From 0b1a2ac2d34e6ef974880f267ca7e1614d61aeeb Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Wed, 17 Mar 2021 17:13:57 -0500 Subject: [PATCH] [Filebeat] Add Zeek NTP Fileset (#24224) Add the NTP fileset to the Zeek Module. Co-authored-by: Andrew Kroh (cherry picked from commit ef4894552adf5ff4bb4258cbd500f59b452d6149) --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 137 ++++++++++++++++ x-pack/filebeat/filebeat.reference.yml | 2 + x-pack/filebeat/module/zeek/_meta/config.yml | 2 + x-pack/filebeat/module/zeek/fields.go | 2 +- .../filebeat/module/zeek/ntp/_meta/fields.yml | 63 ++++++++ .../filebeat/module/zeek/ntp/config/ntp.yml | 57 +++++++ .../module/zeek/ntp/ingest/pipeline.yml | 150 ++++++++++++++++++ x-pack/filebeat/module/zeek/ntp/manifest.yml | 19 +++ .../module/zeek/ntp/test/ntp-json.log | 2 + .../zeek/ntp/test/ntp-json.log-expected.json | 126 +++++++++++++++ x-pack/filebeat/modules.d/zeek.yml.disabled | 2 + 12 files changed, 562 insertions(+), 1 deletion(-) create mode 100644 x-pack/filebeat/module/zeek/ntp/_meta/fields.yml create mode 100644 x-pack/filebeat/module/zeek/ntp/config/ntp.yml create mode 100644 x-pack/filebeat/module/zeek/ntp/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/zeek/ntp/manifest.yml create mode 100644 x-pack/filebeat/module/zeek/ntp/test/ntp-json.log create mode 100644 x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index f89677931f2..7d25df695ce 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -586,6 +586,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929] - Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118] - Support X-Forwarder-For in IIS logs. {pull}19142[192142] +- Added NTP fileset to Zeek module {pull}24224[24224] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index d096066eef4..b3af6bb2eab 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -153248,6 +153248,143 @@ type: keyword -- +[float] +=== ntp + +Fields exported by the Zeek NTP log. + + + +*`zeek.ntp.version`*:: ++ +-- +The NTP version number (1, 2, 3, 4). + + +type: integer + +-- + +*`zeek.ntp.mode`*:: ++ +-- +The NTP mode being used. + + +type: integer + +-- + +*`zeek.ntp.stratum`*:: ++ +-- +The stratum (primary server, secondary server, etc.). + + +type: integer + +-- + +*`zeek.ntp.poll`*:: ++ +-- +The maximum interval between successive messages in seconds. + + +type: double + +-- + +*`zeek.ntp.precision`*:: ++ +-- +The precision of the system clock in seconds. + + +type: double + +-- + +*`zeek.ntp.root_delay`*:: ++ +-- +Total round-trip delay to the reference clock in seconds. + + +type: double + +-- + +*`zeek.ntp.root_disp`*:: ++ +-- +Total dispersion to the reference clock in seconds. + + +type: double + +-- + +*`zeek.ntp.ref_id`*:: ++ +-- +For stratum 0, 4 character string used for debugging. For stratum 1, ID assigned to the reference clock by IANA. Above stratum 1, when using IPv4, the IP address of the reference clock. Note that the NTP protocol did not originally specify a large enough field to represent IPv6 addresses, so they use the first four bytes of the MD5 hash of the reference clock’s IPv6 address (i.e. an IPv4 address here is not necessarily IPv4). + + +type: keyword + +-- + +*`zeek.ntp.ref_time`*:: ++ +-- +Time when the system clock was last set or correct. + + +type: date + +-- + +*`zeek.ntp.org_time`*:: ++ +-- +Time at the client when the request departed for the NTP server. + + +type: date + +-- + +*`zeek.ntp.rec_time`*:: ++ +-- +Time at the server when the request arrived from the NTP client. + + +type: date + +-- + +*`zeek.ntp.xmt_time`*:: ++ +-- +Time at the server when the response departed for the NTP client. + + +type: date + +-- + +*`zeek.ntp.num_exts`*:: ++ +-- +Number of extension fields (which are not currently parsed). + + +type: integer + +-- + [float] === ocsp diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 65c0f35f96a..5a5b0d7c603 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -2157,6 +2157,8 @@ filebeat.modules: enabled: true notice: enabled: true + ntp: + enabled: true ntlm: enabled: true ocsp: diff --git a/x-pack/filebeat/module/zeek/_meta/config.yml b/x-pack/filebeat/module/zeek/_meta/config.yml index cc4572f6874..dbe6012df6b 100644 --- a/x-pack/filebeat/module/zeek/_meta/config.yml +++ b/x-pack/filebeat/module/zeek/_meta/config.yml @@ -31,6 +31,8 @@ enabled: true notice: enabled: true + ntp: + enabled: true ntlm: enabled: true ocsp: diff --git a/x-pack/filebeat/module/zeek/fields.go b/x-pack/filebeat/module/zeek/fields.go index d048c716bf6..a0740161b64 100644 --- a/x-pack/filebeat/module/zeek/fields.go +++ b/x-pack/filebeat/module/zeek/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZeek returns asset data. // This is the base64 encoded gzipped contents of module/zeek. func AssetZeek() string { - return "eJzsvW1v3Di2J/5+PgUx+ANJA7Yz6Xt7/nsb2Ltw20m30bHjsd0zd/dNgSWdquJYItUkZbsa98MvePggqSSVVCpWOcmOgelJ4iryx6fDw/PwO6fkEdY/kj8AHv9EiGY6gx/J/7F/S0ElkhWaCf4j+c8/EULItUjLDMhCSLKiPM0YX5JMLBUppEjLBFIyX+PX3/0kxZ8IWTDIUvUjfveUcJpD6Mv86HUBP5KlFGXh/qWjT/PzEdshCyny0LztmC40SMKFzGnG/qDmi+5b9b7r/StQigk+Y2n4lUfyCOtnIev/3oPH/JyTkrPfSyAsBa7ZgoEkYkH0CnwXra4TWuhSwiwTSrU6r0/DQNduOuClEFLbSTfdmplp9GGmqPbFzRmpQ9NqlkKmaeOXHhrjGpYgN37XAPjfG78k5GEFRLMcSAoZXZM56GcATvSKKZIDVaWEHLgmlKeIPqNKn4VWOkEW0ALRt3AjAF5x7BeeDAq9ouY/IIFQCSQvM82KDIjZaIwrTXkCOJ9Ls+e1sOtMcyArofSJHVbKlGZ8WTK1AkWAJiuETJ6ZXhGmFWE8ZU8sLWmGIxoY7pIWKt563JT53G7RnCkFKTm/+NUdKTOWQsITE2VzbUxH8olmA0Bp8hgR6IPQZn4CXMSpzN5hfG+oBcgEuDbHQ3dCTkU5z2A3xLe2UbqEJt5n3E8Gcko1JXMwe+f84ldIyTNV/I3Gj5215YTgHBJdFyH9UmJBy0zP8Gz/SBY0U7C/ELkIAHYQIZlIaDYTki07J3YuRAaUb5vZ/+w4oylLqAZl5tIcz7p8JUwR0x3j1AwA+8/WAxvAopSgiiOiNN0Jno4GaU/obL7W0H2wMsE3Z3kA47U99NgkXuA1iANolKZ680SMlrttJBciBZSECdUoTA0Q08XG9TkG1SwHpegyIrqHaWhYkndvqM0DS3pOUb0x883WL7fL1BEjMz9XF9e3xM0ZttczLNKQRukx0JhuBiZ5xZQWch1vsT9mdKk296LrZbf1f8paQmP0FdjG9fdP5zc1vXJo73EOcnZsBL73NIGZLJJXuqkuLz7M7m4vdrimpO6++CfpKneiNOqrZIXVdYM6JeH3EpT2mqK9ABSckasFARbuCP8xIcNH6qqB0yufWZaRORBeZkP6jflvOitYS4DsoSjfQS40ENPoGLUVeFoIxrtneRKAD65F7IBkQjxCSsqimu2yZOkAKlGApBsq1Z6wPvsmG9qpud/bKl26SorXOiK/XNzucD5SkVM2eZbakuQS2yNL9gTc41Ign0CaGRP4PfL+h4HlS8stqzdFZ790DXoxj7PkVTYJhQRlhJ+7E5qHe8Fk6/VAqmtVhPfsiRmigkTwVA3dbUJp86d4E39jDkuY9iRj9plEfnE9hbn/fgCa/eps8XsacVt8/NvlTRe6C/sn/LUD+D/eD+n0QBXMzBrFuwCvbglNUwlK2ebDA3P8krrvj1YLBxCd2+ag/hhmym5ceElWlC9rotn+DGmaVCm25LC5drW52wQ5AujG9Pk+mod/jOKJW2EPaO1TvwHNnX3bEd7NlGhJuaL28WsemDxbE+o3qAKestbTy7V78/Hz3bUXA8q0zJ1JiSnCRdhHCyFzK3v8sqVECVzNzoaZIivIikWZGdnyyMUzeV4JgwVNVqHHM/IzaBRZlIchum3S2TDuDpIKUKiIMDRWWDtYGLAoZQKKUI3wNRHcycrul5f9KRWiIFzw07kUNE3MVx2kESuf06R32bulDRm3La10eaPIisr0mUrYAZTT1Q57WEIn/rS4vTkMzx6rQ2Jr3pRbDnFYRtVtCpr6Ju7axRE2xSdm9vWisa1tf01J2xayvWitWSq66Hrr1BLCFqQQGUvW7woptEhEpt4ZFfNdrpanpvOzuRRGcGSCppB+19nawypsf3vua8Y0NF77uQiKT66WZ3ZicLn2l+Ej1617Nq6rpWJoVSM0SUReUM4gtUZ3ios6u/xw8enq5oOVskG2Ja0Hs4MGWVZXU59Xa8I0kfBPSMzcVNJ1/2N5pAm4Of/V3B0ZNIS7uUo6G94cce2pOmSVEwtt5Gq0c3/IDTR8nPxwxhyne/dZ83povMIq5db87Ql4KuQsyagRqYjvlbfRFz4Nwcy1Obw9NhWTScleb1eV81NRaDVmOs/T1E4h3k4Sfal0CVwr8rxiyYpokDkKbaKemU5WkBIhSQEyp7z75BA/fnVGrjQBnojUqHjcNnyKPooOt7b7Fl4HPWLDALIixy33qRanTowWNHkETZ6p0XISYE+QnpGHILo6l4MQtRJlllYvckKJFKU2qKQbsX2aLWgCzms4SpnLhYYZDvir2AZkmYk5TlQ77ID6PdLYHlr4z+D562zWTgMaHwjwdGOlx8ilcm5mYv6KsmmHWUTnTkBMri7NFyh5olmJLikogJsp8/NQrNbKbE/CQT8L+dh9mARfsKU3J6GKQc02TUqlRQ7yjXujNz+XUE7mzj7TrYWgrpKTREgJic7W5gmZU61RI3GO5TVGK3iY2dq7jiHtMEHy4t/+tLk4RzJB3tz+2w4myEXJN73f/Yj7GiPtp9thtqjZVNaeZjeNRx/UZ3fjbVegmnCLbNPLdXSwxaCXuudCnhwt5D0gb5SV6ByNbdY3J3i/bK82+MGiqi5v7ncJppKUq1nP9Ewzot/cNw1TY32Dfd6uYZN5G0TL2eWiCH4vQa4xjiu4ubaDwi/Emxyzd6zXwm5tlL9M2SdcOTdvmGC7uLm3vQ8hRL20E+LuoRcG398uPp3f37ubRhWQsMXaOxecDryoJnMUullcd8F59YEnJyP8Au8OsCOCYersnZO/Pfzv2w/dU2ca3RnY8SZuV3iyI9Zin10XfMqm3aDm4CkIvwrW4xHQjjdzHcgHAJ6fdwIbEdDVfRudl3olJNMUwZ1z9QySzM3zp+6sD9Z+uzEZqMqE7qK+uvwFOFbvBbVPL9fdOkxBXaS5WxkVCOtwTka8mB8upk5J93Z6kCV3l7GZiI4hey3CPPK0/TQMeebvLuMu3B0kpUQ37iUoJs1NztDsQEO4RaXs+MC9Db9Hq+Fnap5U0jb9ZNeOJX6/MjXqeN9F3qLVSM+fKMvoPIP6WJtbtGuwHceZ+G2pysIoQvVBmzGyQUlB8ah0X57TQ/IA73AJ1iFV/4qqnQ7UQ0z3Qyfj4VM3wCl60QNGfSQrcyl5L3G4LqlSImFoU7+7U66peaVeutnaalCv3gXWHhvvVHdHrgYtyRlrnBV4jP82qMBC02y2bStM8spjUsFGfHjYExISIVO1yxPGwjSfZD2RtseB6Q/pkHWdPs/6ledJO+AftXVflFlWW/wVVWQOwDei1HuRdT1bYyOzs9WDLDwEi3Zuz5EMHbeXO7wTKafZ+o/pOS3dG8+3asX8EjhI6p04T0xkdITmsKAsKyXMJFA1PWSu52DAiy5pRmzbQd1B2Iop3/dQIgdak2cKlnn7vt4jqK/D4LiQNIdnIR/Vu7RI39meT13Ppy4naMj8eE6SVckfg2WRrs0n7RrlQmmSsUfI1kZMlJlZrpDsYq2dXUsXVotlcDDTx0fTuNnUZyN39aKMafk4x9G1jd5Dgv1ltupL8Wl530dsWrSQW71JUq4WIKU7Ugbe0L19MDDekTIWSZX8GF0/w4adbrmiT2DV4jGY8FqMd4LPK/NY0gjxdPevt3yabZVSTc/Ih7PlGWGa5JinSKg394fD1+pD2LgAlqzM9+xrJ2yLEyIkoTbVx3ZTUL1yH7caFbUfUiIHIswt1+qB8aL04VdDsbFQ6NUkq0HH5DkrgRY1lxu+Rk0ndu7cshoJJcHKJHQ2aeXxkitO7q8fbk+6vHrOMldrEMj11fUHQrWmyQqz+QSvPyexvV8ebHtd32/14R96z0yvnCB9sC4YPurl7O/QiKfk3L9hwkVnI2lSwYGkpfQmLZxa/5nBPLEcZr22tkkwr1netFuNOMHmIweIXa4fVLYg1L9xR2X47ZOH2JEr3JYg4RSomsCoNtiJ/whkae3pzRYhH7QtVKrwqxBxZYWIb15IwsVQCA5TX/jg3Tdb/dj8WJQ4TgHxMyKqGIQqM7VhKUwHNYI9Mwh63A7enRvGZeS7kx6p0W3PyI1wEnQj42BkmiMAj5oIWuWB21zQQoonlhoVQrTlDwG+ZLwyy44QBvZJHRPxZkK4xW297BKsoUrZASQiLyRTUD0aRyDOmVKML/fA3G2e20TMattEaQk0t4N4BgmIPANtngAuP792JxRSJO1MAlK/TYbSn55ALjLx/LqD5EKTFDL2BNKul/tEtefMnbuZxGA6YookGAg0BxxLRovCzI7tVMj6psAP8jfafNY8MhXk82zQDK1ZDqkou7X0/Q0YjVOFfRFR6npcfbLTMSuoxKScPR5bHZK+FlNU2S1dIGkiuKaMg7SDwSvKhaCtMFHCCj940ZLaOFllUBqdp9XRzopO+kNETYyT68sfSMqWoHRDyzBDBK6H0KgVfR9TMbz/5fz9fnC+/+GvkQF9/8Nf94AUNkE8VJ/Cc8rHr1Q7bcR5CR+eJaUWi80tGcGG3jCh42RZhaaCaY5HUpoJXZAVmANvBGL1++oOGD0Yxf6I6TDelOYVNi1IytTjYO6vlqLoNgJP1bHqCVMpcMX0uqYN4m7sfquE54l+rdTbjw+7ZN6WKia90W8K5EYYRykl5lY+3I5UPguqVEfPe6C6dS1uA2XeCY7GaujSTkSeUx4R34VtsJmuvDUHK5gMZPeTa5oNSy5LNISEaXK42AIvWqYswhEP805QU4IoO0QN2SZuRgzT/NyzP1pP/caIw/OR2t97S9uYPMIe+wiJE0x5z9liASl2E2wmW+4ist1KHglV3YMxpwpqAdMLXbxDZ8GYYOmPNbv71eWga7rP9zcpPyMC5Uz35Nyh/xCDioKNpWIjCDET7i3s9uCYndZKdSRxVvOu7h7eH3OwhlBNZ8mKcg6b1u2RCeodNB0vhQ0UMLIcGc9cB7tmpZtrhz3174BuNW3khPpX2e35/d9JjlxUimixXGbWYINKhRRZG3wvXm+mYnzZ5eghe+d9Np0+ng6GcaZZxVtkZ3zIwk0ah9ZunWOCpkkCRQzMRt06jIwwwE3r5nHuH7geuMB4vYwpDdwMIgTrjRpIkG/PMVUWp0E9C/loIKVMQoIMVi7Oi6k6Fx3jZ+SnNcnpY1gEq/s6z8+bszcn5BkwQcXfvbalkmegFDqtNAY75QINVzyRoPEYpUwlwhl3fIwZvFhWTDIvTROPXDzzGkamiHg0sqscDBtP8rRPyZogrbym56PFnSKarckzZdqvLe2Iabc/g3dYfqD7/WL0pdSerUgQhtRT89Ddpp+ShoH798Mc4wtRcm2e48KojMkjWYlnklO+9miV9VNjIBG8QFIOx6oWlv9j5lvo3IyTEmD+VkIJ7v5x6CpXuot14hoPERearEHXWCW1QEs4DhNSsoIR4TNdV+w+TqJNL09D5BCaYBi1kL5nvHqHDrzjMt76DJ2E9hJs2mwF1/cRLir/Aq1CfMdlwGdU6Rkt9WrWRxiyh6zfrtovJUsXumgq921r+ickYyn1Crh2IRLvFCQlRp/nYPQeprzZniojmTvSCVd6lFllkt3kl4edDCc236o/DGJSDOedD3+w4QYFKyBjHFIXeMB40Lcrj+SisVHeVap5lbo1gtW0VLM+5pRJltN7bDO8ISToUo7lY6o4Jhdi1pudMmmCcRsiwcr7l5e6lQ9jA8MzbTrcqJM4jHav+dV0OTnWpCuKx8WaOAVOSDSRPlGJvNlUa8nmpRHWNY3NJvBl1Fl7KTpvWFJmtH0Bt3Z4QdnQEPc1JrbXJBgTrThkyamRakb0FSDNAkFaSygaI7y90N/7yulI4TzclVNI8cJi+lrOs8yb5FZAU5BOGcnpunoTuFGgrA7xVlR5NEMGI8qXMOtOzI6S0MCawhjfM1SpMgfy/V/+ajc3zbwLoW5JGUeHaCcGM+IintwHpEZJXMQLzq3tCDtXjegYT1t3I/xn8AXXDhMwuiHjSVamTjk8If8sla6tr219MBTFCLIvYOBOoh5t4EKyJXraY4YDciJkioK3GvaiYXKtVWeoAqHGQA1m70PjDYbvyVC9P/cYM2s30u5AjVx43eUfG+OGSF919XdC+oqLPxZndZ4iPy+81a7yuGMMtHmSaVbFUTVuV69hzkU6mEkedsKr4t5IQW0Cr5R13XBCHNNDf2X6Hspu6bkNW8Q90x1eQU9vfSIKw6UNo9CQZWyJcSehvxEGuvDZKJ7UfoDegYqmdL2qgaxSEcYwLm51ZuyF0gVCV7gQstF5cRv9+OP55eXdCXHEvyEA2qv3bgyjSm7wfvLQGEPAOTbAa+8/lytBN+K4GxYOm7vqSdmWglgiKoHWXqtLv4SiB5hcMzxYJLM6zGj/0SzA1BzwCGh8mx967w3Pa0kOpqdavaicapcrtBPeCDEFB9k2Jdtpz/juTAs+iaAKVN8oikFLLXKqHf/ZgmWZDa0dE4PRO1kCWYMON1dGIzmpQl56j5Ub88STFSPGJNoYu/fAtgH6XupTtIizEzpvdDx0Mc0oH2xpQdFgr7RH26lJjUsZZxM1VHcFOvv7mPR7S9MeD/q94323/m9VFkXGIHUQvXUKhzIUghY1GxgZ+qs8m40YdQTVmNIV87UZXdag2YU7RNmbj8wOkGV3XosZY4v2VljZPMeGORbh+jPx/y3agnEvudgYsUEfb7Af8f2CrnUMPvPclxUXir8MKNLX+LACIxBGDLipZA0PO+i18rWKVl3d7VKwirNkk3h0DzvbDUseeVUZpnLgjwxdiR+kvA+aLyj+F02Q8YD8HYNxNuMrJoQlp2l3gN/E3Pq1aZE5x1ftOhgdeJh0S5Ypr+aO8ObtDW5rtN5wJy9WvfF+5YmMC04xP7e9znwmk3dpkpwq4OmQN9//XF5cVNkxIfRgi5ZIhmO7yVB896uNth41bkbug8IJDfUc6x7YLZY+crx48f7ojV2noDPyfKxOEzVlcPuYOoLN2wPqCzT3gB9BzkGKMQw3h7itf3Xd71Jj0h6/yErjna8padb7FAkqqwgecu8YCd+e339HhCQPDOn2f5bUlrELv3/4+f67US7OeMhdUTc+XDzS8SpGfMi4YY/pu0w6sqz3cEb7BbOcTkOpc1K2zL+vm0HR/fT/YHBuq9ZL4qZFbEMxjjXviWYRa4f0VL9wOY7tStkjB+SOK2LFPsaY+7hmbW6iyFiwkxFgUrrur8+1146rGCtMHyiYtUXIlJ+wQSduwoo2zdI+pFcWAfBErgtLAdJfTjvsHSGfqUxpOw92DynzsWrUz8uQ+lfdUxye46K5803uisV+PNoxpWXL60niiJ5fqLK8U3Z8paMecQTOfwTl+91w1GcdMIeuWlzx8W6GJ/56eTF0dKCVabPHxbS9ntc+r7auF3iz9R2ebd1zSSplxsyKpZjbdhGSYXN8ZHhNbdosfFIBHvscLPv8H5HB3lflGZJdprUZkvY176Z7m8j59ewmNRXwa2yqbWCDjirSeflaj0vb+W70qluKI00OveTbagLVPFGD9kZ4wfzO2PhCs95dEmKL0BE0kjQYE6Rm2+pyT8rdut1So8wu8Dvs+TSHPKeD+TnXdk/YpLVWpdGwbdfq99eKmrpe3//t0y6btp0Mued+SOrZm2YLMKXKQR0zKkcHcm37REjb/W45+HvaG9qI6oRjfoKwE0iHnwLiOeKJaHIJ0cXCEgOYTk6Qy5OPCWA05zveermb1gm1Nowq6Ec3LVBRU9tusPWdzk5whkUtKXbVqu/pvc21wJ1xNEEsyYsjYbu6uB5LXoSm8KhU5LxRdLNFkKcYX2YuXMVnldc8+OistptrDHJH8Hegad2f3m/MGP5F7b0ntTfO4nHiT+zO7I46GXPQ/sU63Ds3Xx2H7wI/8/Ux+brj8u3T+eJA/8XpO3gJHbAUydVlSDGdLjq5aPlo9vFJbJScHKVsRM2SR86nMqccL0J0AwTqMid+RoFS5fygoFQ5Px3nPOy2Y0woY1opXIkouXaahOV72OZOrahnXNJtvInxVRZcFXjTgysrQ5ny4ZWj1gvBYW+d6DS8bNr9htbMFYmqfSzsoD1wWm9M5No3rlGnBVaEPdQFTe+k+0NOWTabi3Q9c0U+u9EOTWlbsv9kQ/f40laisqS58KI9lYnRFDLIAfcm2hFsczZeF14KylMiuBtG+/YK17ijPTYDGZTQdrgpZHQ90+IRpq9Nx2vBjtYcMnv1mvbDaihwpHQJLZ2aMS9Zpk8Zt6iQAsyZQmnGdLsiuxYEkWOAmb/c8bsEWLDE2G5DyTpz2J4g9YokfrzVcvg0tl+jsfA1V1NbgtvXlBh6oIeHX8ydX+naNQ30eWV2fu1KrArQhfNbSqPmoUMf0rLI8DHHl35nDd4NRSFBqdmiJ15mGtF0x8vBgM2AL12dIeZri+P+cWqAG6jLbJlDgDe49VMpiuIQxTwDA5d9Ol3deiOyTdWx3SLdSwrcbCX/lKJoj+yAHS5DndVjX45pcr55+HS9i9XMVk+Ot90va9WYd4/CXgml497dv7gWJ4CJHufWYsC3dYosbWYzShG9SLb/RdkXVlTPNYg7axv5BjvNWpereXocRE+I+f5+67R1hTbbjuJivby57zgKFSkxJRe/nH/69OHm5w8jvcMc9JyJI0C/Af3T1efY8LWEIwQLPEiA3YEHLotExS2E8N+jpffni/tNQj9CPvOMcSAXlXPeU9Xd+qKnb80XvzszH12TRALqEcHN6hTUbl/qVh86y2APy3pb1cQwCZb6hzcOd6P+dL3/FVXdlByTIt2ypZBMr/qjUvdKWsDwsdBHCHfzap31fErzlLSf5Kn7p19hbf5lDMMEfv4g0vA4mTwhxG7l5+MN5kQbrbYEtTI6Vn/8+SbmR2g/NY4DuSjnGUtMB8OXIaPZzBoK4x2je2y2Zn9EDcJ7j4dDjposmhFxWbE0HZCEJ/EYrxSHeYr0Hpcxcd89xOfmhdMgPa+N0Lm3zDjGUFF0Vg4ncUTSXVU5fCrUoGIWHdO1x8KsOjxMERYGQ943F8fZDp0DayWeMcvdEqxrUTNEJUJKSMYwYvC2VSkW/sw8qfXGMDg8N+o70bkodX1w3gFXX1yf6b2lHmxll3yl52qxW4hH5Hyrh/CoeaPIE0gk4rZWsEFLUTwUDaWIKaypgNZ3S7aOfxxTnpMmK8Zju0moXIL2bVfVCgK3RCLygrmSIMNJ6Oajsw6p3HtwxkCs2ZvqwJwWTIcerK3H1J5TJuH3kklIiSiM5odCZ6009GUq1Xw59nNx4YRma7E2DqAWRJZ8dAF6pmbwEjEF5krVnfC13Y4+HyQgpdxRDOGn/tcgvr/++7xVST0WQvLXfz+dM13DOYCnVKBmVGXdit80cmQBNUgYByA1OXdmy/uCJkA+0bW5HO4oT0XO/sALYwzSFDZv8ehAL6mm5APOn5G0txKegI/Fl4gUZhhlKdtOhmhQwdyyCVhO9dAbSVaQPKoxMBV0P1kjYCsVxhWUiWW/rmK9VxT9KgPwVlTNWG4WYqbjJrM1YaJCRTmxfZExR8VAs/rBcaDZvkZDM2rVcYAFyvmGKjcWZwrzcjnrKJofGSfBjkbBcs7Z/Wiwe4qwIlVtqBJvncAnhDlq2y3qrqQpe7VUljvsfBe1d1/7fnf0km8VI7y3c27WVMx4GK7PL7zDbQcIC0lzSDE3pRNKqwrbmOwEd39aY7GLDWw6+5ztuAHUOkMx5jdbE0pWjOuKOfnu/PLqt3tvc7Y5GD2tEhv00FDMVoI7N3Ars6VzXmxsyqw1/GmzcmcjXSqXaPfAE5Fl1sQThv1Qcg7ZqU3+PP3A00KYaQlybfCNgBGkM/PYjbfVLmyr+ITeYa+hZXqf8ihdE7utTGWyolkGfAnVFC8qUji1chYL7U5vw2k4+GS17BrxhnIf3JNGXV9gFMuGG3MozUx3U25NTqXxYR5kDvoZwIdjShXS6/Eg1oJO/nyOgzg9x6qFfw4rIySqCVIKWePXdEEckBd6fYLh8kC5i7ysNer7QkbmWvqdOeMjSCozsVxOj3fYlu7EFEbM0EwCTdfW6GV7w3lxfINsyYXsKmUl09cqEH53ebtbKpB4ZBGvywtszxV+RM9OwyPuzSPVqdXrwjEr0nDPHvt4WsOgbbaLMZBc6TeKUJKzl3BezDxzWAptj5HLFvWnQuEu+fniIsgrtLG0+OuHC6TYImqznuSSvTwjrj6bb5okK6E2XcAD+B5hPRdUprMMn9Lx0P3qGia2YfI2o3xZ0iV8Fwy4zQ01cFn2m0OnGOXnJcsOVIvT7Cs3NG9m3XKMukfdHnlXmG8kwDe1PO+d0RVSpGXSkZMWCdytbd8RDey8bVJQj1p0K4pT9s0zS7dwyOxVm/TSQrVdTF6PFbDl6kBFkD1C28dkiInIhOysQULi7BmbDJ4J6eoyBrqhjTPoclhWbLma1UDZTXBMApyORL5IU3HVSlZj3jvoaKp8tienWI3VSK+KwKpJlO3zSMzYXSNlf0xrY7ZEuYXgZ+/K3FVwgIHm2NHJf5398Jf/QEWvYgLlWJVGNk1OyYqyMXRMBcic8m1URXtVoW+Vyw0B1HWwQraxu/KGFhxGkUNeCEnlUMxGtdLR9nIGT9BPQLfXZv5QEathL+1UzDH0g6BX4kCXVQ2g7WY0wipEucerOek19IB0IZXb3Lx/zKlFFSVAGlRhVbfSOgnS22ILMYpMi3c+1H6mVNZkRfmu1djHjC5b8m3hc7SxMiumbt/ff+p44S3mr/XC+/jTLi88p0VGO6EHpFvL6T8761WRuIFq16aboF039JCR8XQ540cBarrZGegRmMxec6G2vktbQF9xoUY9oDtIJacfze40DBJHv/hHMxNjShYGOdJF2iR72UDqrtYtqmeYzhWVMFtkNCIHRYNQyb4j0M7ICbwkWamMEm3TeE3n6UhiGvdO3SuZt6OwR+1lrxJprcQ2MMZHCNL+KmLb3rx7GK//UX/fTkfV+dDdA9YvjUftKFxhm7Elp7qUrxVYeO/730WriEsz4CisNimEwswQjH4ZOq5sGZXbaJPEsELjKpdjba+hJ5IBvo9jrJNpR0ioPvVUMSJsIj1FkPhcHzOB5Twu0g+e2YkUdG20cFveRUjL+TSSbN2sa5cFYPRp3cZ2o9hSnZBSlba4kxQ5UWWeU7m2VocRWZiHA2daVycWFe3DVU3Ta7mc7q92cjnVSKxjlxK+C1VdrQWEFZAxDqmz5Dlagib7UrOo/7vgoRnm2q4U7d9L4D2sZFP0uDi6UXfS399Bzq1Hwdkvzep5N+zbq5u/Xz18OCF3H36+un/4cEdAJ2d9tT3qkDvzdiJBvhBc45o68XZxD7//6Kvth8CAUSm3pWTxxNtvd1eNmXSzOKSr9WWHTKuDsjE3l1TDxLlx8KPt4q1lLaJuCL99P0qRh8HfCDMTNjJ/+T+dR9rc3G9UkPe0KIDXWM5sWSejsiktGZIaiMUCfbnmzWMDAEacBr0ZkXOggT8IP9wx9md6qPoFDzU/jid4NtITedMEx55PSJ3qsdqaFv6YKtzIYGPJM3qH0VNUbIqQsX8//YQdTj5SWyhnv/Qz5e7B/+cOVRj5F3S6VINp+Ns/XaNsZzbosLUtIt6mGIN4OrgPgmmcZlnUJ2hr2miWnV5dTpRG3eUSIsJzZRKm6mYK5Iwu45aJ20D4mwJ5em76mDqH/XngX1ZRtfuKBrBVoGfQhB4eIocqtubQeXm2E8BgWKSSs5ZAirhZ/mE7GHv47bcj0yr3Cc4HbHJIbIZdm89nzYIJx7QPuN53C0uNXIW5XuGhzsw8VnDODoJIlfN+UDuE3/uiEfHQ+arVoRxFD77hsgvRmTOsKoSXf6iO4TPTx5XJkLp7poZp/jrSFETJU2IUW5teHc6if5Q6iF6rHIC2zVs/rep35ZS8v/5px9La8dOpaiVmIW0mVm1jXyDbibH2AHS1CEFqDapl08tG/JqEWuEiNPyE2SylxFJjo2bVNDTbsyxttzzxIXYI9W3K1KP1Op2QQhptQvq/GiAp2kdPtpr46vRWo5WeMTNeSWMJC5DAE0gdwfUJUVpIIEyTFdQLMNmfvWjw9nIrf/S10NkiFK/YkqRSB0W7CmxFgnVuDdm4VTOxJBISIc28elv4CHzdld8igPutiryuLfQWCgWy4V3phbVP/Ip+6fx1bw7gDgMmliYYsyTdwN1rXSPBhRnTyOAVeVSUEhJgTwMQawrl+5lYmAVNZymjGSQ64h3fX9lf5XPzv/enOWV8qOzZpQNGHNLdlL58/v24Ie5d4q17jN9HHWP9KYA19F/pMWCUECNId0rr7hSf+7jQJ4rM6jrsfghMclpeXQbRaBm/x3HM7KOXdTMr7XC3bbF67gHiluoVKcosq5swndrlK/VslE8yypqQ28qbV6lG8MREqSJXPLjy0hNnz27UMHtOgfT8Yp4b4o0KaMiIfEfF/ugGvHvNiJ/WGrC9emGrIXWV9fFRDCp/XUXOc1Ca5oXqRmB/BglKMdCwlflLdiKW67e2uzVyzANm/GOSVFaUt5ORI0OynYyGZIm9DgzJZraOhJSLFIsNHBYT9rLehikovlHr+fz2W58wN3L18uLDu7vbi+47Obelil7vVp5du2JJO9zLccV/Pd4Upb5pfgSH+h7P6O0VjyQ0qwBGf1bbrDnUx2axGe2QK9Hx2dXwj4p53seGvdXEcn/90/cnPrrZzrO/HBlPstKouOSjkOaD708aaYP4lVbb/tsppGXiyBl8S4Qq8gxZ1nXg9KsFy10/fCnRcuc2lBDJDb3mi0BttJyPjGs4nZ2Cg8TwrjppLZjueQUSSF5mmhVZjQwBy7rVtLbB4OzsgE7dXyAT41w6WEmoI+Rin5BYrOXjqIJAkQWaj10A2fX51Sfy8e7z9Th4Mil0VPf3VnB3F7cP5OHzOGi9QW67E5d2RbiNAxF35TZxfDQPlFE4Dhmh8DByKyeT6chG+CQvRu7X48RrjJ2SXMXNF9gEc62WV5fjoDA+O/zkXPFTH88yDtWx4kXGoXmZ+Sq6jC/72NuiwPqv089VT6dXtyOlDZNKz6wVtYeTaiojWwOdJem6c/2MXElIBE+PAM52tCO6jOLEFVk3Ve1kb5hpt9JePO21C6Wzyo4Ybw/ufetM4VGMHMgXL4Sqw4GMMZ6t+Klp4VM6m1wkrONdUSur5xa3pouuqCLqmWGSllno0qir5OHT/aCdEEsph8PSrwDuCdrRdPzZHxarsPzZL7UvAKi0e+I4YMPaM1Uzx/pktPWnPSigB+C7mG/fS1Vj0to+56XGCN81DET5BhFasjSiF6lOFtFysejiHbpBhkgizh1HLqTkCRJXwb1ZtdlxRVCtqd9sujrjQ1e/mj3DvKNkZ8w95sWNtUvjK0+KcrkilLjO8QUpF7ReTTbcHjx/tdfyzfVOr2VPa9n99phUxRMIzfGZ7At2thkzC5o8giZzyAS3ZWGtemPAuwTuQGvripYIDmP8K3uGA3WPp8ZTgBAHuZjqUXkl75Mn0+uK+GZ9Wd2GpoMQ3QxvJgjb+9xmyAdGSYzMoYoUVGo/xjeKvH16j4vw9H3yHaFpzjhTWqIB7p2nWbScyc9CPp6RewBy9/GCvH//w/9PhLR//o+/vB+YoyXEy6ByIWT9hA57RQg3qa+eqGRYP2XOkCEfa/T/DPrO5UX+DPoGXvxfye3lb07shTrCW5kK6sOal9nj7EsY209l9hhjQD6275UXyoJ45/+w85Cq18I3tIXvYfKeDZcKU0VG1zMrneLJvnNvnq99LjyNjdSz+8po2eDYwYf0/2KmWF8m8h41gxpFwnqgkSSjLFeE6TdOCywLgmg6NAqRPL5aAMrni1/vYxFoTYz8cYS79YvYoBrxuounHYfCxb7+ZuD9NpPDAn16IcXLUIx3QZXqQLBPBJhrMQa6A0WgO2I8L0uo1pAX2pwV+9QcCy923vXWqMm9gjltqYIaIao9S77sArnwFespr6ohUEeiIslc9Lpz6/jNmd33uhiJ33Q1sDpzUfZkfXxZa+M2JcL9elakgXrEaiS00KWE2VaBM+nNfAkaZM54jT/ViyDvY3ad+7D/ijSk44JrVGM+6vV2/8vXWScyZRL2CvPsWFPfZAeRakhDsDLhmSq8WhKa4SENZKeMd+SdI12bNven/bSP8/On7fNvDz99/u3m8oxc3eAfql8pCCUGWs2KohCKYYSeLseUBUH6oXZx5z3Xz1rI3yjTAtGrMp9jmMuISJzp+skAkp120p4KWxuKOVN5g4vy7XsjPr8fiu/pK6Q+OXzyghUrkFW7qkZAw1T7PWN/BrOQsdV976X+J1rFE10r+86wsMGYKEaRF9IO7HAQa51MwdhzECMCdG4rlE2PsH6jKpgj8D3CegYvNnr0cBiNvPC9TJnFdtG0iOAUW6Jx9u31+cV3Y9GFgxyTptW9FPa2iYxhtN8gP7VdK/IMRMxxS6Vn5hsS452zZ7pWhHbpeoRkQK3d+sS+6okSud+WiuRIf