE3pRNKqwrbmOwEd39aY7GLDWw6+5ztuAHUOkMx5jdbE0pWjOuKOfnu/PLqt3tvc7Y5GD2tEhv00FDMVoI7N3Ars6VzXmxsyqw1/GmzcmcjXSqXaPfAE5Fl1sQThv1Qcg7ZqU3+PP3A00KYaQlybfCNgBGkM/PYjbfVLmyr+ITeYa+hZXqf8ihdE7utTGWyolkGfAnVFC8qUji1chYL7U5vw2k4+GS17BrxhnIf3JNGXV9gFMuGG3MozUx3U25NTqXxYR5kDvoZwIdjShXS6/Eg1oJO/nyOgzg9x6qFfw4rIySqCVIKWePXdEEckBd6fYLh8kC5i7ysNer7QkbmWvqdOeMjSCozsVxOj3fYlu7EFEbM0EwCTdfW6GV7w3lxfINsyYXsKmUl09cqEH53ebtbKpB4ZBGvywtszxV+RM9OwyPuzSPVqdXrwjEr0nDPHvt4WsOgbbaLMZBc6TeKUJKzl3BezDxzWAptj5HLFvWnQuEu+fniIsgrtLG0+OuHC6TYImqznuSSvTwjrj6bb5okK6E2XcAD+B5hPRdUprMMn9Lx0P3qGia2YfI2o3xZ0iV8Fwy4zQ01cFn2m0OnGOXnJcsOVIvT7Cs3NG9m3XKMukfdHnlXmG8kwDe1PO+d0RVSpGXSkZMWCdytbd8RDey8bVJQj1p0K4pT9s0zS7dwyOxVm/TSQrVdTF6PFbDl6kBFkD1C28dkiInIhOysQULi7BmbDJ4J6eoyBrqhjTPoclhWbLma1UDZTXBMApyORL5IU3HVSlZj3jvoaKp8tienWI3VSK+KwKpJlO3zSMzYXSNlf0xrY7ZEuYXgZ+/K3FVwgIHm2NHJf5398Jf/QEWvYgLlWJVGNk1OyYqyMXRMBcic8m1URXtVoW+Vyw0B1HWwQraxu/KGFhxGkUNeCEnlUMxGtdLR9nIGT9BPQLfXZv5QEathL+1UzDH0g6BX4kCXVQ2g7WY0wipEucerOek19IB0IZXb3Lx/zKlFFSVAGlRhVbfSOgnS22ILMYpMi3c+1H6mVNZkRfmu1djHjC5b8m3hc7SxMiumbt/ff+p44S3mr/XC+/jTLi88p0VGO6EHpFvL6T8761WRuIFq16aboF039JCR8XQ540cBarrZGegRmMxec6G2vktbQF9xoUY9oDtIJacfze40DBJHv/hHMxNjShYGOdJF2iR72UDqrtYtqmeYzhWVMFtkNCIHRYNQyb4j0M7ICbwkWamMEm3TeE3n6UhiGvdO3SuZt6OwR+1lrxJprcQ2MMZHCNL+KmLb3rx7GK//UX/fTkfV+dDdA9YvjUftKFxhm7Elp7qUrxVYeO/730WriEsz4CisNimEwswQjH4ZOq5sGZXbaJPEsELjKpdjba+hJ5IBvo9jrJNpR0ioPvVUMSJsIj1FkPhcHzOB5Twu0g+e2YkUdG20cFveRUjL+TSSbN2sa5cFYPRp3cZ2o9hSnZBSlba4kxQ5UWWeU7m2VocRWZiHA2daVycWFe3DVU3Ta7mc7q92cjnVSKxjlxK+C1VdrQWEFZAxDqmz5Dlagib7UrOo/7vgoRnm2q4U7d9L4D2sZFP0uDi6UXfS399Bzq1Hwdkvzep5N+zbq5u/Xz18OCF3H36+un/4cEdAJ2d9tT3qkDvzdiJBvhBc45o68XZxD7//6Kvth8CAUSm3pWTxxNtvd1eNmXSzOKSr9WWHTKuDsjE3l1TDxLlx8KPt4q1lLaJuCL99P0qRh8HfCDMTNjJ/+T+dR9rc3G9UkPe0KIDXWM5sWSejsiktGZIaiMUCfbnmzWMDAEacBr0ZkXOggT8IP9wx9md6qPoFDzU/jid4NtITedMEx55PSJ3qsdqaFv6YKtzIYGPJM3qH0VNUbIqQsX8//YQdTj5SWyhnv/Qz5e7B/+cOVRj5F3S6VINp+Ns/XaNsZzbosLUtIt6mGIN4OrgPgmmcZlnUJ2hr2miWnV5dTpRG3eUSIsJzZRKm6mYK5Iwu45aJ20D4mwJ5em76mDqH/XngX1ZRtfuKBrBVoGfQhB4eIocqtubQeXm2E8BgWKSSs5ZAirhZ/mE7GHv47bcj0yr3Cc4HbHJIbIZdm89nzYIJx7QPuN53C0uNXIW5XuGhzsw8VnDODoJIlfN+UDuE3/uiEfHQ+arVoRxFD77hsgvRmTOsKoSXf6iO4TPTx5XJkLp7poZp/jrSFETJU2IUW5teHc6if5Q6iF6rHIC2zVs/rep35ZS8v/5px9La8dOpaiVmIW0mVm1jXyDbibH2AHS1CEFqDapl08tG/JqEWuEiNPyE2SylxFJjo2bVNDTbsyxttzzxIXYI9W3K1KP1Op2QQhptQvq/GiAp2kdPtpr46vRWo5WeMTNeSWMJC5DAE0gdwfUJUVpIIEyTFdQLMNmfvWjw9nIrf/S10NkiFK/YkqRSB0W7CmxFgnVuDdm4VTOxJBISIc28elv4CHzdld8igPutiryuLfQWCgWy4V3phbVP/Ip+6fx1bw7gDgMmliYYsyTdwN1rXSPBhRnTyOAVeVSUEhJgTwMQawrl+5lYmAVNZymjGSQ64h3fX9lf5XPzv/enOWV8qOzZpQNGHNLdlL58/v24Ie5d4q17jN9HHWP9KYA19F/pMWCUECNId0rr7hSf+7jQJ4rM6jrsfghMclpeXQbRaBm/x3HM7KOXdTMr7XC3bbF67gHiluoVKcosq5swndrlK/VslE8yypqQ28qbV6lG8MREqSJXPLjy0hNnz27UMHtOgfT8Yp4b4o0KaMiIfEfF/ugGvHvNiJ/WGrC9emGrIXWV9fFRDCp/XUXOc1Ca5oXqRmB/BglKMdCwlflLdiKW67e2uzVyzANm/GOSVFaUt5ORI0OynYyGZIm9DgzJZraOhJSLFIsNHBYT9rLehikovlHr+fz2W58wN3L18uLDu7vbi+47Obelil7vVp5du2JJO9zLccV/Pd4Upb5pfgSH+h7P6O0VjyQ0qwBGf1bbrDnUx2axGe2QK9Hx2dXwj4p53seGvdXEcn/90/cnPrrZzrO/HBlPstKouOSjkOaD708aaYP4lVbb/tsppGXiyBl8S4Qq8gxZ1nXg9KsFy10/fCnRcuc2lBDJDb3mi0BttJyPjGs4nZ2Cg8TwrjppLZjueQUSSF5mmhVZjQwBy7rVtLbB4OzsgE7dXyAT41w6WEmoI+Rin5BYrOXjqIJAkQWaj10A2fX51Sfy8e7z9Th4Mil0VPf3VnB3F7cP5OHzOGi9QW67E5d2RbiNAxF35TZxfDQPlFE4Dhmh8DByKyeT6chG+CQvRu7X48RrjJ2SXMXNF9gEc62WV5fjoDA+O/zkXPFTH88yDtWx4kXGoXmZ+Sq6jC/72NuiwPqv089VT6dXtyOlDZNKz6wVtYeTaiojWwOdJem6c/2MXElIBE+PAM52tCO6jOLEFVk3Ve1kb5hpt9JePO21C6Wzyo4Ybw/ufetM4VGMHMgXL4Sqw4GMMZ6t+Klp4VM6m1wkrONdUSur5xa3pouuqCLqmWGSllno0qir5OHT/aCdEEsph8PSrwDuCdrRdPzZHxarsPzZL7UvAKi0e+I4YMPaM1Uzx/pktPWnPSigB+C7mG/fS1Vj0to+56XGCN81DET5BhFasjSiF6lOFtFysejiHbpBhkgizh1HLqTkCRJXwb1ZtdlxRVCtqd9sujrjQ1e/mj3DvKNkZ8w95sWNtUvjK0+KcrkilLjO8QUpF7ReTTbcHjx/tdfyzfVOr2VPa9n99phUxRMIzfGZ7At2thkzC5o8giZzyAS3ZWGtemPAuwTuQGvripYIDmP8K3uGA3WPp8ZTgBAHuZjqUXkl75Mn0+uK+GZ9Wd2GpoMQ3QxvJgjb+9xmyAdGSYzMoYoUVGo/xjeKvH16j4vw9H3yHaFpzjhTWqIB7p2nWbScyc9CPp6RewBy9/GCvH//w/9PhLR//o+/vB+YoyXEy6ByIWT9hA57RQg3qa+eqGRYP2XOkCEfa/T/DPrO5UX+DPoGXvxfye3lb07shTrCW5kK6sOal9nj7EsY209l9hhjQD6275UXyoJ45/+w85Cq18I3tIXvYfKeDZcKU0VG1zMrneLJvnNvnq99LjyNjdSz+8po2eDYwYf0/2KmWF8m8h41gxpFwnqgkSSjLFeE6TdOCywLgmg6NAqRPL5aAMrni1/vYxFoTYz8cYS79YvYoBrxuounHYfCxb7+ZuD9NpPDAn16IcXLUIx3QZXqQLBPBJhrMQa6A0WgO2I8L0uo1pAX2pwV+9QcCy923vXWqMm9gjltqYIaIao9S77sArnwFespr6ohUEeiIslc9Lpz6/jNmd33uhiJ33Q1sDpzUfZkfXxZa+M2JcL9elakgXrEaiS00KWE2VaBM+nNfAkaZM54jT/ViyDvY3ad+7D/ijSk44JrVGM+6vV2/8vXWScyZRL2CvPsWFPfZAeRakhDsDLhmSq8WhKa4SENZKeMd+SdI12bNven/bSP8/On7fNvDz99/u3m8oxc3eAfql8pCCUGWs2KohCKYYSeLseUBUH6oXZx5z3Xz1rI3yjTAtGrMp9jmMuISJzp+skAkp120p4KWxuKOVN5g4vy7XsjPr8fiu/pK6Q+OXzyghUrkFW7qkZAw1T7PWN/BrOQsdV976X+J1rFE10r+86wsMGYKEaRF9IO7HAQa51MwdhzECMCdG4rlE2PsH6jKpgj8D3CegYvNnr0cBiNvPC9TJnFdtG0iOAUW6Jx9u31+cV3Y9GFgxyTptW9FPa2iYxhtN8gP7VdK/IMRMxxS6Vn5hsS452zZ7pWhHbpeoRkQK3d+sS+6okSud+WiuRIf+mrl3LR7pjQeiRe/Qer69gSmNQ6ZbnQzmOLVLOZ52pXQKgEX2xH1ZF0tuzRuXJxRD+L0wVFL47BR97C2fKsUvTOby5JUc4fYT2G8iwS2273jj1vTp+tTdSlZ2avpmd+imVEmaQe3N9/evfw6T7cyCExd5SnsfPGi4DGtktUyTTsCqmUTxHjmD9kmfllYtvdxEKeV8CdneLDxeUv78x/PgyzWZV5zHJrloBfEE/a719e3mdm8LpOiYTKqmLumZxqkIxm4cJBLajjuAGVGQM5vogChxe9d72tjuh2eNFVrS1dL2UoFNRsRrQoMn/uM7oGiYiqr5qXBx9htgal6TxjajV9yTqiyjuXzKieKgvrFuIAahBq7ODZkEXsiWYs7ffjTqJG77IBkjjaxZ0tHOfqx/jSKtUgKnvBTqVGtnIDHR3wiav5ShX5XAA34r/2BYN1TJQXzfoKH006U5+MSoJtVgIOHTxpKf1xGn3utzxgp+y4w/EQNCKynAUNc2dc3IeQ4T6qZAW50uHQqrr46cFJakFVlYnEGbz63+D1GcBa4Fhh6DDb+AKLFzV3cSsP2o1SC79dgTCNRDFFBrp6Foyt4lQNatYVrhRpaJ1RR/XDanPKQp2Dyg0xPBcjBsmUKieUDhlD/OVCfmtM5fahgoG3tuRWvVzV9gFUP2NYHxKR566+eufnhldu5CCJI1AS3Fnaowx2YGwl17LL/hB9XNiRJZY7wsDQJNsOOTrAyD65no4xKiGXlLM/unScA4zsc623Y4+OZrOSs26TwsEGSTNiOj3GWI1ieQRxcq9d9T6s6seTdmmKmAPcngFCDnARfOOi/xsS9t+KeP/WBPq3LcK/QaG935BGOPAnERJ/CW829+D815ttl3KPX+qbbXMA1c/XcHHvOdgv9xo/5MC+mjfbTqN6/Sv+WKP7Ei78Q471i7j+Yw/wC3yzfd2i/xsS9t+KeP/WBPq3LcK/QaG985Dq6F8r4wn73onWD2ImGt0C1rummiyBg7QU+45594xcC6WzNT6FkqxUepjkIodctATpHulY5yG927bs2fyztYsNNP93/dNgClTyCD0E0VMe4oHtofciH1ONq9uBXFWYdair3lxEnfb0KXbvIDnAEx1T1z2VoiiOhNr1tR0zYQsigaZIbcmekHNlsWDJqLzeTr6cwwwG4xaEpRXIGH+MOqqQzbTWO3D5Dif3HmF+EHLo6iCzUoWIxJsbnXQp2dtV8DFaMZKtbL8H+8OHybjJNz8PF7f1eWkKRSsod9F8jw8Yz5PdLdMkWZl+3Sv42+VXtoKbgPdeQZbkX/cSXl1cf2Vr2EI8aRFDCOsT8KPqVHtlXlR3lsUdUav6vYTyaLBRV1/RJ7BBvLbvSUMIlyHLQcasmtm9l6NOhsVMVLKCtMzCBExbv16BESOr3RUfq5J+Ksx2EIPMlVlEpfAoi4OQ978gjrssFrTtM1s72q0RJGApV310SV/4Ml3e3AcGoK9ttRrY6TNlWL6LWhbjwUwZqhTk82w96y3eEvtREWX4vjSMUaZTqqlRM6rBjFijjkKBB4KI9Q2mYZS0v6xxVIyOts50iEVUJ8Et+SMXz/3xGFERu846kJK3voiD4Nma3F6dk3m5WIAkEnM/uXgeSofXvvjPLGutwB4GvE902SBlfKZZRpJMJI9I+OcWQVeVhwatBMFqu1aZeK2aLLbzXey2C5qwDsfMPnmNFoNvOESsjOM2VfAE8hB4fMM74nGfigfnYQWkyCjjRMOLbqMIG7/kHF4vU3cnRhgdtX55oyotzsJQpn3kUn91AIGoGF84IsHXdNpermdg8rWKpf/D9L3LenX4x/dw1iB7QM3hhVPRN1/dC5imzHkgGV9MrmfQ4acJDRPTsMwds0CSiLygfO0T/izkUbXJudB9xaP2Il4OWbEWC5ILZUoQXUqOicpYYtr2PuRXiuqLQ4EV/HG+oIJ3yCHaikh3BVmxKM1se9ccSaHIxDpHM4GZYSTZZUmZ0eC+I1ykgF+nWE1WS6RdJlpggz4Acu0YJbs/PUSaHYIoY04NlmqDLMWC38JRrj+x1KfLU7+1VM2T6W+gopSFUHhuUkhLl8LNl/Y7Clk2arg91bEjeZ8HOnHTXiitxLjSlCfN03i2AdUzJKawYBxaUBPBEyh0SbNsTSjx0KxArOpQ2qZbovDlh7/8xytJQtP1LoIwZi2XjzZUN9TAqnn8h3xJ1SdHP/sGwPxEFUuaMm8uSr0ZOrwr61M3JQfZ9V3RHUrxd0fLYd/TY8LWkM2hF8xekdn3liliPJaDh9BNj4k7chRZkICuClg99EVtjmUA+iuF88UbwisEvsUD/4rRbocZxKuGuMUb0qvFte03hMOnnVxhy9+EpLSTZHF/zeJywji+MJk5YQRfqODccyRfrPScMK4vUoSOHMe48x5BCUaupLe5UJqoAhID8zvXK0IYgRGzMQ8h6i82aajQSBcM9hOvgI7CbU3EPbXmR4I2Pw8eI5nDQkj3+m5uA+SwxFGN3M4l161qYIcDThca5GTcNYLZnTfGqEirHgblZg9Rjne9/PwjrEfx65LthvMDoPwV1tjcCWELhFlQqcCWvVkTUQBXKiNvgekVSCIVPSGpokZqQbKN1bQ+kgz4ssV32xzLDsFi28di+zICdM50X6RKHZxiS06xCMC2vRFBYN5sJOthpzuxLsNLIXg7Oz8Svg+uddwJd/fnp8NGKjLANxoJ2YVpGmF9uBiBKqxsy9w+2WTmMxVphiz9mj05t0YgxAslAaYb0NJWuHik+fvElPYhKMC1ZGBLWZ3fjAkXkOywqH67u9odFXRUuIyMC7vYHVmrfG8Fq/NXOyC6ut0djjBy21rSD0Qt/SDLwLRbv/ETwTVlHFKL4QTvfwmJWHL2h/lXae+a1J4kC3Eo34QqlswSwZWWlO0SyzvKJl5rOOrJrn11Rku9Eh1RDJFW4+KcLDK6xLogQpo5H7FJCqpXs95bOoL5/pq+sLzMsSN3RQ/Ru4rlLOkjd53kTL2tqvcWImPJul6/V2XvMrE8XQmlTa/qVPBs3azl22rwkyvpskHLwhTy1ksbqc0WuBRakI9nf/q/AQAA//8i4KAm" } diff --git a/x-pack/filebeat/module/zeek/signature/_meta/fields.yml b/x-pack/filebeat/module/zeek/signature/_meta/fields.yml new file mode 100644 index 00000000000..7637ddd532b --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/_meta/fields.yml @@ -0,0 +1,35 @@ +- name: signature + type: group + default_field: false + description: > + Fields exported by the Zeek Signature log. + fields: + - name: note + type: keyword + description: > + Notice associated with signature event. + + - name: sig_id + type: keyword + description: > + The name of the signature that matched. + + - name: event_msg + type: keyword + description: > + A more descriptive message of the signature-matching event. + + - name: sub_msg + type: keyword + description: > + Extracted payload data or extra message. + + - name: sig_count + type: integer + description: > + Number of sigs, usually from summary count. + + - name: host_count + type: integer + description: > + Number of hosts, from a summary count. diff --git a/x-pack/filebeat/module/zeek/signature/config/signature.yml b/x-pack/filebeat/module/zeek/signature/config/signature.yml new file mode 100644 index 00000000000..e6bef4d1a9d --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/config/signature.yml @@ -0,0 +1,50 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.signature + - convert: + ignore_missing: true + fields: + - {from: zeek.signature.src_addr, to: source.address} + - {from: zeek.signature.src_addr, to: source.ip, type: ip} + - {from: zeek.signature.src_port, to: source.port, type: long} + - {from: zeek.signature.dst_addr, to: destination.address} + - {from: zeek.signature.dst_addr, to: destination.ip, type: ip} + - {from: zeek.signature.dst_port, to: destination.port, type: long} + - rename: + ignore_missing: true + fields: + - from: zeek.signature.uid + to: zeek.session_id + - from: zeek.signature.sig_id + to: rule.id + - from: zeek.signature.event_msg + to: rule.description + - drop_fields: + ignore_missing: true + fields: + - zeek.signature.src_addr + - zeek.signature.src_port + - zeek.signature.dst_addr + - zeek.signature.dst_port + - add_fields: + target: event + fields: + kind: alert + - community_id: + - add_fields: + target: '' + fields: + ecs.version: 1.7.0 diff --git a/x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml new file mode 100644 index 00000000000..539ea5d7912 --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml @@ -0,0 +1,89 @@ +--- +description: Pipeline for normalizing Zeek signature.log. +processors: + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' + - set: + field: event.created + value: '{{@timestamp}}' + - date: + field: zeek.signature.ts + formats: + - UNIX + - remove: + field: zeek.signature.ts + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - append: + field: "related.ip" + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" + - append: + field: "related.ip" + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/x-pack/filebeat/module/zeek/signature/manifest.yml b/x-pack/filebeat/module/zeek/signature/manifest.yml new file mode 100644 index 00000000000..e0d005622d0 --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/manifest.yml @@ -0,0 +1,19 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/signatures.log + os.linux: + - /var/log/bro/current/signatures.log + os.darwin: + - /usr/local/var/logs/current/signatures.log + - name: tags + default: [zeek.signature] + +ingest_pipeline: ingest/pipeline.yml +input: config/signature.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/x-pack/filebeat/module/zeek/signature/test/signature-json.log b/x-pack/filebeat/module/zeek/signature/test/signature-json.log new file mode 100644 index 00000000000..4725117d90e --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/test/signature-json.log @@ -0,0 +1 @@ +{"ts": 1611852809.869245,"uid": "CbjAXE4CBxJ8W7VoJg","src_addr": "124.51.137.154","src_port": 51617,"dst_addr": "160.218.27.63","dst_port": 445,"note": "Signatures::Sensitive_Signature","sig_id": "my-second-sig","event_msg": "124.51.137.154: TCP traffic","sub_msg": ""} diff --git a/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json b/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json new file mode 100644 index 00000000000..d06eb256245 --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json @@ -0,0 +1,48 @@ +[ + { + "@timestamp": "2021-01-28T16:53:29.869Z", + "destination.address": "160.218.27.63", + "destination.as.number": 5610, + "destination.as.organization.name": "O2 Czech Republic, a.s.", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "CZ", + "destination.geo.country_name": "Czechia", + "destination.geo.location.lat": 50.0848, + "destination.geo.location.lon": 14.4112, + "destination.ip": "160.218.27.63", + "destination.port": 445, + "event.dataset": "zeek.signature", + "event.kind": "alert", + "event.module": "zeek", + "event.original": "{\"ts\": 1611852809.869245,\"uid\": \"CbjAXE4CBxJ8W7VoJg\",\"src_addr\": \"124.51.137.154\",\"src_port\": 51617,\"dst_addr\": \"160.218.27.63\",\"dst_port\": 445,\"note\": \"Signatures::Sensitive_Signature\",\"sig_id\": \"my-second-sig\",\"event_msg\": \"124.51.137.154: TCP traffic\",\"sub_msg\": \"\"}", + "fileset.name": "signature", + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "124.51.137.154", + "160.218.27.63" + ], + "rule.description": "124.51.137.154: TCP traffic", + "rule.id": "my-second-sig", + "service.type": "zeek", + "source.address": "124.51.137.154", + "source.as.number": 17858, + "source.as.organization.name": "LG POWERCOMM", + "source.geo.city_name": "Busan", + "source.geo.continent_name": "Asia", + "source.geo.country_iso_code": "KR", + "source.geo.country_name": "South Korea", + "source.geo.location.lat": 35.1003, + "source.geo.location.lon": 129.0442, + "source.geo.region_iso_code": "KR-26", + "source.geo.region_name": "Busan", + "source.ip": "124.51.137.154", + "source.port": 51617, + "tags": [ + "zeek.signature" + ], + "zeek.session_id": "CbjAXE4CBxJ8W7VoJg", + "zeek.signature.note": "Signatures::Sensitive_Signature", + "zeek.signature.sub_msg": "" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 5e085490895..feacbf939d6 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -23,7 +23,7 @@ http: enabled: true intel: - enabled: true + enabled: true irc: enabled: true kerberos: @@ -46,6 +46,8 @@ enabled: true rfb: enabled: true + signature: + enabled: true sip: enabled: true smb_cmd: From f9fe84d6875cc4fcbf58536033734cbde04d631b Mon Sep 17 00:00:00 2001 From: Marius Iversen Date: Wed, 17 Feb 2021 01:12:55 +0100 Subject: [PATCH 11/13] updating manifest files for filebeat threatintel module (#24074) * updating manifest files for filebeat threatintel module * split on new object type in config --- .../threatintel/anomali/config/config.yml | 7 +- .../module/threatintel/anomali/manifest.yml | 4 +- .../anomali_limo.ndjson.log-expected.json | 200 +++++++++--------- .../module/threatintel/misp/config/config.yml | 2 + .../module/threatintel/otx/config/config.yml | 4 + .../module/threatintel/otx/manifest.yml | 2 + 6 files changed, 116 insertions(+), 103 deletions(-) diff --git a/x-pack/filebeat/module/threatintel/anomali/config/config.yml b/x-pack/filebeat/module/threatintel/anomali/config/config.yml index f266fe17ff9..19e58b4bc12 100644 --- a/x-pack/filebeat/module/threatintel/anomali/config/config.yml +++ b/x-pack/filebeat/module/threatintel/anomali/config/config.yml @@ -4,9 +4,12 @@ type: httpjson config_version: "2" interval: {{ .interval }} +{{ if .username }} auth.basic.user: {{ .username }} +{{ end }} +{{ if .password }} auth.basic.password: {{ .password }} - +{{ end }} request.method: GET {{ if .ssl }} - request.ssl: {{ .ssl | tojson }} @@ -32,7 +35,7 @@ request.transforms: default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "2006-01-02T15:04:05.999Z" ]]' response.split: - target: body.results + target: body.objects cursor: timestamp: diff --git a/x-pack/filebeat/module/threatintel/anomali/manifest.yml b/x-pack/filebeat/module/threatintel/anomali/manifest.yml index 83836cfdd19..b7b87d8fe66 100644 --- a/x-pack/filebeat/module/threatintel/anomali/manifest.yml +++ b/x-pack/filebeat/module/threatintel/anomali/manifest.yml @@ -5,6 +5,8 @@ var: default: httpjson - name: interval default: 60m + - name: first_interval + default: 24h - name: ssl - name: types default: indicators @@ -13,7 +15,7 @@ var: - name: url default: "https://otx.alienvault.com/api/v1/indicators/export" - name: tags - default: [threatintel-otx, forwarded] + default: [threatintel-anomali, forwarded] ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json index b6d6f76e1ee..69205da6d59 100644 --- a/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json +++ b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json @@ -10,7 +10,7 @@ "log.offset": 0, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332361; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -45,7 +45,7 @@ "log.offset": 609, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332307; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -80,7 +80,7 @@ "log.offset": 1255, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332302; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -114,7 +114,7 @@ "log.offset": 1867, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332312; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime", @@ -148,7 +148,7 @@ "log.offset": 2441, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332386; iType: mal_url; State: active; Source: CyberCrime", @@ -183,7 +183,7 @@ "log.offset": 3015, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332391; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -218,7 +218,7 @@ "log.offset": 3598, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332372; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime", @@ -249,7 +249,7 @@ "log.offset": 4149, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332313; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -284,7 +284,7 @@ "log.offset": 4747, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332350; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -319,7 +319,7 @@ "log.offset": 5356, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332291; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -353,7 +353,7 @@ "log.offset": 5971, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332343; iType: mal_ip; State: active; Source: CyberCrime", @@ -384,7 +384,7 @@ "log.offset": 6501, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332316; iType: mal_url; State: active; Org: Sksa Technology Sdn Bhd; Source: CyberCrime", @@ -419,7 +419,7 @@ "log.offset": 7147, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332284; iType: mal_url; State: active; Org: Oltelecom Jsc; Source: CyberCrime", @@ -453,7 +453,7 @@ "log.offset": 7711, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332337; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime", @@ -484,7 +484,7 @@ "log.offset": 8259, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332324; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -515,7 +515,7 @@ "log.offset": 8812, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332296; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -549,7 +549,7 @@ "log.offset": 9427, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332400; iType: mal_url; State: active; Source: CyberCrime", @@ -584,7 +584,7 @@ "log.offset": 9997, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332396; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -619,7 +619,7 @@ "log.offset": 10580, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332363; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -654,7 +654,7 @@ "log.offset": 11189, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332320; iType: mal_url; State: active; Source: CyberCrime", @@ -689,7 +689,7 @@ "log.offset": 11769, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332367; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -724,7 +724,7 @@ "log.offset": 12378, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332317; iType: mal_url; State: active; Org: SoftLayer Technologies; Source: CyberCrime", @@ -759,7 +759,7 @@ "log.offset": 12985, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332309; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -794,7 +794,7 @@ "log.offset": 13633, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332286; iType: mal_url; State: active; Org: Garanntor-Hosting; Source: CyberCrime", @@ -829,7 +829,7 @@ "log.offset": 14255, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332339; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -864,7 +864,7 @@ "log.offset": 14830, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332319; iType: mal_ip; State: active; Org: SoftLayer Technologies; Source: CyberCrime", @@ -895,7 +895,7 @@ "log.offset": 15387, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -929,7 +929,7 @@ "log.offset": 15942, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332346; iType: mal_url; State: active; Org: Ifx Networks Colombia; Source: CyberCrime", @@ -964,7 +964,7 @@ "log.offset": 16606, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332323; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -999,7 +999,7 @@ "log.offset": 17261, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332399; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -1034,7 +1034,7 @@ "log.offset": 17841, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332328; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime", @@ -1065,7 +1065,7 @@ "log.offset": 18385, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332377; iType: mal_url; State: active; Org: A100 ROW GmbH; Source: CyberCrime", @@ -1100,7 +1100,7 @@ "log.offset": 18973, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332101; iType: mal_ip; State: active; Source: CyberCrime", @@ -1131,7 +1131,7 @@ "log.offset": 19501, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332357; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -1166,7 +1166,7 @@ "log.offset": 20107, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1200,7 +1200,7 @@ "log.offset": 20722, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332334; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -1235,7 +1235,7 @@ "log.offset": 21304, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332326; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime", @@ -1270,7 +1270,7 @@ "log.offset": 21882, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332311; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -1305,7 +1305,7 @@ "log.offset": 22491, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332341; iType: mal_url; State: active; Org: Institute of Philosophy, Russian