+mrl3LR7pjQeiRe/Qer69gSmNQ6ZbnQzmOLVLOZ52pXQKgEX2xH1ZF0tuzRuXJxRD+L0wVFL47BR97C2fKsUvTOby5JUc4fYT2G8iwS2273jj1vTp+tTdSlZ2avpmd+imVEmaQe3N9/evfw6T7cyCExd5SnsfPGi4DGtktUyTTsCqmUTxHjmD9kmfllYtvdxEKeV8CdneLDxeUv78x/PgyzWZV5zHJrloBfEE/a719e3mdm8LpOiYTKqmLumZxqkIxm4cJBLajjuAGVGQM5vogChxe9d72tjuh2eNFVrS1dL2UoFNRsRrQoMn/uM7oGiYiqr5qXBx9htgal6TxjajV9yTqiyjuXzKieKgvrFuIAahBq7ODZkEXsiWYs7ffjTqJG77IBkjjaxZ0tHOfqx/jSKtUgKnvBTqVGtnIDHR3wiav5ShX5XAA34r/2BYN1TJQXzfoKH006U5+MSoJtVgIOHTxpKf1xGn3utzxgp+y4w/EQNCKynAUNc2dc3IeQ4T6qZAW50uHQqrr46cFJakFVlYnEGbz63+D1GcBa4Fhh6DDb+AKLFzV3cSsP2o1SC79dgTCNRDFFBrp6Foyt4lQNatYVrhRpaJ1RR/XDanPKQp2Dyg0xPBcjBsmUKieUDhlD/OVCfmtM5fahgoG3tuRWvVzV9gFUP2NYHxKR566+eufnhldu5CCJI1AS3Fnaowx2YGwl17LL/hB9XNiRJZY7wsDQJNsOOTrAyD65no4xKiGXlLM/unScA4zsc623Y4+OZrOSs26TwsEGSTNiOj3GWI1ieQRxcq9d9T6s6seTdmmKmAPcngFCDnARfOOi/xsS9t+KeP/WBPq3LcK/QaG935BGOPAnERJ/CW829+D815ttl3KPX+qbbXMA1c/XcHHvOdgv9xo/5MC+mjfbTqN6/Sv+WKP7Ei78Q471i7j+Yw/wC3yzfd2i/xsS9t+KeP/WBPq3LcK/QaG985Dq6F8r4wn73onWD2ImGt0C1rummiyBg7QU+45594xcC6WzNT6FkqxUepjkIodctATpHulY5yG927bs2fyztYsNNP93/dNgClTyCD0E0VMe4oHtofciH1ONq9uBXFWYdair3lxEnfb0KXbvIDnAEx1T1z2VoiiOhNr1tR0zYQsigaZIbcmekHNlsWDJqLzeTr6cwwwG4xaEpRXIGH+MOqqQzbTWO3D5Dif3HmF+EHLo6iCzUoWIxJsbnXQp2dtV8DFaMZKtbL8H+8OHybjJNz8PF7f1eWkKRSsod9F8jw8Yz5PdLdMkWZl+3Sv42+VXtoKbgPdeQZbkX/cSXl1cf2Vr2EI8aRFDCOsT8KPqVHtlXlR3lsUdUav6vYTyaLBRV1/RJ7BBvLbvSUMIlyHLQcasmtm9l6NOhsVMVLKCtMzCBExbv16BESOr3RUfq5J+Ksx2EIPMlVlEpfAoi4OQ978gjrssFrTtM1s72q0RJGApV310SV/4Ml3e3AcGoK9ttRrY6TNlWL6LWhbjwUwZqhTk82w96y3eEvtREWX4vjSMUaZTqqlRM6rBjFijjkKBB4KI9Q2mYZS0v6xxVIyOts50iEVUJ8Et+SMXz/3xGFERu846kJK3voiD4Nma3F6dk3m5WIAkEnM/uXgeSofXvvjPLGutwB4GvE902SBlfKZZRpJMJI9I+OcWQVeVhwatBMFqu1aZeK2aLLbzXey2C5qwDsfMPnmNFoNvOESsjOM2VfAE8hB4fMM74nGfigfnYQWkyCjjRMOLbqMIG7/kHF4vU3cnRhgdtX55oyotzsJQpn3kUn91AIGoGF84IsHXdNpermdg8rWKpf/D9L3LenX4x/dw1iB7QM3hhVPRN1/dC5imzHkgGV9MrmfQ4acJDRPTsMwds0CSiLygfO0T/izkUbXJudB9xaP2Il4OWbEWC5ILZUoQXUqOicpYYtr2PuRXiuqLQ4EV/HG+oIJ3yCHaikh3BVmxKM1se9ccSaHIxDpHM4GZYSTZZUmZ0eC+I1ykgF+nWE1WS6RdJlpggz4Acu0YJbs/PUSaHYIoY04NlmqDLMWC38JRrj+x1KfLU7+1VM2T6W+gopSFUHhuUkhLl8LNl/Y7Clk2arg91bEjeZ8HOnHTXiitxLjSlCfN03i2AdUzJKawYBxaUBPBEyh0SbNsTSjx0KxArOpQ2qZbovDlh7/8xytJQtP1LoIwZi2XjzZUN9TAqnn8h3xJ1SdHP/sGwPxEFUuaMm8uSr0ZOrwr61M3JQfZ9V3RHUrxd0fLYd/TY8LWkM2hF8xekdn3liliPJaDh9BNj4k7chRZkICuClg99EVtjmUA+iuF88UbwisEvsUD/4rRbocZxKuGuMUb0qvFte03hMOnnVxhy9+EpLSTZHF/zeJywji+MJk5YQRfqODccyRfrPScMK4vUoSOHMe48x5BCUaupLe5UJqoAhID8zvXK0IYgRGzMQ8h6i82aajQSBcM9hOvgI7CbU3EPbXmR4I2Pw8eI5nDQkj3+m5uA+SwxFGN3M4l161qYIcDThca5GTcNYLZnTfGqEirHgblZg9Rjne9/PwjrEfx65LthvMDoPwV1tjcCWELhFlQqcCWvVkTUQBXKiNvgekVSCIVPSGpokZqQbKN1bQ+kgz4ssV32xzLDsFi28di+zICdM50X6RKHZxiS06xCMC2vRFBYN5sJOthpzuxLsNLIXg7Oz8Svg+uddwJd/fnp8NGKjLANxoJ2YVpGmF9uBiBKqxsy9w+2WTmMxVphiz9mj05t0YgxAslAaYb0NJWuHik+fvElPYhKMC1ZGBLWZ3fjAkXkOywqH67u9odFXRUuIyMC7vYHVmrfG8Fq/NXOyC6ut0djjBy21rSD0Qt/SDLwLRbv/ETwTVlHFKL4QTvfwmJWHL2h/lXae+a1J4kC3Eo34QqlswSwZWWlO0SyzvKJl5rOOrJrn11Rku9Eh1RDJFW4+KcLDK6xLogQpo5H7FJCqpXs95bOoL5/pq+sLzMsSN3RQ/Ru4rlLOkjd53kTL2tqvcWImPJul6/V2XvMrE8XQmlTa/qVPBs3azl22rwkyvpskHLwhTy1ksbqc0WuBRakI9nf/q/AQAA//8i4KAm" + return "eJzsfW1v3Di25vf5FcRggaQB25n0nZ7d28DehWMnHaNjx2M7PXf3S4ElnaritUSqScp2Ne6H/Rv79/aXLHj4IqkklVQqlp1kx8D0JHEV+fDt8PC8POeY3MP6Z/IHwP2fCNFMZ/Az+V/2bymoRLJCM8F/Jv/2J0IIuRRpmQFZCElWlKcZ40uSiaUihRRpmUBK5mv8+pt3UvyJkAWDLFU/43ePCac5hL7Mj14X8DNZSlEW7l86+jQ/H7AdspAiD83bjulCgyRcyJxm7A9qvui+Ve+73r8CpZjgM5aGX3kk97B+FLL+7z14zM8pKTn7vQTCUuCaLRhIIhZEr8B30eo6oYUuJcwyoVSr8/o0DHTtpgOeCiG1nXTTrZmZRh9mimpf3JyROjStZilkmjZ+6aExrmEJcuN3DYD/ufFLQu5WQDTLgaSQ0TWZg34E4ESvmCI5UFVKyIFrQnmK6DOq9ElopRNkAS0QfQs3AuAFx37hwaDQK2r+AxIIlUDyMtOsyICYjca40pQngPO5NHteC7vONAeyEkof2WGlTGnGlyVTK1AEaLJCyOSR6RVhWhHGU/bA0pJmOKKB4S5poeKtx1WZz+0WzZlSkJLTs1/dkTJjKSQ8MFE218Z0JB9oNgCUJvcRgd4JbeYnwEWcyuwdxveGWoBMgGtzPHQn5FSU8wx2Q3xtG6VLaOJ9xP1kIKdUUzIHs3dOz36FlDxSxV9p/NhJW04IziHRdRHSLyUWtMz0DM/2z2RBMwX7C5GzAGAHEZKJhGYzIdmyc2LnQmRA+baZ/beOM5qyhGpQZi7N8azLV8IUMd0xTs0AsP9sPbABLEoJqnhGlKY7wdPRIO0Jnc3XGroPVib45iwPYLy0hx6bxAu8BnEAjdJUb56I0XK3jeRMpICSMKEahakBYrrYuD7HoJrloBRdRkR3Nw0NS/LuDbV5YEnPKao3Zr7Z+uV2mTpiZObn4uzymrg5w/Z6hkUa0ih9DjSmm4FJXjGlhVzHW+wPGV2qzb3oetlt/R+yltAYfQW2cf326fSqplcO7T3OQc6eG4HvPU1gJovkhW6q87P3s5vrsx2uKam7L/5JusqNKI36Kllhdd2gTkn4vQSlvaZoLwAFJ+RiQYCFO8J/TMjwkbpq4PTKR5ZlZA6El9mQfmP+m84K1hIgeyjKN5ALDcQ0OkZtBZ4WgvHuWZ4E4L1rETsgmRD3kJKyqGa7LFk6gEoUIOmGSrUnrM++yYZ2au73tkqXrpLipY7Ix7PrHc5HKnLKJs9SW5KcY3tkyR6Ae1wK5ANIM2MCv0fe/jSwfGm5ZfWm6OznrkEv5nGWvMomoZCgjPBzd0LzcC+YbL0eSHWtivCePTJDVJAInqqhu00obf4Ub+KvzGEJ055kzD6TyEfXU5j7Hweg2a/OFr+nEbfFh7+fX3WhO7N/wl87gP/t7ZBOD1TBzKxRvAvw4prQNJWglG0+PDDHL6n7/mi1cADRqW0O6o9hpuzGhadkRfmyJprtz5CmSZViSw6ba1ebu02QI4BuTJ/vo3n4xyieuBX2gNY+9RvQ3Nm3HeHdTImWlCtqH7/mgcmzNaF+gyrgKWs9vVy7Vx8+31x6MaBMy9yZlJgiXIR9tBAyt7LHL1tKlMDV7GyYKbKCrFiUmZEt91w8kseVMFjQZBV6PCG/gEaRRXkYotsmnQ3j7iCpAIWKCENjhbWDhQGLUiagCNUIXxPBnazsfnnZn1IhCsIFP55LQdPEfNVBGrHyOU16l71b2pBx29JKl1eKrKhMH6mEHUA5Xe2whyV04k+L25vD8OyxOiS25k255RCHZVTdpqCpb+KuXRxhU3xiZl8vGtva9teUtG0h24vWmqWii67XTi0hbEEKkbFk/aaQQotEZOqNUTHf5Gp5bDo/mUthBEcmaArpD52t3a3C9rfnvmZMQ+O1n4ug+ORqeWInBpdrfxk+ct26Z+OyWiqGVjVCk0TkBeUMUmt0p7ios/P3Z58urt5bKRtkW9J6MDtokGV1NfVxtSZMEwn/AYmZm0q67n8sn2kCrk5/NXdHBg3hbq6SzoY3R1x7qg5Z5cRCG7ka7dwfcgMNHyc/nDHH6dZ91rweGq+wSrk1f3sAngo5SzJqRCrie+Ft9JVPQzBzbQ5vj03FZFKyl9tV5fxYFFqNmc7TNLVTiLeTRF8qXQLXijyuWLIiGmSOQpuoR6aTFaRESFKAzCnvPjnEj1+dkAtNgCciNSoetw0fo4+iw63tvoXXQY/YMICsyHHLfazFsROjBU3uQZNHarScBNgDpCfkLoiuzuUgRK1EmaXVi5xQIkWpDSrpRmyfZguagPMajlLmcqFhhgP+JrYBWWZijhPVDjugfo80tocW/jN4/jqbtdOAxgcCPN1Y6TFyqZybmZi/oGzaYRbRuRMQk4tz8wVKHmhWoksKCuBmyvw8FKu1MtuTcNCPQt53HybBF2zpzUmoYlCzTZNSaZGDfOXe6M3PJZSTubPPdGshqKvkJBFSQqKztXlC5lRr1EicY3mN0QoeZrb2rmNIO0yQvPiXP20uzjOZIK+u/2UHE+Si5Jve737EfY2R9tPtMFvUbCprT7ObxqMP6rO78bYrUE24Rbbp5Xp2sMWgl7rnQp4cLeQ9IK+UlegcjW3WNyd4v2yvNvjBoqrOr253CaaSlKtZz/RMM6Jf3TYNU2N9g33ermGTeRtEy9nlogh+L0GuMY4ruLm2g8IvxJscs3es18JubZS/TNknXDk3b5hgu7i6tb0PIUS9tBPi7qEXBt/fzz6d3t66m0YVkLDF2jsXnA68qCZzFLpZXHfBafWBBycj/ALvDrAjgmHq7J2Sv9/9z+v33VNnGt0Z2PNN3K7wZEesxT67LviUTbtBzcFTEH4VrMcjoD3fzHUgHwB4etoJbERAV/dtdFrqlZBMUwR3ytUjSDI3z5+6sz5Y++3GZKAqE7qL+uryF+BYvRfUPr1cd+swBXWR5m5lVCCswzkZ8WK+O5s6Jd3b6U6W3F3GZiI6huy1CPPI0/bTMOSZvzmPu3A3kJQS3bjnoJg0NzlDswMN4RaVsuMD9zb8Hq2GH6l5Uknb9INdO5b4/crUqON9E3mLViM9faAso/MM6mNtbtGuwXYcZ+K3pSoLowjVB23GyAYlBcWj0n15Tg/JA7zDJViHVP0rqnY6UA8x3Q+djLtP3QCn6EV3GPWRrMyl5L3E4bqkSomEoU395ka5puaVeulma6tBvXoXWHtsvFPdHbkatCRnrHFW4DH+26ACC02z2batMMkrj0kFG/HhYU9ISIRM1S5PGAvTfJL1RNo+D0x/SIes6/Rx1q88T9oB/6it+6LMstrir6gicwC+EaXei6zr2RobmZ2tHmThIVi0c3ueydBxfb7DO5Fymq3/mJ7T0r3xfKtWzC+Bg6TeifPAREZHaA4LyrJSwkwCVdND5noOBjzpkmbEth3UHYStmPJ9DyVyoDV5pmCZt+/rPYL6OgyOC0lzeBTyXr1Ji/SN7fnY9XzscoKGzI+nJFmV/D5YFunafNKuUS6UJhm7h2xtxESZmeUKyS7W2tm1dGG1WAYHM318MI2bTX0yclcvypiWj1McXdvoPSTYn2arvhSflvd9xKZFC7nVmyTlagFSuiNl4A3d2wcD4x0pY5FUyY/R9TNs2OmWK/oAVi0egwmvxXgn+LQyjyWNEE93/3rLp9lWKdX0hLw/WZ4QpkmOeYqEenN/OHytPoSNC2DJynzPvnbCtjgiQhJqU31sNwXVK/dxq1FR+yElciDC3HKtHhgvSh9+NRQbC4VeTbIadEyesxJoUXO54WvUdGLnzi2rkVASrExCZ5NWHi+54OT28u76qMur5yxztQaBXF5cvidUa5qsMJtP8PpzEtv7eGfb6/p+qw//0HtkeuUE6Z11wfBRL2d/h0Y8Jaf+DRMuOhtJkwoOJC2lN2nh1PrPDOaJ5TDrtbVNgnnJ8qbdasQJNh85QOxy/aCyBaH+jTsqw2+fPMSOXOG2BAmnQNUERrXBjvxHIEtrT2+2CPmgbaFShV+FiCsrRHzzQhIuhkJwmPrKB+++2erH5seixHEKiJ8RUcUgVJmpDUthOqgR7JlB0ON28O7cMC4j3530SI1ue0KuhJOgGxkHI9McAXjURNAqD9zmghZSPLDUqBCiLX8I8CXjlVl2hDCwT+qYiDcTwi1u62WXYA1Vyg4gEXkhmYLq0TgCcc6UYny5B+Zu89wmYlbbJkpLoLkdxCNIQOQZaPMEcPn5tTuhkCJpZxKQ+m0ylP70AHKRiceXHSQXmqSQsQeQdr3cJ6o9Z+7czSQG0xFTJMFAoDngWDJaFGZ2bKdC1jcFfpC/0uaz5pGpIJ9ng2ZozXJIRdmtpe9vwGicKuyLiFLX4+qTnY5ZQSUm5ezx2OqQ9LWYospu6QJJE8E1ZRykHQxeUS4EbYWJElb4wZOW1MbJKoPS6DytjnZWdNKfImpinFye/0RStgSlG1qGGSJwPYRGrejbmIrh7cfTt/vB+fGnv0UG9ONPf9sDUtgE8VB9Cs8pH79S7bQR5yV8eJaUWiw2t2QEG3rDhI6TZRWaCqY5HklpJnRBVmAOvBGI1e+rO2D0YBT7I6bDeFOaV9i0IClT94O5v1qKotsIPFXHqidMpcAV0+uaNoi7sfutEp4n+qVSbz/c7ZJ5W6qY9EZfFMiNMI5SSsytvLseqXwWVKmOnvdAde1a3AbKvBMcjdXQpZ2IPKc8Ir4z22AzXXlrDlYwGcjuJ9c0G5ZclmgICdPkcLEFXrRMWYQjHuadoKYEUXaIGrJN3IwYpvm5ZX+0nvqNEYfnI7W/95a2MXmEPfYREieY8pazxQJS7CbYTLbcRWS7lTwSqroHY04V1AKmF7p4g86CMcHSH2p294vzQdd0n+9vUn5GBMqZ7sm5Qf8hBhUFG0vFRhBiJtxb2O3BMTutlepI4qzmTd09vD/mYA2hms6SFeUcNq3bIxPUO2g6ngobKGBkOTKeuQ52zUo31w576N8B3WrayAn1r7Lr09vfSI5cVIposVxm1mCDSoUUWRt8L15vpmJ82eXoIXvnfTadPp4OhnGmWcVbZGd8yMJNGofWbp3nBE2TBIoYmI26dRgZYYCb1s3j3D9wPXCB8XoZUxq4GUQI1hs1kCDfHmOqLE6DehTy3kBKmYQEGaxcnBdTdS46xk/IuzXJ6X1YBKv7Os/Pq5NXR+QRMEHF3722pZJnoBQ6rTQGO+UCDVc8kaDxGKVMJcIZd3yMGTxZVkwyL00T91w88hpGpoi4N7KrHAwbT/K0T8maIK28puejxZ0imq3JI2Xary3tiGm3P4N3WH6g+/1s9KXUnq1IEIbUU/PQ3aafkoaB+/fDHOMzUXJtnuPCqIzJPVmJR5JTvvZolfVTYyARPEFSDseqFpb/Y+Zb6NyMkxJg/l5CCe7+cegqV7qLdeIaDxEXmqxB11gltUBLOA4TUrKCEeEzXVfsPk6iTS9PQ+QQmmAYtZC+Z7x6hw684zLe+gydhPYcbNpsBdf3ES4q/wKtQnzHZcBnVOkZLfVq1kcYsoes367aLyVLF7poKvdta/onJGMp9Qq4diESbxQkJUaf52D0Hqa82Z4qI5k70glXepRZZZLd5OPdToYTm2/VHwYxKYbzxoc/2HCDghWQMQ6pCzxgPOjblUdy0dgobyrVvErdGsFqWqpZH3PKJMvpLbYZ3hASdCnH8jFVHJMLMevNTpk0wbgNkWDl7dNT3cqHsYHhmTYdbtRJHEa71/xqupwca9IVxeNiTZwCJySaSB+oRN5sqrVk89II65rGZhP4MuqsvRSdNywpM9q+gFs7vKBsaIj7GhPbaxKMiVYcsuTYSDUj+gqQZoEgrSUUjRHeXujvfeV0pHAe7soppHhiMX0tp1nmTXIroClIp4zkdF29CdwoUFaHeCuqPJohgxHlS5h1J2ZHSWhgTWGM7xmqVJkD+fEvf7Obm2behVC3pIyjQ7QTgxlxEU/uHVKjJC7iBefWdoSdq0Z0jKetuxL+M/iCa4cJGN2Q8SQrU6ccHpH/KJWura9tfTAUxQiyr2DgTqI+28CFZEv0tMcMB+REyBQFbzXsRcPkWqvOUAVCjYEazN6HxhsM35Ohen/uc8ys3Ui7AzVy4WWXf2yMGyJ90dXfCekLLv5YnNV5ivy88Fa7yuOOMdDmSaZZFUfVuF29hjkX6WAmedgJL4p7IwW1CbxS1nXDCfGcHvoL0/dQdkvPbdgi7pnu8Ap6eusTURgubRiFhixjS4w7Cf2NMNCFz0bxpPYD9A5UNKXrVQ1klYowhnFxqzNjL5QuELrChZCNzovb6OefT8/Pb46II/4NAdBevXdjGFVyg/eTh8YYAs6xAV57/7lcCboRx92wcNjcVU/KthTEElEJtPZaXfopFD3A5JrhwSKZ1WFG+49mAabmgEdA49v80HtveF5LcjA91epF5VS7XKGd8EaIKTjItinZTnvGd2da8EkEVaD6RlEMWmqRU+34zxYsy2xo7ZgYjN7JEsgadLi5MhrJURXy0nus3JgnnqwYMSbRxti9B7YN0PdSn6JFnJ3QeaPjoYtpRnlvSwuKBnulPdpOTWpcyjibqKG6K9DZ38ek31ua9njQbx3vu/V/q7IoMgapg+itUziUoRC0qNnAyNBf5dlsxKgjqMaUrpivzeiyBs0u3CHK3nxkdoAsu9NazBhbtLfCyuY5NsyxCNefif+yaAvGveRiY8QGfbzBfsD3C7rWMfjMc19WXCj+MqBIX+PDCoxAGDHgppI1POyg18qXKlp1cbNLwSrOkk3i0T3sbFcsuedVZZjKgT8ydCV+kPI+aL6i+F80QcYD8hsG42zGV0wIS07T7gC/ibn1a9Mic46v2nUwOvAw6ZYsU17NHeHN2xvc1mi94U5erHrj/coTGRecYn6ue535TCZv0iQ5VsDTIW++/zk/O6uyY0LowRYtkQzHdpOh+O4XG209atyM3AeFExrqOdY9sFssfeT54sX7ozd2nYLOyPOxOk3UlMHtY+oINm8PqC/Q3AO+BzkHKcYw3Bzitv7Vdb9LjUl7/CIrjTe+pqRZ72MkqKwieMitYyR8fXr7AxGS3DGk2/9FUlvGLvz+7pfbH0a5OOMhd0Xd+HDxSMerGPEh44Y9pu8y6ciy3sMZ7RfMcjoNpc5J2TL/vmwGRffT/73Bua1aL4mbFrENxTjWvAeaRawd0lP9wuU4titljxyQO66IFfsYY+7jmrW5iSJjwU5GgEnpur8+1147rmKsMH2gYNYWIVN+wgaduAkr2jRL+5BeWQTAE7kuLAVIfzntsHeEfKQype082D2kzIeqUT8vQ+pfdU9xeIyL5sY3uSsW+/Fox5SWLa8niSN6PlJleafs+EpHPeIInP8Iyveb4ajPOmAOXbW44uPdDE/89fxs6OhAK9Nmj4tpez2vfV5tXS/wZus7PNu655JUyoyZFUsxt+0iJMPm+Mjwmtq0WfikAjz2OVj2+T8ig72tyjMku0xrMyTtW95NtzaR89vZTWoq4JfYVNvABh1VpPPypR6XtvPd6FW3FEeaHHrJt9UEqnmiBu2N8IT5nbHxhWa9uyTEFqEjaCRpMCZIzbbV5Z6Uu3W9pUaZXeA32PNxDnlOB/NzLu2esElrrUqjYduu1e8vFTV1ub79+6ddNm07GXLP/ZDUszfNFmBKlYM6ZlSODuTa9omQtvvdcvD3tDe0EdUJx/wEYSeQDj8FxGPEE9HkEqKLhSUGMJ0cIZcnHxPAaM53vPVyN60Tam0YVdCPblqgoqa2XWHrO52d4AyLWlLsolXf03uba4E742iCWJIXz4Tt4uxyLHkRmsKjUpHzRtHNFkGeYnyZuXAVn1Ve8+Cjs9purjHIHcHfgaZ1f3q/MWP4J7X3ntTeOIvPE39id2Z31MmYg/ZP1uHeufnmOHwX+Jlvj8nXHZfvn84XB/pPTt/BS+iApUguzkOK6XTRyUXLR7OPT2Kj5OQoZSNqljxyPpU55XgRohsgUJc58TMKlCrnBwWlyvnxOOdhtx1jQhnTSuFKRMm10yQs38M2d2pFPeOSbuNNjK+y4KrAmx5cWRnKlA+vHLVeCA5760Sn4WnT7je0Zq5IVO1jYQftgdN6YyLXvnGNOi2wIuyhLmh6J90fcsqy2Vyk65kr8tmNdmhK25L9nQ3d40tbicqS5sKT9lQmRlPIIAfcm2hHsM3ZeF14KihPieBuGO3bK1zjjvbYDGRQQtvhppDR9UyLe5i+Nh2vBTtac8js1WvaD6uhwJHSJbR0asa8ZJk+ZtyiQgowZwqlGdPtiuxaEESOAWb+csfvEmDBEmO7DSXrzGF7gNQrkvjxVsvh09h+jcbC11xNbQluX1Ni6IEeHn4xd36la9c00MeV2fm1K7EqQBfObymNmocOfUjLIsPHHF/6nTV4NxSFBKVmi554mWlE0x0vBwM2A750dYaYry2O+8epAW6gLrNlDgHe4NZPpSiKQxTzDAxc9ul0ce2NyDZVx3aLdC8pcLOV/FOKoj2yA3a4DHVWj315TpPz1d2ny12sZrZ6crztfl6rxrx7FPZKKB337v7oWpwAJnqcW4sB39YpsrSZzShF9CLZ/hdlX1hRPdcg7qxt5BvsNGtdrubpcRA9Ieb7+63T1hXabDuKi/X86rbjKFSkxJScfTz99On91S/vR3qHOeg5E88A/Qr0u4vPseFrCc8QLHAnAXYHXknvl6qDcGXp/MbK7gfAquadZ21yPWaDwTXsDRyv3x6RH4/IvxyRv/5w0v04jsp452Eg67TVkpvciqTBBCipLjdDTffs3TVKXheS5VSu3dY5IgoSwdP6v4BOTnpmpRBZd07R1BIfOX1ieZmH6ulkDvoROU/tVYF8ofa5jtYoi1b1oJOQsN79MxViaDW4HNZKQ06STCT3g5ikENq+cuKBQluqFCVPj7VkhXuKOAuwhAVITCXdBSBTm7fOvvhMk+7QTUUGi6hOsA9ChmPwlyPyV5KsKHq0pH8nYkSneaykMC9tceetrbw9IhfnhCrFlryywW+Oc74mF6dXp+2mTufiAeqN4ROqVAbKxfXDX20OfU2LDy7RRgfthq+EhoqH2wieUEw6ZSlqaM7VkWVr97JcE0oyKpdAgItyuXJvokYO+8X1w988GFBHrX4VTsCa+Gf1gkmlyUKU3qLri76e/2QeuqueAf3f//1/VKOvVkev2QmcEMpxmsL0ILWANbcQDkZ8UMmyNX6oR6CZPWaed92bvx1HPxgbnoNdxZagMPpvZqlEzeyTREgJie6GJeQyOiy3G1y0ZQDpKaZSKKisP9avsC5Pk8G0OXXJoTA6taaFkUqJNa8DmZfBuKnD1zE+5fr5MLqwtM6J3AaSl/kMnvTkIJxtXkJ40sBRCFu1i7y2tkrq/DcV931BpYL0h7byKBIVV3v8z9Ha4+ez2002aEI+84xxIGdVZKfnOb72Qu61+eIPJ+aja5JIQCNUiNFz1s3uQLytAZgsgz1upLadEmNsWerFIA4XKYW7N4oRmdGeoTRbCsn0qj+laa+MV8w9CH2EXAlvE7Rhc/KK5mA/yVP3T7/C2vzLGHoy/PxBntLPkwb+sXYF2sG8QkIdzfiyBLWCdFvy4ibme2jbqZ8HclHOM5aYDoYtKYxmM/sIi3eMbrHZmvMazU8+9HA4Xr16eBkxEhGXFUvTAUl4EPfx6rh13IRkp6TBnqo57lasKubURuhio8w4xvCYSaCq9X4jcUTSDbaN1/JUqME+WXRM1x4Ls+oIT4qwMJgvubk4zvHsop9W4hEpkmx1Hi1qXsyWhtqLn7ddkrHwZ1Rj5ntjGBweG8VB6VyUuj44H71VX1xPE/RAWUbnnQEalVM7qsIz3lxW7BYfHDlZ/y48D16pYDGzT+NBN2PEZ3pdKWIKC3Jh6Iat1IN/HFPbnSYrxmPH2JgHsvZtV0/sQEyWiLxgrp7cMIOR+WjU94k/8B3AnBZMh7wdLUv8nlNm3m5MQkpEYTQ/FDr4Lh4OBLKfiwsnNFsL1HYAtSCy5FW06dCeVzN4ipg/faHqEZy13Y4BQ8heT7njp8RP/Y9BfH/765zFLLFQR0j+9tfjOdM1nAN4SgVqRlXWrfhNq6whoAYJg0ilJqfOHHRb0ATIJ7o2l8MN5anI2R94YYxBmkK3RTQi0HOqKXmP82ck7bWEB+Bj8SUihRlaB2Q7QiUaVDC3bAK2IE/ojSQrSO7VGJgKup+sEbCVCo2nZWJLp1SJgiuKQTkD8FZUzVhuFmKm4zIhNGGiQkU5sX2RMUfFQLP6wfNAs32NhmbUqucBFuoVNVS5sTjRij9LqaaHxWndBaNguci+/Wqo9FTwxzoH3kflIgiPCHN1Ebaou5Km7MXyoG+w813U3n2DQ7pD332rmB64nbC9pmLGw3B5euYdGTtAWEiaQ4qJzZ1QWiV8x6S2uvvTRho4p1YzUiz4imtAbSQdJoxla0LJinFdWepvTs8vvtx6q7lN4O1p1btw6orZSnBnTW+lRXfOiw1snrWGP21WbmyYdOWJ6x54IrLMmnjCsO9KziE7tswhx+95WggzLUGuDb4RMP1oZh678bbamW0Vn9A77DW0TO9TW69rYrfVOE9WNMuAL6Ga4kXFKKxWzmKh3eltRJwNPlktNVu8odyG2Dajri8wBHojBm6Io0B3x1ZMzsP2McIhqKLyyQaPGk/rEct/PsVBHJ9iyes/h5UREtUEKYWskbO7CGDIC70+wlxLoNyl7dQa9X1hOY8ad4M54yMYzjOxXE4Plt2WK88UhlvTTAJN19boZXvDeXFk1WzJheyqgyrTl4qqujnfKaoqEeKeRbwuz7A9VzUcPTuNcEpvHqlOrV4Xjpabhnv2uY+nNQzaZrvopsmFfqUIJTl7CufFzDOHpdD2GDmqkSogyeySX87OgrxCG0ur+NFwdT1bgXfWk5m8l2fEFfcN8R/JSqjN+MEBfPewngsq01mGT+l46H51DRPbMHmdUb4s6RJ+CAbc5oYauCz7zaFTjPLzkmUHKuRu9pUbmjezbjlG3aNuj7wrRywS4KsaSdDO6Aop0jLpIDSIBO7atu9YqnbeNimoey26FcUp++aRpVsICPcqbH9uodouJq/HCthy1e+viYLQ9jEZYiIyITsL2JE4e8YyCWUY6lfoVcVVuXEGXQL0ii1Xsxoouwmekz2xgwUi0lRctJgOmPcOOo5TTxXCKZbyN9KrYj9tVlnxSchm7J2BzluWvNzCDrnXpmxmthtorrQO+feTn/7yr6joVTTyHEsayqbJKVlRNobLswCZU76N57JbZx05kotNbouQfVcHK2Qbu6uNbcFhCiLkhZBUDsVsVCsdbS9n8AD97MV7beb3FSsv9tLm8RjDXQ16JQ50WdUA2m5GI6zy23q8mpNeQ3fINVe5zc37x5xaVFECpEEVVnUrrZMgvS62sOrJtHjj8zRnSmVNSr0fWo19yOiyJd8WnuAHy/oj78/t7aeOF95i/lIvvA/vYuXNfGVcvTn9j85ipyRuoNql6SZo1w09ZGQ8Xc74swA13ewMdGtuIvnmF2rru7QF9AUXatQDuoORfPrR7M7hJXH0i38003inpPCSZ7pIm0yBG0jd1bpF9QzTuaISZouMRiQwa7Bx2ncE2hk5gackKzGpzXLAmM7TkayG7p26FxNMR1W42steJdJaiW1gjI8QpP0laLe9efcwXv+j/r6djqrzobsHrI+NR+0oXGGbsSWnupQvFVh46/vfRauIy1Hl+E83+SfDzBCMfhk6rmwZNSdwkwG7QoPr6grDDj2RDPB9HGOdNI1CQvWpKg22hfQYQeJzfcwElvO4SN97WlBS0LXRwm1tQCEtYejISj1mXbssAFGSoBRbqiNSqtJWBpUiJ6rMMQsa+xxB4XE4cKZ1dWRR0T5c1TS9lMvp9mInl1OtAkqnGW+Pqbvx6ajW4lSwAjLGIXWWPMdp1aTudKHEvj5L8NAMF2qpFO3fS+A9lLZT9Lg4ulE3Y8RvIOfWo+Dsl2b1vBv29cXVbxd374/IzftfLm7v3t9sJvz3Qu7M24kE+UxwjWvqxNvZLfxubnCagqwCA0bxtZSSxRNvX24uGjPpZnFIV+vLDplWRG9jbs6pholz4+BH28Vba6JF3RB++36QIg+DvxJmJmxk/vK/O4+0ublfqSDvaVEAr1Hk2pqgRmVTWjJkxBKLBfpyzZvHBgCMOA16MyLnQAO/E364Y+zP9FDFr+5qfhxfHcRITyTdFRx7PiJ1nvBqa1r4fUbEOn6kP7TMa73D6KlIO0XI2L8ff8IOJx+pLfUKvvYz5e7B/+8OVRj5V3S6VKNMxfd/ukbZzmzQYWtbRLxNMQbxeHAfBNM4zbKoT9DWtNEsO744nyiNumttRYTnamxN1c0UyBldxq0xvIHwiwJ5fGr6mDqH/XngX1dF3tuKQ7pV3XHQhB4eIoeq1OvQeXm2E8BgWKSSs5ZAirhZ/mE7GHv47bcj1+ToE5x32OSQ2Ay7Np/PmtW2ntM+4HrfLSwVC1VNncft5cHqZT3GCs7ZQRCpct4Paofwe19xLB66Mwcr1DLrwTdcsys6c4ZVhfDyD6XVfGb6uBprUnfP1DCjXUeagih5SpBrD9Orw1n0j9LA/Ga1ygFo27z1k6brt8opeXv5rhbdPGai4qdTnVbOOEibiVXb2BdIw37YYlXdA9DFIgSpNep0mF424tck1KpeBj5AnE1LlTVyVk1DMyOqWcwyWI06Hwbq65Spe+t1OiKFRBpN/1cDJEX7aIvTsxPygvUkdHYpPWNmvJLGgeAvddVRjojSQgJhGln7NikM9+JQ3sut/IFlgA4htgiVz7YkqdRB0a7qrJFgnVpDNm7VTCyJhETItKJmHPP66y4bHAHclyryurbQWygUyIZ3pRfWPvEr+qnz1705gDsMmNgaE3VOTvda10hwYcY0MnhFPitKCQmwhwGINYXy7UwszIKms5TRDJIeksJJsqxWO3dOFdRi/FQ+N/97e5xTxodq5p47YMQh3U3py+c/jhvi3vWBu8f4Y9Qx1p8C5vi9VE63UUKMIN0prbtTfO7jQp8oMqvrsPshMMlpeXEeRKMtFzOOY2YfvaybWWmHu22L1XMPENdUr0hRZlndhOnULl/mcaP2plHWhH0BD0GV8MBEqSKXy7rw0hNnz27UMHtOgfT8Yp4b4pUKaMiIfEfF/ugGvHvBsXdrDdhevSrqkLrK+vgoBpW/bppcpWleqG4E9meQoBQDDVuZv2QnYrl+a7tbI8c8YMY/JkllRXk7GTkyJNvJaEiW2OvAkGxm60hIuUixUtVhMWEv622YguIbtRjkly99wtzI1fOz929urs+67+Tc1rl8uVt5dukqbe5wL8cV//V4U5T6pvlh2th9ntHby2VKaJaQjv6stllzqI/NYjPaIVei47Or4R8V87yPDXurieX28t2PRz662c6zvxwZT7LSqLhYRuH28t3bo0baIH6l1bb/dgppmThyBt8SoYo8QpZ1HbgXq3pze7lb2ZsDRsud2lDCZh0HA9RGy/nIuIbT2Sk4WFXIlbavBdM9YpmFvMw0K7IaGQLWBK5pbYPB2dkBnbofIRPjXDpYhrIj5GKfkFgsBBnqZJAFmo9dANnl6cUn8uHm8+U4eDIpdFT391ZwN2fXd+Tu8zhovUFuuxOXdkW4jQMRd+U2cXwwD5RROA4ZoXA3cisnk+nIRvgkz0bu1+eJ1xg7JbmKmy+wCeZSLS/Ox0FhfHb4ybngxz6eZRyq54oXGYfmaebqEmnGl33sbVFg/fvx56qn44vrkdKGSaVn1oraw0k1lZGtgc6SdN24fkauJNbSegZwtqMd0WUUJ67IuqlqJ3vDsKRS0F5WzeI8VtkR4+3BvW+dKTyKkQP54oVQdTiQMcazFT81LXxKZ5MrzHa8K2o1mX0Fq0oXXVFF1CPDJC2z0LZ22t2n20E7oUhAqXBY+hXAPUE7mo4/+8NiFZY/+6X21aOVdk8cB2xYe6Zq5lifjLb+sAcF9AB8F/Pte6kKlFvb57zUGOG7hoEo3yBCS5ZG9CLVySJaLhZdvEE3yBBJxKnjyIWUPECiBSZmWY5pW+v74txxRVCtqd9sujrjQ1e/mj3CvKPee8w95sWNtUvjK09iIT9KXOe2yuaCJtDxWub5i72Wry53ei17Wsvut8fEKp80x2eyr/beZswsaHIPmswhExytfnYDIHiXwB1obV3REsFhjH9lz3Cg7vHUeAoQ4iAXUz0qr+R98mR6XRHfrK+12dB0EKKb4c0EYXuf2wz5wCiJkTlUkYJK7cf4SpHXD29xER5+TH4gNM0ZZ1hekz3AG0+zaDmTH4W8PyG3AOTmwxl5+/an/0qEtH/+17+8HZijJcTLoHIhZP2EDntFCDeprx6oZFg/Zc6QIR9L6v4C+sblRf4C+gqe/F/J9fkXJ/Z8DNR2poL6sOZldj/7Gsb2rszuYwzIx/a98EJZEG/8H3YeUvVa+I628C1M3rPhUmGqyOh6ZqVTPNl36s3ztc+Fp7GRenZfGS0bHDv4kP5fzBTry0Teo2ZQo0hYDzSSZJTlijD9ymmBZUEQTYdGIZL7FwtA+Xz26+0zFp7vivxxhLv1i9igGvG6i6cdf3Gxt6H+ZuD9NpPDAn16IcXTUIx3QZXqQLBPBJhrMQa6A0WgO2I8L0uo1pAX2pwV+9QcCy923vXWqMm9gjltqYIaIao9S77sAjnDB+vclmfx1RCoI1GRZC563bl1/ObM7ntdjMRvuhpYnbkoe7I+vq61cZsS4X47K9JAPWI1ElroUsJsq8CZ9GY+Bw0yZ7zGn+pFkPcxu8592H9FGtJxwTWqMT/r9Xb78dusE5kyCXuFeXasqW+yg0g1pCG4mvdU4dWS0AwPaSA7Zbwj7xzp2rS5P+2nfZyfP22fv9y9+/zl6vyEXFzhH6pfKQglBlrNiqIQimGEni7HlAVB+qF2cec9189ayF8p0wLRqzKfY5jLiEic6frJAJKddtKeClsbijlTeYOL8vVbIz5/HIrv6SukPjl88owVK5BVu6pGQMNU+z1jfwazkLHVfe+l/idaxRNdK/vOsLDBmChGkRfSDuxwEGudTMHYcxAjAnRuK5RN97B+pSqYI/Ddw3oGTzZ69HAYjbzwvUyZxXbRtIjgFFuicfb15enZD2PRhYMck6bVvRT2tomMYbTfID+1XSvyCETMcUulJ+YbEuOds0e6VoR26XqEZECt3frIvuqJErnflorkSH/pq5dy0e6Y0HokXv0Hq+vYEpjUOmW50M5ji1SzmedqV0CoBF9sR9WRdLbs0blycUQ/iuMFRS+OwUdew8nypFL0Tq/OSVHO72E9hvIsEttu9449bU6frU3UpWdmL6ZnfoplRJmkHtzefnpz9+k23MghMXeUp7HzxouAxrZLVMk07AqplA8R45jfZ5n5ZWLb3cRCHlfAnZ3i/dn5xzfmP++H2azKPGa5NUvAL4gn7fcvL+8zM3hdp0RCZVUx90xONUhGs3DhoBbUcdyAyoyBHF9EgcOT3rveVkd0OzzpqtaWrpcyFApqNiNaFJk/9xldg0RE1VfNy4OPMFuD0nSeMbWavmQdUeWdS2ZUT5WFdQtxADUINXbwbMgi9kAzlvb7cSdRo3fZAEkc7eLGFo5z9WN8aZVqEJW9YKdSI1u5gZ4d8JGr+UoV+VwAN+K/9gWDdUyUF836Ch9NOlOfjEqCbVYCDh08aSn9cRp97rc8YKfsuMPxEDQispwFDXNnXNyHkOE+qmQFudDh0Kq6+OnBSWpBVZWJxBm8+t/g9RnAWuBYYegw2/gMixc1d3ErD9qNUgu/XYEwjUQxRQa6ehaMreJUDWrWFa4UaWidUUf1w2pzykKdg8oNMTwXIwbJlConlA4ZQ/zlQn5rTOX2oYKBt7bkVr1c1fYBVD9jWB8Skeeuvnrn54ZXbuQgiSNQEtxZ2qMMdmBsJdeyy/4QfVzYkSWWe4aBoUm2HXJ0gJF9cj09x6iEXFLO/ujScQ4wss+13p57dDSblZx1mxQONkiaEdPpc4zVKJbPIE5utaveh1X9eNIuTRFzgNszQMgBLoLvXPR/R8L+exHv35tA/75F+HcotPcb0ggH/iRC4q/hzeYenP98s+1S7vFrfbNtDqD6+RYu7j0H+/Ve44cc2DfzZttpVC9/xT/X6L6GC/+QY/0qrv/YA/wK32zftuj/joT99yLevzeB/n2L8O9QaO88pDr6l8