Academy of Scienc; Source: CyberCrime", @@ -1339,7 +1339,7 @@ "log.offset": 23094, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332303; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1373,7 +1373,7 @@ "log.offset": 23709, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332380; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -1408,7 +1408,7 @@ "log.offset": 24318, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868747; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -1439,7 +1439,7 @@ "log.offset": 24871, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868770; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime", @@ -1474,7 +1474,7 @@ "log.offset": 25529, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868769; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -1509,7 +1509,7 @@ "log.offset": 26146, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868772; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -1544,7 +1544,7 @@ "log.offset": 26788, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868766; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1578,7 +1578,7 @@ "log.offset": 27403, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868749; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -1613,7 +1613,7 @@ "log.offset": 28008, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868767; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1648,7 +1648,7 @@ "log.offset": 28643, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868768; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1683,7 +1683,7 @@ "log.offset": 29278, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078037; iType: mal_url; State: active; Source: CyberCrime", @@ -1718,7 +1718,7 @@ "log.offset": 29854, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078030; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime", @@ -1749,7 +1749,7 @@ "log.offset": 30419, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078019; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -1783,7 +1783,7 @@ "log.offset": 31024, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078035; iType: mal_url; State: active; Source: CyberCrime", @@ -1818,7 +1818,7 @@ "log.offset": 31656, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078008; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -1853,7 +1853,7 @@ "log.offset": 32244, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078038; iType: mal_url; State: active; Source: CyberCrime", @@ -1888,7 +1888,7 @@ "log.offset": 32820, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078026; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime", @@ -1922,7 +1922,7 @@ "log.offset": 33391, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078034; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime", @@ -1957,7 +1957,7 @@ "log.offset": 34081, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078032; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -1992,7 +1992,7 @@ "log.offset": 34720, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078031; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime", @@ -2027,7 +2027,7 @@ "log.offset": 35346, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078027; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime", @@ -2062,7 +2062,7 @@ "log.offset": 36034, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078013; iType: mal_url; State: active; Source: CyberCrime", @@ -2096,7 +2096,7 @@ "log.offset": 36604, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078017; iType: mal_url; State: active; Source: CyberCrime", @@ -2130,7 +2130,7 @@ "log.offset": 37152, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078012; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -2164,7 +2164,7 @@ "log.offset": 37767, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078018; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2198,7 +2198,7 @@ "log.offset": 38372, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078033; iType: mal_ip; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -2229,7 +2229,7 @@ "log.offset": 38925, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078010; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime", @@ -2264,7 +2264,7 @@ "log.offset": 39521, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078000; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -2295,7 +2295,7 @@ "log.offset": 40072, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078020; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2329,7 +2329,7 @@ "log.offset": 40677, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078009; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -2364,7 +2364,7 @@ "log.offset": 41300, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078023; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2398,7 +2398,7 @@ "log.offset": 41865, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078025; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -2432,7 +2432,7 @@ "log.offset": 42434, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078014; iType: mal_ip; State: active; Source: CyberCrime", @@ -2463,7 +2463,7 @@ "log.offset": 42960, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078036; iType: mal_ip; State: active; Org: Global Frag Networks; Source: CyberCrime", @@ -2494,7 +2494,7 @@ "log.offset": 43521, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078011; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -2529,7 +2529,7 @@ "log.offset": 44126, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078015; iType: mal_url; State: active; Source: CyberCrime", @@ -2563,7 +2563,7 @@ "log.offset": 44700, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078029; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime", @@ -2598,7 +2598,7 @@ "log.offset": 45330, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078016; iType: mal_url; State: active; Source: CyberCrime", @@ -2632,7 +2632,7 @@ "log.offset": 45890, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078024; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -2667,7 +2667,7 @@ "log.offset": 46491, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078022; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2701,7 +2701,7 @@ "log.offset": 47096, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078021; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2735,7 +2735,7 @@ "log.offset": 47701, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078007; iType: mal_ip; State: active; Source: CyberCrime", @@ -2766,7 +2766,7 @@ "log.offset": 48229, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484365; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime", @@ -2800,7 +2800,7 @@ "log.offset": 48824, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484350; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -2834,7 +2834,7 @@ "log.offset": 49397, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484356; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -2869,7 +2869,7 @@ "log.offset": 50023, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484343; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -2903,7 +2903,7 @@ "log.offset": 50638, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484367; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime", @@ -2938,7 +2938,7 @@ "log.offset": 51243, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484342; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -2972,7 +2972,7 @@ "log.offset": 51858, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484363; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -3007,7 +3007,7 @@ "log.offset": 52460, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484339; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime", @@ -3041,7 +3041,7 @@ "log.offset": 53022, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484351; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -3076,7 +3076,7 @@ "log.offset": 53740, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484366; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime", @@ -3110,7 +3110,7 @@ "log.offset": 54330, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484354; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime", @@ -3145,7 +3145,7 @@ "log.offset": 54924, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484362; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -3180,7 +3180,7 @@ "log.offset": 55526, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484364; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime", @@ -3214,7 +3214,7 @@ "log.offset": 56123, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484357; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -3249,7 +3249,7 @@ "log.offset": 56745, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484359; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -3284,7 +3284,7 @@ "log.offset": 57364, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484358; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -3319,7 +3319,7 @@ "log.offset": 57988, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484352; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime", @@ -3354,7 +3354,7 @@ "log.offset": 58627, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484224; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime", @@ -3385,7 +3385,7 @@ "log.offset": 59173, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484361; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", diff --git a/x-pack/filebeat/module/threatintel/misp/config/config.yml b/x-pack/filebeat/module/threatintel/misp/config/config.yml index 50f41e23b00..c0700f6b425 100644 --- a/x-pack/filebeat/module/threatintel/misp/config/config.yml +++ b/x-pack/filebeat/module/threatintel/misp/config/config.yml @@ -17,9 +17,11 @@ request.body: {{ range $key, $value := .filters}}{{$key}}: {{$value | tojson}}{{end}} {{end}} request.transforms: +{{ if .api_token }} - set: target: header.Authorization value: {{ .api_token }} +{{end}} - set: target: body.timestamp value: '[[.cursor.timestamp]]' diff --git a/x-pack/filebeat/module/threatintel/otx/config/config.yml b/x-pack/filebeat/module/threatintel/otx/config/config.yml index 7cb4b936867..42af0a0c8e1 100644 --- a/x-pack/filebeat/module/threatintel/otx/config/config.yml +++ b/x-pack/filebeat/module/threatintel/otx/config/config.yml @@ -13,12 +13,16 @@ request.transforms: - set: target: header.Content-Type value: application/json +{{ if .api_token }} - set: target: header.X-OTX-API-KEY value: {{ .api_token }} +{{ end }} +{{ if .types }} - set: target: url.params.types value: {{ .types }} +{{ end }} - set: target: url.params.modified_since value: '[[.cursor.timestamp]]' diff --git a/x-pack/filebeat/module/threatintel/otx/manifest.yml b/x-pack/filebeat/module/threatintel/otx/manifest.yml index 4c349d40fa0..5bc84d42da3 100644 --- a/x-pack/filebeat/module/threatintel/otx/manifest.yml +++ b/x-pack/filebeat/module/threatintel/otx/manifest.yml @@ -5,6 +5,8 @@ var: default: httpjson - name: interval default: 60m + - name: first_interval + default: 24h - name: api_token - name: ssl - name: types From 410d9000c57a36931c41f50d89dbfd6f100204d4 Mon Sep 17 00:00:00 2001 From: Jeff Spahr Date: Wed, 17 Feb 2021 02:41:02 -0500 Subject: [PATCH 12/13] Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes #24051 (#24052) --- CHANGELOG.next.asciidoc | 1 + deploy/kubernetes/filebeat-kubernetes.yaml | 1 + deploy/kubernetes/filebeat/filebeat-role.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6d94b576e15..f2f64493d0f 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -102,6 +102,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix parsing issues with nested JSON payloads in Elasticsearch audit log fileset. {pull}22975[22975] - Rename `network.direction` values in crowdstrike/falcon to `ingress`/`egress`. {pull}23041[23041] - Rename `s3` input to `aws-s3` input. {pull}23469[23469] +- Add `nodes` to filebeat-kubernetes.yaml ClusterRole. {issue}24051[24051] {pull}24052[24052] *Heartbeat* diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml index 6c98c85f3d9..85e9717628d 100644 --- a/deploy/kubernetes/filebeat-kubernetes.yaml +++ b/deploy/kubernetes/filebeat-kubernetes.yaml @@ -151,6 +151,7 @@ rules: resources: - namespaces - pods + - nodes verbs: - get - watch diff --git a/deploy/kubernetes/filebeat/filebeat-role.yaml b/deploy/kubernetes/filebeat/filebeat-role.yaml index 6bacfddfa43..a30ab14574e 100644 --- a/deploy/kubernetes/filebeat/filebeat-role.yaml +++ b/deploy/kubernetes/filebeat/filebeat-role.yaml @@ -9,6 +9,7 @@ rules: resources: - namespaces - pods + - nodes verbs: - get - watch From 465750c91d4ee476a1b2954c5bb7b81bea90ed58 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 17 Feb 2021 09:45:55 +0000 Subject: [PATCH 13/13] [CI] install docker-compose with retry (#24069) --- .ci/scripts/install-docker-compose.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.ci/scripts/install-docker-compose.sh b/.ci/scripts/install-docker-compose.sh index 72d889f216a..bfc7ba17629 100755 --- a/.ci/scripts/install-docker-compose.sh +++ b/.ci/scripts/install-docker-compose.sh @@ -23,5 +23,12 @@ DC_CMD="${HOME}/bin/docker-compose" mkdir -p "${HOME}/bin" -curl -sSLo "${DC_CMD}" "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -chmod +x "${DC_CMD}" +if curl -sSLo "${DC_CMD}" "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" ; then + chmod +x "${DC_CMD}" +else + echo "Something bad with the download, let's delete the corrupted binary" + if [ -e "${DC_CMD}" ] ; then + rm "${DC_CMD}" + fi + exit 1 +fi