p4wr53ovWDmIlG14D1rqkmS+AgLcW+Y949IZdC6WyNT6EkK5UeJrnIIRctQbpHOtZpSO+2LXs2/2ztYgPN/12+G0yBSu6hhyB6ykM8sD30XuRjqnF1O5CrCrMOddWbi6jTnj7F7h0kB3igY+q6p1IUxTOhdn1tx0zYgkigKVJbsgfkXFksWDIqr7eTL+cwg8G4BWFpBTLG76OOKmQzrfUOXL7Dyb3PMD8IOXR1kFmpQkTizY1OupTs7Sr4GK0YyVa234P94cNk3OSbn7uz6/q8NIWiFZS7aL7PDxjPk90t0yRZmX7bK/jl/BtbwU3Ae68gS/Jvewkvzi6/sTVsIZ60iCGE9QH4s+pUe2VeVHeWxR1Rq/q9hPLZYKOuvqIPYIN4bd+ThhAuQ5aDjFk1s3svR50Mi5moZAVpmYUJmLZ+vQIjRla7Kz5WJf1UmO0gBpkrs4hK4bMsDkLe/4J43mWxoG2f2drRbo0gAUu56qNL+sqX6fzqNjAAfWur1cBOHynD8l3UshgPZspQpSCfZ+tZb/GW2I+KKMP3pWGMMp1STY2aUQ1mxBp1FAo8EESsbzANo6T9ZY2jYnS0daZDLKI6CW7J77l47I/HiIrYddaBlLz2RRwEz9bk+uKUzMvFAiSRmPvJxeNQOrz2xX9mWWsF9jDgfaLLBinjI80ykmQiuUfCP7cIuqo8NGglCFbbtcrES9VksZ3vYrdd0IR1OGb2yWu0GHzDIWJlHLepggeQh8DjG94Rj/tUPDh3KyBFRhknGp50G0XY+CXn8HKZujsxwuio9csbVWlxFoYy7SOX+qsDCETF+MIRCb6m0/ZyPQKTL1Us/R+m713Wq8M/voezBtkDag4vnIq++epewDRlzgPJ+GJyPYMOP01omJiGZe6YBZJE5AXla5/wZyGPqk3Ohe4rHrUX8XLIirVYkFwoU4LoUnJMVMYS07b3Ib9SVF8cCqzgj/MFFbxDDtFWRLoryIpFaWbbu+ZICkUm1jmaCcwMI8kuS8qMBvcd4SIF/DrFarJaIu0y0QIb9AGQa8co2f3pIdLsEEQZc2qwVBtkKRb8Fo5y/YGlPl2e+q2lap5MfwMVpSyEwnOTQlq6FG6+tN9RyLJRw+2pjh3J+zzQiZv2QmklxpWmPGmexpMNqJ4hMYUF49CCmgieQKFLmmVrQomHZgViVYfSNt0ShU8//eVfX0gSmq53EYQxa7l8sKG6oQZWzeM/5EuqPjn62TcA5h1VLGnKvLko9Wbo8K6sT92UHGTXd0V3KMVvjpbDvqfHhK0hm0MvmL0is28tU8R4LAcPoZseE/fMUWRBAroqYPXQF7U5lgHoLxTOF28ILxD4Fg/8C0a7HWYQLxriFm9ILxbXtt8QDp92coEtfxeS0k6Sxf0ti8sJ4/jKZOaEEXylgnPPkXy10nPCuL5KETpyHOPOewQlGLmSXudCaaIKSAzMH1yvCGEERszGPISoP9ukoUIjXTDYT7wCOgq3NRH31JofCdr83HmMZA4LId3ru7kNkMMSRzVyO5dct6qBHQ44XWiQk3HXCGZ33hijIq16GJSbPUQ53vXy8/ewHsWvS7Ybzg+A8ldYY3NHhC0QZkGlAlv2Zk1EAVypjLwGplcgiVT0iKSKGqkFyTZW0/pIMuDLFt9tcyw7BIttH4vtywjQOdN9kSp1cIotOcUiANv2RgSBebWRrIed7sS6DE+F4O3s/Ej43rvWcSfc3J4eDxupyADfaCRkZ6ZphPX+bASqsLItc/tkk5nPVKQZsvRr9uDcGoEQL5QEmG5AS1vh4pHm7xNT2oegANeSgS1ldXo1JlxAssOi+nJzsTsq6KhwGRkXdrE7slb53gpW5692QHRxvTscYeS2taQfiFr6TpaBabd+4yeCa8o4pBbDEd7/EhKx5OwP86/S3jWpPUkW4lC+CVUsmSWCKy0p2yWWd5RNvNZw1JNd++qMlnolOqIYIq3G2SlZZHSJdUGENHM+YpMUVK9mvbd0BPP9JX1ieZljR+6KHqJ3FctZ0kfuOsmZel1V7y1ExpJ1vX6vyt5kYnm8EkqbXtWx4Nm6Wcu31eAnV9Jlg5aFKeStlzZSmy1wKbQgH07+9P8CAAD//wGecYw=" } diff --git a/x-pack/filebeat/module/zeek/ntp/_meta/fields.yml b/x-pack/filebeat/module/zeek/ntp/_meta/fields.yml new file mode 100644 index 00000000000..b48dcc20723 --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/_meta/fields.yml @@ -0,0 +1,63 @@ +- name: ntp + type: group + default_field: false + description: > + Fields exported by the Zeek NTP log. + fields: + - name: version + type: integer + description: > + The NTP version number (1, 2, 3, 4). + - name: mode + type: integer + description: > + The NTP mode being used. + - name: stratum + type: integer + description: > + The stratum (primary server, secondary server, etc.). + - name: poll + type: double + description: > + The maximum interval between successive messages in seconds. + - name: precision + type: double + description: > + The precision of the system clock in seconds. + - name: root_delay + type: double + description: > + Total round-trip delay to the reference clock in seconds. + - name: root_disp + type: double + description: > + Total dispersion to the reference clock in seconds. + - name: ref_id + type: keyword + description: > + For stratum 0, 4 character string used for debugging. + For stratum 1, ID assigned to the reference clock by IANA. + Above stratum 1, when using IPv4, the IP address of the reference clock. + Note that the NTP protocol did not originally specify a large enough field to represent IPv6 addresses, + so they use the first four bytes of the MD5 hash of the reference clock’s IPv6 address + (i.e. an IPv4 address here is not necessarily IPv4). + - name: ref_time + type: date + description: > + Time when the system clock was last set or correct. + - name: org_time + type: date + description: > + Time at the client when the request departed for the NTP server. + - name: rec_time + type: date + description: > + Time at the server when the request arrived from the NTP client. + - name: xmt_time + type: date + description: > + Time at the server when the response departed for the NTP client. + - name: num_exts + type: integer + description: > + Number of extension fields (which are not currently parsed). diff --git a/x-pack/filebeat/module/zeek/ntp/config/ntp.yml b/x-pack/filebeat/module/zeek/ntp/config/ntp.yml new file mode 100644 index 00000000000..68735e4825d --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/config/ntp.yml @@ -0,0 +1,57 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.ntp + - convert: + ignore_missing: true + fields: + - {from: zeek.ntp.id.orig_h, to: source.address} + - {from: zeek.ntp.id.orig_h, to: source.ip, type: ip} + - {from: zeek.ntp.id.orig_p, to: source.port, type: long} + - {from: zeek.ntp.id.resp_h, to: destination.address} + - {from: zeek.ntp.id.resp_h, to: destination.ip, type: ip} + - {from: zeek.ntp.id.resp_p, to: destination.port, type: long} + - rename: + ignore_missing: true + fields: + - from: zeek.ntp.uid + to: zeek.session_id + - drop_fields: + ignore_missing: true + fields: + - zeek.ntp.id.orig_h + - zeek.ntp.id.orig_p + - zeek.ntp.id.resp_h + - zeek.ntp.id.resp_p + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - info + - add_fields: + target: network + fields: + protocol: ntp + transport: udp + - community_id: + - add_fields: + target: '' + fields: + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ntp/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/ntp/ingest/pipeline.yml new file mode 100644 index 00000000000..ed603292a3d --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/ingest/pipeline.yml @@ -0,0 +1,150 @@ +description: Pipeline for normalizing Zeek ntp.log +processors: + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' + - set: + field: event.created + value: '{{@timestamp}}' + - date: + field: zeek.ntp.ts + formats: + - UNIX + - remove: + field: zeek.ntp.ts + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - append: + field: "related.ip" + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" + - append: + field: "related.ip" + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" + - date: + field: zeek.ntp.ref_time + target_field: zeek.ntp.ref_time + formats: + - UNIX + - date: + field: zeek.ntp.org_time + target_field: zeek.ntp.org_time + formats: + - UNIX + - date: + field: zeek.ntp.rec_time + target_field: zeek.ntp.rec_time + formats: + - UNIX + - date: + field: zeek.ntp.xmt_time + target_field: zeek.ntp.xmt_time + formats: + - UNIX + - convert: + ignore_missing: true + field: zeek.ntp.version + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.mode + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.stratum + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.num_exts + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.poll + type: double + - convert: + ignore_missing: true + field: zeek.ntp.precision + type: double + - convert: + ignore_missing: true + field: zeek.ntp.root_delay + type: double + - convert: + ignore_missing: true + field: zeek.ntp.root_disp + type: double + - convert: + ignore_missing: true + field: zeek.ntp.ref_id + type: string + - set: + field: network.type + value: ipv4 + if: ctx.source?.ip.contains('.') + - set: + field: network.type + value: ipv6 + if: ctx.source?.ip.contains(':') +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zeek/ntp/manifest.yml b/x-pack/filebeat/module/zeek/ntp/manifest.yml new file mode 100644 index 00000000000..034861b73fe --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/manifest.yml @@ -0,0 +1,19 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/ntp.log + os.linux: + - /var/log/bro/current/ntp.log + os.darwin: + - /usr/local/var/logs/current/ntp.log + - name: tags + default: [zeek.ntp] + +ingest_pipeline: ingest/pipeline.yml +input: config/ntp.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log new file mode 100644 index 00000000000..9799c888dba --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log @@ -0,0 +1,2 @@ +{"ts":1602116947.977,"uid":"CqlPpF1AQVLMPgGiL5","id.orig_h":"130.118.205.62","id.orig_p":38461,"id.resp_h":"208.79.89.249","id.resp_p":123,"version":4,"mode":3,"stratum":0,"poll":1,"precision":1,"root_delay":0,"root_disp":0,"ref_id":"\\x00\\x00\\x00\\x00","ref_time":0,"org_time":0,"rec_time":0,"xmt_time":1602116947.215,"num_exts":0} +{"ts":1602116948.081,"uid":"CqlPpF1AQVLMPgGiL5","id.orig_h":"130.118.205.62","id.orig_p":38461,"id.resp_h":"208.79.89.249","id.resp_p":123,"version":4,"mode":4,"stratum":2,"poll":8,"precision":5.960464477539063e-8,"root_delay":0.00921630859375,"root_disp":0.0212249755859375,"ref_id":"127.67.113.92","ref_time":1602116655.942,"org_time":1602116947.215,"rec_time":1602116947.964,"xmt_time":1602116947.964,"num_exts":0} diff --git a/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json new file mode 100644 index 00000000000..940f548b1b7 --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json @@ -0,0 +1,126 @@ +[ + { + "@timestamp": "2020-10-08T00:29:07.977Z", + "destination.address": "208.79.89.249", + "destination.as.number": 25795, + "destination.as.organization.name": "ARP NETWORKS, INC.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "208.79.89.249", + "destination.port": 123, + "event.category": [ + "network" + ], + "event.dataset": "zeek.ntp", + "event.kind": "event", + "event.module": "zeek", + "event.original": "{\"ts\":1602116947.977,\"uid\":\"CqlPpF1AQVLMPgGiL5\",\"id.orig_h\":\"130.118.205.62\",\"id.orig_p\":38461,\"id.resp_h\":\"208.79.89.249\",\"id.resp_p\":123,\"version\":4,\"mode\":3,\"stratum\":0,\"poll\":1,\"precision\":1,\"root_delay\":0,\"root_disp\":0,\"ref_id\":\"\\\\x00\\\\x00\\\\x00\\\\x00\",\"ref_time\":0,\"org_time\":0,\"rec_time\":0,\"xmt_time\":1602116947.215,\"num_exts\":0}", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "ntp", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:IDiKR+C1G8mk7LQhFpp+4p1tHrk=", + "network.protocol": "ntp", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "130.118.205.62", + "208.79.89.249" + ], + "service.type": "zeek", + "source.address": "130.118.205.62", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "130.118.205.62", + "source.port": 38461, + "tags": [ + "zeek.ntp" + ], + "zeek.ntp.mode": 3, + "zeek.ntp.num_exts": 0, + "zeek.ntp.org_time": "1970-01-01T00:00:00.000Z", + "zeek.ntp.poll": 1.0, + "zeek.ntp.precision": 1.0, + "zeek.ntp.rec_time": "1970-01-01T00:00:00.000Z", + "zeek.ntp.ref_id": "\\x00\\x00\\x00\\x00", + "zeek.ntp.ref_time": "1970-01-01T00:00:00.000Z", + "zeek.ntp.root_delay": 0.0, + "zeek.ntp.root_disp": 0.0, + "zeek.ntp.stratum": 0, + "zeek.ntp.version": 4, + "zeek.ntp.xmt_time": "2020-10-08T00:29:07.215Z", + "zeek.session_id": "CqlPpF1AQVLMPgGiL5" + }, + { + "@timestamp": "2020-10-08T00:29:08.081Z", + "destination.address": "208.79.89.249", + "destination.as.number": 25795, + "destination.as.organization.name": "ARP NETWORKS, INC.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "208.79.89.249", + "destination.port": 123, + "event.category": [ + "network" + ], + "event.dataset": "zeek.ntp", + "event.kind": "event", + "event.module": "zeek", + "event.original": "{\"ts\":1602116948.081,\"uid\":\"CqlPpF1AQVLMPgGiL5\",\"id.orig_h\":\"130.118.205.62\",\"id.orig_p\":38461,\"id.resp_h\":\"208.79.89.249\",\"id.resp_p\":123,\"version\":4,\"mode\":4,\"stratum\":2,\"poll\":8,\"precision\":5.960464477539063e-8,\"root_delay\":0.00921630859375,\"root_disp\":0.0212249755859375,\"ref_id\":\"127.67.113.92\",\"ref_time\":1602116655.942,\"org_time\":1602116947.215,\"rec_time\":1602116947.964,\"xmt_time\":1602116947.964,\"num_exts\":0}", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "ntp", + "input.type": "log", + "log.offset": 335, + "network.community_id": "1:IDiKR+C1G8mk7LQhFpp+4p1tHrk=", + "network.protocol": "ntp", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "130.118.205.62", + "208.79.89.249" + ], + "service.type": "zeek", + "source.address": "130.118.205.62", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "130.118.205.62", + "source.port": 38461, + "tags": [ + "zeek.ntp" + ], + "zeek.ntp.mode": 4, + "zeek.ntp.num_exts": 0, + "zeek.ntp.org_time": "2020-10-08T00:29:07.215Z", + "zeek.ntp.poll": 8.0, + "zeek.ntp.precision": 5.960464477539063e-08, + "zeek.ntp.rec_time": "2020-10-08T00:29:07.964Z", + "zeek.ntp.ref_id": "127.67.113.92", + "zeek.ntp.ref_time": "2020-10-08T00:24:15.942Z", + "zeek.ntp.root_delay": 0.00921630859375, + "zeek.ntp.root_disp": 0.0212249755859375, + "zeek.ntp.stratum": 2, + "zeek.ntp.version": 4, + "zeek.ntp.xmt_time": "2020-10-08T00:29:07.964Z", + "zeek.session_id": "CqlPpF1AQVLMPgGiL5" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 0667c6e35d1..8595f0d2169 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -34,6 +34,8 @@ enabled: true notice: enabled: true + ntp: + enabled: true ntlm: enabled: true ocsp: