diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index fbbfde9a764..6c022a0f357 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -429,7 +429,6 @@ def triggerE2ETests(String suite) { booleanParam(name: 'notifyOnGreenBuilds', value: !isPR()), booleanParam(name: 'BEATS_USE_CI_SNAPSHOTS', value: true), string(name: 'runTestsSuites', value: suite), - string(name: 'BEAT_VERSION', value: env.BEAT_VERSION), string(name: 'GITHUB_CHECK_NAME', value: env.GITHUB_CHECK_E2E_TESTS_NAME), string(name: 'GITHUB_CHECK_REPO', value: env.REPO), string(name: 'GITHUB_CHECK_SHA1', value: env.GIT_BASE_COMMIT), diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e8bd39835d8..392867e5630 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -155,6 +155,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - system/package: Fix an error that can occur while trying to persist package metadata. {issue}18536[18536] {pull}18887[18887] - system/socket: Fix dataset using 100% CPU and becoming unresponsive in some scenarios. {pull}19033[19033] {pull}19764[19764] - system/socket: Fixed tracking of long-running connections. {pull}19033[19033] +- system/login: Fixed offset reset on inode reuse. {pull}24414[24414] +- system/login: Add additional offset check for utmp files. {pull}24515[24515] *Filebeat* @@ -248,7 +250,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - aws/s3access dataset was populating event.duration using the wrong unit. {pull}23920[23920] - Zoom module pipeline failed to ingest some chat_channel events. {pull}23904[23904] - Fix aws/vpcflow generating errors for empty logs or unidentified formats. {pull}24167[24167] +- Fix Netlow module issue with missing `internal_networks` config parameter. {issue}24094[24094] {pull}24110[24110] - in httpjson input using encode_as "application/x-www-form-urlencoded" now sets Content-Type correctly {issue}24331[24331] {pull}24336[24336] +- Fix default `scope` in `add_nomad_metadata`. {issue}24559[24559] *Heartbeat* @@ -691,6 +695,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046] - Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684] - Add new ECS 1.8 improvements. {pull}23563[23563] +- Remove deprecated eventlogging api that was used for Windows XP/2003 and associated unused code. {pull}24463[24463] *Elastic Log Driver* diff --git a/Jenkinsfile b/Jenkinsfile index 983c7e48ce4..302b5d5eca9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -700,14 +700,19 @@ def archiveTestOutput(Map args = [:]) { if (isUnix()) { fixPermissions("${WORKSPACE}") } - cmd(label: 'Prepare test output', script: 'python .ci/scripts/pre_archive_test.py') + // Remove pycache directory and go vendors cache folders + if (isUnix()) { + dir('build') { + sh(label: 'Delete folders that are causing exceptions (See JENKINS-58421)', returnStatus: true, + script: 'rm -rf ve || true; find . -type d -name vendor -exec rm -r {} \\;') + } + } else { + bat(label: 'Delete ve folder', returnStatus: true, + script: 'FOR /d /r . %%d IN ("ve") DO @IF EXIST "%%d" rmdir /s /q "%%d"') + } + cmd(label: 'Prepare test output', script: 'python .ci/scripts/pre_archive_test.py', returnStatus: true) dir('build') { - if (isUnix()) { - cmd(label: 'Delete folders that are causing exceptions (See JENKINS-58421)', - returnStatus: true, - script: 'rm -rf ve || true; find . -type d -name vendor -exec rm -r {} \\;') - } else { log(level: 'INFO', text: 'Delete folders that are causing exceptions (See JENKINS-58421) is disabled for Windows.') } - junit(allowEmptyResults: true, keepLongStdio: true, testResults: args.testResults) + junit(allowEmptyResults: true, keepLongStdio: true, testResults: args.testResults) if (args.upload) { tarAndUploadArtifacts(file: "test-build-artifacts-${args.id}.tgz", location: '.') } diff --git a/filebeat/docs/images/filebeat-threatintel-abuse-malware.png b/filebeat/docs/images/filebeat-threatintel-abuse-malware.png new file mode 100644 index 00000000000..85f0a9d1370 Binary files /dev/null and b/filebeat/docs/images/filebeat-threatintel-abuse-malware.png differ diff --git a/filebeat/docs/images/filebeat-threatintel-abuse-url.png b/filebeat/docs/images/filebeat-threatintel-abuse-url.png new file mode 100644 index 00000000000..20cf2e6bbd3 Binary files /dev/null and b/filebeat/docs/images/filebeat-threatintel-abuse-url.png differ diff --git a/filebeat/docs/images/filebeat-threatintel-alienvault-otx.png b/filebeat/docs/images/filebeat-threatintel-alienvault-otx.png new file mode 100644 index 00000000000..d17d6f24b87 Binary files /dev/null and b/filebeat/docs/images/filebeat-threatintel-alienvault-otx.png differ diff --git a/filebeat/docs/images/filebeat-threatintel-anomali-limo.png b/filebeat/docs/images/filebeat-threatintel-anomali-limo.png new file mode 100644 index 00000000000..3653000bc87 Binary files /dev/null and b/filebeat/docs/images/filebeat-threatintel-anomali-limo.png differ diff --git a/filebeat/docs/images/filebeat-threatintel-misp.png b/filebeat/docs/images/filebeat-threatintel-misp.png new file mode 100644 index 00000000000..5c456a9f7af Binary files /dev/null and b/filebeat/docs/images/filebeat-threatintel-misp.png differ diff --git a/filebeat/docs/images/filebeat-threatintel-overview.png b/filebeat/docs/images/filebeat-threatintel-overview.png new file mode 100644 index 00000000000..9dae3a3e435 Binary files /dev/null and b/filebeat/docs/images/filebeat-threatintel-overview.png differ diff --git a/filebeat/docs/modules/netflow.asciidoc b/filebeat/docs/modules/netflow.asciidoc index ebb40dfd5c9..c3ab408b24d 100644 --- a/filebeat/docs/modules/netflow.asciidoc +++ b/filebeat/docs/modules/netflow.asciidoc @@ -72,6 +72,13 @@ details. monitor sequence numbers in the Netflow packets to detect an Exporting Process reset. See <> for details. +`var.internal_networks`:: A list of CIDR ranges describing the IP addresses that +you consider internal. This is used in determining the values of +`source.locality`, `destination.locality`, and `flow.locality`. The values +can be either a CIDR value or one of the named ranges supported by the +<> condition. The default value is `[private]` +which classifies RFC 1918 (IPv4) and RFC 4193 (IPv6) addresses as internal. + *`var.tags`*:: A list of tags to include in events. Including `forwarded` indicates that the diff --git a/filebeat/docs/modules/threatintel.asciidoc b/filebeat/docs/modules/threatintel.asciidoc index 9a228a73b77..588ff726e02 100644 --- a/filebeat/docs/modules/threatintel.asciidoc +++ b/filebeat/docs/modules/threatintel.asciidoc @@ -6,32 +6,38 @@ This file is generated! See scripts/docs_collector.py [role="xpack"] :modulename: threatintel -:has-dashboards: false - +:has-dashboards: true == Threat Intel module beta[] -This module is a collection of different threat intelligence sources. The ingested data is meant to be used with https://www.elastic.co/guide/en/security/7.11/rules-ui-create.html#create-indicator-rule[Indicator Match rules], but is also -compatible with other features like https://www.elastic.co/guide/en/elasticsearch/reference/current/enrich-processor.html[Enrich Processors]. -The related threat intel attribute that is meant to be used for matching incoming source data is stored under the `threatintel.indicator.*` fields. +This module ingests data from a collection of different threat intelligence +sources. The ingested data is meant to be used with +https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-indicator-rule[Indicator +Match rules], but is also compatible with other features like +https://www.elastic.co/guide/en/elasticsearch/reference/current/enrich-processor.html[Enrich +Processors]. The related threat intel attribute that is meant to be used for +matching incoming source data is stored under the `threatintel.indicator.*` +fields. -Currently supporting: -- `abuseurl` fileset: Supports URL entities from Abuse.ch -- `abusemalware` fileset: Supports Malware/Payload entities from Abuse.ch -- `misp` fileset: Supports gathering threat intel attributes from MISP -- `otx` fileset: Supports gathering threat intel attributes from Alienvault OTX -- `anomali` fileset: Supports gathering threat intel attributes from Anomali +The available filesets are: -include::../include/gs-link.asciidoc[] +* `abuseurl`: Supports URL entities from Abuse.ch. +* `abusemalware`: Supports Malware/Payload entities from Abuse.ch. +* `misp`: Supports gathering threat intel attributes from MISP (replaces MISP module). +* `otx`: Supports gathering threat intel attributes from AlientVault OTX. +* `anomali`: Supports gathering threat intel attributes from Anomali. +include::../include/gs-link.asciidoc[] [float] ==== `abuseurl` fileset settings -This fileset contacts the AbuseCH API and fetches all new malicious URLs found the last 60 minutes. +This fileset contacts the abuse.ch API and fetches all new malicious URLs found +the last 60 minutes. -To configure the module, please utilize the default URL unless specified as the example below: +To configure the module, please utilize the default URL unless specified as the +example below: [source,yaml] ---- @@ -53,21 +59,24 @@ The URL of the API endpoint to connect with. How often the API is polled for updated information. -AbuseCH URL Threat Intel is mapped to the following ECS fields +Abuse.ch URL Threat Intel is mapped to the following ECS fields. + [options="header"] |============================================================== -| URL Threat Intel Fields' | ECS Fields | -| url | threat.indicator.url.full | -| date_added | @timestamp | -| host | threat.indicator.ip/domain | +| URL Threat Intel Fields | ECS Fields +| url | threat.indicator.url.full +| date_added | @timestamp +| host | threatintel.indicator.ip/domain |============================================================== [float] ==== `abusemalware` fileset settings -This fileset contacts the AbuseCH API and fetches all new malicious hashes found the last 60 minutes. +This fileset contacts the Abuse.ch API and fetches all new malicious hashes found +the last 60 minutes. -To configure the module, please utilize the default URL unless specified as the example below: +To configure the module, please utilize the default URL unless specified as the +example below: [source,yaml] ---- @@ -89,21 +98,24 @@ The URL of the API endpoint to connect with. How often the API is polled for updated information. -AbuseCH Malware Threat Intel is mapped to the following ECS fields +Abuse.ch Malware Threat Intel is mapped to the following ECS fields. + [options="header"] |================================================================ -| Malware Threat IntelFields | ECS Fields | -| md5_hash | threat.indicato.file.hash.md5 | -| sha256_hash | threat.indicator.file.hash.sha256| -| file_size | threat.indicator.file.size | +| Malware Threat IntelFields | ECS Fields +| md5_hash | threatintel.indicator.file.hash.md5 +| sha256_hash | threatintel.indicator.file.hash.sha256 +| file_size | threatintel.indicator.file.size |================================================================ [float] ==== `misp` fileset settings -This fileset communicates with a local or remote MISP server. Not to be confused with the older MISP Module (link here). +This fileset communicates with a local or remote MISP server. This replaces +the older MISP module. -The fileset configuration allows to set the polling interval, how far back it should look initially, and optionally any filters used to filter the results. +The fileset configuration allows to set the polling interval, how far back it +should look initially, and optionally any filters used to filter the results. [source,yaml] ---- @@ -117,10 +129,12 @@ The fileset configuration allows to set the polling interval, how far back it sh var.interval: 60m ---- -To configure the output with filters, use fields that already exist on the MISP server, and define either a single value or multiple. -By adding a filter, only events that has attributes which matches the filter will be returned. +To configure the output with filters, use fields that already exist on the MISP +server, and define either a single value or multiple. By adding a filter, only +events that have attributes that match the filter will be returned. -The below filters is only examples, for a full list of all fields please reference the MISP fields located on the MISP server itself. +The below filters are only examples, for a full list of all fields please +reference the MISP fields located on the MISP server itself. [source,yaml] ---- @@ -150,27 +164,32 @@ How often the API is polled for updated information. *`var.first_interval`*:: How far back to search when retrieving events the first time the beat starts up. -After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. +After the first interval has passed the module itself will use the timestamp +from the last response as the filter when retrieving new events. *`var.filters`*:: -List of filters to apply when retrieving new events from the MISP server, this field is optional and defaults to all events. +List of filters to apply when retrieving new events from the MISP server, this +field is optional and defaults to all events. + +MISP Threat Intel is mapped to the following ECS fields. -MISP Threat Intel is mapped to the following ECS fields [options="header"] |============================================================== -| Malware Threat IntelFields | ECS Fields | -| misp.first_seen | threat.indicator.first_seen | -| misp.last_seen | threat.indicator.last_seen | -| misp.tag | tag | -| misp.value | threat.indicator.* | +| Malware Threat IntelFields | ECS Fields +| misp.first_seen | threatintel.indicator.first_seen +| misp.last_seen | threatintel.indicator.last_seen +| misp.tag | tag +| misp.value | threatintel.indicator.* |============================================================== -misp.value is mapped to the appropriate field dependant on attribute type + +`misp.value` is mapped to the appropriate field dependent on attribute type. [float] ==== `otx` fileset settings -To configure the module, please utilize the default URL unless specified as the example below: +To configure the module, please utilize the default URL unless specified as the +example below: [source,yaml] ---- @@ -185,7 +204,8 @@ To configure the module, please utilize the default URL unless specified as the var.interval: 60m ---- -To filter only on specific indicator types, this is an example of some possible filters supported: +To filter only on specific indicator types, this is an example of some possible +filters that are supported: [source,yaml] ---- @@ -207,7 +227,8 @@ The URL of the API endpoint to connect with. *`var.api_token`*:: -The API key used to access OTX. This can be found on your https://otx.alienvault.com/api[OTX API homepage]. +The API key used to access OTX. This can be found on your +https://otx.alienvault.com/api[OTX API homepage]. *`var.interval`*:: @@ -216,29 +237,39 @@ How often the API is polled for updated information. *`var.first_interval`*:: How far back to search when retrieving events the first time the beat starts up. -After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. +After the first interval has passed the module itself will use the timestamp +from the last response as the filter when retrieving new events. *`var.types`*:: -A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[Alienvault OTX documentation page] +A comma delimited list of indicator types to include, defaults to all. A list of +possible types to filter on can be found in the +https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault +OTX documentation]. -OTX Threat Intel is mapped to the following ECS fields +OTX Threat Intel is mapped to the following ECS fields. + [options="header"] -|======================================================| -| Malware Threat IntelFields | ECS Fields | -| otx.type | threat.indicator.type | -| otx.description | threat.indicator.description | -| otx.indicator | threat.indicator.* | -|======================================================| -otx.indicator is mapped to the appropriate field dependant on attribute type. +|============================================================ +| Malware Threat Intel Fields | ECS Fields +| otx.type | threatintel.indicator.type +| otx.description | threatintel.indicator.description +| otx.indicator | threatintel.indicator.* +|============================================================ + +`otx.indicator` is mapped to the appropriate field dependent on attribute type. [float] ==== `anomali` fileset settings -To configure the module please fill in the credentials, for Anomali Limo (the free Taxii service) these are usually default credentials found at the https://www.anomali.com/resources/limo[Anomali Limo webpage] -Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url -used in this configuration. A list of different collections can be found using the credentials at https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. +To configure the module please fill in the credentials, for Anomali Limo (the +free Taxii service) these are usually default credentials found at the +https://www.anomali.com/resources/limo[Anomali Limo webpage] Anomali Limo offers +multiple sources called collections. Each collection has a specific ID, which +then fits into the url used in this configuration. A list of different +collections can be found using the credentials at +https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. The example below uses the collection of ID 41 as can be seen in the URL. @@ -254,7 +285,8 @@ The example below uses the collection of ID 41 as can be seen in the URL. var.interval: 60m ---- -To filter on specifc types, you can define var.types as a comma delimited list of object types. This defaults to "indicators" +To filter on specific types, you can define `var.types` as a comma delimited list +of object types. This defaults to "indicators". [source,yaml] ---- @@ -273,7 +305,8 @@ include::../include/var-paths.asciidoc[] *`var.url`*:: -The URL of the API endpoint to connect with. Limo offers multiple collections of threat intelligence. +The URL of the API endpoint to connect with. Limo offers multiple collections of +threat intelligence. *`var.username`*:: @@ -289,19 +322,67 @@ How often the API is polled for updated information. *`var.types`*:: -A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix 2.1 Object types] page. +A comma delimited list of indicator types to include, defaults to all. A list of +possible types to filter on can be found on the +https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix +2.1 Object types] page. + +Anomali Threat Intel is mapped to the following ECS fields. -Anomali Threat Intel is mapped to the following ECS fields [options="header"] -|============================================================== -| Malware Threat IntelFields | ECS Fields | -| anomali.description | threat.indicator.description | -| anomali.created | threat.indicator.first_seen | -| anomali.modified | threat.indicator.last_seen | -| anomali.pattern | threat.indicator.* | -| anomali.labels | tags | -|============================================================== -anomali.pattern is mapped to the appropriate field dependant on attribute type. +|============================================================= +| Malware Threat Intel Fields | ECS Fields +| anomali.description | threatintel.indicator.description +| anomali.created | threatintel.indicator.first_seen +| anomali.modified | threatintel.indicator.last_seen +| anomali.pattern | threatintel.indicator.* +| anomali.labels | tags +|============================================================= + +`anomali.pattern` is mapped to the appropriate field dependent on attribute type. + +:has-dashboards!: + +[float] +=== Dashboards + +This module comes with dashboards for the threat information feeds. + +[role="screenshot"] +image::./images/filebeat-threatintel-overview.png[] + +[float] +Overview of the information provided, and the health of, the Threat Intel module. + +[role="screenshot"] +image::./images/filebeat-threatintel-abuse-malware.png[] + +[float] +Overview of the information provided by the Abuse.ch Malware feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-abuse-url.png[] + +[float] +Overview of the information provided by the Abuse.ch URL feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-alienvault-otx.png[] + +[float] +Overview of the information provided by the AlienVault OTX feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-anomali-limo.png[] + +[float] +Overview of the information provided by the Anomali Limo feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-misp.png[] + +[float] +Overview of the information provided by the MSIP feed. :modulename!: diff --git a/filebeat/docs/modules/tomcat.asciidoc b/filebeat/docs/modules/tomcat.asciidoc index 6806a47d557..ed79fdf78e0 100644 --- a/filebeat/docs/modules/tomcat.asciidoc +++ b/filebeat/docs/modules/tomcat.asciidoc @@ -12,7 +12,7 @@ This file is generated! See scripts/docs_collector.py experimental[] -This is a module for receiving Apache Tomcat logs over Syslog or a file. +This is a module for receiving Apache Tomcat access logs over Syslog or a file. include::../include/gs-link.asciidoc[] diff --git a/winlogbeat/_meta/fields.common.yml b/winlogbeat/_meta/fields.common.yml index 59b2eafe6b6..7467cad731a 100644 --- a/winlogbeat/_meta/fields.common.yml +++ b/winlogbeat/_meta/fields.common.yml @@ -27,14 +27,8 @@ required: true description: > The event log API type used to read the record. The possible values are - "wineventlog" for the Windows Event Log API or "eventlogging" for the - Event Logging API. - - The Event Logging API was designed for Windows Server 2003 - or Windows 2000 operating systems. In Windows Vista, the event logging - infrastructure was redesigned. On Windows Vista or later operating - systems, the Windows Event Log API is used. Winlogbeat automatically - detects which API to use for reading event logs. + "wineventlog" for the Windows Event Log API or "wineventlog-experimental" for its + experimental implementation. - name: activity_id type: keyword diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index 51d989af704..0c44ddb295a 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -9845,8 +9845,7 @@ All fields specific to the Windows Event Log are defined here. *`winlog.api`*:: + -- -The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. -The Event Logging API was designed for Windows Server 2003 or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs. +The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "wineventlog-experimental" for its experimental implementation. required: True diff --git a/winlogbeat/eventlog/bench_test.go b/winlogbeat/eventlog/bench_test.go index ffecb69672f..059aad6374d 100644 --- a/winlogbeat/eventlog/bench_test.go +++ b/winlogbeat/eventlog/bench_test.go @@ -25,7 +25,6 @@ import ( "fmt" "math/rand" "strconv" - "strings" "testing" "golang.org/x/sys/windows/svc/eventlog" @@ -70,21 +69,14 @@ func TestBenchmarkRead(t *testing.T) { } }) } - - t.Run("api="+eventLoggingAPIName, func(t *testing.T) { - result := testing.Benchmark(benchmarkEventLog(eventLoggingAPIName, -1)) - outputBenchmarkResults(t, result) - }) } func benchmarkEventLog(api string, batchSize int) func(b *testing.B) { return func(b *testing.B) { conf := common.MapStr{ - "name": providerName, - } - if strings.HasPrefix(api, "wineventlog") { - conf.Put("batch_read_size", batchSize) - conf.Put("no_more_events", "stop") + "name": providerName, + "batch_read_size": batchSize, + "no_more_events": "stop", } log := openLog(b, api, nil, conf) diff --git a/winlogbeat/eventlog/eventlogging.go b/winlogbeat/eventlog/eventlogging.go deleted file mode 100644 index 01465d933fc..00000000000 --- a/winlogbeat/eventlog/eventlogging.go +++ /dev/null @@ -1,305 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -// +build windows - -package eventlog - -import ( - "fmt" - "syscall" - "time" - - "github.com/joeshaw/multierror" - - "github.com/elastic/beats/v7/libbeat/common" - "github.com/elastic/beats/v7/libbeat/common/cfgwarn" - "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/beats/v7/winlogbeat/checkpoint" - "github.com/elastic/beats/v7/winlogbeat/sys" - win "github.com/elastic/beats/v7/winlogbeat/sys/eventlogging" -) - -const ( - // eventLoggingAPIName is the name used to identify the Event Logging API - // as both an event type and an API. - eventLoggingAPIName = "eventlogging" -) - -type eventLoggingConfig struct { - ConfigCommon `config:",inline"` - IgnoreOlder time.Duration `config:"ignore_older"` - ReadBufferSize uint `config:"read_buffer_size" validate:"min=1"` - FormatBufferSize uint `config:"format_buffer_size" validate:"min=1"` -} - -// Validate validates the eventLoggingConfig data and returns an error -// describing any problems or nil. -func (c *eventLoggingConfig) Validate() error { - var errs multierror.Errors - if c.Name == "" { - errs = append(errs, fmt.Errorf("event log is missing a 'name'")) - } - - if c.ReadBufferSize > win.MaxEventBufferSize { - errs = append(errs, fmt.Errorf("'read_buffer_size' must be less than "+ - "%d bytes", win.MaxEventBufferSize)) - } - - if c.FormatBufferSize > win.MaxFormatMessageBufferSize { - errs = append(errs, fmt.Errorf("'format_buffer_size' must be less than "+ - "%d bytes", win.MaxFormatMessageBufferSize)) - } - - return errs.Err() -} - -// Validate that eventLogging implements the EventLog interface. -var _ EventLog = &eventLogging{} - -// eventLogging implements the EventLog interface for reading from the Event -// Logging API. -type eventLogging struct { - config eventLoggingConfig - name string // Name of the log that is opened. - handle win.Handle // Handle to the event log. - readBuf []byte // Buffer for reading in events. - formatBuf []byte // Buffer for formatting messages. - insertBuf win.StringInserts // Buffer for parsing insert strings. - handles *messageFilesCache // Cached mapping of source name to event message file handles. - logPrefix string // Prefix to add to all log entries. - - recordNumber uint32 // First record number to read. - seek bool // Read should use seek. - ignoreFirst bool // Ignore first message returned from a read. -} - -// Name returns the name of the event log (i.e. Application, Security, etc.). -func (l eventLogging) Name() string { - return l.name -} - -func (l *eventLogging) Open(state checkpoint.EventLogState) error { - detailf("%s Open(recordNumber=%d) calling OpenEventLog(uncServerPath=, "+ - "providerName=%s)", l.logPrefix, state.RecordNumber, l.name) - handle, err := win.OpenEventLog("", l.name) - if err != nil { - return err - } - - numRecords, err := win.GetNumberOfEventLogRecords(handle) - if err != nil { - return err - } - - var oldestRecord, newestRecord uint32 - if numRecords > 0 { - l.recordNumber = uint32(state.RecordNumber) - l.seek = true - l.ignoreFirst = true - - oldestRecord, err = win.GetOldestEventLogRecord(handle) - if err != nil { - return err - } - newestRecord = oldestRecord + numRecords - 1 - - if l.recordNumber < oldestRecord || l.recordNumber > newestRecord { - l.recordNumber = oldestRecord - l.ignoreFirst = false - } - } else { - l.recordNumber = 0 - l.seek = false - l.ignoreFirst = false - } - - logp.Info("%s contains %d records. Record number range [%d, %d]. Starting "+ - "at %d (ignoringFirst=%t)", l.logPrefix, numRecords, oldestRecord, - newestRecord, l.recordNumber, l.ignoreFirst) - - l.handle = handle - return nil -} - -func (l *eventLogging) Read() ([]Record, error) { - flags := win.EVENTLOG_SEQUENTIAL_READ | win.EVENTLOG_FORWARDS_READ - if l.seek { - flags = win.EVENTLOG_SEEK_READ | win.EVENTLOG_FORWARDS_READ - l.seek = false - } - - var numBytesRead int - err := retry( - func() error { - l.readBuf = l.readBuf[0:cap(l.readBuf)] - // TODO: Use number of bytes to grow the buffer size as needed. - var err error - numBytesRead, err = win.ReadEventLog( - l.handle, - flags, - l.recordNumber, - l.readBuf) - return err - }, - l.readRetryErrorHandler) - if err != nil { - debugf("%s ReadEventLog returned error %v", l.logPrefix, err) - return readErrorHandler(err) - } - detailf("%s ReadEventLog read %d bytes", l.logPrefix, numBytesRead) - - l.readBuf = l.readBuf[0:numBytesRead] - events, _, err := win.RenderEvents( - l.readBuf[:numBytesRead], 0, l.formatBuf, &l.insertBuf, l.handles.get) - if err != nil { - return nil, err - } - detailf("%s RenderEvents returned %d events", l.logPrefix, len(events)) - - records := make([]Record, 0, len(events)) - for _, e := range events { - // The events do not contain the name of the event log so we must add - // the name of the log from which we are reading. - e.Channel = l.name - - err = sys.PopulateAccount(&e.User) - if err != nil { - debugf("%s SID %s account lookup failed. %v", l.logPrefix, - e.User.Identifier, err) - } - - records = append(records, Record{ - API: eventLoggingAPIName, - Event: e, - Offset: checkpoint.EventLogState{ - Name: l.name, - RecordNumber: e.RecordID, - Timestamp: e.TimeCreated.SystemTime, - }, - }) - } - - if l.ignoreFirst && len(records) > 0 { - debugf("%s Ignoring first event with record ID %d", l.logPrefix, - records[0].RecordID) - records = records[1:] - l.ignoreFirst = false - } - - records = filter(records, l.ignoreOlder) - debugf("%s Read() is returning %d records", l.logPrefix, len(records)) - return records, nil -} - -func (l *eventLogging) Close() error { - debugf("%s Closing handle", l.logPrefix) - return win.CloseEventLog(l.handle) -} - -// readRetryErrorHandler handles errors returned from the readEventLog function -// by attempting to correct the error through closing and reopening the event -// log. -func (l *eventLogging) readRetryErrorHandler(err error) error { - incrementMetric(readErrors, err) - if errno, ok := err.(syscall.Errno); ok { - var reopen bool - - switch errno { - case win.ERROR_EVENTLOG_FILE_CHANGED: - debugf("Re-opening event log because event log file was changed") - reopen = true - case win.ERROR_EVENTLOG_FILE_CORRUPT: - debugf("Re-opening event log because event log file is corrupt") - reopen = true - } - - if reopen { - l.Close() - return l.Open(checkpoint.EventLogState{ - Name: l.name, - RecordNumber: uint64(l.recordNumber), - }) - } - } - return err -} - -// readErrorHandler handles errors returned by the readEventLog function. -func readErrorHandler(err error) ([]Record, error) { - switch err { - case syscall.ERROR_HANDLE_EOF, - win.ERROR_EVENTLOG_FILE_CHANGED, - win.ERROR_EVENTLOG_FILE_CORRUPT: - return []Record{}, nil - } - return nil, err -} - -// Filter returns a new slice holding only the elements of s that satisfy the -// predicate fn(). -func filter(in []Record, fn func(*Record) bool) []Record { - var out []Record - for _, r := range in { - if fn(&r) { - out = append(out, r) - } - } - return out -} - -// ignoreOlder is a filter predicate that checks the record timestamp and -// returns true if the event was not matched by the filter. -func (l *eventLogging) ignoreOlder(r *Record) bool { - if l.config.IgnoreOlder != 0 && time.Since(r.TimeCreated.SystemTime) > l.config.IgnoreOlder { - return false - } - - return true -} - -// newEventLogging creates and returns a new EventLog for reading event logs -// using the Event Logging API. -func newEventLogging(options *common.Config) (EventLog, error) { - cfgwarn.Deprecate("8.0", "The eventlogging API reader is deprecated.") - - c := eventLoggingConfig{ - ReadBufferSize: win.MaxEventBufferSize, - FormatBufferSize: win.MaxFormatMessageBufferSize, - } - if err := readConfig(options, &c); err != nil { - return nil, err - } - - return &eventLogging{ - config: c, - name: c.Name, - handles: newMessageFilesCache(c.Name, win.QueryEventMessageFiles, - win.FreeLibrary), - logPrefix: fmt.Sprintf("EventLogging[%s]", c.Name), - readBuf: make([]byte, 0, c.ReadBufferSize), - formatBuf: make([]byte, c.FormatBufferSize), - }, nil -} - -func init() { - // Register eventlogging API if it is available. - available, _ := win.IsAvailable() - if available { - Register(eventLoggingAPIName, 1, newEventLogging, nil) - } -} diff --git a/winlogbeat/eventlog/eventlogging_test.go b/winlogbeat/eventlog/eventlogging_test.go deleted file mode 100644 index ebb5362d639..00000000000 --- a/winlogbeat/eventlog/eventlogging_test.go +++ /dev/null @@ -1,377 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -// +build windows - -package eventlog - -import ( - "fmt" - "strings" - "sync" - "testing" - - "github.com/andrewkroh/sys/windows/svc/eventlog" - "github.com/stretchr/testify/assert" - - "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/beats/v7/winlogbeat/checkpoint" - "github.com/elastic/beats/v7/winlogbeat/sys/eventlogging" -) - -// Names that are registered by the test for logging events. -const ( - providerName = "WinlogbeatTestGo" - sourceName = "Integration Test" -) - -// Event message files used when logging events. -const ( - // EventCreate.exe has valid event IDs in the range of 1-1000 where each - // event message requires a single parameter. - eventCreateMsgFile = "%SystemRoot%\\System32\\EventCreate.exe" - // services.exe is used by the Service Control Manager as its event message - // file; these tests use it to log messages with more than one parameter. - servicesMsgFile = "%SystemRoot%\\System32\\services.exe" - // netevent.dll has messages that require no message parameters. - netEventMsgFile = "%SystemRoot%\\System32\\netevent.dll" -) - -// Test messages. -var messages = map[uint32]struct { - eventType uint16 - message string -}{ - 1: { - eventType: eventlog.Info, - message: "Hmmmm.", - }, - 2: { - eventType: eventlog.Success, - message: "I am so blue I'm greener than purple.", - }, - 3: { - eventType: eventlog.Warning, - message: "I stepped on a Corn Flake, now I'm a Cereal Killer.", - }, - 4: { - eventType: eventlog.Error, - message: "The quick brown fox jumps over the lazy dog.", - }, - 5: { - eventType: eventlog.AuditSuccess, - message: "Where do random thoughts come from?", - }, - 6: { - eventType: eventlog.AuditFailure, - message: "Login failure for user xyz!", - }, -} - -var oneTimeLogpInit sync.Once - -// Initializes logp if the verbose flag was set. -func configureLogp() { - oneTimeLogpInit.Do(func() { - if testing.Verbose() { - logp.DevelopmentSetup(logp.WithSelectors("eventlog")) - logp.Info("DEBUG enabled for eventlog.") - } else { - logp.DevelopmentSetup(logp.WithLevel(logp.WarnLevel)) - } - }) -} - -// Verify that all messages are read from the event log. -func TestRead(t *testing.T) { - configureLogp() - writer, teardown := createLog(t) - defer teardown() - - // Publish test messages: - for k, m := range messages { - safeWriteEvent(t, writer, m.eventType, k, []string{m.message}) - } - - // Read messages: - log := openEventLogging(t, 0, map[string]interface{}{"name": providerName}) - defer log.Close() - - records, err := log.Read() - if err != nil { - t.Fatal(err) - } - - // Validate messages: - assert.Len(t, records, len(messages)) - for _, record := range records { - t.Log(record) - m, exists := messages[record.EventIdentifier.ID] - if !exists { - t.Errorf("Unknown EventId %d Read() from event log. %v", record.EventIdentifier.ID, record) - continue - } - assert.Equal(t, eventlogging.EventType(m.eventType).String(), record.Level) - assert.Equal(t, m.message, strings.TrimRight(record.Message, "\r\n")) - } - - // Validate getNumberOfEventLogRecords returns the correct number of messages. - numMessages, err := eventlogging.GetNumberOfEventLogRecords(eventlogging.Handle(writer.Handle)) - assert.NoError(t, err) - assert.Equal(t, len(messages), int(numMessages)) -} - -// Verify that messages whose text is larger than the read buffer cause a -// message error to be returned. Normally Winlogbeat is run with the largest -// possible buffer so this error should not occur. -func TestFormatMessageWithLargeMessage(t *testing.T) { - configureLogp() - writer, teardown := createLog(t) - defer teardown() - - const message = "Hello" - safeWriteEvent(t, writer, eventlog.Info, 1, []string{message}) - - // Messages are received as UTF-16 so we must have enough space in the read - // buffer for the message, a windows newline, and a null-terminator. - const requiredBufferSize = len(message+"\r\n")*2 + 2 - - // Read messages: - log := openEventLogging(t, 0, map[string]interface{}{ - "name": providerName, - // Use a buffer smaller than what is required. - "format_buffer_size": requiredBufferSize / 2, - }) - defer log.Close() - - records, err := log.Read() - if err != nil { - t.Fatal(err) - } - - // Validate messages: - assert.Len(t, records, 1) - for _, record := range records { - t.Log(record) - assert.Equal(t, []string{"The data area passed to a system call is too small."}, record.RenderErr) - } -} - -// Test that when an unknown Event ID is found, that a message containing the -// insert strings (the message parameters) is returned. -func TestReadUnknownEventId(t *testing.T) { - configureLogp() - writer, teardown := createLog(t, servicesMsgFile) - defer teardown() - - const eventID uint32 = 1000 - const msg = "Test Message" - safeWriteEvent(t, writer, eventlog.Success, eventID, []string{msg}) - - // Read messages: - log := openEventLogging(t, 0, map[string]interface{}{"name": providerName}) - defer log.Close() - - records, err := log.Read() - if err != nil { - t.Fatal(err) - } - - // Verify the error message: - assert.Len(t, records, 1) - if len(records) != 1 { - t.FailNow() - } - assert.Equal(t, eventID, records[0].EventIdentifier.ID) - assert.Equal(t, msg, records[0].EventData.Pairs[0].Value) - assert.NotNil(t, records[0].RenderErr) - assert.Equal(t, "", records[0].Message) -} - -// Test that multiple event message files are searched for an event ID. This -// test configures the "EventMessageFile" registry value as a semi-color -// separated list of files. If the message for an event ID is not found in one -// of the files then the next file should be checked. -func TestReadTriesMultipleEventMsgFiles(t *testing.T) { - configureLogp() - writer, teardown := createLog(t, servicesMsgFile, eventCreateMsgFile) - defer teardown() - - const eventID uint32 = 1000 - const msg = "Test Message" - safeWriteEvent(t, writer, eventlog.Success, eventID, []string{msg}) - - // Read messages: - log := openEventLogging(t, 0, map[string]interface{}{"name": providerName}) - defer log.Close() - - records, err := log.Read() - if err != nil { - t.Fatal(err) - } - - // Verify the error message: - assert.Len(t, records, 1) - if len(records) != 1 { - t.FailNow() - } - assert.Equal(t, eventID, records[0].EventIdentifier.ID) - assert.Equal(t, msg, strings.TrimRight(records[0].Message, "\r\n")) -} - -// Test event messages that require more than one message parameter. -func TestReadMultiParameterMsg(t *testing.T) { - configureLogp() - writer, teardown := createLog(t, servicesMsgFile) - defer teardown() - - // EventID observed by exporting system event log to XML and doing calculation. - // 7036 - // 1073748860 = 16384 << 16 + 7036 - // https://msdn.microsoft.com/en-us/library/windows/desktop/aa385206(v=vs.85).aspx - const eventID uint32 = 1073748860 - const template = "The %s service entered the %s state." - msgs := []string{"Windows Update", "running"} - safeWriteEvent(t, writer, eventlog.Info, eventID, msgs) - - // Read messages: - log := openEventLogging(t, 0, map[string]interface{}{"name": providerName}) - defer log.Close() - - records, err := log.Read() - if err != nil { - t.Fatal(err) - } - - // Verify the message contents: - assert.Len(t, records, 1) - if len(records) != 1 { - t.FailNow() - } - assert.Equal(t, eventID&0xFFFF, records[0].EventIdentifier.ID) - assert.Equal(t, fmt.Sprintf(template, msgs[0], msgs[1]), - strings.TrimRight(records[0].Message, "\r\n")) -} - -// Verify that opening an invalid provider succeeds. Windows opens the -// Application event log provider when this happens (unfortunately). -func TestOpenInvalidProvider(t *testing.T) { - configureLogp() - - log := openEventLogging(t, 0, map[string]interface{}{"name": "nonExistentProvider"}) - defer log.Close() - - _, err := log.Read() - assert.NoError(t, err) -} - -// Test event messages that require no parameters. -func TestReadNoParameterMsg(t *testing.T) { - configureLogp() - writer, teardown := createLog(t, netEventMsgFile) - defer teardown() - - const eventID uint32 = 2147489654 // 1<<31 + 6006 - const template = "The Event log service was stopped." - msgs := []string{} - safeWriteEvent(t, writer, eventlog.Info, eventID, msgs) - - // Read messages: - log := openEventLogging(t, 0, map[string]interface{}{"name": providerName}) - defer log.Close() - - records, err := log.Read() - if err != nil { - t.Fatal(err) - } - - // Verify the message contents: - assert.Len(t, records, 1) - if len(records) != 1 { - t.FailNow() - } - assert.Equal(t, eventID&0xFFFF, records[0].EventIdentifier.ID) - assert.Equal(t, template, - strings.TrimRight(records[0].Message, "\r\n")) -} - -// TestReadWhileCleared tests that the Read method recovers from the event log -// being cleared or reset while reading. -func TestReadWhileCleared(t *testing.T) { - configureLogp() - writer, teardown := createLog(t) - defer teardown() - - log := openEventLogging(t, 0, map[string]interface{}{"name": providerName}) - defer log.Close() - - safeWriteEvent(t, writer, eventlog.Info, 1, []string{"Message 1"}) - safeWriteEvent(t, writer, eventlog.Info, 2, []string{"Message 2"}) - lr, err := log.Read() - assert.NoError(t, err, "Expected 2 messages but received error") - assert.Len(t, lr, 2, "Expected 2 messages") - - assert.NoError(t, eventlogging.ClearEventLog(eventlogging.Handle(writer.Handle), "")) - lr, err = log.Read() - assert.NoError(t, err, "Expected 0 messages but received error") - assert.Len(t, lr, 0, "Expected 0 message") - - safeWriteEvent(t, writer, eventlog.Info, 3, []string{"Message 3"}) - lr, err = log.Read() - assert.NoError(t, err, "Expected 1 message but received error") - assert.Len(t, lr, 1, "Expected 1 message") - if len(lr) > 0 { - assert.Equal(t, uint32(3), lr[0].EventIdentifier.ID) - } -} - -// Test event messages that include less parameters than required for message -// formatting (caused a crash in previous versions) -func TestReadMissingParameters(t *testing.T) { - configureLogp() - writer, teardown := createLog(t, servicesMsgFile) - defer teardown() - - const eventID uint32 = 1073748860 - // Missing parameters will be substituted by "(null)" - const template = "The %s service entered the (null) state." - msgs := []string{"Windows Update"} - safeWriteEvent(t, writer, eventlog.Info, eventID, msgs) - - // Read messages: - log := openEventLogging(t, 0, map[string]interface{}{"name": providerName}) - defer log.Close() - - records, err := log.Read() - if err != nil { - t.Fatal(err) - } - - // Verify the message contents: - assert.Len(t, records, 1) - if len(records) != 1 { - t.FailNow() - } - assert.Equal(t, eventID&0xFFFF, records[0].EventIdentifier.ID) - assert.Equal(t, fmt.Sprintf(template, msgs[0]), - strings.TrimRight(records[0].Message, "\r\n")) -} - -func openEventLogging(t *testing.T, recordID uint64, options map[string]interface{}) EventLog { - t.Helper() - return openLog(t, eventLoggingAPIName, &checkpoint.EventLogState{RecordNumber: recordID}, options) -} diff --git a/winlogbeat/eventlog/retry.go b/winlogbeat/eventlog/retry.go deleted file mode 100644 index a098cadeac9..00000000000 --- a/winlogbeat/eventlog/retry.go +++ /dev/null @@ -1,41 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package eventlog - -// retry invokes the retriable function. If the retriable function returns an -// error then the corrective action function is invoked and passed the error. -// The correctiveAction function should attempt to correct the error so that -// retriable can be invoked again. -func retry(retriable func() error, correctiveAction func(error) error) error { - err := retriable() - if err != nil { - caErr := correctiveAction(err) - if caErr != nil { - // Something went wrong, return original error. - return err - } - - retryErr := retriable() - if retryErr != nil { - // The second attempt failed, return original error. - return err - } - } - - return nil -} diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 7ee6c62cf18..9f832aac0af 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -32,6 +32,7 @@ import ( "golang.org/x/sys/windows" "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cfgwarn" "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/winlogbeat/checkpoint" "github.com/elastic/beats/v7/winlogbeat/sys" @@ -45,6 +46,10 @@ const ( // winEventLogApiName is the name used to identify the Windows Event Log API // as both an event type and an API. winEventLogAPIName = "wineventlog" + + // eventLoggingAPIName is the name used to identify the Event Logging API + // as both an event type and an API. + eventLoggingAPIName = "eventlogging" ) type winEventLogConfig struct { @@ -358,6 +363,11 @@ func (l *winEventLog) buildRecordFromXML(x []byte, recoveredErr error) (Record, return r, nil } +func newEventLogging(options *common.Config) (EventLog, error) { + cfgwarn.Deprecate("8.0.0", fmt.Sprintf("api %s is deprecated and %s will be used instead", eventLoggingAPIName, winEventLogAPIName)) + return newWinEventLog(options) +} + // newWinEventLog creates and returns a new EventLog for reading event logs // using the Windows Event Log. func newWinEventLog(options *common.Config) (EventLog, error) { @@ -443,5 +453,6 @@ func init() { available, _ := win.IsAvailable() if available { Register(winEventLogAPIName, 0, newWinEventLog, win.Channels) + Register(eventLoggingAPIName, 1, newEventLogging, win.Channels) } } diff --git a/winlogbeat/eventlog/wineventlog_expirimental.go b/winlogbeat/eventlog/wineventlog_experimental.go similarity index 100% rename from winlogbeat/eventlog/wineventlog_expirimental.go rename to winlogbeat/eventlog/wineventlog_experimental.go diff --git a/winlogbeat/eventlog/wineventlog_test.go b/winlogbeat/eventlog/wineventlog_test.go index 74f10a510d1..1861ed0327c 100644 --- a/winlogbeat/eventlog/wineventlog_test.go +++ b/winlogbeat/eventlog/wineventlog_test.go @@ -36,6 +36,23 @@ import ( "github.com/elastic/beats/v7/winlogbeat/sys/wineventlog" ) +const ( + // Names that are registered by the test for logging events. + providerName = "WinlogbeatTestGo" + sourceName = "Integration Test" + + // Event message files used when logging events. + + // EventCreate.exe has valid event IDs in the range of 1-1000 where each + // event message requires a single parameter. + eventCreateMsgFile = "%SystemRoot%\\System32\\EventCreate.exe" + // services.exe is used by the Service Control Manager as its event message + // file; these tests use it to log messages with more than one parameter. + servicesMsgFile = "%SystemRoot%\\System32\\services.exe" + // netevent.dll has messages that require no message parameters. + netEventMsgFile = "%SystemRoot%\\System32\\netevent.dll" +) + func TestWindowsEventLogAPI(t *testing.T) { testWindowsEventLog(t, winEventLogAPIName) } @@ -200,8 +217,6 @@ func openLog(t testing.TB, api string, state *checkpoint.EventLogState, config m log, err = newWinEventLog(cfg) case winEventLogExpAPIName: log, err = newWinEventLogExp(cfg) - case eventLoggingAPIName: - log, err = newEventLogging(cfg) default: t.Fatalf("Unknown API name: '%s'", api) } diff --git a/winlogbeat/include/fields.go b/winlogbeat/include/fields.go index 1bae0ce8b53..b4211920227 100644 --- a/winlogbeat/include/fields.go +++ b/winlogbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetBuildFieldsFieldsCommonYml returns asset data. // This is the base64 encoded gzipped contents of build/fields/fields.common.yml. func AssetBuildFieldsFieldsCommonYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bevqmRHGkc/H8/hYKJuIY9U9jmvS/mnqCBnuGW7uYZ6JnneXZ2Qa6SbQ1lyVNSYTwXF3Ff477efZJfKFNSqV4MtsHdTA8buxuNqyqlTKVSmal8aaFmghoB3m+7U9dYT7CzFzr7MeV2xIrW9qFfzfo8ry+syL9+j1rWvHTK8xci+8EdIzMfGeFpBEeCKs4EtIWCw4AzNddxUBaY9WOh027j/+al3WpD4a6CpspbJGN3XFVVhx4zWAPvgLPDVpOqoxY9gpOPrQAKhybSZfHLA0bSkX3PLHLC+lzgLQ5e0ID/yTwThHrjIZZC2OXpe0UdTR6SsQHNwJuqGJgnqhW8j+vf43jfivK0n8oJXLNlSWExvZcZuTq+sFCxz6zy08S5xYzfFVE5XHDNaUou//sjdJNiel1t2IcWqAFYzAXvapAXvdJVHckKyHRao8ffCing6ALBd9QCB8eitYMIjXWOFSBsi0zNshFZ8/DWjPyAUy0A62YhKhNXEfCXfWytRCu8meuaWhwWFqLtQ0ttUQpVGSLEw3pALksDoP0MWFiIQZ0aMEJ/ywUyBdxXobPQft0ErCCtkLoGsg8i2CwjRjhWTepjBL/lUChfiaHXiyYJUWxEheYx3h7dwxlLBWH3GP7YKgl1rsBT1s9T89odN+i6js5gtxtEWQbtNApXmnN3Zn6MvjGcHUyBItQdJOjvtDeVSvM0JQy9b1jDBptqGps68L0Cwfo8aCNJx+NMjjNONUunixjX6AxeleIEXI9Hn10Y730GHLyAGfX4IJe5SqfIzfCNl/Jwzap8/nrKFfQpPrtoEercbeAhzgW/J0oaPokI+e+CsjSd0KlCf3v5yKYTNyfH9zeR/cH28y7raMJoUcXNcpK7OljgyY74+MZM5SbCad20SMLGDJz2RFqdgUgROBLNcVqJ8KEqErlREuZYl1lBPrYsD8IhNIUuyUWLFJprKeRI5sqKAqR78bOfoGshj4DWjy4/btQK4UCAMo2HhacJSYkRoqzhhN7t7B1WcQ7dMC+74ML8YUWfApyaw+1+kHKQMnJ+flyiR0O0zjwRouFn5RqMEJcDxVugA08g7y1LoIiuL9VBuUM1MvYjM1vq0h9ng/DLTukBk1HM9XRVZQCPuZ42r84HKXTGKk18YTpSaC6YWFlpwo+lkoR2sNr8PspMD8kRRJjQhknmQmfTa65kQ1Gh5yEdDkHOLj9BBkJthsdHM6e1qtW0U2pc0GMqaFKnlGsi/8h0Bkxeg3HeNO65FAOu8wTP65Rq+KPu8P2/yVoqxdpbsrm/He11dg622y2yllK99pbs7Ea77d3DzgH5f97UJrlCJ86bz4plm+48rjg4qe+x3yIUXQ6ohck+GWRU5CnNwuKjesimJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXyqx7KibJVTbYsTCqeXkvFwqrj5BzoWWyR22zoMTvsotaGTeRE1cFBYzcE3ggNywKTDtu7d6EmlpdhM4traZGzApVjlTvsJRnhoo23+5/Gsea1oq9k5Ne60/8xZj5UJVb3GrM2h+QqziFrwbZ3xrFg/u7jbMfrW2cXd3kb5zBjReAUIfzg6bp5LtYa6jp5wZ/vmytiO1pqC5JJQ++9Rw7Qfj668UW0LrXGrbhUbUZJxxu+oZuTkw/9sBIpseQOAiZZKmpAeTamIYQsGd34yI5nMzc6saKoGz7GcK4ljoWSJkACQMvdySYBm6QKqWq0DNNPLKWaVrJ7aMjwxo8iSfRaLY2gmy1hy3aQSPmOHcQibHAyZ0sGgjkY4dgsQGY9Z4qec95wm6Zf8fZGQ0QpCjgGcNSP7MiNrfSkj+14Uy9Ea4YqshT9Uy3fj5agNpEoYFlWEEmss5soYSrYlJpiuKb+1KUt48afyfp/fe4jwzvpQ6/HbrS18Bd8wBtJGRK4wlElLtPrv+ch7mXtTovhonE6JprfFuqKpm1KliZ5IktIeSxVa1UJqCFHBIqIG+6vzE+WjlNdiGeW3a/WDMKBGiSs82VfJDX4QYHqvpPRzs5t/z2mKVWSDQBwXNhEoDUVYDIaisPuYjVG5gSAJ+Azv8MqsYtk9IuRMEErGNNM88IOR2gxAeNgC0eZ/9rkNrfCaFKg8eWrTRGMqCkcYKfNVK6CA7eeq6gj1WConzWzevCfK+yak7dpkMokYVToaTS0EZAzcGVTptchDPLOlsBHKkBZ1ZhFXDK93wxQR8Wsq73Ujlfc6pc3XKjFxMb1SZVLX1baAsdbCPSck0RnlqdkyY5Zx2VAo2yDgme2RmwItx9eAxheQeqzfZ1Ad3YxqGcViv86uzk82WniXdyvkRDgnbmlaxAqXlvOTgxAwLOt4JdgkUV1AVsf1YIPcNrNKwAd/bskIUnGWUCxWYj7xCL+X+CZXLItWyzKhx6BIYfMRd8HlI5H9WcciFeT85OjCiKwjxPjEgwp55U0dOzaiPF0RcsY8JTCAU7/rYYuRkZ7PnMj/1RyHBuE3qjgQwAB+ICIk7bFMk1MulGaWxUq0gXuAr8aAeBW8cg5EJFd2DT671L296rY34eAx33IBmA2MivNcoTsnXAkcrD6JVVZHsZQCuQNR41oGPePDmBkM7UcBJQgVUkxH/I8gqBJJ6P/8jG1yeJ/cABbQKz6zfxjsbrwyEEvRx7WqxumIpEG/MmZgE1M9WqjheVjJrhYMWZ/E8/lvvppEuxwai1LYatOpHHBRRzoQaRREWp0UmUxXlsfs+60BQ8JIzuMJhSbsfGdG8t7yHhX0miYjLtZaZC1joEWLwTW0Q3ssvDcM3nDVxYLoDffTg0lRzH1diwXQ4TOMZgaPQxGimFBN7QwnVJFYpimLoZiG/fVqyJQHDGkkU5mTPhcJbiq/xVM5UHZv+0YUbmxIp8NwmAWuqtl4yEYso+kKe5mcujFqG5MrP/113ofUYeyKtlFr5ZXANgHPEkYVKNdvI2NQnERhM5MbCxBEWCKZMnpnXZU8oDv93Xa7XyLGSmRSQysXH6IkBAbx4IydjedIwhVU98m4CgS37GOSnJAJsx79EsrFJbqvsAEMAwp4wuo90ry1V+vDEk7GZvSP6C1ThGsylkrxHpbZ8PxZmBSGTw1DjpjOeIw8C4nhFa4tp5qZDQOGf5ynNIP5epBsxLXrO1QN8vwotY3s4JgTJ5htA8hY8YHCfVmaBvgkZInshWUcxJBgagaqIlSTG/OdPRfNMQl/GuqDokgbjOFke5/tsl6ftSnbi3cO97tJjx322539HdrZ297v9Q66O/v9vRI/ruh6oaRROmbD0JtAOgG1KpG0ouFD6FVidybId0gotPxC01ROcPkTrnTGe3mY2mFh2BydLIesJe/XgKy1so6DfhcXEKU0hcIC4Lcudojw7ppg+mf4a0wVYHBqrFMe20y+0i5y6k7oAUGHca60jx4hgXH/jlGtmoCgiWyPJWhCNPbVT/yrZiFvCsUMs0/7ZmOgjy1o4dTgZAnx2LTbrcxEMmErveN03EQ9S8CQFTkTcIKeSJRFnpUMBPexk4pO7TfPYJsGMd9hZSAoBwBxNpgu2QoWwaHuxWJxRdlzjac8UHuc+Jm51FgHbT5eqojkYAp1jqpMwLyLax4EAJcZ1fJgZKZghncppqWdLJkSb94U+iXUJ7QBD+CNBeT8aK2Kd1ZmbpI2oTCspFjosRJ2NBeDnKuhX7ViU8KWNucFycelo96ec1KZqZLQXLD1YSxdBFPu/smLhAJ8RQqVuaYQMI57NsgmSgVPY4vUiAqMGlWsQU1w42227X86ZQmtglT0Zw22wPoGCL+Ca9mOWVGtEFB5XVLCwucEfFipv4nGfIM+W9IT/AkdKOYOk2CQU7dAZ30EIjMPg2asMrvqDp0heidOc7opSdWbR6RuaTkaQ96fZ0V+Lld8dQvi42ZLtkV9VQoZrCVJpbw1Jhi1qbJMY0fRim0RFJn10r1Oje2oG+2EdhaE15bMrOKXB6wsfMvZQS5/uBZrTRSD+yOUYi6c2sYab+HFcdRkWRnGCIKfDWPQcjx2y947hxkUEGdrBWJ4qYuzKk0ijE0val+ESAUB3o+Edof38ja+u8BpVgRzMEosheIJ9socMlCRoIlnUFwLw3f/5o9UjH0Gj6go461mDejIUCam4/UwVP8ssPHxfsXDdpZRTMPcTxvbDvMtciwIug+wOEPze44KHkvMy/LkfpmB3Ja+r4Hcr4Hcr4HcLySQG/ekK3ZYiL2vGM2NU3qN5n6N5n6eKb1Gc89Ps9do7tdo7j9TNDeeFS8jmhvmsuJobovwI1HMNLUmQ7EVpQ9wboxkDrKCjU0DRrEYvPjI7pnkiJ5IjxcY2T2/pvYFw7sbeP6rh3eH+uNrePdrePdrePdrePdrePdrePdrePdrePezTeI1vPtZGPA1vPs1vPs1vPs1vPs1vPtBmpX6+yHqNuzgqvhldtjBmu0OZjZbSpXi/amLF6XQVwGqj9M4llhyDwp74lhE03sp5Gj6q53hr17JMQh/OLv66ZQcXV39b8f/gJ6b/YyOGHRy+FXUIhPMnjb4lmZSALbzwIt2b7XwzJc5R5/O2clli3z84f0vLSgIvuFCySiJ5WhkZK2dclSAhogdQCjSNNY8jv4OM/KNP8JS7kM+GFrt1pftlM5MMzAKuDijX9f4aExj/evaRlQaisVD2M/R30My1AaFO+EC6C0X4K4AZZXGQyib6etmg+9bYwQMjtOCBYtjORqnXGGo50DSFGdXwP11Lai6LozwMwYXhryYqWN/1HmCBvwqf4FjyvKhH7Lodpxn2L7Y1RvHCxfHVyVNHhcdnvtF8THqsBc9NSPy3g9lYfHSpRBxZovvUQsBsFBpVAx8zXrCjI2Dzcw04WLAlAZhgY5DpjOpxmg8BD4CTQcDRM8VKqwIk3DHlQ1Q5OuVKTlrhrE5+tGQmiWedMT7b9uFJVeM0Jp8+NUj+quF0iqZjGSd3Ue+FDDVmsa30YjrjEEpYPxEbV0dtdvt7hbZWKuSB580EWaFWtVaiV9dROG8RAppUpOnTydSnUbl/lEVMq26JjawkR8EmkK8IGKF4OuEmxdKma7+EPgiW9NLt6fuTgdoMXK6r9TWVae9e9jAffD7DAp9Izb6WimRZOEVCZch5O5VrcixHI2oTcS7RCzEACO3xhlz+SD11fpKomJueoZ0rDP76ug5/7czCKvy3peSGuBHQtERjvpUSRzCehp52+3OLCEStefv4jGDuC9a4MyWKQsu1YNiZdVLdSEnLLscsjR94lp9HXEzN6lD8jYfrysn9WLfz+lysBXInb/Btt9YpBM5hYZEYcX8kmegL+NcOR9p0d7D1dInXCuW9uF04tC5F+r9p1NC7ySHxmabCRvroe99UBh2OIX7aLd9aKHGLLNx+JAMwBbohR7z8XBlLe4usWs0FwkYm7aRBQ6JbJfkmf/Zpk4FJK0JyPPL69Pjkx9Pr3+6PLr+5ezqx+uj08vrTvfg+vjd8fXlj0fd3b15N6StIxjQbkVUuDj9sOl6nitNRbJJUylYadUkJEX6JmJ2bnCr6HcgOEwwBWWUY8uETXYfp7nidyBAb+ooXcdDysUNUVzE9nIwbIlL8EoVc/d9Nf6Uq7q/78PZWRTN3aFx1kxW7ckMaR0MXstqLFG/cIEMIeVi9lostQZFoppbBartVXE56b/PM6VLbOEymIc+arzsgcVFWWsR968FOubhPIdUDaNRsruihTkuSSYxMMo3Fzpoa/PhZJckHPxIsk9OTn/y61dOyYMKCnNsmfeYBqu40kzE9sbdtjalamg7CYdxFv7ivlgNvD0pWvbn4zHLIG0Y6FVdifb7/b3j/ffd493dd+9P9k8OTg/eHbzfeff+3fv28eHp8TJrooa089UW5fLHo86fflUOT7cPt08OtzvbBwcHByfdg4Pu3t5x9+Sws9vt7Jx0TjrHx6fvukdLrk5x1HyV9enu7jWvkKdhkAT69BUqoOJKPc++2TvYf7+3t3fU3t05fd/ZP2ofnHbfdzt73dOjdzvH747bJ9293dPOyf7B/u670/2dd++3j/c73eOjw+7J0fu52/1ZHLlS+cp0nZMiqZ4loU3zG4t9/BHOwP0FKlzjQWTb9dRWqebk+Pi9zagmP0mpyfFRi3z6/P2Z6GdU6SyP4SbmitFRi5wcf++jDk6Ov3exjPOT7ze6varj216bQyWYIvUOx7VlQowuPcQQvykZs8ywmmGxy8vzrUK/JmRIRaKG9LYeNZLssN1e5yDZ6+3uxvud7n734HC72+3Eh3s92t1ZlJuE1Ne0r+diqKRY3DLTUM22rjiEbHodeTJkwmXHlpQBRYSEsGaWBWnC4c7kSV1L6La7nc22+e9Vu/0W/hu12+3/WVRTMPj2oFLHF0TYqkRzI9s53G8/B7KYkfzM4VWV9t9KkphC5rZh449nVqZqlqalBmSYXOtatRvbs95r0VKPK0Kxa7C98bbGFNEyIr9g5rUX2+blUjdMlOMe7oAZyo+5zQEOo/NtFnCN/hA5izUWolguSnOUlV9TPtckciGJPVkelcijKT4DUXxSalL6TJJY5WO83b1GW3rlASJ2mGbdoWTE4y9DlqayyWCZYcF3d/eufzj+YCz47YMdY88UL54enzz0ql+XtaXsn/vd9mFEU0io0fyOwZZfFT3POWprjuuCcW0Y+/rl0ceNCEMFzDhmr2ZTQ+8mNQG7r3M9xRiBgG3hvraXaxs9gslQECdW5JsZLe7k4yUJMSZk3YCa8DSJaZaojRaALsWisvr9/Zu/B9t+qSVAzSjC6a5S7ro1sGE1IAjWjz9CN0wzCcPJISU9jWtIO83LKOPkRz4YkiOl8owaG9927zpe1Lgo0wJSfVdOB0woXj/egNRLVUXz89ytiRtwSEKpu8plbRDv6yfLrOrx958vW+ST16vPRAyCHI62IgegFereDRzg99NzcAKkABdJyKtiBTeMk0XnG1XifDDMYqTIz5xNnoBQWBJjxUiFQymy/ukJG/1MxM+EM02vc8FXpeo0oU5TYkY0FPi8BAkq3P8EMkBltGuZXUOg2eouvvxZi5XYMuLG8yftVYtcQtjaRY3Pj2nK+zITnC6D6XNYhmAjUR1UI57DFJxhFXXb3fZme3+zs0fa2287u2+3D/93MI2WRe7JZuCj2FXtvpmYdQ432weAWeftTvttd3d5zDDH6vqWTa9pOjD7YDhamfFn4Tf1x/cJYbesvhF/ulzqIAlwi/PsblWb7grv8e7CS2VGWJqaF2L7qMCOeDrXr7r8I1/VrkYLwZUe73bnDpeYQRB2P5aiyKNfpirVqQXhlzNhGb+rLaa/Q5oDub3d3e19R3yRsPtqGMVyyCr+xzyLPwtRSEjmf/i40GAt1ZjGcGPV4w0Rvt32zsEyU1cs4zS9nrtu2BPSU3AoVxEMjqvC0m08JatO88IYdQVdCk9LOh5SkUMto1a51lrhNJ9wPZRgtKVGWTGWl/ege9DxkGY0hgINVSLv7r5/9+7weP/k9N379uFB+/Ck0z0+PlpKYig+EFTnhnorFoZn5QyzkNR+EqGk+IWRjBnzjRn6qDC/FY/2vswhrIL8IMk5FQNynE3HWpKU9zKaTSNyyZgPKxlwPcx7RqnZGsiUisHWQG71UtnbGshO1NnZUlm8FQOALUMY+L9oIL87397e3zzf3t2uLQPezmwuKaqtc+DrmMLK28JuGlXk1JBmLIkGqezR1OuERY/JJXH9Gqbu81i6DoeXYOpWRZVzNGHRqBm27uXV94W+2yLn319SQd4bK5arWAa2cMtYQBFYvivhghdj5pYI8BSMvradO2sTlxb0uRB8AUZtBd+lUPoLGKg2MmC1WlVQ9toMatWcGituz43ACu2WGYGKhSXjU9+hswBeh7Tw4pKOoVRuU50CxeJxd3cvm9tCYUrTXgqCfQ5Me1KmjIomhN7hI9JPaQktW5jn6vySCDaQmuO91IRCmY+YKdXPU6N4epUKikFz85aNexWECdCHzN+5ECyde7sJdq+vXQjsF11KH3fbY/ATzJslEbmwFY8wrIUERV+g0O/RxyNbUMjoDU5nnEwmEaeCQhgyVUZLHTGh1ZZO1SZgYjjf4LCJcGc+iO6HepR+R9Ox2HRz3OSJ2qiEQmHlssBoSOUEskRVnevMLLc60dxMlzGVj1bKcFxVgqWB4ey4kBrtsTXsdY8KTpVL52Yz25/7RUb22rktGtlbR+lrRfbOmsmKSLzKyN5wLZZag5cZ2Wvn+c1E9rpl+jNH9oZr8m1E9n7NVXnuyN7K6nwjkb1zrlAB9U8Y2WtxXGlk7+VCMby12N3ijMC51ky5LxLDawf/jW6vLFisOYgXB362IN7tw52dnQ7t7e3u7+6wbre93+uwTm9nd7+3vbfTSRakx3Nd1SpNR+NaTKsN4HwJQbwBvs9ye7sIwl88iNciu9qA0su5Q0crArlBANSCi1YmAF7jHb9evGO4BH/1eMdGWvzJ4h0bcHgJl0B/snjHBiq+mIugpeIdGxD62vdAK493fATnF3A19EXiHRvI8I1eJ4WYfnPxjlXkvp14xxCzby3ecQZuf914xxkE+TbjHWcg+2eIdwyn/hrv+AXjHUuEf413/HLxjiXCf+Pxjs24/rniHZtweAmm7p8n3rGJgi/GzF0q3rEJo69t5z5rvONjCL4Ao3bReMcmlP4CBuqfMt6xfB3/7M0IUDUrdUdz18pjmikblwW/y4wPuGE+jEJruLCJunM7wd1arDgM8KOhfsr/YAmGysFVtY8ChEMkRPMxFF3B0JkIerYbU+GqGzfhVMdoBj6NLYbqHXTMeK5XCPwdS6zUb8SEzmjMfDuhI3w5Y/ZiCu7x5diY4RCS5xqOQMQnhTi9ol8hJRn7PYduD5JQAeEDFq5ttgE7l0Kr654h9u85y6a2xVDB/f3+IT04POj09uM42aV/m4OkiMUXpGmVbPA31lEN2jvaXjPYxa8gmQ1I6zFjUhItB8yQqtxt0EK2naAcYYdUJCmaYH4Q6Oe7aQMnWeJorap03en1D7v97d39/d72TkL36HbMDruHSZu12c7+9l6ZnG6uX5iobti5+TX8xrZ0dL1xfSNRaGkyYlTlmbUogYk9U1oG9iQP2dgdEhVittv99t4+pe0ePWx3e/sB8fIMBZYtHPz5p3P4c3bh4M8/nbuSwLazCrHVe9D4k2ZIex5ib1XzicJrSPumm7zBv5cxaOlIEjkRhj0kUfGQjVjL918dUz2030viwmbnqQW82n55J9jNzjXBytKgGWq5blTYV/NMECWhQ6xiRgoZeo7oFEta23j0swuD7ZYhoaErNuNLpy3vX6DVhp4CGoCe2XJYBjZ2AA2asU/AXTGQrjn1ja15hZQLZ4gImYkV7WlJyjXLaArN2z1MJuJUWkfhzT9vYI1u/nVD1s9Or96Tn94fe6Dd/e3uBs4pfLHwhTh/CkT59pjrupS4wFI3XQ8Rp13r3dlQscsnI7h49VVxBJTqh8a2nnAYLGukqxu8QQ2xW9ijBrwEsbqJC6NLGU1wl+hSk9YadK4IhAsopgk3UsiGTLcMXwqpjZjPplA3fQjHYPn7CnA3LPbeJaNcaQDS8z2Zk4a+s+g0g5d7jKyNxSAoa2U+X4vMb8FYH6W20cYTLOpm8QK9ptSE2M9UkXVntmqaRYM/NlqAuYfpe8NKEQb+ecZaXxv8sdbC+SCEtY06P42tdypoqjUYzedsXoqHLoq+zVasELiKwk3w3U0gZLQcr1XW6+a7G7xbKrcJdpOuNEjs5+kzqqtfrZHLWR8bZJhzBlq38ZGRm7Z921TmUJu9kIrTgBuUlmEAFxfkJs9S6EV7A/lQEFYKUhV3NlfgvBQYyMQSNPxA/3SiChQpDzLsvt/QBaAsr97u7GxvKUazePgfv39vf8e/v9NyXFo9Jz6+gRV881mMZIJd171UBNZXRDEmSpT1FG2QHlwQwTSqUFJwLY3xg0JJ9kA5SvyJ22O267z5BdY6Y1SFrEAhgYykcqBa/kyEzgWaCfKbkW/e+LCBxKCsVNtoe87xPQX9Zx4sVUZWT6jyE22VlCkhdV04LcVEBtqMxyX+GlOlAq559lwjC77oAwGHYFSZg15Vl9sLqoeVsQPZagm0VpmOzBa8ZUSnyVtrhjfOQxZyujaPnZ367cTOznZpUmCXrlKlgQEsE+PTHkPNBp/YXL4mHPw+MDStMFvt7PoPOLtQ7wndNeEokZH2tKycCmm+hR2aFbIHQyyCuUdWs83wPg/G6+Xav9UKBkNkUXPyELHXvSBsNNbFfGDq+OaN/dp2nvR3yRzyGITmVDPSY3rCWDktU08kGgSVAxozNVnGkuvV2jJXgSVaDAoi2FlhBt/xmPn9qvIePprVCRyZwcOyzb+NkbjWlzKMRlozC7IW/lCVoKhRWromTLNsxAVLzMkbc8VSmwRCISHQujCK222V9/v83kOEdyD39e3WFr6Cb0QyG2xE5Cqbuv6643Em7/kI4zq4MnaO4qNxOiUarNa6smmWMqU9lioy4WkKqhicRxOWpoD91fmJKgRNLKP8dq0u2qvBWt4fB8bxqvjgEqDPFotw4FQVd4wquHnbqHrifGccXWXMHEOtksn9ICDLraKNasCU/J7TFJWQoFO9M3QKOVB0PbaefnYfszEe5UOpbJfsXCRWa6/t4gjcANQ5SAKbpToD8EFy12KXuefY6bbwGWnXIw5GrjdHL3ZMK6BAYd1XEeqxFJNa6hu4ebeXJUJIW3SFUKWj0dRCQJbHPU+VXouqrgcLpWT3Aa7K3hF5meT4UuW9bqTyXqckVlql7VlMD6W7NQJcXH0BYw0dLeZg0BnlaWEAN2xTqua+MtVyfA1ofAFhzvp97FpsRrWMYrFfZ1fnJxst9LTcCjkRrk94xamEQrHlPJUg3sKtHWySBidAddzCcRN0VIvlCPjgzy3zQd7PEvfFSswn+OH3Et/kimUrDEf4bME3KOLhDOBT5yZ2f8/2EwMXwnWA9RY7zZFwgUqxERC0J3MUnPAq2nDQlo7dUW9EW4+l7dtvf7Qd7Ax/DOkdAy8Pg/AQmQXuIqEzzpRVG2EQECsSushTAZ/xxEkK59KmglBI1LdWJZ4AgaAc2YWbqyXdkIoBU9Fqd33Y3Ro9xjKbFqQFlXfEIDRO9mfpbFSQ85OjC0PCI2TaEw8q3O7zl0S3uEMC0goZuJzhNH+9JDs9c3g+c8jPKtuMGozfqOLIbxkdwfe+qFmMR2mPZZqccqE042JR4gB3fzXuhdG/NvsiCVbW5Ld+yejrMwH2tu2mmirNRlvjlGojQhfmcsRihUdJuIo42KJTDBL4n53HPvv2sLaUA/STybABaelY6sPNP8pNQaiQYjrifwR+YiS///OzYv08NZvwxnwU8eTG8CD+YRC88WpmLEUf15mm5aNQJA2ae65Ysji7Vhk1LrI9npNJ3R2FKpKA555inQuXneQqBe3lUGbWnpMZSeUguPBVDanPFCTtorTIZLqylGVfbwhDM8xIhKLKpXmxW61uVUHnzT/XbnmPCnpNkxEXay2yljEw7sTg2gBcoIrPN6f9+Gtlp+D/JRW8AvsXquIVE3xV8h4kz19YzasS4c+q6FXxeJGqXjHJV2XvKcpeQccXrO4Vk3xV+EJq/CVUvq+hEYSxTS/7sJ8/POYZNAE3z2/1kC/j9yLP7/IUv/zR7MZ/PXVnnrqORF/rQPV1xV/qWTm/zHrCQeqjX/4KZ6Sm2YDpv6TrwKL+Qv0GdnYvX4/4Ck4DS5tvVZlYlAIvUt1YFIkX6SuwM3xVWZ7iKLBEfMFeAjvDF6v2fEEXgSXFN6z7hEFF13TgcmWC0CJS/DpHgBHCcGFGAvLkoV7uiGEMOSW9TE6CzGS/R6+GbGqzOdRQTog5TwSZsJ5Lt4XcDwOKi0ERkG4T7XM/VRcMPn9MUMIM+C8ldO1o1bXkF0Mp2COWx0omVJCuXnyJ9mnGS5N68ZlOFZEY8Md1iT+quH6Qf/A0pVu7UZus42r8H+T44rNdGfLpknS61x0MbvxAY/PDf22Qo/E4Zb+w3j+43tpr70adqLPrp7f+jx+vPpy38JsfWHwrN1wpj61ON2qTD7LHU7bV2T3t7BxYcm/ttXdsgyVPdBX16Yinq0ot+XRJED5ZdzGRGUuGVLdIwnqcihbpZ4z1VNIiEy4SOVEbNQLim7V5fxt5jZ+wlIUYWAXPKfQiTAz2rTMyKImFamyNz5B1Psjf6B2rUuuWZYKtygCr4YCj+WljJQ46mbVDdqKdqL3Z6XQ3ocAmj6uzf9Gm2ZPX2iX8Bys9a3H/q0oZZw58qZV149n9HDOhpWqRvJcLnT+0h2k24bU9bCa2MpVfYaj4jR3H1kAAzZ9qNpAZ/wPfkFUkudDSL64R0fZA62WSJlCIj2WxUeJBtnGmAnvgk39dMdKXaSonBrLt1FfkJEPe2Lqv8rPxlqRc5PctMqIxUFTw+yK1wdK1XsDh0yWZyvzNm8yc/xSyGCBg3ibp2JTalCvdsgn3QVYEJvl7kGM5zo09lETkImVUMZIyTXIF+QOkNzWEEmYEKrDwJg51enzZMlQdZ3IsFSM8yKajSQJdGOsR8IDmvPqyVNFqC0vV+Hxe0dVpR53qobraqQYVux5RsowiEKjid6k9RK0S/vP50cd51G/znlO8aVZkPFpzcEoO2t2o8zvRdLCuNjDVakzjW6Z9ySCFmRJUES4GUFQE+lXgPwE+VUrG3NbFMyCES5EGOxwMdYO135jUF+W1g+Hh6Ho1+p3yETPFI4N9ExYZi2WWGHBcDFKLraYDSMoC6ZBDYQZoEOkWb4iFBsxEf9/kYvN3wkRMxyrHWaqWdSM0zYyUsr/1dMzjIDvM5iZAsRXq09wVE0pmZJ1Fg4j8D2O3LfILz5ga0ux2A3K4+R1Lp8QbaeA0ymgfahZXKMGFYNnMVUUQBF+yyBULrMi6y7qwUO2zMv4bM5B8GD3Ez8JdFMsH0ENp9zcnztOpl79ceAllcBcNvGIYHfsFMUcOTQcDkAUW5Keea+gVMLfj3ijkcnsKNPCfe92C9LwduomgaorfFbaSl3MuJVzFGQNnVnWHWZgwgwDerHXp84xNaJqqFsmA+VULfSA0IT2aUhGzTC1gBa/McQoInZ2gUWFYoqgE7alfl9fznjkrNJI/jW1dTMAAnEyL4CBzrXjySI1xL/XzVLCM9riv2erEf+3B7HPAHAMlQHPke9GGoUkt+cs1Zy7cUHMlW6ECt9KCCNCcSfadQmDkeRYPuWbY2QoQ0TW6UAj+UUW26xUogrYUidOeN/3+Xu+HNxgnYOmasS4/X55umH9gy4EUXvRAiw9c3UKZkfd2326U8jSL/s+/5zSdqkFOsyTCf0M97d8nrDdk6XirL6+hok66ZfS9lCUDZkBvlRC8drozU9FQj/75nwDIT6xMjOLdf200Vktx1aNcJl5dTXzzzzWH1wL3rXFqDguXQr0iLoE2CqWBfEnSEhVULLNCsywtTuHPCYu8QFsN6NId3ym1VS8r+/Pl3DWwgxm/WAO6RtXgh2aSwuazZ5byRzhN4TQMR2v6esb2iO9YNOI6Y9gf3ciwrT79Hdg8/S6+Y9eQeHodTE5dxxkzBtM/j6E4ux82lK2c4Vl8ej+WykiO459PQwz/VVvfM2Gso0+XBDu4kG7U6UZ7rbCsSZkc1sr76eJ4gZbYDPocrHqDOCka3B2B5oNXnFw9sDT1zdG0RA2743ReEqxMMzGYO4ytaFg/O9lwSfa2eUWpOEXTYUkw1zkiZ2F6MsnL13F2AAvU3R3X6Vo9PeZl/cmQ6muurs0W4MmG5fUqjxcmf5XXz07+1bBGm9gVqN1uL9DyHyrsrKzW9xHJGJYdmy1gSvqzlTZYtnTENR+g+eNp4RbDc39SWZcqYZpXJB7wzR4X5lfw/MYD/h/mH997Ou51OguQ0TDe9UqZ31qRMiMqpqKZVRv7RHXanYNoEaYw8AXLojsmErmqKulXtmjKrAMepkBwCjW0rpigvXT+lkCxzFjUK5rJPIRMP5VUN6qwlwYMVk7IqBjYW9J21DYad6cdtW39E/NP0mPupmEklSaK3bEsrL33zqiYykKUxvo0GptSTKkRXMuC1B6nkmtHlBHTGY8VWada0/iW3EEgTuHRxLJ391xPW2Sc8TuesgGzFYRt9IVmGZZR3mgRPhrTWBdQw1gKA8PDNZ8NMgBrQNmoKJiTbZMKxZtnKAEN6pdT1YF1NxMZ5wbljZqmuhvtLrbETNzxTAoDba5bzy+01qfhtB5bdCqmxBd1BC6xK9Qiy6wQ3N3zjBn46gUskWajscxe0upc2Rk9tjBwTTiiOkdCG5ImPCgo1Sqd126t4ufbF3NSeLW+cjDkP7ouJCWPR2E6r3/8+WSjOOyh+paGds+eRrAMwJ9U3HIxABf12rmcrLXI2geW8Hy0hty89iMfDNdgCYyZRu66ZlG9+PQQgRNU1QEJcX7FWBqGKmBtR21bxWkKPsSE9bkoF7Y1EIqXS2sUcBG8wRWRE8ES1F6ooAP0Pb0/++nyKvqUDbDxDFmHH4zwJJ8vN7EjvpBic5zJPg9MraDlS4tMhtIIA65cvWotyZClY5D74FFXLAbmNJotyAmjfY2lCO5VNaMjRWicSYWK80RmaTKDRcVdEgmudDSQd+Cz2LSiCNi1LgzwcmQ+VrVLskLtwq96o4YB9Y8M9UBQuEOQQv80aE6eepqNMy4zru1CkIwNaAZxBIEIWI6CNSXeDBP7oR/xQ97vtg9D9yN0mzmutEt/8CaKK6MFpHg44B0MWiJmYzmHpNks95We9qrUtzL0VHLshJFOSSoHA9uJgVydXxIjTPEmJ+EDDieh63JXtK7zFGFxro2OR3pc0IwbPeZy68PZh9PyaMJGqfdkAu/AAUrTqYJyw1AM3c1Sgkf/1u/ZX1zF9LBxGIavKuwKYb5uQQ1sf88LEX835gF0FLqJAIyFOKRqyJTjt5PTnzaZMKdGuUW9ETM+styW9jdf3kDLFChAX7pe6bHiGtnf++G9FU7EfBypIe3u7t1sePRO7+yiUl2Ey4bNZmvuZXd3VFysqVZ5Ko4U2NcI6RHWa7QOaLPa1pVFbnSqoqAH041t0WAhwuM45UxoS9D5b0FoChvVHCuQabCquE/fsMo2lQvGtXUf1y+PPm5EGKlnxlHkjmZTI/njynYE9cD10URFIVgTcO30oBGm2YYQjYkrVzSkMFx+8vGShBgTsm5ATXiaxDRLlFXLSwkcrN42883fg+rXc2sZvkv/V2jT6Ls0LtfIvKFf/eJ96j3+X6N1o6qiNn/vRjvvl9CucbHVw26NvhujUaFa5NPn7yu92aE/4wMr7ffKsiv+Yto0fjBMYaTCz5xNFkTia3dmXG7jnon4CXi+gAaNi6Fd4ewFUf9GGzkKqa+hpcsc6Czdf19I6ELAsnl68Hfbm+196MG//baz+3b7cLEe/AYhvI9aJUbgY5gHm87hZvsAsOm83Wm/7e4uhk3Qa33VjbOPfBd5F/KDV/q61ni+iuUCrakDfKB9/wotVYCPuNhAFZam5oXYPgq6zQf9wAMLjMzZXN/YouPd7txXAQERmG31PwcdZjXRP7Ugig4PLINS2+VFw3CG+RDa293d3vdmaMLuq/fg8yOo+B/zLPIs5MDlwP/wFxrBmqkxjY3BRXpc17XwbnvnYH63ScZputr+tTY1EYdyd6BwtHj2bD7FwAUCgkZpJuLQP923N9NQmhxWdjykAlvPtgjXQRQ3WqXaeg4kGEOpUSDgGmM8xuBuD7rohFcj7O7u+3fvDo/3T07fvW8fHrQPTzrd4+Oj+ZvTO/fEygXaWTlRudTJ3E0i3Pm/MAhyHI0YXO2ExdXx6HXuFPKDJOdUDMgxNPInKe9lNJtG5JIxfzM64HqY9yByaSBTKgZbA7nVS2VvayA7UWdnS2XxVgwAtoyNDv8XDeR359vb+5vn27v1XjtG/d7d21xA3H7z3f//rB3/X7v8P2G1X4zJuFxn/2+ym/830sH/2+7a/6fp1L9pRn5LegyuqqmIhzLDPzdjF8Fo72fe4TulKfyfAPvYdRSyZ5L53N83uKsCuNlMU9vMEdzMZqqNnnFIXhpKpQNB3USnhrmY/5ywccZiuHDYBKc/AnS1G/AvXk5ZoqKcM0XIj3Z8J7rt49JMDaaR5iP2h8uodxOlKfddJcdUD9/aiPbKyyM+wIjLt0RnOStDR9qUwErYNvYn/ON6Acr4lYKAGrjkH+QZLA8O1oRfbRHquJm1Ct97EC0A2ri6dcCNrPAgdENgo/wzFXGhdOA6fZRO4IzAb4n7lvDEbZI4lXlS7Idj86eLEsjIiGmaUE2bt8gH+xRDPeLSpxBOWFgnNEmu4YVrB9K8GTOlMJQs3DElzOGjiI/oIKgNW9QjGfFN2ouTTne7UZoUTHJmIJCzEx+siNN1FLEs8h05MqsFL8k0CZnVTcjMP8JZOVwfWe7Glx9c7mAMN8EikPHhYTxC/v2FR5qDgytjzcvGwWgjGg+5YNdBbvTDg9kPwmTqeccKY6+u5xBqD38176jjTIIkm3Ph7OuLr1vGBoUO+PAYpVcb4TuxkMj4FnjVyoUT93fD9sJnoIWY0zJNGTSTBqGAz8wOV0OZ6WuUzoV24Q5nHG/Ty4QZh6ifFmm4jy5/UhIieEJA3Sr/sIlYAcGaP2kk2oyhjMRZfDSQdMGGWnDUypfzDbr8cLY9KPmOXH06+fSW/CgnRgMZ0THWBviP2lxKhz15+MAns+U58TIdpxA5zjXHasG3P+JfDUDORF+G3GqPBWh66WRNwKDm90b2tOfG6fFlmGfsOjOqiMUqmo7SyL6HiXI0Qw+rkGKz+LJS21b6doyzOX320pSquTkQPSlTRsWc5O0XFIF0nGLZ6+NKFfVyntaHrK+oP73XOgcnnfbh2nzT+XRJYIQwSqZ5IrFMWOM+eGguSmdMx8P5J+NGwbKUYuo58DbvsUwwDYEBlg//Ef7WALd47nWusgJVACUhFz4sVYuPHpWspUk/zHNVio9l0ix2FtrMAQXGEp1M9cU1Q+UNMnzZkS5kQj6fndQHAgN6TOPnQ6qAWB9MJjWR/8TBXPmkGYNVbI+nD+gANmV4mxH////3/1O2XlJ9SlaC//3JZ0Xw+HpEx2MuBvbdtb/PubEDnOzZNqLj+pShjCV6xF7cvIO5NU/eFgSMFEshXeXloXBpSxb6GTYjkrFxymOqyvU2yZO5uYA7YxMlbJzK6cg5YJ5t4ALujIHB1dfP02dHOQA8Y+hHdMxlB/ZgHx22WaF++rgI1x7e9pwsTu4L/0MDXPuwOLO9w6DpjC1gk4UOWHY/r0pvR4iKWO0H1HqL8W8ylbecbtJcy4QrSLUp0P+/8Ck5sU+mJHyPBF6NRx1EDaBCDcfOw4Oc5Ui170XoRStn1izgNXSOZnuZLvt+AoHLtHlM/pCbe8ZwpzQe2gKrQ1pKb7ZhQrY5OON6WNA1IUmOVRU0zXQ+LrltwciQ2Qgzq73fE6LHxzSjI6YNYpnNtoJ1YxrMHewhDT+YP1s2fRemBjkaNIX26ApjKM4u8A3LXoQnLQish/Sr0pQgWUMroEwzCW3c+TiTSR7rxQkJwTl+71owRgX3uD007NLsUhr2jfKV09aDkTceGTpI3V1wZPzW37d69ANeUCTLBdSt46J5HnmWLjf655/OydAY9kNjBsJwllthJg8RPc6zyqVQ2QSdMeovQwbboMBvQpVncWuu01wPmdC+KklGhNTeCptwkcpBIcjWfoEfeozqtWZpZbuw+9LIv2A1QszaIOdyEFXNfi+g4RakUtrXiLhJxjWz4vZRMmd0Qv7rw7nRPjKmmNClait4xSR7sPLWu2ZnWAk7w6IzXGERsOKuysCqFABUROVjV2YswLkQWw53cnRxRtY/8DiTSva1J87PXBlTVSREsAnLNqKw8A2WZ/TAbHEHkPj24g6z8mx9HMwgh8eKaZjTjf3m+n6UIh1vPDiqamJPYjUVzNmFimZ3PMmpu6BL5SBMMh2yR+nN4Vapn6foIMpk3kuZGkqpwwCfcZ6NpcIMLIYpQzZJ0bqEQpOo4MNiF43GNAvcNTZHMgRkJqolSTgdCKlAFPdSNqrebXmuJ40axgzuO0pTX0XOlWyyc6htgjAlkwwhbTdguyaXFB3zQAuxuc9JaVc8MDe3Un4FgRMhK6coLkcTm+0UyyzBVRhLpbhh+6IaXQnm2oQLgJnKwZp3/9XRNaPJjKy5dwdcFO+XIPpvzCvmu4DXHBa1d0CwJUzxgbBizU3BpkR02+3tEpjglW673a7v6YicifL+bAUcbVEogeSin1GlsxyLfk2wfrWdVEQ+VcBBnTwKyoUbuwTOzqP1AEVxXyVRuBuMPjKiulQo0rGGOWCV1ZRg/SXcgRt6mdU32Hv0VINXkMaa33E9vZ7LeVTwaLkC8oNMekQwNimdVkvXwEFGdfG3zevMswx0Jjs34NsSSBbkC5ptB/GrEIMFGZxwHgeDwCs0006EqbKdRoqRmswsTFi+ntO4W3Ybh8EHPkkaEHTx4uWtDBmhEE5ZO5s8hQwbTDD/t4VEgVGMdE14v88yPC1vyvfuNw1UAHDX9sa7TIJFHSJL8ZAXdEXpPDOZ6qE6ynUOjMbu4zRX/A5rFJdAQWsWQOUGtP2pzIFBYjrWaFMg7eCQkcIptApTq0ugtGwSJ97EgPz+m4J0NzCOIWhCbuCtzk2rPDf4tXtjK5VIIkWL9FhMzZ4uBH0wAtQSFQiTizIL0CzlUJfGIiD7XjFaaIXDg/LRdbLR8HCDw+6HNFeQe5rakKxg6n732lqsJUCOrrjTI/JuSob0zmpjihUFKPG8tcqAZqNxalMrypLSahSu7GtC1bAnaZYoW/4A7rU2U0YzMBV+k72giGPdAxFS7qikbl/Q+JYO2MeqiJktMQpI77ig2XSJz3QK97+fFcvOxDjXV3yZ0aXUH4r428U+vCqiDxb4MOdp8nPJ8pz/42OjHIrFqXUssywH5j2CvPFLHeY7zw0lY7Dcn3W8FLFPaoUZF/lWF930FvnsjsfLMWbx6TkTg4pAnR/AkpQyn1ou+UB/q8jgxUFwsQyIjN8tSTvzZfbET5clu3nyM12cV06FzqbHMhd68U/vdUbPRF8u/OV7ytM8W47KwbdL0uo9T9mysug9FzQ1giRXC3/7Q+V0ne+rsyRlZ64cCl1KjBgQIPyWW+ez0ZhlSgoY/JzdscW57MyVAlvy8/ERlotY4ssLmS2O8j/YdEnmOqdKm2PyBymTpT6+HOY6kROxHIDRU7SSczmQ4odydMECX54t+Z29Qlp+ykupJHDALCsGPtB7PspHFyyDQBwRswuWxWyJzfUBmp0uhTt+ernEcn3g4rmmj5CuhpnUOn0KmOUX4yObWBZaggOLj5dag49schkP2YgttW0+sslSmtJHOTLn0HvogCjixVXjj2ECy/yffUqTJ2D7KU2WwvaTvVUw5/ZSi3RBlxDkweZ44vF7kbE7LnP1VEvCwVnyY1t69Zyrxffn8vvrKZvLfrvc8tlvl+DTi9LF7ALf5XQ5Besipxcy5fF0Cfr+Z39pXfYnRtUSn4EEoMsOegnG8LtUxrdXYQH/ub/HuKil+Ml+u/TUrWaG3oSllA4HAq4CjpdxwTgIyy6eS9xf/sslrZ9LuEpZ/DNNs+W8XMu5e5bFTsvxcrPEjNkTaFu/HFcjhGVVcPv5Z7WkFhp8v4wqenW5xJyvoK32E2iGAJbyXeCny5tKwfdLY44Xo0/AfOnVLj5farFZBorrJRZdXQZ/ecvEacru6NIy+CqjQo241iyxB8Li231ZAix79Pwis1u1pPqJ90/LfdZd7rPt5T7bWe6z3eU+21vus/3lPjt48LO/Vb/BS7oFr+qXCScpLs8xaMQXQ6qGwdiGKWFsUMPlop2eWmjeC14PuzFK7RVtg65p0GSuNrl4SIUouR9XerePo+HNuyuEBx3xoBEkhpjQxN5sO7qXQAYtiQVWUHKRefayOZUDdeNy+GzpaRsfWcSENVAC57Ba/rJ4np2U48lSOShFKWElQEeUzMjlsowLGgfCxwUJbeByBy/RJcRL4iPkDXxeUToV+Ew0p2k6jVyGXxlgxmg8tCEqI/T02fVZ7/57u/vvEjwXN1WPazKT6v57b+ffD8dWbZQjA2Cx2b2uzGnC05T0GGk3riaU4b5+iSE+bk5mGWETlMDFUuhMprAZtDmX+yzLYENHloewwLgNA5pAOTY9ZIIMKZToq2yYMBQIxucZuQnIchPKu4bMyXFctsmeXXbhCNVoBhRY5IqqW2RlfAtyZH3rVivpmvDF9IFUxjQUAnQMOTwYD4pCiNmsW9xNE1qmHtbGb6CLS0i4HsyXevhlWMvX6ICHOPnaVpp1Frg8kXEDQkExxSctth3jmidOBB5DTXkX2PhTLjQfMeereojwYrUxaQ2HeyCoyXqVnWTmUuiA+A1cFIjVjQbENFW3q9xnBv7L3mWYT2H725bKrNZPknUpyDhj5Ri0sqZQDYGFHoT2OEUVzoXPPbAZ9BA0ksW3RA2iD72rQfqyUYTk6VGEQVhfA+kMolEhqJ7E00VdvM3O5u5mt7O5vbvT2dluH3YPNrvt3c5+p9PttDc724ed7YOd7b3DzU7RQW8Okjj+KVryFBJ2/fLsxNczpDHUavTd+m28bUW6clUTrwSrJpQj/IWEnj8ytVV1L89OsJWJgOIB2rU8gYBNyK2sRkvCgwT8PTZkEn8yNL5xIYJORZJo3BfKctB0OpjjVObEZ/EFEy5ma7bT5dmJapGM3XE2sft/QPqVuKIY4+sVKjm2X7TNT7AtoWexzpyC/YGF/RjYHFD/q7JozQtVmgRSdpXyGEcommnPYLBgrhhcOmI2N3HW1HXZBfT8B4nta/v4hBtmeFdz9zxFwcA0uGrOpmfwNzZIllubz1byYsqbH0E9L5si5lI6iiSxczagcSlFx+XZzsoXwxeYItgxTIrw473o3vZYlRybwAc5Qa43MMC6K8oeFt9HQbUYTJW1EKCqdhEFPHHtjm58im+0d63l9X6EKVU2cwocG0zPMJObs2314/W5MOcoKtJ8HqxcVTfTHoNb++BB+E2JDI+M0PTJg2NU/FOPgK+8/SDkigfpEciVtx+EnMrBIiQpOYseKUWmFB2wa5Zl8rFSePBOZL+YB7h11ZRKjj4y9ap35xH4s5wHj44y68MHxyvZ2I8MUXr3QahNFuojwJs+eWwMa87NPUDFxHwQPNpgC3Bok3H4cA3Nwuh6BHTw5sMQwWBYmCJVO+PBMZo17FkjuaGav3p8oPmlffX1B2E3Zd3PhFx++UG496P0MYHTlJldhfm/AgAA//8EU2yW" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bevqmRHGkc/H8/hYKJuIY9U9jmvS/mnqCBnuGW7uYZ6JnneXZ2Qa6SbQ1lyVNSYTwXF3Ff477efZJfKFNSqV4MtsHdTA8buxuNqyqlTKVSmal8aaFmghoB3m+7U9dYT7CzFzr7MeV2xIrW9qFfzfo8ry+syL9+j1rWvHTK8xci+8EdIzMfGeFpBEeCKs4EtIWCw4AzNddxUBaY9WOh027j/+al3WpD4a6CpspbJGN3XFVVhx4zWAPvgLPDVpOqoxY9gpOPrQAKhybSZfHLA0bSkX3PLHLC+lzgLQ5e0ID/yTwThHrjIZZC2OXpe0UdTR6SsQHNwJuqGJgnqhW8j+vf43jfivK0n8oJXLNlSWExvZcZuTq+sFCxz6zy08S5xYzfFVE5XHDNaUou//sjdJNiel1t2IcWqAFYzAXvapAXvdJVHckKyHRao8ffCing6ALBd9QCB8eitYMIjXWOFSBsi0zNshFZ8/DWjPyAUy0A62YhKhNXEfCXfWytRCu8meuaWhwWFqLtQ0ttUQpVGSLEw3pALksDoP0MWFiIQZ0aMEJ/ywUyBdxXobPQft0ErCCtkLoGsg8i2CwjRjhWTepjBL/lUChfiaHXiyYJUWxEheYx3h7dwxlLBWH3GP7YKgl1rsBT1s9T89odN+i6js5gtxtEWQbtNApXmnN3Zn6MvjGcHUyBItQdJOjvtDeVSvM0JQy9b1jDBptqGps68L0Cwfo8aCNJx+NMjjNONUunixjX6AxeleIEXI9Hn10Y730GHLyAGfX4IJe5SqfIzfCNl/Jwzap8/nrKFfQpPrtoEercbeAhzgW/J0oaPokI+e+CsjSd0KlCf3v5yKYTNyfH9zeR/cH28y7raMJoUcXNcpK7OljgyY74+MZM5SbCad20SMLGDJz2RFqdgUgROBLNcVqJ8KEqErlREuZYl1lBPrYsD8IhNIUuyUWLFJprKeRI5sqKAqR78bOfoGshj4DWjy4/btQK4UCAMo2HhacJSYkRoqzhhN7t7B1WcQ7dMC+74ML8YUWfApyaw+1+kHKQMnJ+flyiR0O0zjwRouFn5RqMEJcDxVugA08g7y1LoIiuL9VBuUM1MvYjM1vq0h9ng/DLTukBk1HM9XRVZQCPuZ42r84HKXTGKk18YTpSaC6YWFlpwo+lkoR2sNr8PspMD8kRRJjQhknmQmfTa65kQ1Gh5yEdDkHOLj9BBkJthsdHM6e1qtW0U2pc0GMqaFKnlGsi/8h0Bkxeg3HeNO65FAOu8wTP65Rq+KPu8P2/yVoqxdpbsrm/He11dg622y2yllK99pbs7Ea77d3DzgH5f97UJrlCJ86bz4plm+48rjg4qe+x3yIUXQ6ohck+GWRU5CnNwuKjesimJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXyqx7KibJVTbYsTCqeXkvFwqrj5BzoWWyR22zoMTvsotaGTeRE1cFBYzcE3ggNywKTDtu7d6EmlpdhM4traZGzApVjlTvsJRnhoo23+5/Gsea1oq9k5Ne60/8xZj5UJVb3GrM2h+QqziFrwbZ3xrFg/u7jbMfrW2cXd3kb5zBjReAUIfzg6bp5LtYa6jp5wZ/vmytiO1pqC5JJQ++9Rw7Qfj668UW0LrXGrbhUbUZJxxu+oZuTkw/9sBIpseQOAiZZKmpAeTamIYQsGd34yI5nMzc6saKoGz7GcK4ljoWSJkACQMvdySYBm6QKqWq0DNNPLKWaVrJ7aMjwxo8iSfRaLY2gmy1hy3aQSPmOHcQibHAyZ0sGgjkY4dgsQGY9Z4qec95wm6Zf8fZGQ0QpCjgGcNSP7MiNrfSkj+14Uy9Ea4YqshT9Uy3fj5agNpEoYFlWEEmss5soYSrYlJpiuKb+1KUt48afyfp/fe4jwzvpQ6/HbrS18Bd8wBtJGRK4wlElLtPrv+ch7mXtTovhonE6JprfFuqKpm1KliZ5IktIeSxVa1UJqCFHBIqIG+6vzE+WjlNdiGeW3a/WDMKBGiSs82VfJDX4QYHqvpPRzs5t/z2mKVWSDQBwXNhEoDUVYDIaisPuYjVG5gSAJ+Azv8MqsYtk9IuRMEErGNNM88IOR2gxAeNgC0eZ/9rkNrfCaFKg8eWrTRGMqCkcYKfNVK6CA7eeq6gj1WConzWzevCfK+yak7dpkMokYVToaTS0EZAzcGVTptchDPLOlsBHKkBZ1ZhFXDK93wxQR8Wsq73Ujlfc6pc3XKjFxMb1SZVLX1baAsdbCPSck0RnlqdkyY5Zx2VAo2yDgme2RmwItx9eAxheQeqzfZ1Ad3YxqGcViv86uzk82WniXdyvkRDgnbmlaxAqXlvOTgxAwLOt4JdgkUV1AVsf1YIPcNrNKwAd/bskIUnGWUCxWYj7xCL+X+CZXLItWyzKhx6BIYfMRd8HlI5H9WcciFeT85OjCiKwjxPjEgwp55U0dOzaiPF0RcsY8JTCAU7/rYYuRkZ7PnMj/1RyHBuE3qjgQwAB+ICIk7bFMk1MulGaWxUq0gXuAr8aAeBW8cg5EJFd2DT671L296rY34eAx33IBmA2MivNcoTsnXAkcrD6JVVZHsZQCuQNR41oGPePDmBkM7UcBJQgVUkxH/I8gqBJJ6P/8jG1yeJ/cABbQKz6zfxjsbrwyEEvRx7WqxumIpEG/MmZgE1M9WqjheVjJrhYMWZ/E8/lvvppEuxwai1LYatOpHHBRRzoQaRREWp0UmUxXlsfs+60BQ8JIzuMJhSbsfGdG8t7yHhX0miYjLtZaZC1joEWLwTW0Q3ssvDcM3nDVxYLoDffTg0lRzH1diwXQ4TOMZgaPQxGimFBN7QwnVJFYpimLoZiG/fVqyJQHDGkkU5mTPhcJbiq/xVM5UHZv+0YUbmxIp8NwmAWuqtl4yEYso+kKe5mcujFqG5MrP/113ofUYeyKtlFr5ZXANgHPEkYVKNdvI2NQnERhM5MbCxBEWCKZMnpnXZU8oDv93Xa7XyLGSmRSQysXH6IkBAbx4IydjedIwhVU98m4CgS37GOSnJAJsx79EsrFJbqvsAEMAwp4wuo90ry1V+vDEk7GZvSP6C1ThGsylkrxHpbZ8PxZmBSGTw1DjpjOeIw8C4nhFa4tp5qZDQOGf5ynNIP5epBsxLXrO1QN8vwotY3s4JgTJ5htA8hY8YHCfVmaBvgkZInshWUcxJBgagaqIlSTG/OdPRfNMQl/GuqDokgbjOFke5/tsl6ftSnbi3cO97tJjx322539HdrZ297v9Q66O/v9vRI/ruh6oaRROmbD0JtAOgG1KpG0ouFD6FVidybId0gotPxC01ROcPkTrnTGe3mY2mFh2BydLIesJe/XgKy1so6DfhcXEKU0hcIC4Lcudojw7ppg+mf4a0wVYHBqrFMe20y+0i5y6k7oAUGHca60jx4hgXH/jlGtmoCgiWyPJWhCNPbVT/yrZiFvCsUMs0/7ZmOgjy1o4dTgZAnx2LTbrcxEMmErveN03EQ9S8CQFTkTcIKeSJRFnpUMBPexk4pO7TfPYJsGMd9hZSAoBwBxNpgu2QoWwaHuxWJxRdlzjac8UHuc+Jm51FgHbT5eqojkYAp1jqpMwLyLax4EAJcZ1fJgZKZghncppqWdLJkSb94U+iXUJ7QBD+CNBeT8aK2Kd1ZmbpI2oTCspFjosRJ2NBeDnKuhX7ViU8KWNucFycelo96ec1KZqZLQXLD1YSxdBFPu/smLhAJ8RQqVuaYQMI57NsgmSgVPY4vUiAqMGlWsQU1w42227X86ZQmtglT0Zw22wPoGCL+Ca9mOWVGtEFB5XVLCwucEfFipv4nGfIM+W9IT/AkdKOYOk2CQU7dAZ30EIjMPg2asMrvqDp0heidOc7opSdWbR6RuaTkaQ96fZ0V+Lld8dQvi42ZLtkV9VQoZrCVJpbw1Jhi1qbJMY0fRim0RFJn10r1Oje2oG+2EdhaE15bMrOKXB6wsfMvZQS5/uBZrTRSD+yOUYi6c2sYab+HFcdRkWRnGCIKfDWPQcjx2y947hxkUEGdrBWJ4qYuzKk0ijE0val+ESAUB3o+Edof38ja+u8BpVgRzMEosheIJ9socMlCRoIlnUFwLw3f/5o9UjH0Gj6go461mDejIUCam4/UwVP8ssPHxfsXDdpZRTMPcTxvbDvMtciwIug+wOEPze44KHkvMy/LkfpmB3Ja+r4Hcr4Hcr4HcLySQG/ekK3ZYiL2vGM2NU3qN5n6N5n6eKb1Gc89Ps9do7tdo7j9TNDeeFS8jmhvmsuJobovwI1HMNLUmQ7EVpQ9wboxkDrKCjU0DRrEYvPjI7pnkiJ5IjxcY2T2/pvYFw7sbeP6rh3eH+uNrePdrePdrePdrePdrePdrePdrePdrePezTeI1vPtZGPA1vPs1vPs1vPs1vPs1vPtBmpX6+yHqNuzgqvhldtjBmu0OZjZbSpXi/amLF6XQVwGqj9M4llhyDwp74lhE03sp5Gj6q53hr17JMQh/OLv66ZQcXV39b8f/gJ6b/YyOGHRy+FXUIhPMnjb4lmZSALbzwIt2b7XwzJc5R5/O2clli3z84f0vLSgIvuFCySiJ5WhkZK2dclSAhogdQCjSNNY8jv4OM/KNP8JS7kM+GFrt1pftlM5MMzAKuDijX9f4aExj/evaRlQaisVD2M/R30My1AaFO+EC6C0X4K4AZZXGQyib6etmg+9bYwQMjtOCBYtjORqnXGGo50DSFGdXwP11Lai6LozwMwYXhryYqWN/1HmCBvwqf4FjyvKhH7Lodpxn2L7Y1RvHCxfHVyVNHhcdnvtF8THqsBc9NSPy3g9lYfHSpRBxZovvUQsBsFBpVAx8zXrCjI2Dzcw04WLAlAZhgY5DpjOpxmg8BD4CTQcDRM8VKqwIk3DHlQ1Q5OuVKTlrhrE5+tGQmiWedMT7b9uFJVeM0Jp8+NUj+quF0iqZjGSd3Ue+FDDVmsa30YjrjEEpYPxEbV0dtdvt7hbZWKuSB580EWaFWtVaiV9dROG8RAppUpOnTydSnUbl/lEVMq26JjawkR8EmkK8IGKF4OuEmxdKma7+EPgiW9NLt6fuTgdoMXK6r9TWVae9e9jAffD7DAp9Izb6WimRZOEVCZch5O5VrcixHI2oTcS7RCzEACO3xhlz+SD11fpKomJueoZ0rDP76ug5/7czCKvy3peSGuBHQtERjvpUSRzCehp52+3OLCEStefv4jGDuC9a4MyWKQsu1YNiZdVLdSEnLLscsjR94lp9HXEzN6lD8jYfrysn9WLfz+lysBXInb/Btt9YpBM5hYZEYcX8kmegL+NcOR9p0d7D1dInXCuW9uF04tC5F+r9p1NC7ySHxmabCRvroe99UBh2OIX7aLd9aKHGLLNx+JAMwBbohR7z8XBlLe4usWs0FwkYm7aRBQ6JbJfkmf/Zpk4FJK0JyPPL69Pjkx9Pr3+6PLr+5ezqx+uj08vrTvfg+vjd8fXlj0fd3b15N6StIxjQbkVUuDj9sOl6nitNRbJJUylYadUkJEX6JmJ2bnCr6HcgOEwwBWWUY8uETXYfp7nidyBAb+ooXcdDysUNUVzE9nIwbIlL8EoVc/d9Nf6Uq7q/78PZWRTN3aFx1kxW7ckMaR0MXstqLFG/cIEMIeVi9lostQZFoppbBartVXE56b/PM6VLbOEymIc+arzsgcVFWWsR968FOubhPIdUDaNRsruihTkuSSYxMMo3Fzpoa/PhZJckHPxIsk9OTn/y61dOyYMKCnNsmfeYBqu40kzE9sbdtjalamg7CYdxFv7ivlgNvD0pWvbn4zHLIG0Y6FVdifb7/b3j/ffd493dd+9P9k8OTg/eHbzfeff+3fv28eHp8TJrooa089UW5fLHo86fflUOT7cPt08OtzvbBwcHByfdg4Pu3t5x9+Sws9vt7Jx0TjrHx6fvukdLrk5x1HyV9enu7jWvkKdhkAT69BUqoOJKPc++2TvYf7+3t3fU3t05fd/ZP2ofnHbfdzt73dOjdzvH747bJ9293dPOyf7B/u670/2dd++3j/c73eOjw+7J0fu52/1ZHLlS+cp0nZMiqZ4loU3zG4t9/BHOwP0FKlzjQWTb9dRWqebk+Pi9zagmP0mpyfFRi3z6/P2Z6GdU6SyP4SbmitFRi5wcf++jDk6Ov3exjPOT7ze6varj216bQyWYIvUOx7VlQowuPcQQvykZs8ywmmGxy8vzrUK/JmRIRaKG9LYeNZLssN1e5yDZ6+3uxvud7n734HC72+3Eh3s92t1ZlJuE1Ne0r+diqKRY3DLTUM22rjiEbHodeTJkwmXHlpQBRYSEsGaWBWnC4c7kSV1L6La7nc22+e9Vu/0W/hu12+3/WVRTMPj2oFLHF0TYqkRzI9s53G8/B7KYkfzM4VWV9t9KkphC5rZh449nVqZqlqalBmSYXOtatRvbs95r0VKPK0Kxa7C98bbGFNEyIr9g5rUX2+blUjdMlOMe7oAZyo+5zQEOo/NtFnCN/hA5izUWolguSnOUlV9TPtckciGJPVkelcijKT4DUXxSalL6TJJY5WO83b1GW3rlASJ2mGbdoWTE4y9DlqayyWCZYcF3d/eufzj+YCz47YMdY88UL54enzz0ql+XtaXsn/vd9mFEU0io0fyOwZZfFT3POWprjuuCcW0Y+/rl0ceNCEMFzDhmr2ZTQ+8mNQG7r3M9xRiBgG3hvraXaxs9gslQECdW5JsZLe7k4yUJMSZk3YCa8DSJaZaojRaALsWisvr9/Zu/B9t+qSVAzSjC6a5S7ro1sGE1IAjWjz9CN0wzCcPJISU9jWtIO83LKOPkRz4YkiOl8owaG9927zpe1Lgo0wJSfVdOB0woXj/egNRLVUXz89ytiRtwSEKpu8plbRDv6yfLrOrx958vW+ST16vPRAyCHI62IgegFereDRzg99NzcAKkABdJyKtiBTeMk0XnG1XifDDMYqTIz5xNnoBQWBJjxUiFQymy/ukJG/1MxM+EM02vc8FXpeo0oU5TYkY0FPi8BAkq3P8EMkBltGuZXUOg2eouvvxZi5XYMuLG8yftVYtcQtjaRY3Pj2nK+zITnC6D6XNYhmAjUR1UI57DFJxhFXXb3fZme3+zs0fa2287u2+3D/93MI2WRe7JZuCj2FXtvpmYdQ432weAWeftTvttd3d5zDDH6vqWTa9pOjD7YDhamfFn4Tf1x/cJYbesvhF/ulzqIAlwi/PsblWb7grv8e7CS2VGWJqaF2L7qMCOeDrXr7r8I1/VrkYLwZUe73bnDpeYQRB2P5aiyKNfpirVqQXhlzNhGb+rLaa/Q5oDub3d3e19R3yRsPtqGMVyyCr+xzyLPwtRSEjmf/i40GAt1ZjGcGPV4w0Rvt32zsEyU1cs4zS9nrtu2BPSU3AoVxEMjqvC0m08JatO88IYdQVdCk9LOh5SkUMto1a51lrhNJ9wPZRgtKVGWTGWl/ege9DxkGY0hgINVSLv7r5/9+7weP/k9N379uFB+/Ck0z0+PlpKYig+EFTnhnorFoZn5QyzkNR+EqGk+IWRjBnzjRn6qDC/FY/2vswhrIL8IMk5FQNynE3HWpKU9zKaTSNyyZgPKxlwPcx7RqnZGsiUisHWQG71UtnbGshO1NnZUlm8FQOALUMY+L9oIL87397e3zzf3t2uLQPezmwuKaqtc+DrmMLK28JuGlXk1JBmLIkGqezR1OuERY/JJXH9Gqbu81i6DoeXYOpWRZVzNGHRqBm27uXV94W+2yLn319SQd4bK5arWAa2cMtYQBFYvivhghdj5pYI8BSMvradO2sTlxb0uRB8AUZtBd+lUPoLGKg2MmC1WlVQ9toMatWcGituz43ACu2WGYGKhSXjU9+hswBeh7Tw4pKOoVRuU50CxeJxd3cvm9tCYUrTXgqCfQ5Me1KmjIomhN7hI9JPaQktW5jn6vySCDaQmuO91IRCmY+YKdXPU6N4epUKikFz85aNexWECdCHzN+5ECyde7sJdq+vXQjsF11KH3fbY/ATzJslEbmwFY8wrIUERV+g0O/RxyNbUMjoDU5nnEwmEaeCQhgyVUZLHTGh1ZZO1SZgYjjf4LCJcGc+iO6HepR+R9Ox2HRz3OSJ2qiEQmHlssBoSOUEskRVnevMLLc60dxMlzGVj1bKcFxVgqWB4ey4kBrtsTXsdY8KTpVL52Yz25/7RUb22rktGtlbR+lrRfbOmsmKSLzKyN5wLZZag5cZ2Wvn+c1E9rpl+jNH9oZr8m1E9n7NVXnuyN7K6nwjkb1zrlAB9U8Y2WtxXGlk7+VCMby12N3ijMC51ky5LxLDawf/jW6vLFisOYgXB362IN7tw52dnQ7t7e3u7+6wbre93+uwTm9nd7+3vbfTSRakx3Nd1SpNR+NaTKsN4HwJQbwBvs9ye7sIwl88iNciu9qA0su5Q0crArlBANSCi1YmAF7jHb9evGO4BH/1eMdGWvzJ4h0bcHgJl0B/snjHBiq+mIugpeIdGxD62vdAK493fATnF3A19EXiHRvI8I1eJ4WYfnPxjlXkvp14xxCzby3ecQZuf914xxkE+TbjHWcg+2eIdwyn/hrv+AXjHUuEf413/HLxjiXCf+Pxjs24/rniHZtweAmm7p8n3rGJgi/GzF0q3rEJo69t5z5rvONjCL4Ao3bReMcmlP4CBuqfMt6xfB3/7M0IUDUrdUdz18pjmikblwW/y4wPuGE+jEJruLCJunM7wd1arDgM8KOhfsr/YAmGysFVtY8ChEMkRPMxFF3B0JkIerYbU+GqGzfhVMdoBj6NLYbqHXTMeK5XCPwdS6zUb8SEzmjMfDuhI3w5Y/ZiCu7x5diY4RCS5xqOQMQnhTi9ol8hJRn7PYduD5JQAeEDFq5ttgE7l0Kr654h9u85y6a2xVDB/f3+IT04POj09uM42aV/m4OkiMUXpGmVbPA31lEN2jvaXjPYxa8gmQ1I6zFjUhItB8yQqtxt0EK2naAcYYdUJCmaYH4Q6Oe7aQMnWeJorap03en1D7v97d39/d72TkL36HbMDruHSZu12c7+9l6ZnG6uX5iobti5+TX8xrZ0dL1xfSNRaGkyYlTlmbUogYk9U1oG9iQP2dgdEhVittv99t4+pe0ePWx3e/sB8fIMBZYtHPz5p3P4c3bh4M8/nbuSwLazCrHVe9D4k2ZIex5ib1XzicJrSPumm7zBv5cxaOlIEjkRhj0kUfGQjVjL918dUz2030viwmbnqQW82n55J9jNzjXBytKgGWq5blTYV/NMECWhQ6xiRgoZeo7oFEta23j0swuD7ZYhoaErNuNLpy3vX6DVhp4CGoCe2XJYBjZ2AA2asU/AXTGQrjn1ja15hZQLZ4gImYkV7WlJyjXLaArN2z1MJuJUWkfhzT9vYI1u/nVD1s9Or96Tn94fe6Dd/e3uBs4pfLHwhTh/CkT59pjrupS4wFI3XQ8Rp13r3dlQscsnI7h49VVxBJTqh8a2nnAYLGukqxu8QQ2xW9ijBrwEsbqJC6NLGU1wl+hSk9YadK4IhAsopgk3UsiGTLcMXwqpjZjPplA3fQjHYPn7CnA3LPbeJaNcaQDS8z2Zk4a+s+g0g5d7jKyNxSAoa2U+X4vMb8FYH6W20cYTLOpm8QK9ptSE2M9UkXVntmqaRYM/NlqAuYfpe8NKEQb+ecZaXxv8sdbC+SCEtY06P42tdypoqjUYzedsXoqHLoq+zVasELiKwk3w3U0gZLQcr1XW6+a7G7xbKrcJdpOuNEjs5+kzqqtfrZHLWR8bZJhzBlq38ZGRm7Z921TmUJu9kIrTgBuUlmEAFxfkJs9S6EV7A/lQEFYKUhV3NlfgvBQYyMQSNPxA/3SiChQpDzLsvt/QBaAsr97u7GxvKUazePgfv39vf8e/v9NyXFo9Jz6+gRV881mMZIJd171UBNZXRDEmSpT1FG2QHlwQwTSqUFJwLY3xg0JJ9kA5SvyJ22O267z5BdY6Y1SFrEAhgYykcqBa/kyEzgWaCfKbkW/e+LCBxKCsVNtoe87xPQX9Zx4sVUZWT6jyE22VlCkhdV04LcVEBtqMxyX+GlOlAq559lwjC77oAwGHYFSZg15Vl9sLqoeVsQPZagm0VpmOzBa8ZUSnyVtrhjfOQxZyujaPnZ367cTOznZpUmCXrlKlgQEsE+PTHkPNBp/YXL4mHPw+MDStMFvt7PoPOLtQ7wndNeEokZH2tKycCmm+hR2aFbIHQyyCuUdWs83wPg/G6+Xav9UKBkNkUXPyELHXvSBsNNbFfGDq+OaN/dp2nvR3yRzyGITmVDPSY3rCWDktU08kGgSVAxozNVnGkuvV2jJXgSVaDAoi2FlhBt/xmPn9qvIePprVCRyZwcOyzb+NkbjWlzKMRlozC7IW/lCVoKhRWromTLNsxAVLzMkbc8VSmwRCISHQujCK222V9/v83kOEdyD39e3WFr6Cb0QyG2xE5Cqbuv6643Em7/kI4zq4MnaO4qNxOiUarNa6smmWMqU9lioy4WkKqhicRxOWpoD91fmJKgRNLKP8dq0u2qvBWt4fB8bxqvjgEqDPFotw4FQVd4wquHnbqHrifGccXWXMHEOtksn9ICDLraKNasCU/J7TFJWQoFO9M3QKOVB0PbaefnYfszEe5UOpbJfsXCRWa6/t4gjcANQ5SAKbpToD8EFy12KXuefY6bbwGWnXIw5GrjdHL3ZMK6BAYd1XEeqxFJNa6hu4ebeXJUJIW3SFUKWj0dRCQJbHPU+VXouqrgcLpWT3Aa7K3hF5meT4UuW9bqTyXqckVlql7VlMD6W7NQJcXH0BYw0dLeZg0BnlaWEAN2xTqua+MtVyfA1ofAFhzvp97FpsRrWMYrFfZ1fnJxst9LTcCjkRrk94xamEQrHlPJUg3sKtHWySBidAddzCcRN0VIvlCPjgzy3zQd7PEvfFSswn+OH3Et/kimUrDEf4bME3KOLhDOBT5yZ2f8/2EwMXwnWA9RY7zZFwgUqxERC0J3MUnPAq2nDQlo7dUW9EW4+l7dtvf7Qd7Ax/DOkdAy8Pg/AQmQXuIqEzzpRVG2EQECsSushTAZ/xxEkK59KmglBI1LdWJZ4AgaAc2YWbqyXdkIoBU9Fqd33Y3Ro9xjKbFqQFlXfEIDRO9mfpbFSQ85OjC0PCI2TaEw8q3O7zl0S3uEMC0goZuJzhNH+9JDs9c3g+c8jPKtuMGozfqOLIbxkdwfe+qFmMR2mPZZqccqE042JR4gB3fzXuhdG/NvsiCVbW5Ld+yejrMwH2tu2mmirNRlvjlGojQhfmcsRihUdJuIo42KJTDBL4n53HPvv2sLaUA/STybABaelY6sPNP8pNQaiQYjrifwR+YiS///OzYv08NZvwxnwU8eTG8CD+YRC88WpmLEUf15mm5aNQJA2ae65Ysji7Vhk1LrI9npNJ3R2FKpKA555inQuXneQqBe3lUGbWnpMZSeUguPBVDanPFCTtorTIZLqylGVfbwhDM8xIhKLKpXmxW61uVUHnzT/XbnmPCnpNkxEXay2yljEw7sTg2gBcoIrPN6f9+Gtlp+D/JRW8AvsXquIVE3xV8h4kz19YzasS4c+q6FXxeJGqXjHJV2XvKcpeQccXrO4Vk3xV+EJq/CVUvq+hEYSxTS/7sJ8/POYZNAE3z2/1kC/j9yLP7/IUv/zR7MZ/PXVnnrqORF/rQPV1xV/qWTm/zHrCQeqjX/4KZ6Sm2YDpv6TrwKL+Qv0GdnYvX4/4Ck4DS5tvVZlYlAIvUt1YFIkX6SuwM3xVWZ7iKLBEfMFeAjvDF6v2fEEXgSXFN6z7hEFF13TgcmWC0CJS/DpHgBHCcGFGAvLkoV7uiGEMOSW9TE6CzGS/R6+GbGqzOdRQTog5TwSZsJ5Lt4XcDwOKi0ERkG4T7XM/VRcMPn9MUMIM+C8ldO1o1bXkF0Mp2COWx0omVJCuXnyJ9mnGS5N68ZlOFZEY8Md1iT+quH6Qf/A0pVu7UZus42r8H+T44rNdGfLpknS61x0MbvxAY/PDf22Qo/E4Zb+w3j+43tpr70adqLPrp7f+jx+vPpy38JsfWHwrN1wpj61ON2qTD7LHU7bV2T3t7BxYcm/ttXdsgyVPdBX16Yinq0ot+XRJED5ZdzGRGUuGVLdIwnqcihbpZ4z1VNIiEy4SOVEbNQLim7V5fxt5jZ+wlIUYWAXPKfQiTAz2rTMyKImFamyNz5B1Psjf6B2rUuuWZYKtygCr4YCj+WljJQ46mbVDdqKdqL3Z6XQ3ocAmj6uzf9Gm2ZPX2iX8Bys9a3H/q0oZZw58qZV149n9HDOhpWqRvJcLnT+0h2k24bU9bCa2MpVfYaj4jR3H1kAAzZ9qNpAZ/wPfkFUkudDSL64R0fZA62WSJlCIj2WxUeJBtnGmAnvgk39dMdKXaSonBrLt1FfkJEPe2Lqv8rPxlqRc5PctMqIxUFTw+yK1wdK1XsDh0yWZyvzNm8yc/xSyGCBg3ibp2JTalCvdsgn3QVYEJvl7kGM5zo09lETkImVUMZIyTXIF+QOkNzWEEmYEKrDwJg51enzZMlQdZ3IsFSM8yKajSQJdGOsR8IDmvPqyVNFqC0vV+Hxe0dVpR53qobraqQYVux5RsowiEKjid6k9RK0S/vP50cd51G/znlO8aVZkPFpzcEoO2t2o8zvRdLCuNjDVakzjW6Z9ySCFmRJUES4GUFQE+lXgPwE+VUrG3NbFMyCES5EGOxwMdYO135jUF+W1g+Hh6Ho1+p3yETPFI4N9ExYZi2WWGHBcDFKLraYDSMoC6ZBDYQZoEOkWb4iFBsxEf9/kYvN3wkRMxyrHWaqWdSM0zYyUsr/1dMzjIDvM5iZAsRXq09wVE0pmZJ1Fg4j8D2O3LfILz5ga0ux2A3K4+R1Lp8QbaeA0ymgfahZXKMGFYNnMVUUQBF+yyBULrMi6y7qwUO2zMv4bM5B8GD3Ez8JdFMsH0ENp9zcnztOpl79ceAllcBcNvGIYHfsFMUcOTQcDkAUW5Keea+gVMLfj3ijkcnsKNPCfe92C9LwduomgaorfFbaSl3MuJVzFGQNnVnWHWZgwgwDerHXp84xNaJqqFsmA+VULfSA0IT2aUhGzTC1gBa/McQoInZ2gUWFYoqgE7alfl9fznjkrNJI/jW1dTMAAnEyL4CBzrXjySI1xL/XzVLCM9riv2erEf+3B7HPAHAMlQHPke9GGoUkt+cs1Zy7cUHMlW6ECt9KCCNCcSfadQmDkeRYPuWbY2QoQ0TW6UAj+UUW26xUogrYUidOeN/3+Xu+HNxgnYOmasS4/X55umH9gy4EUXvRAiw9c3UKZkfd2326U8jSL/s+/5zSdqkFOsyTCf0M97d8nrDdk6XirL6+hok66ZfS9lCUDZkBvlRC8drozU9FQj/75nwDIT6xMjOLdf200Vktx1aNcJl5dTXzzzzWH1wL3rXFqDguXQr0iLoE2CqWBfEnSEhVULLNCsywtTuHPCYu8QFsN6NId3ym1VS8r+/Pl3DWwgxm/WAO6RtXgh2aSwuazZ5byRzhN4TQMR2v6esb2iO9YNOI6Y9gf3ciwrT79Hdg8/S6+Y9eQeHodTE5dxxkzBtM/j6E4ux82lK2c4Vl8ej+WykiO459PQwz/VVvfM2Gso0+XBDu4kG7U6UZ7rbCsSZkc1sr76eJ4gZbYDPocrHqDOCka3B2B5oNXnFw9sDT1zdG0RA2743ReEqxMMzGYO4ytaFg/O9lwSfa2eUWpOEXTYUkw1zkiZ2F6MsnL13F2AAvU3R3X6Vo9PeZl/cmQ6muurs0W4MmG5fUqjxcmf5XXz07+1bBGm9gVqN1uL9DyHyrsrKzW9xHJGJYdmy1gSvqzlTZYtnTENR+g+eNp4RbDc39SWZcqYZpXJB7wzR4X5lfw/MYD/h/mH997Ou51OguQ0TDe9UqZ31qRMiMqpqKZVRv7RHXanYNoEaYw8AXLojsmErmqKulXtmjKrAMepkBwCjW0rpigvXT+lkCxzFjUK5rJPIRMP5VUN6qwlwYMVk7IqBjYW9J21DYad6cdtW39E/NP0mPupmEklSaK3bEsrL33zqiYykKUxvo0GptSTKkRXMuC1B6nkmtHlBHTGY8VWada0/iW3EEgTuHRxLJ391xPW2Sc8TuesgGzFYRt9IVmGZZR3mgRPhrTWBdQw1gKA8PDNZ8NMgBrQNmoKJiTbZMKxZtnKAEN6pdT1YF1NxMZ5wbljZqmuhvtLrbETNzxTAoDba5bzy+01qfhtB5bdCqmxBd1BC6xK9Qiy6wQ3N3zjBn46gUskWajscxe0upc2Rk9tjBwTTiiOkdCG5ImPCgo1Sqd126t4ufbF3NSeLW+cjDkP7ouJCWPR2E6r3/8+WSjOOyh+paGds+eRrAMwJ9U3HIxABf12rmcrLXI2geW8Hy0hty89iMfDNdgCYyZRu66ZlG9+PQQgRNU1QEJcX7FWBqGKmBtR21bxWkKPsSE9bkoF7Y1EIqXS2sUcBG8wRWRE8ES1F6ooAP0Pb0/++nyKvqUDbDxDFmHH4zwJJ8vN7EjvpBic5zJPg9MraDlS4tMhtIIA65cvWotyZClY5D74FFXLAbmNJotyAmjfY2lCO5VNaMjRWicSYWK80RmaTKDRcVdEgmudDSQd+Cz2LSiCNi1LgzwcmQ+VrVLskLtwq96o4YB9Y8M9UBQuEOQQv80aE6eepqNMy4zru1CkIwNaAZxBIEIWI6CNSXeDBP7oR/xQ97vtg9D9yN0mzmutEt/8CaKK6MFpHg44B0MWiJmYzmHpNks95We9qrUtzL0VHLshJFOSSoHA9uJgVydXxIjTPEmJ+EDDieh63JXtK7zFGFxro2OR3pc0IwbPeZy68PZh9PyaMJGqfdkAu/AAUrTqYJyw1AM3c1Sgkf/1u/ZX1zF9LBxGIavKuwKYb5uQQ1sf88LEX835gF0FLqJAIyFOKRqyJTjt5PTnzaZMKdGuUW9ETM+styW9jdf3kDLFChAX7pe6bHiGtnf++G9FU7EfBypIe3u7t1sePRO7+yiUl2Ey4bNZmvuZXd3VFysqVZ5Ko4U2NcI6RHWa7QOaLPa1pVFbnSqoqAH041t0WAhwuM45UxoS9D5b0FoChvVHCuQabCquE/fsMo2lQvGtXUf1y+PPm5EGKlnxlHkjmZTI/njynYE9cD10URFIVgTcO30oBGm2YYQjYkrVzSkMFx+8vGShBgTsm5ATXiaxDRLlFXLSwkcrN42883fg+rXc2sZvkv/V2jT6Ls0LtfIvKFf/eJ96j3+X6N1o6qiNn/vRjvvl9CucbHVw26NvhujUaFa5NPn7yu92aE/4wMr7ffKsiv+Yto0fjBMYaTCz5xNFkTia3dmXG7jnon4CXi+gAaNi6Fd4ewFUf9GGzkKqa+hpcsc6Czdf19I6ELAsnl68Hfbm+196MG//baz+3b7cLEe/AYhvI9aJUbgY5gHm87hZvsAsOm83Wm/7e4uhk3Qa33VjbOPfBd5F/KDV/q61ni+iuUCrakDfKB9/wotVYCPuNhAFZam5oXYPgq6zQf9wAMLjMzZXN/YouPd7txXAQERmG31PwcdZjXRP7Ugig4PLINS2+VFw3CG+RDa293d3vdmaMLuq/fg8yOo+B/zLPIs5MDlwP/wFxrBmqkxjY3BRXpc17XwbnvnYH63ScZputr+tTY1EYdyd6BwtHj2bD7FwAUCgkZpJuLQP923N9NQmhxWdjykAlvPtgjXQRQ3WqXaeg4kGEOpUSDgGmM8xuBuD7rohFcj7O7u+3fvDo/3T07fvW8fHrQPTzrd4+Oj+ZvTO/fEygXaWTlRudTJ3E0i3Pm/MAhyHI0YXO2ExdXx6HXuFPKDJOdUDMgxNPInKe9lNJtG5JIxfzM64HqY9yByaSBTKgZbA7nVS2VvayA7UWdnS2XxVgwAtoyNDv8XDeR359vb+5vn27v1XjtG/d7d21xA3H7z3f//rB3/X7v8P2G1X4zJuFxn/2+ym/830sH/2+7a/6fp1L9pRn5LegyuqqmIhzLDPzdjF8Fo72fe4TulKfyfAPvYdRSyZ5L53N83uKsCuNlMU9vMEdzMZqqNnnFIXhpKpQNB3USnhrmY/5ywccZiuHDYBKc/AnS1G/AvXk5ZoqKcM0XIj3Z8J7rt49JMDaaR5iP2h8uodxOlKfddJcdUD9/aiPbKyyM+wIjLt0RnOStDR9qUwErYNvYn/ON6Acr4lYKAGrjkH+QZLA8O1oRfbRHquJm1Ct97EC0A2ri6dcCNrPAgdENgo/wzFXGhdOA6fZRO4IzAb4n7lvDEbZI4lXlS7Idj86eLEsjIiGmaUE2bt8gH+xRDPeLSpxBOWFgnNEmu4YVrB9K8GTOlMJQs3DElzOGjiI/oIKgNW9QjGfFN2ouTTne7UZoUTHJmIJCzEx+siNN1FLEs8h05MqsFL8k0CZnVTcjMP8JZOVwfWe7Glx9c7mAMN8EikPHhYTxC/v2FR5qDgytjzcvGwWgjGg+5YNdBbvTDg9kPwmTqeccKY6+u5xBqD38176jjTIIkm3Ph7OuLr1vGBoUO+PAYpVcb4TuxkMj4FnjVyoUT93fD9sJnoIWY0zJNGTSTBqGAz8wOV0OZ6WuUzoV24Q5nHG/Ty4QZh6ifFmm4jy5/UhIieEJA3Sr/sIlYAcGaP2kk2oyhjMRZfDSQdMGGWnDUypfzDbr8cLY9KPmOXH06+fSW/CgnRgMZ0THWBviP2lxKhz15+MAns+U58TIdpxA5zjXHasG3P+JfDUDORF+G3GqPBWh66WRNwKDm90b2tOfG6fFlmGfsOjOqiMUqmo7SyL6HiXI0Qw+rkGKz+LJS21b6doyzOX320pSquTkQPSlTRsWc5O0XFIF0nGLZ6+NKFfVyntaHrK+oP73XOgcnnfbh2nzT+XRJYIQwSqZ5IrFMWOM+eGguSmdMx8P5J+NGwbKUYuo58DbvsUwwDYEBlg//Ef7WALd47nWusgJVACUhFz4sVYuPHpWspUk/zHNVio9l0ix2FtrMAQXGEp1M9cU1Q+UNMnzZkS5kQj6fndQHAgN6TOPnQ6qAWB9MJjWR/8TBXPmkGYNVbI+nD+gANmV4mxH////3/1O2XlJ9SlaC//3JZ0Xw+HpEx2MuBvbdtb/PubEDnOzZNqLj+pShjCV6xF7cvIO5NU/eFgSMFEshXeXloXBpSxb6GTYjkrFxymOqyvU2yZO5uYA7YxMlbJzK6cg5YJ5t4ALujIHB1dfP02dHOQA8Y+hHdMxlB/ZgHx22WaF++rgI1x7e9pwsTu4L/0MDXPuwOLO9w6DpjC1gk4UOWHY/r0pvR4iKWO0H1HqL8W8ylbecbtJcy4QrSLUp0P+/8Ck5sU+mJHyPBF6NRx1EDaBCDcfOw4Oc5Ui170XoRStn1izgNXSOZnuZLvt+AoHLtHlM/pCbe8ZwpzQe2gKrQ1pKb7ZhQrY5OON6WNA1IUmOVRU0zXQ+LrltwciQ2Qgzq73fE6LHxzSjI6YNYpnNtoJ1YxrMHewhDT+YP1s2fRemBjkaNIX26ApjKM4u8A3LXoQnLQish/Sr0pQgWUMroEwzCW3c+TiTSR7rxQkJwTl+71owRgX3uD007NLsUhr2jfKV09aDkTceGTpI3V1wZPzW37d69ANeUCTLBdSt46J5HnmWLjf655/OydAY9kNjBsJwllthJg8RPc6zyqVQ2QSdMeovQwbboMBvQpVncWuu01wPmdC+KklGhNTeCptwkcpBIcjWfoEfeozqtWZpZbuw+9LIv2A1QszaIOdyEFXNfi+g4RakUtrXiLhJxjWz4vZRMmd0Qv7rw7nRPjKmmNClait4xSR7sPLWu2ZnWAk7w6IzXGERsOKuysCqFABUROVjV2YswLkQWw53cnRxRtY/8DiTSva1J87PXBlTVSREsAnLNqKw8A2WZ/TAbHEHkPj24g6z8mx9HMwgh8eKaZjTjf3m+n6UIh1vPDiqamJPYjUVzNmFimZ3PMmpu6BL5SBMMh2yR+nN4Vapn6foIMpk3kuZGkqpwwCfcZ6NpcIMLIYpQzZJ0bqEQpOo4MNiF43GNAvcNTZHMgRkJqolSTgdCKlAFPdSNqrebXmuJ40axgzuO0pTX0XOlWyyc6htgjAlkwwhbTdguyaXFB3zQAuxuc9JaVc8MDe3Un4FgRMhK6coLkcTm+0UyyzBVRhLpbhh+6IaXQnm2oQLgJnKwZp3/9XRNaPJrPT6Jrsfs4xj7jh+G1YDJeBXKt4o8vlm+axorPkd19PruVwbBQXL9XkfJOERwciZdFotrAJilurib5t1mGcZnOh2bkDVMo5BNpthCoiuhAghyC+E0yIYBF6hmXYbTJWtCFKM1GQEYDrt9Zymx7JMFl6N+xReQNBFM5cZDfIVIdivJjk9hQx/TDA7tYVEgVHM3k94v88ylOU35VvhmwYqALhrex9bJsGi5vpSPOS3YVHYzUymKvJHuc6B0dh9nOaK32EF3RIoaBwCqNyALjqVOTBITMcaNV6kHYhAKZy6pTDxtwRKy/Jh1HJ9DVABhuzzm4J0NzCOIWhCbuCtzk2rPDf4tXtj62hIIkWL9FhMcxWKoWAEqHQpECYXZRagWcqhaopFQPb9sb3QCodi/NF1srHacL/A7oc0V5AZmdqAoWDqfvfaSqElQI6uuNMj8m5KhvTO6gqKFeUR8TSwR5Vmo3FqA/+nJXj2vHNFSROqhj1Js0TZ5Hy4ddlMGc1Akf1N9oISg3X7OKTcUUkZvKDxLR2wj1URM1tiFJDecUGz6RKf6RRuJz8rlp2Jca6v+DKjS6k/FNGhi314VdyNL/BhztPk55JdNP/Hx0Z1EYtT61hmWQ7MewRZzZc6zMadG0rGYLk/63gpYp/UygYu8q0uer0t8tkdj5djzOLTcyYGFYE6P4AlKWU+tVzygf5WkcGLg+BiGRAZv1uSdubL7ImfLkt28+RnujivnAqdTY9lLvTin97rjJ6Jvlz4y/eUp3m2HJWDb5ek1XuesmVl0XtjfBtBkquFv/2hcrrO99VZkrKzknK/FAgQfsut89lozDIlBQx+zu7Y4lx25gpVLfn5+AiLGSzx5YXMFkf5H2y6JHOdU6XNMfmDlMlSH18Oc53IiVgOwOgpWsm5HEjxQ/nue4Evz5b8zl5wLD/lpVQSOGCWFQMf6D0f5aMLlkGYiIjZBctitsTm+gCtOJfCHT+9XGK5PnDxXNNHSFfDTGqdPgXM8ovxkU0sCy3BgcXHS63BRza5jIdsxJbaNh/ZZClN6aMcmXPoPfTnE/HiqvHHML1i/s8+pckTsP2UJkth+8n6vM25vdQiXdAlBHmwOZ54/F5k7I7LXD3VknBwlvzYFgY952rx/bn8/nrK5rLfLrd89tsl+PSidG24wHc5XU7BusjphUx5PF2Cvv/ZX1qX/YlRtcRnIAHosoNegjH8LpXx7VVYXn7u7zFqZyl+st8uPXWrmaE3YSmlw4EA1//xMi4YB2HZxXNp5ct/uaT1Y75ni/P3pabZcl6u5dw9y2Kn5Xi5WWI+5wk0VV+OqxHCsiq4/fyzWlILDb5fRhW9ulxizlfQ9PkJNEMAS/ku8NPlTaXg+6Uxx0pmT8B86dUuPl9qsVkGiusllgRdBn95y8Rpyu7o0jL4KqNCjbjWLLEHwuLbfVkCLHv0/CKzW7Wk+on3T8t91l3us+3lPttZ7rPd5T7bW+6z/eU+O3jws79Vv8FLugWv6pcJdiguzzGkwZfqqQZp2HYe5Wb3tXnb6amF5r3g9bAbo9T8z7aPmgYt0GqTi4dUiJL7caV3+zga3ry7Mm3Qrw3aFE4gi4Em9mbb0b0EMmiYK7C+j4sbs5fNqRyoG5dhZgsj2+i9ImKpgRI4h9Xyl8Xz7KQc7ZTKQSmGBuvUOaJkRi6XZVzQ1g4+Lkhow2o7eIkuIZoPHyFv4POK0qnAZ6I5TdNp5PLPygAzRuOhDVEZoafPrs9699/b3X+X4LmoHh/NM+ACI3rMpLr/3tv598ORPxvlyABYbHavK3Oa8DQlPUbajasJRaKvX2KIj5uTWUbYBCVwsRQ6kylsBm3O5T7LMtjQkeUhLH9tw4AmUCxMD5kgQwoF5CobJgwFgvF5Rm4CstyE8q4hr28cl22yZ5ddOEI1mgEFFrmi6hZZGd+CDE7fWNRKuiZ8Mbg9lTENhQAdQ4YJRiuiEGI2JxR304SWqYeV2xvo4sLlrwfzJcZ9GdbyFSTgIU6+tpVmnQUui2HcgFBQ6u9Ji23HuOaJE4HHUPHcVSL+KReaj5jzVT1EeLHamLSGwz0Q1GS9yk4ycwleQPwGLgrE6kYDYpqq21XuMwP/Ze8yjPa33VdLRUDrJ8m6FGScsXIMWllTqAZdQ4c8e5yiCufC5x7YDHoIGsniW6IG0Yfe1SB92ShC8vQowiCsr4F0BtGoEFRP4umiattmZ3N3s9vZ3N7d6exstw+7B5vd9m5nv9Ppdtqbne3DzvbBzvbe4Wan6O82B0kc/xQNYwoJu355duKr7dEYKgn6XvI23rYiXbmqiVeCOf3l+HMhoSONTG3N18uzE2y0ISC1XbuGHBCwCZl/1WhJeJCAv8eGTOJPhsY3LkTQqUgSjftCWQ5aIgdznMqc+ByzYMLFbM12ujw7US2SsTvOJnb/D0i/ElcUY/S3QiXHdjO20fO2YfEs1plTsD+wsB8DmwOqU1UWrXmhSpNAyq5SHuMIRavnGQwWzBWDS0fMZs7Nmrouu4Ce/yCxXVcfn3DDDO9q7p6nKBiYpFXNKPQM/sYGyXJr89k6U0x58yOoNmUTmFy2QZHCdM4GNC4lkLgs0FnZTPgCUwT7WUkRfrwX3dsOoJJji/IgY8V1rgVYd0VRvuL7KKhlgomcFgLUfC6igCeuGc+NT0CN9q61vN6PMOHH5vWAY4PpGWZycy6ofrx6FGbEREUSyoN1lepm2mNwax88CL8pkeGREZo+eXCMin/qEfCVtx+EXPEgPQK58vaDkFM5WIQkJWfRI4WylKIDds2yTD5WqA3eiewX8wC3rppSQcxHpl717jwCf5bz4NFRZn344HglG/uRIUrvPgi1yUJ9BHjTJ4+NYc25uQeomJgPgkcbbAEObTIOH67wWBhdj4AO3nwYIhgMC1Okamc8OEazhj1rJDdU81ePDzS/tK++/iDsppzwmZDLLz8I936UPiZwmvKGqzD/VwAAAP//Z5n/EQ==" } diff --git a/winlogbeat/sys/eventlogging/doc.go b/winlogbeat/sys/eventlogging/doc.go deleted file mode 100644 index b2cab9be8b6..00000000000 --- a/winlogbeat/sys/eventlogging/doc.go +++ /dev/null @@ -1,27 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -/* -Package eventlogging provides access to the Event Logging API that was designed -for applications that run on the Windows Server 2003, Windows XP, or Windows -2000 operating system. - -It can be used on new versions of Windows (i.e. Windows Vista, Windows 7, -Windows Server 2008, Windows Server 2012), but the preferred API for those -systems is the Windows Event Log API. See the wineventlog package. -*/ -package eventlogging diff --git a/winlogbeat/sys/eventlogging/eventlogging_windows.go b/winlogbeat/sys/eventlogging/eventlogging_windows.go deleted file mode 100644 index 695bc3f93d8..00000000000 --- a/winlogbeat/sys/eventlogging/eventlogging_windows.go +++ /dev/null @@ -1,548 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package eventlogging - -import ( - "bytes" - "encoding/binary" - "fmt" - "strings" - "syscall" - "time" - "unsafe" - - "golang.org/x/sys/windows" - "golang.org/x/sys/windows/registry" - - "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/beats/v7/winlogbeat/sys" -) - -// The value of EventID element contains the low-order 16 bits of the event -// identifier and the Qualifier attribute contains the high-order 16 bits of the -// event identifier. -const ( - eventIDLowerMask uint32 = 0xFFFF - eventIDUpperMask uint32 = 0xFFFF0000 -) - -// IsAvailable returns true if the Event Logging API is supported by this -// operating system. If not supported then false is returned with the -// accompanying error. -func IsAvailable() (bool, error) { - err := modadvapi32.Load() - if err != nil { - return false, err - } - - return true, nil -} - -// EventLogs returns a list of available event logs on the system. -func EventLogs() ([]string, error) { - return nil, fmt.Errorf("Not implemented yet.") -} - -// OpenEventLog opens the Windows Event Log and returns the handle for it. -func OpenEventLog(uncServerPath, logName string) (Handle, error) { - // If uncServerPath is nil the local computer is used. - var server *uint16 - var err error - if uncServerPath != "" { - server, err = syscall.UTF16PtrFromString(uncServerPath) - if err != nil { - return 0, err - } - } - - name, err := syscall.UTF16PtrFromString(logName) - if err != nil { - return 0, err - } - - handle, err := _OpenEventLog(server, name) - if err != nil { - return 0, err - } - - return handle, nil -} - -// ReadEventLog takes the handle for the Windows Event Log, and reads through a -// buffer to prevent buffer overflows. -func ReadEventLog( - handle Handle, - flags EventLogReadFlag, - recordID uint32, - buffer []byte, -) (int, error) { - var numBytesRead, minBytesRequiredToRead uint32 - err := _ReadEventLog(handle, flags, recordID, - &buffer[0], uint32(len(buffer)), - &numBytesRead, &minBytesRequiredToRead) - if err == syscall.ERROR_INSUFFICIENT_BUFFER { - return 0, sys.InsufficientBufferError{err, int(minBytesRequiredToRead)} - } - if err != nil { - return 0, err - } - - if int(numBytesRead) > len(buffer) { - return 0, fmt.Errorf("Number of bytes read (%d) is greater than the "+ - "buffer length (%d).", numBytesRead, cap(buffer)) - } - - return int(numBytesRead), nil -} - -// RenderEvents reads raw events from the provided buffer, formats them into -// structured events, and adds each on to a slice that is returned. -func RenderEvents( - eventsRaw []byte, - lang uint32, - buffer []byte, - insertStrings *StringInserts, - pubHandleProvider func(string) sys.MessageFiles, -) ([]sys.Event, int, error) { - var events []sys.Event - var offset int - for { - if offset >= len(eventsRaw) { - break - } - - // Read a single EVENTLOGRECORD from the buffer. - record, err := parseEventLogRecord(eventsRaw[offset:]) - if err != nil { - return nil, 0, err - } - - var qualifier = uint16((record.eventID & eventIDUpperMask) >> 16) - var eventID = record.eventID & eventIDLowerMask - event := sys.Event{ - Provider: sys.Provider{Name: record.sourceName}, - EventIdentifier: sys.EventIdentifier{ID: eventID, Qualifiers: qualifier}, - LevelRaw: uint8(record.eventType), // Possible overflow - TaskRaw: record.eventCategory, - TimeCreated: sys.TimeCreated{unixTime(record.timeGenerated)}, - RecordID: uint64(record.recordNumber), - Computer: record.computerName, - Level: EventType(record.eventType).String(), - } - - // Create a slice from the larger buffer only data from the one record. - // The upper bound has been validated already by parseEventLogRecord. - recordBuf := eventsRaw[offset : offset+int(record.length)] - offset += int(record.length) - - // Parse and format the user that logged the event. - sid, _ := parseSID(record, recordBuf) // TODO: do something with this error - if sid != nil { - event.User = *sid - } - - if record.numStrings > MaxInsertStrings { - logp.Warn("Record contains %d strings, more than the limit %d. Excess will be ignored.", - record.numStrings, MaxInsertStrings) - record.numStrings = MaxInsertStrings - } - // Parse the UTF-16 message insert strings. - if err = insertStrings.Parse(record, recordBuf); err != nil { - event.RenderErr = append(event.RenderErr, err.Error()) - events = append(events, event) - continue - } - - for _, s := range insertStrings.Strings() { - event.EventData.Pairs = append(event.EventData.Pairs, sys.KeyValue{Value: s}) - } - - // Format the parametrized message using the insert strings. - event.Message, err = formatMessage(record.sourceName, - record.eventID, lang, insertStrings.Pointer(), buffer, pubHandleProvider) - if err != nil { - event.RenderErr = append(event.RenderErr, err.Error()) - if errno, ok := err.(syscall.Errno); ok { - event.RenderErrorCode = uint32(errno) - } - } - - events = append(events, event) - } - - return events, 0, nil -} - -// unixTime takes a time which is an unsigned 32-bit integer, and converts it -// into a Golang time.Time pointer formatted as a unix time. -func unixTime(sec uint32) time.Time { - t := time.Unix(int64(sec), 0) - return t -} - -// formatMessage takes event data and formats the event message into a -// normalized format. -func formatMessage( - sourceName string, - eventID uint32, - lang uint32, - stringInserts uintptr, - buffer []byte, - pubHandleProvider func(string) sys.MessageFiles, -) (string, error) { - messageFiles := pubHandleProvider(sourceName) - - var lastErr error - var fh sys.FileHandle - var message string - for _, fh = range messageFiles.Handles { - if fh.Err != nil { - lastErr = fh.Err - continue - } - - numChars, err := _FormatMessage( - windows.FORMAT_MESSAGE_FROM_HMODULE| - windows.FORMAT_MESSAGE_ARGUMENT_ARRAY, - Handle(fh.Handle), - eventID, - lang, - &buffer[0], // Max size allowed is 64k bytes. - uint32(len(buffer)/2), // Size of buffer in TCHARS - stringInserts) - // bufferUsed = numChars * sizeof(TCHAR) + sizeof(null-terminator) - bufferUsed := int(numChars*2 + 2) - if err == syscall.ERROR_INSUFFICIENT_BUFFER { - return "", err - } - if err != nil { - lastErr = err - continue - } - - if bufferUsed > len(buffer) { - return "", fmt.Errorf("Windows FormatMessage reported that "+ - "message contains %d characters plus a null-terminator "+ - "(%d bytes), but the buffer can only hold %d bytes", - numChars, bufferUsed, len(buffer)) - } - message, _, err = sys.UTF16BytesToString(buffer[:bufferUsed]) - if err != nil { - return "", err - } - } - - if message == "" { - switch lastErr { - case nil: - return "", messageFiles.Err - case ERROR_MR_MID_NOT_FOUND: - return "", fmt.Errorf("The system cannot find message text for "+ - "message number %d in the message file for %s.", eventID, fh.File) - default: - return "", fh.Err - } - } - - return message, nil -} - -// parseEventLogRecord parses a single Windows EVENTLOGRECORD struct from the -// buffer. -func parseEventLogRecord(buffer []byte) (eventLogRecord, error) { - var record eventLogRecord - reader := bytes.NewReader(buffer) - - // Length - err := binary.Read(reader, binary.LittleEndian, &record.length) - if err != nil { - return record, err - } - if len(buffer) < int(record.length) { - return record, fmt.Errorf("Decoded EVENTLOGRECORD length (%d) is "+ - "greater than the buffer length (%d)", record.length, len(buffer)) - } - - // Reserved - err = binary.Read(reader, binary.LittleEndian, &record.reserved) - if err != nil { - return record, err - } - if record.reserved != uint32(0x654c664c) { - return record, fmt.Errorf("Buffer does not contain ELF_LOG_SIGNATURE. "+ - "The data is invalid. Value is %X", record.reserved) - } - - // Buffer appears to be value so slice it to the adjust length. - buffer = buffer[:record.length] - reader = bytes.NewReader(buffer) - reader.Seek(8, 0) - - // RecordNumber - err = binary.Read(reader, binary.LittleEndian, &record.recordNumber) - if err != nil { - return record, err - } - - // TimeGenerated - err = binary.Read(reader, binary.LittleEndian, &record.timeGenerated) - if err != nil { - return record, err - } - - // TimeWritten - err = binary.Read(reader, binary.LittleEndian, &record.timeWritten) - if err != nil { - return record, err - } - - // EventID - err = binary.Read(reader, binary.LittleEndian, &record.eventID) - if err != nil { - return record, err - } - - // EventType - err = binary.Read(reader, binary.LittleEndian, &record.eventType) - if err != nil { - return record, err - } - - // NumStrings - err = binary.Read(reader, binary.LittleEndian, &record.numStrings) - if err != nil { - return record, err - } - - // EventCategory - err = binary.Read(reader, binary.LittleEndian, &record.eventCategory) - if err != nil { - return record, err - } - - // ReservedFlags (2 bytes), ClosingRecordNumber (4 bytes) - _, err = reader.Seek(6, 1) - if err != nil { - return record, err - } - - // StringOffset - err = binary.Read(reader, binary.LittleEndian, &record.stringOffset) - if err != nil { - return record, err - } - if record.numStrings > 0 && record.stringOffset > record.length { - return record, fmt.Errorf("StringOffset value (%d) is invalid "+ - "because it is greater than the Length (%d)", record.stringOffset, - record.length) - } - - // UserSidLength - err = binary.Read(reader, binary.LittleEndian, &record.userSidLength) - if err != nil { - return record, err - } - - // UserSidOffset - err = binary.Read(reader, binary.LittleEndian, &record.userSidOffset) - if err != nil { - return record, err - } - if record.userSidLength > 0 && record.userSidOffset > record.length { - return record, fmt.Errorf("UserSidOffset value (%d) is invalid "+ - "because it is greater than the Length (%d)", record.userSidOffset, - record.length) - } - - // DataLength - err = binary.Read(reader, binary.LittleEndian, &record.dataLength) - if err != nil { - return record, err - } - - // DataOffset - err = binary.Read(reader, binary.LittleEndian, &record.dataOffset) - if err != nil { - return record, err - } - - // SourceName (null-terminated UTF-16 string) - begin, _ := reader.Seek(0, 1) - sourceName, length, err := sys.UTF16BytesToString(buffer[begin:]) - if err != nil { - return record, err - } - record.sourceName = sourceName - begin, err = reader.Seek(int64(length), 1) - if err != nil { - return record, err - } - - // ComputerName (null-terminated UTF-16 string) - computerName, length, err := sys.UTF16BytesToString(buffer[begin:]) - if err != nil { - return record, err - } - record.computerName = computerName - _, err = reader.Seek(int64(length), 1) - if err != nil { - return record, err - } - - return record, nil -} - -func parseSID(record eventLogRecord, buffer []byte) (*sys.SID, error) { - if record.userSidLength == 0 { - return nil, nil - } - - sid := (*windows.SID)(unsafe.Pointer(&buffer[record.userSidOffset])) - identifier := sid.String() - if identifier == "" { - return nil, fmt.Errorf("unable to convert SID to string: %v", sid) - } - return &sys.SID{Identifier: identifier}, nil -} - -// ClearEventLog takes an event log file handle and empties the log. If a backup -// filename is provided, this will back up the event log before clearing the logs. -func ClearEventLog(handle Handle, backupFileName string) error { - var name *uint16 - if backupFileName != "" { - var err error - name, err = syscall.UTF16PtrFromString(backupFileName) - if err != nil { - return err - } - } - - return _ClearEventLog(handle, name) -} - -// GetNumberOfEventLogRecords retrieves the number of events within a Windows -// log file handle. -func GetNumberOfEventLogRecords(handle Handle) (uint32, error) { - var numRecords uint32 - err := _GetNumberOfEventLogRecords(handle, &numRecords) - if err != nil { - return 0, err - } - - return numRecords, nil -} - -// GetOldestEventLogRecord retrieves the oldest event within a Windows log file -// handle and returns the raw event. -func GetOldestEventLogRecord(handle Handle) (uint32, error) { - var oldestRecord uint32 - err := _GetOldestEventLogRecord(handle, &oldestRecord) - if err != nil { - return 0, err - } - - return oldestRecord, nil -} - -// FreeLibrary frees the loaded dynamic-link library (DLL) module and, -// if necessary, decrements its reference count. When the reference count -// reaches zero, the module is unloaded from the address space of the calling -// process and the handle is no longer valid. -func FreeLibrary(handle uintptr) error { - // Wrap the method so that we can stub it out and use our own Handle type. - return windows.FreeLibrary(windows.Handle(handle)) -} - -// CloseEventLog takes an event log file handle, and closes the handle via -// _CloseEventLog -func CloseEventLog(handle Handle) error { - return _CloseEventLog(handle) -} - -// QueryEventMessageFiles queries the registry to get the value of -// the EventMessageFile key that points to a DLL or EXE containing parameterized -// event log messages. If found, it loads the libraries as a datafiles and -// returns a slice of Handles to the libraries. Those handles must be closed -// by the caller. -func QueryEventMessageFiles(providerName, sourceName string) sys.MessageFiles { - mf := sys.MessageFiles{SourceName: sourceName} - - // Open key in registry: - registryKeyName := fmt.Sprintf( - "SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s", - providerName, sourceName) - key, err := registry.OpenKey(registry.LOCAL_MACHINE, registryKeyName, - registry.QUERY_VALUE) - if err != nil { - mf.Err = fmt.Errorf("Failed to open HKLM\\%s", registryKeyName) - return mf - } - defer func() { - err := key.Close() - if err != nil { - logp.Warn("Failed to close registry key. key=%s err=%v", - registryKeyName, err) - } - }() - logp.Debug("eventlog", "RegOpenKey opened handle to HKLM\\%s, key=%v", - registryKeyName, key) - - // Read value from registry: - value, _, err := key.GetStringValue("EventMessageFile") - if err != nil { - mf.Err = fmt.Errorf("Failed querying EventMessageFile from "+ - "HKLM\\%s. %v", registryKeyName, err) - return mf - } - value, err = registry.ExpandString(value) - if err != nil { - mf.Err = fmt.Errorf("Failed to expand strings in '%s'. %v", value, err) - return mf - } - - // Split the value in case there is more than one file in the value. - eventMessageFiles := strings.Split(value, ";") - logp.Debug("eventlog", "RegQueryValueEx queried EventMessageFile from "+ - "HKLM\\%s and got [%s]", registryKeyName, - strings.Join(eventMessageFiles, ",")) - - // Load the libraries: - var files []sys.FileHandle - for _, eventMessageFile := range eventMessageFiles { - sPtr, err := syscall.UTF16PtrFromString(eventMessageFile) - if err != nil { - logp.Debug("eventlog", "Failed to get UTF16Ptr for '%s'. "+ - "Skipping. %v", eventMessageFile, err) - continue - } - - handle, err := _LoadLibraryEx(sPtr, 0, LOAD_LIBRARY_AS_DATAFILE) - if err != nil { - logp.Debug("eventlog", "Failed to load library '%s' as data file. "+ - "Skipping. %v", eventMessageFile, err) - } - - f := sys.FileHandle{File: eventMessageFile, Handle: uintptr(handle), Err: err} - files = append(files, f) - } - - logp.Debug("eventlog", "Returning message files %+v for sourceName %s", files, - sourceName) - mf.Handles = files - return mf -} diff --git a/winlogbeat/sys/eventlogging/stringinserts_windows.go b/winlogbeat/sys/eventlogging/stringinserts_windows.go deleted file mode 100644 index ad759104b5b..00000000000 --- a/winlogbeat/sys/eventlogging/stringinserts_windows.go +++ /dev/null @@ -1,103 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package eventlogging - -import ( - "fmt" - "reflect" - "unsafe" - - "github.com/elastic/beats/v7/winlogbeat/sys" -) - -const ( - // MaxInsertStrings is the maximum number of strings that can be formatted by - // FormatMessage API. - MaxInsertStrings = 99 -) - -var ( - nullPlaceholder = []byte{'(', 0, 'n', 0, 'u', 0, 'l', 0, 'l', 0, ')', 0, 0, 0} - nullPlaceholderPtr = uintptr(unsafe.Pointer(&nullPlaceholder[0])) -) - -// StringInserts stores the string inserts for an event, as arrays of string -// and pointer to UTF-16 zero-terminated string suitable to be passed to -// the Windows API. The array of pointers has enough entries to ensure that -// a call to FormatMessage will never crash. -type StringInserts struct { - pointers [MaxInsertStrings]uintptr - inserts []string - address uintptr -} - -// Parse parses the insert strings from buffer which should contain -// an eventLogRecord. -func (b *StringInserts) Parse(record eventLogRecord, buffer []byte) error { - if b.inserts == nil { // initialise struct - b.inserts = make([]string, 0, MaxInsertStrings) - b.address = reflect.ValueOf(&b.pointers[0]).Pointer() - } - b.clear() - - n := int(record.numStrings) - if n > MaxInsertStrings { - return fmt.Errorf("number of insert strings in the record (%d) is larger than the limit (%d)", n, MaxInsertStrings) - } - - b.inserts = b.inserts[:n] - if n == 0 { - return nil - } - offset := int(record.stringOffset) - bufferPtr := reflect.ValueOf(&buffer[0]).Pointer() - - for i := 0; i < n; i++ { - if offset > len(buffer) { - return fmt.Errorf("Failed reading string number %d, "+ - "offset=%d, len(buffer)=%d, record=%+v", i+1, offset, - len(buffer), record) - } - insertStr, length, err := sys.UTF16BytesToString(buffer[offset:]) - if err != nil { - return err - } - b.inserts[i] = insertStr - b.pointers[i] = bufferPtr + uintptr(offset) - offset += length - } - - return nil -} - -// Strings returns the array of strings representing the insert strings. -func (b *StringInserts) Strings() []string { - return b.inserts -} - -// Pointer returns a pointer to an array of UTF-16 strings suitable to be -// passed to the FormatMessage API. -func (b *StringInserts) Pointer() uintptr { - return b.address -} - -func (b *StringInserts) clear() { - for i := 0; i < MaxInsertStrings && b.pointers[i] != nullPlaceholderPtr; i++ { - b.pointers[i] = nullPlaceholderPtr - } -} diff --git a/winlogbeat/sys/eventlogging/syscall_windows.go b/winlogbeat/sys/eventlogging/syscall_windows.go deleted file mode 100644 index 99369b474c1..00000000000 --- a/winlogbeat/sys/eventlogging/syscall_windows.go +++ /dev/null @@ -1,149 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package eventlogging - -import ( - "syscall" -) - -// Handle to an OS specific object. -type Handle uintptr - -const ( - // MaxEventBufferSize is the maximum buffer size supported by ReadEventLog. - MaxEventBufferSize = 0x7ffff - - // MaxFormatMessageBufferSize is the maximum buffer size supported by FormatMessage. - MaxFormatMessageBufferSize = 1 << 16 -) - -// Event Log Error Codes -// https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx -const ( - ERROR_MR_MID_NOT_FOUND syscall.Errno = 317 - ERROR_EVENTLOG_FILE_CORRUPT syscall.Errno = 1500 - ERROR_EVENTLOG_FILE_CHANGED syscall.Errno = 1503 -) - -// Flags to use with LoadLibraryEx. -// https://msdn.microsoft.com/en-us/library/windows/desktop/ms684179(v=vs.85).aspx -const ( - DONT_RESOLVE_DLL_REFERENCES uint32 = 0x0001 - LOAD_LIBRARY_AS_DATAFILE uint32 = 0x0002 - LOAD_WITH_ALTERED_SEARCH_PATH uint32 = 0x0008 - LOAD_IGNORE_CODE_AUTHZ_LEVEL uint32 = 0x0010 - LOAD_LIBRARY_AS_IMAGE_RESOURCE uint32 = 0x0020 - LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE uint32 = 0x0040 - LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR uint32 = 0x0100 - LOAD_LIBRARY_SEARCH_APPLICATION_DIR uint32 = 0x0200 - LOAD_LIBRARY_SEARCH_USER_DIRS uint32 = 0x0400 - LOAD_LIBRARY_SEARCH_SYSTEM32 uint32 = 0x0800 - LOAD_LIBRARY_SEARCH_DEFAULT_DIRS uint32 = 0x1000 -) - -// EventLogReadFlag indicates how to read the log file. -type EventLogReadFlag uint32 - -// EventLogReadFlag values. -// https://msdn.microsoft.com/en-us/library/windows/desktop/aa363674(v=vs.85).aspx -const ( - EVENTLOG_SEQUENTIAL_READ EventLogReadFlag = 1 << iota - EVENTLOG_SEEK_READ - EVENTLOG_FORWARDS_READ - EVENTLOG_BACKWARDS_READ -) - -// EventType identifies the five types of events that can be logged by -// applications. -type EventType uint16 - -// EventType values. -const ( - // Do not reorder. - EVENTLOG_SUCCESS EventType = 0 - EVENTLOG_ERROR_TYPE = 1 << (iota - 1) - EVENTLOG_WARNING_TYPE - EVENTLOG_INFORMATION_TYPE - EVENTLOG_AUDIT_SUCCESS - EVENTLOG_AUDIT_FAILURE -) - -// Mapping of event types to their string representations. -var eventTypeToString = map[EventType]string{ - EVENTLOG_SUCCESS: "Success", - EVENTLOG_ERROR_TYPE: "Error", - EVENTLOG_AUDIT_FAILURE: "Audit Failure", - EVENTLOG_AUDIT_SUCCESS: "Audit Success", - EVENTLOG_INFORMATION_TYPE: "Information", - EVENTLOG_WARNING_TYPE: "Warning", -} - -// String returns string representation of EventType. -func (et EventType) String() string { - return eventTypeToString[et] -} - -// winEventLogRecord is equivalent to EVENTLOGRECORD. -// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa363646(v=vs.85).aspx -type eventLogRecord struct { - length uint32 // The size of this event record, in bytes - reserved uint32 // value that is always set to ELF_LOG_SIGNATURE (the value is 0x654c664c), which is ASCII for eLfL - recordNumber uint32 // The number of the record. - timeGenerated uint32 // time at which this entry was submitted - timeWritten uint32 // time at which this entry was received by the service to be written to the log - eventID uint32 // The event identifier. The value is specific to the event source for the event, and is used - // with source name to locate a description string in the message file for the event source. - eventType uint16 // The type of event - numStrings uint16 // number of strings present in the log - eventCategory uint16 // category for this event - reservedFlags uint16 // Reserved - closingRecordNumber uint32 // Reserved - stringOffset uint32 // offset of the description strings within this event log record - userSidLength uint32 // size of the UserSid member, in bytes. This value can be zero if no security identifier was provided - userSidOffset uint32 // offset of the security identifier (SID) within this event log record - dataLength uint32 // size of the event-specific data in bytes - dataOffset uint32 // offset of the event-specific information within this event log record, in bytes - - // - // Then follows the extra data. - // - // TCHAR SourceName[] - // TCHAR Computername[] - // SID UserSid - // TCHAR Strings[] - // BYTE Data[] - // CHAR Pad[] - // DWORD Length; - - sourceName string - computerName string - userSid []byte -} - -// Add -trace to enable debug prints around syscalls. -//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go syscall_windows.go - -// Windows API calls -//sys _OpenEventLog(uncServerName *uint16, sourceName *uint16) (handle Handle, err error) = advapi32.OpenEventLogW -//sys _CloseEventLog(eventLog Handle) (err error) = advapi32.CloseEventLog -//sys _ReadEventLog(eventLog Handle, readFlags EventLogReadFlag, recordOffset uint32, buffer *byte, numberOfBytesToRead uint32, bytesRead *uint32, minNumberOfBytesNeeded *uint32) (err error) = advapi32.ReadEventLogW -//sys _LoadLibraryEx(filename *uint16, file Handle, flags uint32) (handle Handle, err error) = kernel32.LoadLibraryExW -//sys _FormatMessage(flags uint32, source Handle, messageID uint32, languageID uint32, buffer *byte, bufferSize uint32, arguments uintptr) (numChars uint32, err error) = kernel32.FormatMessageW -//sys _ClearEventLog(eventLog Handle, backupFileName *uint16) (err error) = advapi32.ClearEventLogW -//sys _GetNumberOfEventLogRecords(eventLog Handle, numberOfRecords *uint32) (err error) = advapi32.GetNumberOfEventLogRecords -//sys _GetOldestEventLogRecord(eventLog Handle, oldestRecord *uint32) (err error) = advapi32.GetOldestEventLogRecord diff --git a/winlogbeat/sys/eventlogging/syscall_windows_test.go b/winlogbeat/sys/eventlogging/syscall_windows_test.go deleted file mode 100644 index 092e917ae3f..00000000000 --- a/winlogbeat/sys/eventlogging/syscall_windows_test.go +++ /dev/null @@ -1,68 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -// build +windows,!integration - -package eventlogging - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestEventLogReadFlags(t *testing.T) { - assert.Equal(t, EventLogReadFlag(0x0001), EVENTLOG_SEQUENTIAL_READ) - assert.Equal(t, EventLogReadFlag(0x0002), EVENTLOG_SEEK_READ) - assert.Equal(t, EventLogReadFlag(0x0004), EVENTLOG_FORWARDS_READ) - assert.Equal(t, EventLogReadFlag(0x0008), EVENTLOG_BACKWARDS_READ) -} - -func TestLoadLibraryExFlags(t *testing.T) { - assert.Equal(t, uint32(0x00000001), DONT_RESOLVE_DLL_REFERENCES) - assert.Equal(t, uint32(0x00000010), LOAD_IGNORE_CODE_AUTHZ_LEVEL) - assert.Equal(t, uint32(0x00000002), LOAD_LIBRARY_AS_DATAFILE) - assert.Equal(t, uint32(0x00000040), LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE) - assert.Equal(t, uint32(0x00000020), LOAD_LIBRARY_AS_IMAGE_RESOURCE) - assert.Equal(t, uint32(0x00000200), LOAD_LIBRARY_SEARCH_APPLICATION_DIR) - assert.Equal(t, uint32(0x00001000), LOAD_LIBRARY_SEARCH_DEFAULT_DIRS) - assert.Equal(t, uint32(0x00000100), LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR) - assert.Equal(t, uint32(0x00000800), LOAD_LIBRARY_SEARCH_SYSTEM32) - assert.Equal(t, uint32(0x00000400), LOAD_LIBRARY_SEARCH_USER_DIRS) - assert.Equal(t, uint32(0x00000008), LOAD_WITH_ALTERED_SEARCH_PATH) -} - -// TestEventTypeValues verifies that the EventType constants match up with the -// Microsoft declared values. -// https://msdn.microsoft.com/en-us/library/windows/desktop/aa363679(v=vs.85).aspx -func TestEventTypeValues(t *testing.T) { - testCases := []struct { - observed EventType - expected uint8 - }{ - {EVENTLOG_SUCCESS, 0}, - {EVENTLOG_ERROR_TYPE, 0x1}, - {EVENTLOG_WARNING_TYPE, 0x2}, - {EVENTLOG_INFORMATION_TYPE, 0x4}, - {EVENTLOG_AUDIT_SUCCESS, 0x8}, - {EVENTLOG_AUDIT_FAILURE, 0x10}, - } - for _, test := range testCases { - assert.Equal(t, EventType(test.expected), test.observed, - "Event type: "+test.observed.String()) - } -} diff --git a/winlogbeat/sys/eventlogging/zsyscall_windows.go b/winlogbeat/sys/eventlogging/zsyscall_windows.go deleted file mode 100644 index 73f5949486b..00000000000 --- a/winlogbeat/sys/eventlogging/zsyscall_windows.go +++ /dev/null @@ -1,167 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -// Code generated by 'go generate'; DO NOT EDIT. - -package eventlogging - -import ( - "syscall" - "unsafe" - - "golang.org/x/sys/windows" -) - -var _ unsafe.Pointer - -// Do the interface allocations only once for common -// Errno values. -const ( - errnoERROR_IO_PENDING = 997 -) - -var ( - errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) -) - -// errnoErr returns common boxed Errno values, to prevent -// allocations at runtime. -func errnoErr(e syscall.Errno) error { - switch e { - case 0: - return nil - case errnoERROR_IO_PENDING: - return errERROR_IO_PENDING - } - // TODO: add more here, after collecting data on the common - // error values see on Windows. (perhaps when running - // all.bat?) - return e -} - -var ( - modadvapi32 = windows.NewLazySystemDLL("advapi32.dll") - modkernel32 = windows.NewLazySystemDLL("kernel32.dll") - - procOpenEventLogW = modadvapi32.NewProc("OpenEventLogW") - procCloseEventLog = modadvapi32.NewProc("CloseEventLog") - procReadEventLogW = modadvapi32.NewProc("ReadEventLogW") - procLoadLibraryExW = modkernel32.NewProc("LoadLibraryExW") - procFormatMessageW = modkernel32.NewProc("FormatMessageW") - procClearEventLogW = modadvapi32.NewProc("ClearEventLogW") - procGetNumberOfEventLogRecords = modadvapi32.NewProc("GetNumberOfEventLogRecords") - procGetOldestEventLogRecord = modadvapi32.NewProc("GetOldestEventLogRecord") -) - -func _OpenEventLog(uncServerName *uint16, sourceName *uint16) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procOpenEventLogW.Addr(), 2, uintptr(unsafe.Pointer(uncServerName)), uintptr(unsafe.Pointer(sourceName)), 0) - handle = Handle(r0) - if handle == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func _CloseEventLog(eventLog Handle) (err error) { - r1, _, e1 := syscall.Syscall(procCloseEventLog.Addr(), 1, uintptr(eventLog), 0, 0) - if r1 == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func _ReadEventLog(eventLog Handle, readFlags EventLogReadFlag, recordOffset uint32, buffer *byte, numberOfBytesToRead uint32, bytesRead *uint32, minNumberOfBytesNeeded *uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procReadEventLogW.Addr(), 7, uintptr(eventLog), uintptr(readFlags), uintptr(recordOffset), uintptr(unsafe.Pointer(buffer)), uintptr(numberOfBytesToRead), uintptr(unsafe.Pointer(bytesRead)), uintptr(unsafe.Pointer(minNumberOfBytesNeeded)), 0, 0) - if r1 == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func _LoadLibraryEx(filename *uint16, file Handle, flags uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procLoadLibraryExW.Addr(), 3, uintptr(unsafe.Pointer(filename)), uintptr(file), uintptr(flags)) - handle = Handle(r0) - if handle == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func _FormatMessage(flags uint32, source Handle, messageID uint32, languageID uint32, buffer *byte, bufferSize uint32, arguments uintptr) (numChars uint32, err error) { - r0, _, e1 := syscall.Syscall9(procFormatMessageW.Addr(), 7, uintptr(flags), uintptr(source), uintptr(messageID), uintptr(languageID), uintptr(unsafe.Pointer(buffer)), uintptr(bufferSize), uintptr(arguments), 0, 0) - numChars = uint32(r0) - if numChars == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func _ClearEventLog(eventLog Handle, backupFileName *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procClearEventLogW.Addr(), 2, uintptr(eventLog), uintptr(unsafe.Pointer(backupFileName)), 0) - if r1 == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func _GetNumberOfEventLogRecords(eventLog Handle, numberOfRecords *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetNumberOfEventLogRecords.Addr(), 2, uintptr(eventLog), uintptr(unsafe.Pointer(numberOfRecords)), 0) - if r1 == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func _GetOldestEventLogRecord(eventLog Handle, oldestRecord *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetOldestEventLogRecord.Addr(), 2, uintptr(eventLog), uintptr(unsafe.Pointer(oldestRecord)), 0) - if r1 == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} diff --git a/winlogbeat/tests/system/test_eventlogging.py b/winlogbeat/tests/system/test_eventlogging.py deleted file mode 100644 index 0d486656054..00000000000 --- a/winlogbeat/tests/system/test_eventlogging.py +++ /dev/null @@ -1,242 +0,0 @@ -import codecs -import os -import sys -import time -import unittest -from winlogbeat import WriteReadTest - -if sys.platform.startswith("win"): - import win32security - -""" -Contains tests for reading from the Event Logging API (pre MS Vista). -""" - - -@unittest.skipUnless(sys.platform.startswith("win"), "requires Windows") -class Test(WriteReadTest): - - @classmethod - def setUpClass(self): - self.api = "eventlogging" - super(WriteReadTest, self).setUpClass() - - def test_read_one_event(self): - """ - eventlogging - Read one classic event - """ - msg = "Hello world!" - self.write_event_log(msg) - evts = self.read_events() - self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], msg=msg) - - def test_resume_reading_events(self): - """ - eventlogging - Resume reading events - """ - msg = "First event" - self.write_event_log(msg) - evts = self.read_events() - self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], msg=msg) - - # remove the output file, otherwise there is a race condition - # in read_events() below where it reads the results of the previous - # execution - os.unlink(os.path.join(self.working_dir, "output", self.beat_name)) - - msg = "Second event" - self.write_event_log(msg) - evts = self.read_events() - self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], msg=msg) - - def test_read_unknown_event_id(self): - """ - eventlogging - Read unknown event ID - """ - msg = "Unknown event ID" - event_id = 1111 - self.write_event_log(msg, eventID=event_id) - evts = self.read_events() - self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], eventID=event_id) - self.assertEqual(evts[0]["error.message"].lower(), - ("The system cannot find message text for message " - "number 1111 in the message file for " - "C:\\Windows\\system32\\EventCreate.exe.").lower()) - - def test_read_unknown_sid(self): - """ - eventlogging - Read event with unknown SID - """ - # Fake SID that was made up. - accountIdentifier = "S-1-5-21-3623811015-3361044348-30300820-1013" - sid = win32security.ConvertStringSidToSid(accountIdentifier) - - msg = "Unknown SID " + accountIdentifier - self.write_event_log(msg, sid=sid) - evts = self.read_events() - self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], msg=msg, sid=accountIdentifier) - - def test_fields_under_root(self): - """ - eventlogging - Add tags and custom fields under root - """ - msg = "Add tags and fields under root" - self.write_event_log(msg) - evts = self.read_events(config={ - "tags": ["global"], - "fields": {"global": "field", "env": "prod", "log.level": "overwrite"}, - "fields_under_root": True, - "event_logs": [ - { - "name": self.providerName, - "api": self.api, - "tags": ["local"], - "fields_under_root": True, - "fields": {"local": "field", "env": "dev"} - } - ] - }) - self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], msg=msg, level="overwrite", extra={ - "global": "field", - "env": "dev", - "local": "field", - "tags": ["global", "local"], - }) - - def test_fields_not_under_root(self): - """ - eventlogging - Add custom fields (not under root) - """ - msg = "Add fields (not under root)" - self.write_event_log(msg) - evts = self.read_events(config={ - "fields": {"global": "field", "env": "prod", "level": "overwrite"}, - "event_logs": [ - { - "name": self.providerName, - "api": self.api, - "fields": {"local": "field", "env": "dev", "num": 1} - } - ] - }) - self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], msg=msg, extra={ - "log.level": "information", - "fields.global": "field", - "fields.env": "dev", - "fields.level": "overwrite", - "fields.local": "field", - "fields.num": 1, - }) - self.assertTrue("tags" not in evts[0]) - - def test_ignore_older(self): - """ - eventlogging - Query by time (ignore_older than 4s) - """ - self.write_event_log(">=4 seconds old", eventID=20) - time.sleep(4) - self.write_event_log("~0 seconds old", eventID=10) - evts = self.read_events(config={ - "event_logs": [ - { - "name": self.providerName, - "api": self.api, - "ignore_older": "2s" - } - ] - }, expected_events=1) - self.assertTrue(len(evts), 1) - self.assertEqual(evts[0]["winlog.event_id"], 10) - self.assertEqual(evts[0]["event.code"], 10) - - def test_utf16_characters(self): - """ - eventlogging - UTF-16 characters - """ - msg = (u'\u89E3\u51CD\u3057\u305F\u30D5\u30A9\u30EB\u30C0\u306E' - u'\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u30B9\u30AF\u30EA' - u'\u30D7\u30C8\u3092\u5B9F\u884C\u3057' - u'\u8C61\u5F62\u5B57') - self.write_event_log(str(msg)) - evts = self.read_events(config={ - "event_logs": [ - { - "name": self.providerName, - "api": self.api, - } - ] - }) - self.assertTrue(len(evts), 1) - self.assertEqual(evts[0]["message"], msg) - - def test_registry_data(self): - """ - eventlogging - Registry is updated - """ - self.write_event_log("Hello world!") - evts = self.read_events() - self.assertTrue(len(evts), 1) - - event_logs = self.read_registry(requireBookmark=False) - self.assertTrue(len(list(event_logs.keys())), 1) - self.assertIn(self.providerName, event_logs) - record_number = event_logs[self.providerName]["record_number"] - self.assertGreater(record_number, 0) - - def test_processors(self): - """ - eventlogging - Processors are applied - """ - self.write_event_log("Hello world!") - - config = { - "event_logs": [ - { - "name": self.providerName, - "api": self.api, - "extras": { - "processors": [ - { - "drop_fields": { - "fields": ["message"], - } - } - ], - }, - } - ] - } - evts = self.read_events(config) - self.assertTrue(len(evts), 1) - self.assertNotIn("message", evts[0]) - - def test_multiline_events(self): - """ - eventlogging - Event with newlines and control characters - """ - msg = """ -A trusted logon process has been registered with the Local Security Authority. -This logon process will be trusted to submit logon requests. - -Subject: - -Security ID: SYSTEM -Account Name: MS4\x1e$ -Account Domain: WORKGROUP -Logon ID: 0x3e7 -Logon Process Name: IKE""" - self.write_event_log(msg) - evts = self.read_events() - self.assertTrue(len(evts), 1) - self.assertEqual(str(self.api), evts[0]["winlog.api"], evts[0]) - self.assertNotIn("event.original", evts[0], msg=evts[0]) - self.assertIn("message", evts[0], msg=evts[0]) - self.assertNotIn("\\u000a", evts[0]["message"], msg=evts[0]) - self.assertEqual(str(msg), codecs.decode(evts[0]["message"], "unicode_escape"), msg=evts[0]) diff --git a/x-pack/auditbeat/module/system/login/login_test.go b/x-pack/auditbeat/module/system/login/login_test.go index 818ad18314e..0bf92925db8 100644 --- a/x-pack/auditbeat/module/system/login/login_test.go +++ b/x-pack/auditbeat/module/system/login/login_test.go @@ -101,6 +101,13 @@ func TestWtmp(t *testing.T) { t.Fatalf("error opening %v: %v", wtmpFilepath, err) } + wtmpFileInfo, err := os.Stat(wtmpFilepath) + if err != nil { + t.Fatalf("error performing stat on %v: %v", wtmpFilepath, err) + } + + size := wtmpFileInfo.Size() + loginUtmp := utmpC{ Type: DEAD_PROCESS, } @@ -132,6 +139,35 @@ func TestWtmp(t *testing.T) { checkFieldValue(t, events[0].RootFields, "user.name", "vagrant") checkFieldValue(t, events[0].RootFields, "related.user", []string{"vagrant"}) checkFieldValue(t, events[0].RootFields, "user.terminal", "pts/2") + + // We truncate to the previous size to force a full re-read, simulating an inode reuse. + if err := wtmpFile.Truncate(size); err != nil { + t.Fatalf("error truncating %v: %v", wtmpFilepath, err) + } + + events, errs = mbtest.ReportingFetchV2(f) + if len(errs) > 0 { + t.Fatalf("received error: %+v", errs[0]) + } + + if len(events) == 0 { + t.Fatal("no events were generated") + } else if len(events) != 1 { + t.Fatalf("only one event expected, got %d", len(events)) + } + + // utmpdump: [7] [14962] [ts/2] [vagrant ] [pts/2 ] [10.0.2.2 ] [10.0.2.2 ] [2019-01-24T09:51:51,367964+00:00] + checkFieldValue(t, events[0].RootFields, "event.kind", "event") + checkFieldValue(t, events[0].RootFields, "event.category", []string{"authentication"}) + checkFieldValue(t, events[0].RootFields, "event.type", []string{"start", "authentication_success"}) + checkFieldValue(t, events[0].RootFields, "event.action", "user_login") + checkFieldValue(t, events[0].RootFields, "event.outcome", "success") + checkFieldValue(t, events[0].RootFields, "process.pid", 14962) + checkFieldValue(t, events[0].RootFields, "source.ip", "10.0.2.2") + checkFieldValue(t, events[0].RootFields, "user.name", "vagrant") + checkFieldValue(t, events[0].RootFields, "user.terminal", "pts/2") + assert.True(t, events[0].Timestamp.Equal(time.Date(2019, 1, 24, 9, 51, 51, 367964000, time.UTC)), + "Timestamp is not equal: %+v", events[0].Timestamp) } func TestBtmp(t *testing.T) { diff --git a/x-pack/auditbeat/module/system/login/utmp.go b/x-pack/auditbeat/module/system/login/utmp.go index d01ba528a94..273229f051a 100644 --- a/x-pack/auditbeat/module/system/login/utmp.go +++ b/x-pack/auditbeat/module/system/login/utmp.go @@ -181,14 +181,14 @@ func (r *UtmpFileReader) readNewInFile(loginRecordC chan<- LoginRecord, errorC c size := utmpFile.Size oldSize := savedUtmpFile.Size - if size < oldSize { + if size < oldSize || utmpFile.Offset > size { // UTMP files are append-only and so this is weird. It might be a sign of // a highly unlikely inode reuse - or of something more nefarious. // Setting isKnownFile to false so we read the whole file from the beginning. isKnownFile = false - r.log.Warnf("Unexpectedly, the file %v is smaller than before (new: %v, old: %v) - reading whole file.", - utmpFile.Path, size, oldSize) + r.log.Warnf("saved size or offset illogical (new=%+v, saved=%+v) - reading whole file.", + utmpFile, savedUtmpFile) } if !isKnownFile && size == 0 { @@ -219,11 +219,18 @@ func (r *UtmpFileReader) readNewInFile(loginRecordC chan<- LoginRecord, errorC c f.Close() }() - _, err = f.Seek(utmpFile.Offset, 0) - if err != nil { - errorC <- errors.Wrapf(err, "error setting offset for file %v", utmpFile.Path) + // This will be the usual case, but we do not want to seek with the stored offset + // if the saved size is smaller than the current one. + if size >= oldSize && utmpFile.Offset <= size { + _, err = f.Seek(utmpFile.Offset, 0) + if err != nil { + errorC <- errors.Wrapf(err, "error setting offset %d for file %v", utmpFile.Offset, utmpFile.Path) + } + } - // Try one more time, this time resetting to the beginning of the file. + // If the saved size is smaller than the current one, or the previous Seek failed, + // we retry one more time, this time resetting to the beginning of the file. + if size < oldSize || utmpFile.Offset > size || err != nil { _, err = f.Seek(0, 0) if err != nil { errorC <- errors.Wrapf(err, "error setting offset 0 for file %v", utmpFile.Path) diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index 1192e3ed91c..c4f7fa88dad 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -40,6 +40,7 @@ - Fix failing installation on windows 7 {pull}[24387]24387 - Fix capabilities resolution in inspect command {pull}[24346]24346 - Fix windows installer during enroll {pull}[24343]24343 +- Logging to file disabled on enroll {issue}[24173]24173 ==== New features diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index b0d7b003b6d..2a2e6184c8b 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -43,6 +43,7 @@ - Fix bad substitution of API key. {pull}24036[24036] - Fix docker enrollment issue related to Fleet Server change. {pull}24155[24155] - Improve log on failure of Endpoint Security installation. {pull}24429[24429] +- Verify communication to Kibana before updating Fleet client. {pull}24489[24489] ==== New features diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go index 225c50e65e6..6bd72852baa 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go @@ -180,14 +180,20 @@ func (f *fleetGateway) worker() { actions[idx] = a } + var errMsg string if err := f.dispatcher.Dispatch(f.acker, actions...); err != nil { - msg := fmt.Sprintf("failed to dispatch actions, error: %s", err) - f.log.Error(msg) - f.statusReporter.Update(state.Degraded, msg) + errMsg = fmt.Sprintf("failed to dispatch actions, error: %s", err) + f.log.Error(errMsg) + f.statusReporter.Update(state.Failed, errMsg) } f.log.Debugf("FleetGateway is sleeping, next update in %s", f.settings.Duration) - f.statusReporter.Update(state.Healthy, "") + if errMsg != "" { + f.statusReporter.Update(state.Failed, errMsg) + } else { + f.statusReporter.Update(state.Healthy, "") + } + case <-f.bgContext.Done(): f.stop() return diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go b/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go index b921569a19b..76bdf4c0cac 100644 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go +++ b/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go @@ -10,6 +10,7 @@ import ( "fmt" "io" "sort" + "time" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" @@ -24,6 +25,10 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/kibana" ) +const ( + apiStatusTimeout = 15 * time.Second +) + type clientSetter interface { SetClient(clienter) } @@ -50,7 +55,7 @@ func (h *handlerPolicyChange) Handle(ctx context.Context, a action, acker fleetA } h.log.Debugf("handlerPolicyChange: emit configuration for action %+v", a) - err = h.handleKibanaHosts(c) + err = h.handleKibanaHosts(ctx, c) if err != nil { return err } @@ -61,7 +66,12 @@ func (h *handlerPolicyChange) Handle(ctx context.Context, a action, acker fleetA return acker.Ack(ctx, action) } -func (h *handlerPolicyChange) handleKibanaHosts(c *config.Config) (err error) { +func (h *handlerPolicyChange) handleKibanaHosts(ctx context.Context, c *config.Config) (err error) { + // do not update kibana host from policy; no setters provided with local Fleet Server + if len(h.setters) == 0 { + return nil + } + cfg, err := configuration.NewFromConfig(c) if err != nil { return errors.New(err, "could not parse the configuration from the policy", errors.TypeConfig) @@ -94,6 +104,14 @@ func (h *handlerPolicyChange) handleKibanaHosts(c *config.Config) (err error) { err, "fail to create API client with updated hosts", errors.TypeNetwork, errors.M("hosts", h.config.Fleet.Kibana.Hosts)) } + ctx, cancel := context.WithTimeout(ctx, apiStatusTimeout) + defer cancel() + _, err = client.Send(ctx, "GET", "/api/status", nil, nil, nil) + if err != nil { + return errors.New( + err, "fail to communicate with updated API client hosts", + errors.TypeNetwork, errors.M("hosts", h.config.Fleet.Kibana.Hosts)) + } reader, err := fleetToReader(h.agentInfo, h.config) if err != nil { return errors.New( diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go index cd4b12ef422..78fc41f819a 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go @@ -157,6 +157,11 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args } } + // enroll is invoked either manually or from install with redirected IO + // no need to log to file + cfg.Settings.LoggingConfig.ToFiles = false + cfg.Settings.LoggingConfig.ToStderr = true + logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig) if err != nil { return err diff --git a/x-pack/elastic-agent/pkg/artifact/install/atomic/atomic_installer.go b/x-pack/elastic-agent/pkg/artifact/install/atomic/atomic_installer.go index 60c5f1d28cf..a9406cf9815 100644 --- a/x-pack/elastic-agent/pkg/artifact/install/atomic/atomic_installer.go +++ b/x-pack/elastic-agent/pkg/artifact/install/atomic/atomic_installer.go @@ -55,15 +55,8 @@ func (i *Installer) Install(ctx context.Context, spec program.Spec, version, ins // on windows rename is not atomic, let's force it to flush the cache defer func() { if runtime.GOOS == "windows" { - if f, err := os.OpenFile(installDir, os.O_RDWR, 0777); err == nil { - f.Sync() - f.Close() - } - - if f, err := os.OpenFile(tempInstallDir, os.O_RDWR, 0777); err == nil { - f.Sync() - f.Close() - } + syncDir(installDir) + syncDir(tempInstallDir) } }() @@ -87,3 +80,10 @@ func (i *Installer) Install(ctx context.Context, spec program.Spec, version, ins return nil } + +func syncDir(dir string) { + if f, err := os.OpenFile(dir, os.O_RDWR, 0777); err == nil { + f.Sync() + f.Close() + } +} diff --git a/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go b/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go index 034e4be7b41..eba432feefb 100644 --- a/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go +++ b/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go @@ -61,9 +61,13 @@ func (i *Installer) Install(ctx context.Context, spec program.Spec, version, ins // if root directory is not the same as desired directory rename // e.g contains `-windows-` or `-SNAPSHOT-` if rootDir != installDir { + defer syncDir(rootDir) + defer syncDir(installDir) + if err := os.Rename(rootDir, installDir); err != nil { return errors.New(err, errors.TypeFilesystem, errors.M(errors.MetaKeyPath, installDir)) } + } return nil @@ -155,3 +159,10 @@ func (i *Installer) getRootDir(zipPath string) (dir string, err error) { return rootDir, nil } + +func syncDir(dir string) { + if f, err := os.OpenFile(dir, os.O_RDWR, 0777); err == nil { + f.Sync() + f.Close() + } +} diff --git a/x-pack/elastic-agent/pkg/core/logger/logger.go b/x-pack/elastic-agent/pkg/core/logger/logger.go index 3e70cd88e57..6169022fea6 100644 --- a/x-pack/elastic-agent/pkg/core/logger/logger.go +++ b/x-pack/elastic-agent/pkg/core/logger/logger.go @@ -54,11 +54,18 @@ func new(name string, cfg *Config) (*Logger, error) { if err != nil { return nil, err } - internal, err := makeInternalFileOutput(cfg) - if err != nil { - return nil, err + + var outputs []zapcore.Core + if cfg.ToFiles { + internal, err := makeInternalFileOutput(cfg) + if err != nil { + return nil, err + } + + outputs = append(outputs, internal) } - if err := configure.LoggingWithOutputs("", commonCfg, internal); err != nil { + + if err := configure.LoggingWithOutputs("", commonCfg, outputs...); err != nil { return nil, fmt.Errorf("error initializing logging: %v", err) } return logp.NewLogger(name), nil @@ -87,6 +94,7 @@ func DefaultLoggingConfig() *Config { cfg := logp.DefaultConfig(logp.DefaultEnvironment) cfg.Beat = agentName cfg.Level = logp.InfoLevel + cfg.ToFiles = true cfg.Files.Path = paths.Logs() cfg.Files.Name = fmt.Sprintf("%s.log", agentName) diff --git a/x-pack/filebeat/docs/inputs/input-netflow.asciidoc b/x-pack/filebeat/docs/inputs/input-netflow.asciidoc index 840ad70ec05..b53881cc961 100644 --- a/x-pack/filebeat/docs/inputs/input-netflow.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-netflow.asciidoc @@ -120,6 +120,17 @@ cause flow loss until the exporter provides new templates. If set to `false`, if the exporter process is reset. This option is only applicable to Netflow V9 and IPFIX. Default is `true`. +[float] +[[internal_networks]] +==== `internal_networks` + +A list of CIDR ranges describing the IP addresses that you consider internal. +This is used in determining the values of `source.locality`, +`destination.locality`, and `flow.locality`. The values can be either a CIDR +value or one of the named ranges supported by the +<> condition. The default value is `[private]` +which classifies RFC 1918 (IPv4) and RFC 4193 (IPv6) addresses as internal. + [id="{beatname_lc}-input-{type}-common-options"] include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] diff --git a/x-pack/filebeat/input/netflow/config.go b/x-pack/filebeat/input/netflow/config.go index 4d795a44eec..b13b6722ab6 100644 --- a/x-pack/filebeat/input/netflow/config.go +++ b/x-pack/filebeat/input/netflow/config.go @@ -33,6 +33,7 @@ var defaultConfig = config{ ForwarderConfig: harvester.ForwarderConfig{ Type: inputName, }, + InternalNetworks: []string{"private"}, Protocols: []string{"v5", "v9", "ipfix"}, ExpirationTimeout: time.Minute * 30, PacketQueueSize: 8192, diff --git a/x-pack/filebeat/module/netflow/_meta/docs.asciidoc b/x-pack/filebeat/module/netflow/_meta/docs.asciidoc index 830b397ec45..09ffda3d024 100644 --- a/x-pack/filebeat/module/netflow/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/netflow/_meta/docs.asciidoc @@ -67,6 +67,13 @@ details. monitor sequence numbers in the Netflow packets to detect an Exporting Process reset. See <> for details. +`var.internal_networks`:: A list of CIDR ranges describing the IP addresses that +you consider internal. This is used in determining the values of +`source.locality`, `destination.locality`, and `flow.locality`. The values +can be either a CIDR value or one of the named ranges supported by the +<> condition. The default value is `[private]` +which classifies RFC 1918 (IPv4) and RFC 4193 (IPv6) addresses as internal. + *`var.tags`*:: A list of tags to include in events. Including `forwarded` indicates that the diff --git a/x-pack/filebeat/module/netflow/log/config/netflow.yml b/x-pack/filebeat/module/netflow/log/config/netflow.yml index 65baa78eaac..dd111c35097 100644 --- a/x-pack/filebeat/module/netflow/log/config/netflow.yml +++ b/x-pack/filebeat/module/netflow/log/config/netflow.yml @@ -6,7 +6,7 @@ expiration_timeout: '{{.expiration_timeout}}' queue_size: {{.queue_size}} {{if .internal_networks}} -internal_hosts: +internal_networks: {{range .internal_networks}} - '{{ . }}' {{end}} diff --git a/x-pack/filebeat/module/netflow/log/manifest.yml b/x-pack/filebeat/module/netflow/log/manifest.yml index e46428b2fc0..250c2b414e9 100644 --- a/x-pack/filebeat/module/netflow/log/manifest.yml +++ b/x-pack/filebeat/module/netflow/log/manifest.yml @@ -17,6 +17,7 @@ var: - name: detect_sequence_reset - name: tags default: [forwarded] + - name: internal_networks ingest_pipeline: ingest/pipeline.yml input: config/netflow.yml diff --git a/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc b/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc index 997460dcd23..bf278ed270f 100644 --- a/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc @@ -1,32 +1,38 @@ [role="xpack"] :modulename: threatintel -:has-dashboards: false - +:has-dashboards: true == Threat Intel module beta[] -This module is a collection of different threat intelligence sources. The ingested data is meant to be used with https://www.elastic.co/guide/en/security/7.11/rules-ui-create.html#create-indicator-rule[Indicator Match rules], but is also -compatible with other features like https://www.elastic.co/guide/en/elasticsearch/reference/current/enrich-processor.html[Enrich Processors]. -The related threat intel attribute that is meant to be used for matching incoming source data is stored under the `threatintel.indicator.*` fields. +This module ingests data from a collection of different threat intelligence +sources. The ingested data is meant to be used with +https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-indicator-rule[Indicator +Match rules], but is also compatible with other features like +https://www.elastic.co/guide/en/elasticsearch/reference/current/enrich-processor.html[Enrich +Processors]. The related threat intel attribute that is meant to be used for +matching incoming source data is stored under the `threatintel.indicator.*` +fields. -Currently supporting: -- `abuseurl` fileset: Supports URL entities from Abuse.ch -- `abusemalware` fileset: Supports Malware/Payload entities from Abuse.ch -- `misp` fileset: Supports gathering threat intel attributes from MISP -- `otx` fileset: Supports gathering threat intel attributes from Alienvault OTX -- `anomali` fileset: Supports gathering threat intel attributes from Anomali +The available filesets are: -include::../include/gs-link.asciidoc[] +* `abuseurl`: Supports URL entities from Abuse.ch. +* `abusemalware`: Supports Malware/Payload entities from Abuse.ch. +* `misp`: Supports gathering threat intel attributes from MISP (replaces MISP module). +* `otx`: Supports gathering threat intel attributes from AlientVault OTX. +* `anomali`: Supports gathering threat intel attributes from Anomali. +include::../include/gs-link.asciidoc[] [float] ==== `abuseurl` fileset settings -This fileset contacts the AbuseCH API and fetches all new malicious URLs found the last 60 minutes. +This fileset contacts the abuse.ch API and fetches all new malicious URLs found +the last 60 minutes. -To configure the module, please utilize the default URL unless specified as the example below: +To configure the module, please utilize the default URL unless specified as the +example below: [source,yaml] ---- @@ -48,21 +54,24 @@ The URL of the API endpoint to connect with. How often the API is polled for updated information. -AbuseCH URL Threat Intel is mapped to the following ECS fields +Abuse.ch URL Threat Intel is mapped to the following ECS fields. + [options="header"] |============================================================== -| URL Threat Intel Fields' | ECS Fields | -| url | threat.indicator.url.full | -| date_added | @timestamp | -| host | threat.indicator.ip/domain | +| URL Threat Intel Fields | ECS Fields +| url | threat.indicator.url.full +| date_added | @timestamp +| host | threatintel.indicator.ip/domain |============================================================== [float] ==== `abusemalware` fileset settings -This fileset contacts the AbuseCH API and fetches all new malicious hashes found the last 60 minutes. +This fileset contacts the Abuse.ch API and fetches all new malicious hashes found +the last 60 minutes. -To configure the module, please utilize the default URL unless specified as the example below: +To configure the module, please utilize the default URL unless specified as the +example below: [source,yaml] ---- @@ -84,21 +93,24 @@ The URL of the API endpoint to connect with. How often the API is polled for updated information. -AbuseCH Malware Threat Intel is mapped to the following ECS fields +Abuse.ch Malware Threat Intel is mapped to the following ECS fields. + [options="header"] |================================================================ -| Malware Threat IntelFields | ECS Fields | -| md5_hash | threat.indicato.file.hash.md5 | -| sha256_hash | threat.indicator.file.hash.sha256| -| file_size | threat.indicator.file.size | +| Malware Threat IntelFields | ECS Fields +| md5_hash | threatintel.indicator.file.hash.md5 +| sha256_hash | threatintel.indicator.file.hash.sha256 +| file_size | threatintel.indicator.file.size |================================================================ [float] ==== `misp` fileset settings -This fileset communicates with a local or remote MISP server. Not to be confused with the older MISP Module (link here). +This fileset communicates with a local or remote MISP server. This replaces +the older MISP module. -The fileset configuration allows to set the polling interval, how far back it should look initially, and optionally any filters used to filter the results. +The fileset configuration allows to set the polling interval, how far back it +should look initially, and optionally any filters used to filter the results. [source,yaml] ---- @@ -112,10 +124,12 @@ The fileset configuration allows to set the polling interval, how far back it sh var.interval: 60m ---- -To configure the output with filters, use fields that already exist on the MISP server, and define either a single value or multiple. -By adding a filter, only events that has attributes which matches the filter will be returned. +To configure the output with filters, use fields that already exist on the MISP +server, and define either a single value or multiple. By adding a filter, only +events that have attributes that match the filter will be returned. -The below filters is only examples, for a full list of all fields please reference the MISP fields located on the MISP server itself. +The below filters are only examples, for a full list of all fields please +reference the MISP fields located on the MISP server itself. [source,yaml] ---- @@ -145,27 +159,32 @@ How often the API is polled for updated information. *`var.first_interval`*:: How far back to search when retrieving events the first time the beat starts up. -After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. +After the first interval has passed the module itself will use the timestamp +from the last response as the filter when retrieving new events. *`var.filters`*:: -List of filters to apply when retrieving new events from the MISP server, this field is optional and defaults to all events. +List of filters to apply when retrieving new events from the MISP server, this +field is optional and defaults to all events. + +MISP Threat Intel is mapped to the following ECS fields. -MISP Threat Intel is mapped to the following ECS fields [options="header"] |============================================================== -| Malware Threat IntelFields | ECS Fields | -| misp.first_seen | threat.indicator.first_seen | -| misp.last_seen | threat.indicator.last_seen | -| misp.tag | tag | -| misp.value | threat.indicator.* | +| Malware Threat IntelFields | ECS Fields +| misp.first_seen | threatintel.indicator.first_seen +| misp.last_seen | threatintel.indicator.last_seen +| misp.tag | tag +| misp.value | threatintel.indicator.* |============================================================== -misp.value is mapped to the appropriate field dependant on attribute type + +`misp.value` is mapped to the appropriate field dependent on attribute type. [float] ==== `otx` fileset settings -To configure the module, please utilize the default URL unless specified as the example below: +To configure the module, please utilize the default URL unless specified as the +example below: [source,yaml] ---- @@ -180,7 +199,8 @@ To configure the module, please utilize the default URL unless specified as the var.interval: 60m ---- -To filter only on specific indicator types, this is an example of some possible filters supported: +To filter only on specific indicator types, this is an example of some possible +filters that are supported: [source,yaml] ---- @@ -202,7 +222,8 @@ The URL of the API endpoint to connect with. *`var.api_token`*:: -The API key used to access OTX. This can be found on your https://otx.alienvault.com/api[OTX API homepage]. +The API key used to access OTX. This can be found on your +https://otx.alienvault.com/api[OTX API homepage]. *`var.interval`*:: @@ -211,29 +232,39 @@ How often the API is polled for updated information. *`var.first_interval`*:: How far back to search when retrieving events the first time the beat starts up. -After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. +After the first interval has passed the module itself will use the timestamp +from the last response as the filter when retrieving new events. *`var.types`*:: -A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[Alienvault OTX documentation page] +A comma delimited list of indicator types to include, defaults to all. A list of +possible types to filter on can be found in the +https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault +OTX documentation]. -OTX Threat Intel is mapped to the following ECS fields +OTX Threat Intel is mapped to the following ECS fields. + [options="header"] -|======================================================| -| Malware Threat IntelFields | ECS Fields | -| otx.type | threat.indicator.type | -| otx.description | threat.indicator.description | -| otx.indicator | threat.indicator.* | -|======================================================| -otx.indicator is mapped to the appropriate field dependant on attribute type. +|============================================================ +| Malware Threat Intel Fields | ECS Fields +| otx.type | threatintel.indicator.type +| otx.description | threatintel.indicator.description +| otx.indicator | threatintel.indicator.* +|============================================================ + +`otx.indicator` is mapped to the appropriate field dependent on attribute type. [float] ==== `anomali` fileset settings -To configure the module please fill in the credentials, for Anomali Limo (the free Taxii service) these are usually default credentials found at the https://www.anomali.com/resources/limo[Anomali Limo webpage] -Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url -used in this configuration. A list of different collections can be found using the credentials at https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. +To configure the module please fill in the credentials, for Anomali Limo (the +free Taxii service) these are usually default credentials found at the +https://www.anomali.com/resources/limo[Anomali Limo webpage] Anomali Limo offers +multiple sources called collections. Each collection has a specific ID, which +then fits into the url used in this configuration. A list of different +collections can be found using the credentials at +https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. The example below uses the collection of ID 41 as can be seen in the URL. @@ -249,7 +280,8 @@ The example below uses the collection of ID 41 as can be seen in the URL. var.interval: 60m ---- -To filter on specifc types, you can define var.types as a comma delimited list of object types. This defaults to "indicators" +To filter on specific types, you can define `var.types` as a comma delimited list +of object types. This defaults to "indicators". [source,yaml] ---- @@ -268,7 +300,8 @@ include::../include/var-paths.asciidoc[] *`var.url`*:: -The URL of the API endpoint to connect with. Limo offers multiple collections of threat intelligence. +The URL of the API endpoint to connect with. Limo offers multiple collections of +threat intelligence. *`var.username`*:: @@ -284,18 +317,66 @@ How often the API is polled for updated information. *`var.types`*:: -A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix 2.1 Object types] page. +A comma delimited list of indicator types to include, defaults to all. A list of +possible types to filter on can be found on the +https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix +2.1 Object types] page. + +Anomali Threat Intel is mapped to the following ECS fields. -Anomali Threat Intel is mapped to the following ECS fields [options="header"] -|============================================================== -| Malware Threat IntelFields | ECS Fields | -| anomali.description | threat.indicator.description | -| anomali.created | threat.indicator.first_seen | -| anomali.modified | threat.indicator.last_seen | -| anomali.pattern | threat.indicator.* | -| anomali.labels | tags | -|============================================================== -anomali.pattern is mapped to the appropriate field dependant on attribute type. +|============================================================= +| Malware Threat Intel Fields | ECS Fields +| anomali.description | threatintel.indicator.description +| anomali.created | threatintel.indicator.first_seen +| anomali.modified | threatintel.indicator.last_seen +| anomali.pattern | threatintel.indicator.* +| anomali.labels | tags +|============================================================= + +`anomali.pattern` is mapped to the appropriate field dependent on attribute type. + +:has-dashboards!: + +[float] +=== Dashboards + +This module comes with dashboards for the threat information feeds. + +[role="screenshot"] +image::./images/filebeat-threatintel-overview.png[] + +[float] +Overview of the information provided, and the health of, the Threat Intel module. + +[role="screenshot"] +image::./images/filebeat-threatintel-abuse-malware.png[] + +[float] +Overview of the information provided by the Abuse.ch Malware feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-abuse-url.png[] + +[float] +Overview of the information provided by the Abuse.ch URL feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-alienvault-otx.png[] + +[float] +Overview of the information provided by the AlienVault OTX feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-anomali-limo.png[] + +[float] +Overview of the information provided by the Anomali Limo feed. + +[role="screenshot"] +image::./images/filebeat-threatintel-misp.png[] + +[float] +Overview of the information provided by the MSIP feed. :modulename!: diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-abuse-url.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-abuse-url.json new file mode 100644 index 00000000000..2cc53e68cbf --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-abuse-url.json @@ -0,0 +1,2136 @@ +{ + "objects": [ + { + "attributes": { + "description": "Abuse URL indicators ingested by the threat intel Filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "166a6654-675d-4802-b1bf-05a9b95e6547", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "166a6654-675d-4802-b1bf-05a9b95e6547", + "panelRefName": "panel_0", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "92819fb6-a0a3-4831-881f-de6e9203f3ee", + "w": 14, + "x": 12, + "y": 0 + }, + "panelIndex": "92819fb6-a0a3-4831-881f-de6e9203f3ee", + "panelRefName": "panel_1", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "0d49c092-01ba-4213-b3f4-05f939796184", + "w": 10, + "x": 26, + "y": 0 + }, + "panelIndex": "0d49c092-01ba-4213-b3f4-05f939796184", + "panelRefName": "panel_2", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "ac111656-d2ad-4b02-8c4f-b07ae92cf3f5", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "ac111656-d2ad-4b02-8c4f-b07ae92cf3f5", + "panelRefName": "panel_3", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 690.5 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "0fbd766f-a11e-4287-ab1d-2239068f4aa9", + "w": 16, + "x": 0, + "y": 18 + }, + "panelIndex": "0fbd766f-a11e-4287-ab1d-2239068f4aa9", + "panelRefName": "panel_4", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 494.5 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "9b7733e0-a86a-4721-a456-2f394577025a", + "w": 12, + "x": 16, + "y": 18 + }, + "panelIndex": "9b7733e0-a86a-4721-a456-2f394577025a", + "panelRefName": "panel_5", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "4bce30b1-9606-4fc7-91af-1890ad0578bd", + "w": 12, + "x": 28, + "y": 18 + }, + "panelIndex": "4bce30b1-9606-4fc7-91af-1890ad0578bd", + "panelRefName": "panel_6", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "2e7f876d-4e18-4dc6-a57f-51c651f90b4c", + "w": 8, + "x": 40, + "y": 18 + }, + "panelIndex": "2e7f876d-4e18-4dc6-a57f-51c651f90b4c", + "panelRefName": "panel_7", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 467.5 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "a824f293-41a3-46bf-83c9-1d17fa840fde", + "w": 13, + "x": 0, + "y": 36 + }, + "panelIndex": "a824f293-41a3-46bf-83c9-1d17fa840fde", + "panelRefName": "panel_8", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "91d7b4bf-4a43-4747-91ad-3e2fd201468e", + "w": 11, + "x": 13, + "y": 36 + }, + "panelIndex": "91d7b4bf-4a43-4747-91ad-3e2fd201468e", + "panelRefName": "panel_9", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "f597f182-0cf4-4fab-b0ab-af4e7c74a897", + "w": 24, + "x": 24, + "y": 36 + }, + "panelIndex": "f597f182-0cf4-4fab-b0ab-af4e7c74a897", + "panelRefName": "panel_10", + "version": "7.11.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Threat Intel] Abuse URL", + "version": 1 + }, + "id": "65fa6bc0-72f0-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "87980f70-72ec-11eb-a3e3-b3cc7c78a70f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "98d42ee0-76b6-11eb-a3e3-b3cc7c78a70f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "a7b6e910-72ed-11eb-a3e3-b3cc7c78a70f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "eba4ec60-72ea-11eb-a3e3-b3cc7c78a70f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1adff580-72ee-11eb-a3e3-b3cc7c78a70f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "62f6daa0-72ee-11eb-a3e3-b3cc7c78a70f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "ecf74b10-72ec-11eb-a3e3-b3cc7c78a70f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "44020830-7394-11eb-a3e3-b3cc7c78a70f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "d5d76c60-72ee-11eb-a3e3-b3cc7c78a70f", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "ea5879c0-72eb-11eb-a3e3-b3cc7c78a70f", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "a1616dd0-72eb-11eb-a3e3-b3cc7c78a70f", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzUsMl0=" + }, + { + "attributes": { + "description": "Abuse URL threat of indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abuseurl.threat" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.abuseurl.threat", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Threat [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#E24D42" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Abuse URL Threat", + "field": "threatintel.abuseurl.threat", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Abuse URL Threat [Filebeat Threat Intel]", + "type": "horizontal_bar" + } + }, + "id": "87980f70-72ec-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjQsMl0=" + }, + { + "attributes": { + "description": "Tags for Abuse URL indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abuseurl.tags" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.abuseurl.tags", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Tags [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Abuse URL Tags", + "field": "threatintel.abuseurl.tags", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse URL Tags [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "98d42ee0-76b6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjUsMl0=" + }, + { + "attributes": { + "description": "Abuse URL scheme of indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.scheme" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.scheme", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Scheme [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "http": "#65C5DB", + "https": "#F9934E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "URL Scheme", + "field": "threatintel.indicator.url.scheme", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "threatintel.indicator.url.scheme", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Abuse URL Scheme [Filebeat Threat Intel]", + "type": "histogram" + } + }, + "id": "a7b6e910-72ed-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjYsMl0=" + }, + { + "attributes": { + "description": "Hosting provider notified for indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abuseurl.larted" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.abuseurl.larted", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Hosting Provider Notified [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "false": "#E24D42" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Hosting Provider Notified", + "field": "threatintel.abuseurl.larted", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Abuse URL Hosting Provider Notified [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "eba4ec60-72ea-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjcsMl0=" + }, + { + "attributes": { + "description": "Abuse URL domain indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.domain" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.domain", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Indicator Domain [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Indicator Domain", + "field": "threatintel.indicator.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse URL Indicator Domain [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "1adff580-72ee-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjgsMl0=" + }, + { + "attributes": { + "description": "Abuse URL full URL indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.full" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.full", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Indicator URLs [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Indicator URL", + "field": "threatintel.indicator.url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse URL Indicator URLs [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "62f6daa0-72ee-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjksMl0=" + }, + { + "attributes": { + "description": "Abuse URL provider of indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abuseurl.threat" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.abuseurl.threat", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Indicator Provider [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#705DA0" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "threatintel.indicator.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Abuse URL Indicator Provider [Filebeat Threat Intel]", + "type": "horizontal_bar" + } + }, + "id": "ecf74b10-72ec-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzAsMl0=" + }, + { + "attributes": { + "description": "Total number of Abuse URL indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Abuse URL Indicators" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Abuse URL Indicators [Filebeat Threat Intel]", + "type": "metric" + } + }, + "id": "44020830-7394-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzEsMl0=" + }, + { + "attributes": { + "description": "Abuse URL event references ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.full" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.full", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Event Reference [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Abuse URL Reference URL", + "field": "event.reference", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse URL Event Reference [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "d5d76c60-72ee-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzIsMl0=" + }, + { + "attributes": { + "description": "Status of URLs ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abuseurl.url_status" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.abuseurl.url_status", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL URL Status [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "URL Status", + "field": "threatintel.abuseurl.url_status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse URL URL Status [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "ea5879c0-72eb-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzMsMl0=" + }, + { + "attributes": { + "description": "Blacklist status of URLs ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abuseurl" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abuseurl" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abuseurl.blacklists.spamhaus_dbl" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.abuseurl.blacklists.spamhaus_dbl", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abuseurl.blacklists.surbl" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "threatintel.abuseurl.blacklists.surbl", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse URL Blacklist Status [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Spamhaus DBL Blacklist Status", + "field": "threatintel.abuseurl.blacklists.spamhaus_dbl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "SURBL Blacklist Status", + "field": "threatintel.abuseurl.blacklists.surbl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse URL Blacklist Status [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "a1616dd0-72eb-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzQsMl0=" + }, + { + "attributes": { + "color": "#a548ae", + "description": "Tag for indicators ingested by the Threat Intel Filebeat module.", + "name": "threat intel" + }, + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "namespaces": [ + "default" + ], + "references": [], + "type": "tag", + "updated_at": "2021-03-10T19:01:18.125Z", + "version": "WzIyMTcsMl0=" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "threat" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "threat" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "enrichment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "enrichment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "key": "event.type", + "negate": false, + "params": { + "query": "indicator" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "indicator" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "All Logs [Filebeat Threat Intel] ECS", + "version": 1 + }, + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMTksMl0=" + } + ], + "version": "7.11.1" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-alienvault-otx.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-alienvault-otx.json new file mode 100644 index 00000000000..5156709b9d4 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-alienvault-otx.json @@ -0,0 +1,1877 @@ +{ + "objects": [ + { + "attributes": { + "description": "AlienVault OTX indicators ingested by the threat intel Filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "7847e7a5-06a5-43e7-bd6b-ccae637739e5", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "7847e7a5-06a5-43e7-bd6b-ccae637739e5", + "panelRefName": "panel_0", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "dc17e932-e983-4deb-95dc-07d571bf9e28", + "w": 7, + "x": 17, + "y": 0 + }, + "panelIndex": "dc17e932-e983-4deb-95dc-07d571bf9e28", + "panelRefName": "panel_1", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "6d448f2b-f2b7-4e18-a9ef-77c06ab755ac", + "w": 15, + "x": 24, + "y": 0 + }, + "panelIndex": "6d448f2b-f2b7-4e18-a9ef-77c06ab755ac", + "panelRefName": "panel_2", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "a946ed22-37d4-4c8d-8250-fc00f2ad646b", + "w": 9, + "x": 39, + "y": 0 + }, + "panelIndex": "a946ed22-37d4-4c8d-8250-fc00f2ad646b", + "panelRefName": "panel_3", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 286 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "e4c2fa0c-b238-4502-82b8-b61847d19b18", + "w": 9, + "x": 0, + "y": 18 + }, + "panelIndex": "e4c2fa0c-b238-4502-82b8-b61847d19b18", + "panelRefName": "panel_4", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "ed1ab436-d7cc-4545-bbc6-a3aa4d45108b", + "w": 17, + "x": 9, + "y": 18 + }, + "panelIndex": "ed1ab436-d7cc-4545-bbc6-a3aa4d45108b", + "panelRefName": "panel_5", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "ac6508e3-214a-4af9-8621-f9bd9cd9fe36", + "w": 10, + "x": 26, + "y": 18 + }, + "panelIndex": "ac6508e3-214a-4af9-8621-f9bd9cd9fe36", + "panelRefName": "panel_6", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "d5dbe626-716b-4dc2-9018-21050ee860ad", + "w": 12, + "x": 36, + "y": 18 + }, + "panelIndex": "d5dbe626-716b-4dc2-9018-21050ee860ad", + "panelRefName": "panel_7", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "fb89a073-18ce-41a0-87ec-a66bb35216e5", + "w": 24, + "x": 0, + "y": 36 + }, + "panelIndex": "fb89a073-18ce-41a0-87ec-a66bb35216e5", + "panelRefName": "panel_8", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 303 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "a2a17e0d-2de0-45cc-8440-d00a7044aaab", + "w": 9, + "x": 24, + "y": 36 + }, + "panelIndex": "a2a17e0d-2de0-45cc-8440-d00a7044aaab", + "panelRefName": "panel_9", + "version": "7.11.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 598 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "291a8404-8e31-45f4-9117-4ea5bf996e78", + "w": 15, + "x": 33, + "y": 36 + }, + "panelIndex": "291a8404-8e31-45f4-9117-4ea5bf996e78", + "panelRefName": "panel_10", + "version": "7.11.1" + } + ], + "timeRestore": false, + "title": "[Filebeat Threat Intel] AlienVault OTX", + "version": 1 + }, + "id": "53e4e630-76cf-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "95f384b0-76d8-11eb-a3e3-b3cc7c78a70f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "b5bd3a70-76ce-11eb-a3e3-b3cc7c78a70f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "f33125b0-76d8-11eb-a3e3-b3cc7c78a70f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "302cd5b0-76cd-11eb-a3e3-b3cc7c78a70f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "49f0c060-76cd-11eb-a3e3-b3cc7c78a70f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "346136f0-76d5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "9109e490-76cd-11eb-a3e3-b3cc7c78a70f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "6077fd00-76d5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "4e5d25c0-76ce-11eb-a3e3-b3cc7c78a70f", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "0ccdda50-76ce-11eb-a3e3-b3cc7c78a70f", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "01c261b0-7aa9-11eb-ac13-d5ca87cb8fa2", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODcsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX URL scheme ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlientVault OTX URL Scheme [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "http": "#65C5DB", + "https": "#F9934E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "field": "threatintel.indicator.url.scheme", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": true + }, + "labels": { + "show": true + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "AlientVault OTX URL Scheme [Filebeat Threat Intel]", + "type": "horizontal_bar" + } + }, + "id": "95f384b0-76d8-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzYsMl0=" + }, + { + "attributes": { + "description": "Total number of AlienVault OTX indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlienVault OTX Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "AlienVault OTX Indicators" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "AlienVault OTX Indicators [Filebeat Threat Intel]", + "type": "metric" + } + }, + "id": "b5bd3a70-76ce-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzcsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX indicator types ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlientVault OTX Indicator Types [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "threatintel.indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "AlientVault OTX Indicator Types [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "f33125b0-76d8-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzgsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX IP indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.ip" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.ip", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlientVault OTX IP Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX IP Indicator", + "field": "threatintel.indicator.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlientVault OTX IP Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "302cd5b0-76cd-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNzksMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX domain indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.domain" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.domain", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlientVault OTX Domain Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX IP Indicator", + "field": "threatintel.indicator.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlientVault OTX Domain Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "49f0c060-76cd-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODAsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX URL indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.original" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.original", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlienVault OTX URL Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX URL Indicator", + "field": "threatintel.indicator.url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlienVault OTX URL Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "346136f0-76d5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODEsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX URL domain indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.domain" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.domain", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlienVault OTX URL Domain Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX URL Domain Indicator", + "field": "threatintel.indicator.url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlienVault OTX URL Domain Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "9109e490-76cd-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODIsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX URI indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.path" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.path", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlienVault OTX URI Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX URI Indicator", + "field": "threatintel.indicator.url.path", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlienVault OTX URI Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "6077fd00-76d5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODMsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX SHA256 hash indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.sha256" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.sha256", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlientVault OTX SHA256 Hash Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX SHA256 Hash Indicator", + "field": "threatintel.indicator.file.hash.sha256", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlientVault OTX SHA256 Hash Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "4e5d25c0-76ce-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODQsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX MD5 hash indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.md5" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.md5", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlientVault OTX MD5 Hash Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX MD5 Hash Indicator", + "field": "threatintel.indicator.file.hash.md5", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlientVault OTX MD5 Hash Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "0ccdda50-76ce-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODUsMl0=" + }, + { + "attributes": { + "description": "AlienVault OTX indicator title ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.otx" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.otx" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.otx.title" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.otx.title", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "AlienVault OTX Indicator Title [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AlienVault OTX Indicator Title", + "field": "threatintel.otx.title", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "AlienVault OTX Indicator Title [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "01c261b0-7aa9-11eb-ac13-d5ca87cb8fa2", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyODYsMl0=" + }, + { + "attributes": { + "color": "#a548ae", + "description": "Tag for indicators ingested by the Threat Intel Filebeat module.", + "name": "threat intel" + }, + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "namespaces": [ + "default" + ], + "references": [], + "type": "tag", + "updated_at": "2021-03-10T19:01:18.125Z", + "version": "WzIyMTcsMl0=" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "threat" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "threat" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "enrichment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "enrichment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "key": "event.type", + "negate": false, + "params": { + "query": "indicator" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "indicator" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "All Logs [Filebeat Threat Intel] ECS", + "version": 1 + }, + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMTksMl0=" + } + ], + "version": "7.11.1" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-anomali.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-anomali.json new file mode 100644 index 00000000000..bf9a25614dd --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-anomali.json @@ -0,0 +1,1641 @@ +{ + "objects": [ + { + "attributes": { + "description": "Anomali indicators ingested by the threat intel Filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "96feacb2-faa8-4154-ab78-71acfa3a0200", + "w": 18, + "x": 0, + "y": 0 + }, + "panelIndex": "96feacb2-faa8-4154-ab78-71acfa3a0200", + "panelRefName": "panel_0", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "47fb30af-2e3a-4853-923e-401be3bcffd7", + "w": 11, + "x": 18, + "y": 0 + }, + "panelIndex": "47fb30af-2e3a-4853-923e-401be3bcffd7", + "panelRefName": "panel_1", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "bcbc15d0-35c0-461d-b6f1-2a09b2e27e2a", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "bcbc15d0-35c0-461d-b6f1-2a09b2e27e2a", + "panelRefName": "panel_2", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "b3f8480e-2875-46d4-acd2-b2a910a704af", + "w": 14, + "x": 34, + "y": 18 + }, + "panelIndex": "b3f8480e-2875-46d4-acd2-b2a910a704af", + "panelRefName": "panel_3", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 173.36285400390625 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "b334f158-4fc5-4712-a5aa-f172dd743ba7", + "w": 9, + "x": 0, + "y": 18 + }, + "panelIndex": "b334f158-4fc5-4712-a5aa-f172dd743ba7", + "panelRefName": "panel_4", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 346.36285400390625 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "4125f3ee-6b0e-4198-a847-8a1113dfbc4a", + "w": 13, + "x": 9, + "y": 18 + }, + "panelIndex": "4125f3ee-6b0e-4198-a847-8a1113dfbc4a", + "panelRefName": "panel_5", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 296.36285400390625 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "8f556ccd-ef24-4bfd-a344-3da3920eda9e", + "w": 12, + "x": 22, + "y": 18 + }, + "panelIndex": "8f556ccd-ef24-4bfd-a344-3da3920eda9e", + "panelRefName": "panel_6", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 390.36285400390625 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "514b0734-f5bf-411c-b674-ad4fddfc1f25", + "w": 15, + "x": 0, + "y": 36 + }, + "panelIndex": "514b0734-f5bf-411c-b674-ad4fddfc1f25", + "panelRefName": "panel_7", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 1008.3628540039062 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "6f8a890f-3d0f-43c5-a25b-bafc3fe75edd", + "w": 33, + "x": 15, + "y": 36 + }, + "panelIndex": "6f8a890f-3d0f-43c5-a25b-bafc3fe75edd", + "panelRefName": "panel_8", + "version": "7.11.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Threat Intel] Anomali", + "version": 1 + }, + "id": "68c48a30-739e-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "55b5c280-76b7-11eb-a3e3-b3cc7c78a70f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "28aca810-7394-11eb-a3e3-b3cc7c78a70f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "09aaef80-7399-11eb-a3e3-b3cc7c78a70f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "0e4aa470-739b-11eb-a3e3-b3cc7c78a70f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1a6a6430-739a-11eb-a3e3-b3cc7c78a70f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "4360fe80-739a-11eb-a3e3-b3cc7c78a70f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "5b7f0160-739a-11eb-a3e3-b3cc7c78a70f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "a14694c0-7399-11eb-a3e3-b3cc7c78a70f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "6ed5ada0-7399-11eb-a3e3-b3cc7c78a70f", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTEsMl0=" + }, + { + "attributes": { + "description": "MISP tags for indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "tags" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "tags", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Tags [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP Tags", + "field": "tags", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP Tags [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "55b5c280-76b7-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDIsMl0=" + }, + { + "attributes": { + "description": "Total number of Anomali indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Anomali Indicators" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Anomali Indicators [Filebeat Threat Intel]", + "type": "metric" + } + }, + "id": "28aca810-7394-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDMsMl0=" + }, + { + "attributes": { + "description": "Types of Anomali indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali Indicator Type [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "threatintel.indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Anomali Indicator Type [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "09aaef80-7399-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDQsMl0=" + }, + { + "attributes": { + "description": "Anomali email indicator ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.email.address" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.email.address", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali Email Indicator [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 753.3628540039062 + } + ] + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Anomali Email Indicator", + "field": "threatintel.indicator.email.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Anomali Email Indicator [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "0e4aa470-739b-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDUsMl0=" + }, + { + "attributes": { + "description": "Anomali IP indicator ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.ip" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.ip", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali IP Indicator [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 753.3628540039062 + } + ] + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Anomali IP Indicator", + "field": "threatintel.indicator.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Anomali IP Indicator [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "1a6a6430-739a-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDYsMl0=" + }, + { + "attributes": { + "description": "Anomali URL indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.full" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.full", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali URL Indicators [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 753.3628540039062 + } + ] + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Anomali URL Indicator", + "field": "threatintel.indicator.url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Anomali URL Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "4360fe80-739a-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDcsMl0=" + }, + { + "attributes": { + "description": "Anomali domain indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.domain" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.domain", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali Domain Indicators [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 753.3628540039062 + } + ] + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Anomali Domain Indicator", + "field": "threatintel.indicator.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Anomali Domain Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "5b7f0160-739a-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDgsMl0=" + }, + { + "attributes": { + "description": "Anomali indicator name ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.anomali.name" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.anomali.name", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali Indicator Name [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 753.3628540039062 + } + ] + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Anomali Indicator Name", + "field": "threatintel.anomali.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Anomali Indicator Name [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "a14694c0-7399-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDksMl0=" + }, + { + "attributes": { + "description": "Anomali indicator descriptions ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.anomali" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.anomali" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.anomali.description" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.anomali.description", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Anomali Indicator Description [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 753.3628540039062 + } + ] + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Anomali Indicator Description", + "field": "threatintel.anomali.description", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Anomali Indicator Description [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "6ed5ada0-7399-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTAsMl0=" + }, + { + "attributes": { + "color": "#a548ae", + "description": "Tag for indicators ingested by the Threat Intel Filebeat module.", + "name": "threat intel" + }, + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "namespaces": [ + "default" + ], + "references": [], + "type": "tag", + "updated_at": "2021-03-10T19:01:18.125Z", + "version": "WzIyMTcsMl0=" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "threat" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "threat" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "enrichment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "enrichment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "key": "event.type", + "negate": false, + "params": { + "query": "indicator" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "indicator" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "All Logs [Filebeat Threat Intel] ECS", + "version": 1 + }, + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMTksMl0=" + } + ], + "version": "7.11.1" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-aubse-malware.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-aubse-malware.json new file mode 100644 index 00000000000..067828449cb --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-aubse-malware.json @@ -0,0 +1,1781 @@ +{ + "objects": [ + { + "attributes": { + "description": "Abuse Malware indicators ingested by the threat intel Filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 654.3333333333333 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "80e2f028-a447-4fa4-9161-052717ca9021", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "80e2f028-a447-4fa4-9161-052717ca9021", + "panelRefName": "panel_0", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "7483e258-c1e3-4fc8-9e8d-7e2abb400cda", + "w": 10, + "x": 17, + "y": 0 + }, + "panelIndex": "7483e258-c1e3-4fc8-9e8d-7e2abb400cda", + "panelRefName": "panel_1", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "5b627f39-1ddb-499f-b9b6-87297576e3dd", + "w": 8, + "x": 27, + "y": 0 + }, + "panelIndex": "5b627f39-1ddb-499f-b9b6-87297576e3dd", + "panelRefName": "panel_2", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 422.33333333333337 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "e7f02b6f-7a4c-417d-904a-582fa4f7f4b0", + "w": 13, + "x": 35, + "y": 0 + }, + "panelIndex": "e7f02b6f-7a4c-417d-904a-582fa4f7f4b0", + "panelRefName": "panel_3", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 584.3333333333333 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "8459964a-6437-490f-a8f3-54f68ca4c9ef", + "w": 16, + "x": 0, + "y": 18 + }, + "panelIndex": "8459964a-6437-490f-a8f3-54f68ca4c9ef", + "panelRefName": "panel_4", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "705312de-dfcc-4f8f-8371-78c3b0fbb968", + "w": 13, + "x": 16, + "y": 18 + }, + "panelIndex": "705312de-dfcc-4f8f-8371-78c3b0fbb968", + "panelRefName": "panel_5", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 755.6666666666667 + }, + { + "colIndex": 1, + "width": 96 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "d3b6eec0-1b14-43f7-be9b-05314ee54c07", + "w": 19, + "x": 29, + "y": 18 + }, + "panelIndex": "d3b6eec0-1b14-43f7-be9b-05314ee54c07", + "panelRefName": "panel_6", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 896.5 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "6d6ea6b0-21a5-4af4-bbea-4f85fc54eaf5", + "w": 23, + "x": 0, + "y": 36 + }, + "panelIndex": "6d6ea6b0-21a5-4af4-bbea-4f85fc54eaf5", + "panelRefName": "panel_7", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "040ae85b-1abc-439e-a1b9-7bc3ddca1059", + "w": 25, + "x": 23, + "y": 36 + }, + "panelIndex": "040ae85b-1abc-439e-a1b9-7bc3ddca1059", + "panelRefName": "panel_8", + "version": "7.11.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Threat Intel] Abuse Malware", + "version": 1 + }, + "id": "5ba16340-72e6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "79da77d0-72e5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0db62ee0-72e6-11eb-a3e3-b3cc7c78a70f", + "name": "panel_1", + "type": "lens" + }, + { + "id": "5f955bb0-7394-11eb-a3e3-b3cc7c78a70f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b9533f50-72e5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1a0d5250-72e5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "40d61ab0-72e6-11eb-a3e3-b3cc7c78a70f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "41100be0-72e5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "c369c190-72e4-11eb-a3e3-b3cc7c78a70f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "f9c6ba80-72e5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjksMl0=" + }, + { + "attributes": { + "description": "Abuse malware TLSH hashes ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.tlsh" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.tlsh", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware TLSH Hashes [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TLSH Hash", + "field": "threatintel.indicator.file.hash.tlsh", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "File Type", + "field": "threatintel.indicator.file.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse Malware TLSH Hashes [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "79da77d0-72e5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjAsMl0=" + }, + { + "attributes": { + "description": "Abuse malware signatures ingested by the threat intel Filebeat module.", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dff48ab9-4cc8-4744-afe5-ee36a0a2065d": { + "columnOrder": [ + "959db113-1ce6-46fc-97c3-dbf5fd5abb9a", + "de396547-655b-4db2-8a21-e9850acff0b0" + ], + "columns": { + "959db113-1ce6-46fc-97c3-dbf5fd5abb9a": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of threatintel.abusemalware.signature", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "de396547-655b-4db2-8a21-e9850acff0b0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "threatintel.abusemalware.signature" + }, + "de396547-655b-4db2-8a21-e9850acff0b0": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abusemalware.signature" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "threatintel.abusemalware.signature", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "959db113-1ce6-46fc-97c3-dbf5fd5abb9a" + ], + "layerId": "dff48ab9-4cc8-4744-afe5-ee36a0a2065d", + "legendDisplay": "default", + "metric": "de396547-655b-4db2-8a21-e9850acff0b0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "treemap" + } + }, + "title": "Abuse Malware Signature [Filebeat Threat Intel]", + "visualizationType": "lnsPie" + }, + "id": "0db62ee0-72e6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "lens": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "indexpattern-datasource-layer-dff48ab9-4cc8-4744-afe5-ee36a0a2065d", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-ref-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "lens", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjEsMl0=" + }, + { + "attributes": { + "description": "Total number of Abuse Malware indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Abuse Malware Indicators" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Abuse Malware Indicators [Filebeat Threat Intel]", + "type": "metric" + } + }, + "id": "5f955bb0-7394-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjIsMl0=" + }, + { + "attributes": { + "description": "Abuse malware import table hash by file type ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.pe.imphash" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.pe.imphash", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware Import Table Hash [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Imphash Hash", + "field": "threatintel.indicator.file.pe.imphash", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "File Type", + "field": "threatintel.indicator.file.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse Malware Import Table Hash [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "b9533f50-72e5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjMsMl0=" + }, + { + "attributes": { + "description": "Abuse malware SHA256 hashes ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.sha256" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.sha256", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware SHA256 Hashes [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "SHA256 Hash", + "field": "threatintel.indicator.file.hash.sha256", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "File Type", + "field": "threatintel.indicator.file.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse Malware SHA256 Hashes [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "1a0d5250-72e5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjQsMl0=" + }, + { + "attributes": { + "description": "Abuse malware file types ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware File Types [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "threatintel.indicator.file.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Abuse Malware File Types [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "40d61ab0-72e6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjUsMl0=" + }, + { + "attributes": { + "description": "Abuse malware ssdeep hashes ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.ssdeep" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.ssdeep", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware ssdeep Hashes [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ssdeep Hash", + "field": "threatintel.indicator.file.hash.ssdeep", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "File Type", + "field": "threatintel.indicator.file.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse Malware ssdeep Hashes [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "41100be0-72e5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjYsMl0=" + }, + { + "attributes": { + "description": "Abuse malware event references ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "event.reference" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.reference", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware Event Reference [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Abuse Malware Reference URL", + "field": "event.reference", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse Malware Event Reference [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "c369c190-72e4-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjcsMl0=" + }, + { + "attributes": { + "description": "Abuse malware VirusTotal references ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.abusemalware" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.abusemalware" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abusemalware.virustotal.link" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.abusemalware.virustotal.link", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.abusemalware.virustotal.result" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "threatintel.abusemalware.virustotal.result", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Abuse Malware VirusTotal References [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 937.6666666666665 + } + ] + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VirusTotal URL", + "field": "threatintel.abusemalware.virustotal.link", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "VirusTotal Result", + "field": "threatintel.abusemalware.virustotal.result", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Abuse Malware VirusTotal References [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "f9c6ba80-72e5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMjgsMl0=" + }, + { + "attributes": { + "color": "#a548ae", + "description": "Tag for indicators ingested by the Threat Intel Filebeat module.", + "name": "threat intel" + }, + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "namespaces": [ + "default" + ], + "references": [], + "type": "tag", + "updated_at": "2021-03-10T19:01:18.125Z", + "version": "WzIyMTcsMl0=" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "threat" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "threat" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "enrichment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "enrichment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "key": "event.type", + "negate": false, + "params": { + "query": "indicator" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "indicator" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "All Logs [Filebeat Threat Intel] ECS", + "version": 1 + }, + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMTksMl0=" + } + ], + "version": "7.11.1" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-misp.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-misp.json new file mode 100644 index 00000000000..8cf715e18e6 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-misp.json @@ -0,0 +1,2099 @@ +{ + "objects": [ + { + "attributes": { + "description": "MSIP indicators ingested by the threat intel Filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 589 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "dddbb2ed-b025-4bc3-b3a1-16f834da532b", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "dddbb2ed-b025-4bc3-b3a1-16f834da532b", + "panelRefName": "panel_0", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 370 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "bb692014-ed24-441d-a717-d40025f46602", + "w": 10, + "x": 15, + "y": 0 + }, + "panelIndex": "bb692014-ed24-441d-a717-d40025f46602", + "panelRefName": "panel_1", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "fcc0d72f-70ee-4fac-b859-77326444f472", + "w": 14, + "x": 25, + "y": 0 + }, + "panelIndex": "fcc0d72f-70ee-4fac-b859-77326444f472", + "panelRefName": "panel_2", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "a3b70237-fbd4-43c6-96b6-ffb3c9266b55", + "w": 9, + "x": 39, + "y": 0 + }, + "panelIndex": "a3b70237-fbd4-43c6-96b6-ffb3c9266b55", + "panelRefName": "panel_3", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 814 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "c34da3b4-e3d8-4ade-85f2-1f2195aa9cdc", + "w": 19, + "x": 0, + "y": 18 + }, + "panelIndex": "c34da3b4-e3d8-4ade-85f2-1f2195aa9cdc", + "panelRefName": "panel_4", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 451 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "c23a8d34-62e3-42f2-912b-120251392d03", + "w": 12, + "x": 19, + "y": 18 + }, + "panelIndex": "c23a8d34-62e3-42f2-912b-120251392d03", + "panelRefName": "panel_5", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "a9e87eb5-f981-472c-9fb1-00f956c7ca1e", + "w": 9, + "x": 31, + "y": 18 + }, + "panelIndex": "a9e87eb5-f981-472c-9fb1-00f956c7ca1e", + "panelRefName": "panel_6", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "a47d65d3-01ef-4488-9c0d-2fbd23b923ad", + "w": 8, + "x": 40, + "y": 18 + }, + "panelIndex": "a47d65d3-01ef-4488-9c0d-2fbd23b923ad", + "panelRefName": "panel_7", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 324 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "c4010d5b-9082-453d-90a1-a4bc629f62a7", + "w": 10, + "x": 0, + "y": 36 + }, + "panelIndex": "c4010d5b-9082-453d-90a1-a4bc629f62a7", + "panelRefName": "panel_8", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 371 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "e59a30c1-97bb-4f16-81ba-9a9dc705fed6", + "w": 12, + "x": 10, + "y": 36 + }, + "panelIndex": "e59a30c1-97bb-4f16-81ba-9a9dc705fed6", + "panelRefName": "panel_9", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 600.5 + } + ] + } + } + }, + "gridData": { + "h": 18, + "i": "1309e7f5-8554-4265-a8c4-9f8f00db8299", + "w": 14, + "x": 22, + "y": 36 + }, + "panelIndex": "1309e7f5-8554-4265-a8c4-9f8f00db8299", + "panelRefName": "panel_10", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "42cec04d-ab8e-4aa2-a78b-7c6a6d8b8798", + "w": 12, + "x": 36, + "y": 36 + }, + "panelIndex": "42cec04d-ab8e-4aa2-a78b-7c6a6d8b8798", + "panelRefName": "panel_11", + "version": "7.11.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Threat Intel] MISP", + "version": 1 + }, + "id": "47e6fdc0-76b9-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "7582b030-73c6-11eb-a3e3-b3cc7c78a70f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "a09329d0-73c6-11eb-a3e3-b3cc7c78a70f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "7c7d3750-73c3-11eb-a3e3-b3cc7c78a70f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "418e5a30-73c2-11eb-a3e3-b3cc7c78a70f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "c102b0f0-73c6-11eb-a3e3-b3cc7c78a70f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "55b5c280-76b7-11eb-a3e3-b3cc7c78a70f", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "ad55b1e0-73c8-11eb-a3e3-b3cc7c78a70f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "bf3dfde0-73c3-11eb-a3e3-b3cc7c78a70f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "ec68c4a0-73c6-11eb-a3e3-b3cc7c78a70f", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "02294f80-73c7-11eb-a3e3-b3cc7c78a70f", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "1c969990-73c7-11eb-a3e3-b3cc7c78a70f", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "57faae10-73c5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjMsMl0=" + }, + { + "attributes": { + "description": "MISP domain indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.domain" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.domain", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Domain Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP Domain Indicator", + "field": "threatintel.indicator.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP Domain Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "7582b030-73c6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTIsMl0=" + }, + { + "attributes": { + "description": "MISP IP indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.ip" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.ip", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP IP Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP IP Indicator", + "field": "threatintel.indicator.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP IP Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "a09329d0-73c6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTMsMl0=" + }, + { + "attributes": { + "description": "Types of MISP indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Indicator Type [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "threatintel.indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "MISP Indicator Type [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "7c7d3750-73c3-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTQsMl0=" + }, + { + "attributes": { + "description": "Total number of Abuse URL indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "MISP Indicators" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "MISP Indicators [Filebeat Threat Intel]", + "type": "metric" + } + }, + "id": "418e5a30-73c2-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTUsMl0=" + }, + { + "attributes": { + "description": "MISP URL indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.url.full" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.url.full", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP URL Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP URL Indicator", + "field": "threatintel.indicator.url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP URL Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "c102b0f0-73c6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTYsMl0=" + }, + { + "attributes": { + "description": "MISP tags for indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "tags" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "tags", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Tags [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP Tags", + "field": "tags", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP Tags [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "55b5c280-76b7-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDIsMl0=" + }, + { + "attributes": { + "description": "TLP of MISP indicators ingested by the threat intel Filebeat module. Top 10 datasets.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Indicator TLP [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "green": "#7EB26D", + "white": "#E0F9D7" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Indicator Marking TLP", + "field": "threatintel.indicator.marking.tlp", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "threatintel.indicator.marking.tlp", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "MISP Indicator TLP [Filebeat Threat Intel]", + "type": "histogram" + } + }, + "id": "ad55b1e0-73c8-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTcsMl0=" + }, + { + "attributes": { + "description": "MISP indicator ingested by the threat intel Filebeat module has been published.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.misp.published" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.misp.published", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Indicator Published [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "true": "#7EB26D" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "threatintel.misp.published", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "MISP Indicator Published [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "bf3dfde0-73c3-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTgsMl0=" + }, + { + "attributes": { + "description": "MISP MD5 hash indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.md5" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.md5", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP MD5 Hash Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP MD5 Hash Indicator", + "field": "threatintel.indicator.file.hash.md5", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP MD5 Hash Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "ec68c4a0-73c6-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNTksMl0=" + }, + { + "attributes": { + "description": "MISP SHA1 hash indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.sha1" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.sha1", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP SHA1 Hash Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP SHA1 Hash Indicator", + "field": "threatintel.indicator.file.hash.sha1", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP SHA1 Hash Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "02294f80-73c7-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjAsMl0=" + }, + { + "attributes": { + "description": "MISP SHA256 hash indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.file.hash.sha256" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.file.hash.sha256", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP SHA256 Hash Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MISP SHA256 Hash Indicator", + "field": "threatintel.indicator.file.hash.sha256", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "MISP SHA256 Hash Indicators [Filebeat Threat Intel]", + "type": "table" + } + }, + "id": "1c969990-73c7-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjEsMl0=" + }, + { + "attributes": { + "description": "MISP provider for indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "threatintel.misp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "threatintel.misp" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.provider" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.provider", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MISP Indicator Provider [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "misp": "#5195CE" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "threatintel.indicator.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "MISP Indicator Provider [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "57faae10-73c5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNjIsMl0=" + }, + { + "attributes": { + "color": "#a548ae", + "description": "Tag for indicators ingested by the Threat Intel Filebeat module.", + "name": "threat intel" + }, + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "namespaces": [ + "default" + ], + "references": [], + "type": "tag", + "updated_at": "2021-03-10T19:01:18.125Z", + "version": "WzIyMTcsMl0=" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "threat" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "threat" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "enrichment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "enrichment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "key": "event.type", + "negate": false, + "params": { + "query": "indicator" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "indicator" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "All Logs [Filebeat Threat Intel] ECS", + "version": 1 + }, + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMTksMl0=" + } + ], + "version": "7.11.1" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-overview.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-overview.json new file mode 100644 index 00000000000..5bd0f1ef5a2 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-overview.json @@ -0,0 +1,1953 @@ +{ + "objects": [ + { + "attributes": { + "description": "Top-level metrics of indicators and datasets ingested by the threat intel Filebeat module.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 7, + "i": "0a8c6e54-3d3a-4e88-a230-75d7a3856154", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "0a8c6e54-3d3a-4e88-a230-75d7a3856154", + "panelRefName": "panel_0", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "8c2caa0d-fedc-406b-a4cc-87c09ba9e929", + "w": 8, + "x": 40, + "y": 7 + }, + "panelIndex": "8c2caa0d-fedc-406b-a4cc-87c09ba9e929", + "panelRefName": "panel_1", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "81f493cc-5459-4baf-b57a-295f290debf3", + "w": 8, + "x": 0, + "y": 7 + }, + "panelIndex": "81f493cc-5459-4baf-b57a-295f290debf3", + "panelRefName": "panel_2", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "c5d9284a-f44c-4cee-b9fd-9585dcaadc89", + "w": 15, + "x": 8, + "y": 7 + }, + "panelIndex": "c5d9284a-f44c-4cee-b9fd-9585dcaadc89", + "panelRefName": "panel_3", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "cecb5fce-b1c6-4121-a943-73c163554fff", + "w": 17, + "x": 23, + "y": 7 + }, + "panelIndex": "cecb5fce-b1c6-4121-a943-73c163554fff", + "panelRefName": "panel_4", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "8788d810-774f-4190-bc01-16fb04c0b38c", + "w": 19, + "x": 0, + "y": 22 + }, + "panelIndex": "8788d810-774f-4190-bc01-16fb04c0b38c", + "panelRefName": "panel_5", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "51db6286-e72d-4a6c-99f5-363f17bb333a", + "w": 10, + "x": 19, + "y": 22 + }, + "panelIndex": "51db6286-e72d-4a6c-99f5-363f17bb333a", + "panelRefName": "panel_6", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4dbff662-ebdd-4b6d-910b-1b80bd4e9045", + "w": 19, + "x": 29, + "y": 22 + }, + "panelIndex": "4dbff662-ebdd-4b6d-910b-1b80bd4e9045", + "panelRefName": "panel_7", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f7fb86cb-c07f-4489-afaa-942bcacfedda", + "w": 19, + "x": 0, + "y": 37 + }, + "panelIndex": "f7fb86cb-c07f-4489-afaa-942bcacfedda", + "panelRefName": "panel_8", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e640ab8b-1aa8-4a33-9df9-bbb6cc1fe264", + "w": 10, + "x": 19, + "y": 37 + }, + "panelIndex": "e640ab8b-1aa8-4a33-9df9-bbb6cc1fe264", + "panelRefName": "panel_9", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ca86a2c7-7b2e-4c16-bbba-02e5a09aa7ce", + "w": 19, + "x": 29, + "y": 37 + }, + "panelIndex": "ca86a2c7-7b2e-4c16-bbba-02e5a09aa7ce", + "panelRefName": "panel_10", + "version": "7.11.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Threat Intel] Overview", + "version": 1 + }, + "id": "ad9c7430-72de-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "92961600-7621-11eb-a3e3-b3cc7c78a70f", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "c049e1c0-72d5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "6ce04320-72d1-11eb-a3e3-b3cc7c78a70f", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "81f16940-72d3-11eb-a3e3-b3cc7c78a70f", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1a1c60c0-72d5-11eb-a3e3-b3cc7c78a70f", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "9282afc0-72d9-11eb-a3e3-b3cc7c78a70f", + "name": "panel_5", + "type": "lens" + }, + { + "id": "f9f89660-72d9-11eb-a3e3-b3cc7c78a70f", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "9047e8b0-72de-11eb-a3e3-b3cc7c78a70f", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "b9aa1d70-72db-11eb-a3e3-b3cc7c78a70f", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "aebde030-72d2-11eb-a3e3-b3cc7c78a70f", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "c813c5d0-72dd-11eb-a3e3-b3cc7c78a70f", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDEsMl0=" + }, + { + "attributes": { + "description": "Feed and provider selector for indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Feed and Indicator Selector [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "event.dataset", + "id": "1614117070660", + "indexPatternRefName": "control_0_index_pattern", + "label": "Feed Name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "threatintel.indicator.provider", + "id": "1614117093181", + "indexPatternRefName": "control_1_index_pattern", + "label": "Indicator Provider", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "threatintel.indicator.type", + "id": "1614117117360", + "indexPatternRefName": "control_2_index_pattern", + "label": "Indicator Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "Feed and Indicator Selector [Filebeat Threat Intel]", + "type": "input_control_vis" + } + }, + "id": "92961600-7621-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzAsMl0=" + }, + { + "attributes": { + "description": "Total number of datasets reflected by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "event.dataset" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Total Datasets [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Datasets", + "field": "event.dataset" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Total Datasets [Filebeat Threat Intel]", + "type": "metric" + } + }, + "id": "c049e1c0-72d5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzEsMl0=" + }, + { + "attributes": { + "description": "Total number of indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "event.dataset" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Total Indicators [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Indicators" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Total Indicators [Filebeat Threat Intel]", + "type": "metric" + } + }, + "id": "6ce04320-72d1-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzIsMl0=" + }, + { + "attributes": { + "description": "Total number of indicators by dataset ingested by the threat intel Filebeat module. Top 10 datasets.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "event.dataset" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Total Indicators per Dataset [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.dataset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Total Indicators per Dataset [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "81f16940-72d3-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzMsMl0=" + }, + { + "attributes": { + "description": "Types of indicators by dataset ingested by the threat intel Filebeat module. Top 10 datasets and top 10 indicator types.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "event.dataset" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "type": "exists", + "value": "exists" + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Indicator Type per Dataset [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.dataset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "threatintel.indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Indicator Type per Dataset [Filebeat Threat Intel]", + "type": "pie" + } + }, + "id": "1a1c60c0-72d5-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzQsMl0=" + }, + { + "attributes": { + "description": "Total number of indicators by type ingested by the threat intel Filebeat module. Top 10 types.", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9e3d1f18-6e1e-4e13-8b0b-9b17d12a15f2": { + "columnOrder": [ + "a6319ec8-2ec8-4d3a-bc54-efe0a306786f", + "1e5c28a2-6405-44ee-bdf1-8bdd03bdf919" + ], + "columns": { + "1e5c28a2-6405-44ee-bdf1-8bdd03bdf919": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "a6319ec8-2ec8-4d3a-bc54-efe0a306786f": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of threatintel.indicator.type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1e5c28a2-6405-44ee-bdf1-8bdd03bdf919", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "threatintel.indicator.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a6319ec8-2ec8-4d3a-bc54-efe0a306786f" + ], + "layerId": "9e3d1f18-6e1e-4e13-8b0b-9b17d12a15f2", + "legendDisplay": "show", + "metric": "1e5c28a2-6405-44ee-bdf1-8bdd03bdf919", + "nestedLegend": false, + "numberDisplay": "value", + "percentDecimals": 2 + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "treemap" + } + }, + "title": "Total Indicators per Type [Filebeat Threat Intel]", + "visualizationType": "lnsPie" + }, + "id": "9282afc0-72d9-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "lens": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "indexpattern-datasource-layer-9e3d1f18-6e1e-4e13-8b0b-9b17d12a15f2", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-ref-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "lens", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzUsMl0=" + }, + { + "attributes": { + "description": "Tags for indicators ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Indicator Tag Cloud [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "forwarded|threatintel-anomali|threatintel-otx|threatintel-abuseurls|threatintel-abusemalware", + "field": "tags", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 30, + "minFontSize": 5, + "orientation": "single", + "scale": "linear", + "showLabel": false + }, + "title": "Indicator Tag Cloud [Filebeat Threat Intel]", + "type": "tagcloud" + } + }, + "id": "f9f89660-72d9-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzYsMl0=" + }, + { + "attributes": { + "description": "Total number of indicators by provider ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Total Indicators per Provider [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#806EB7" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Indicator Provider", + "field": "threatintel.indicator.provider", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "valueAxis": "ValueAxis-1" + }, + "labels": { + "show": true + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Total Indicators per Provider [Filebeat Threat Intel]", + "type": "horizontal_bar" + } + }, + "id": "9047e8b0-72de-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzcsMl0=" + }, + { + "attributes": { + "description": "Timeline of indicators by dataset ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "event.dataset" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Indicator Ingest Timeline per Dataset [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Indicators per Dataset" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Ingest Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.dataset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Indicators per Dataset" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Indicators per Dataset" + }, + "type": "value" + } + ] + }, + "title": "Indicator Ingest Timeline per Dataset [Filebeat Threat Intel]", + "type": "area" + } + }, + "id": "b9aa1d70-72db-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzgsMl0=" + }, + { + "attributes": { + "description": "TLP of indicators ingested by the threat intel Filebeat module. Top 10 datasets.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.marking.tlp" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "threatintel.indicator.marking.tlp", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Indicator TLP [Filebeat Threat Intel]", + "uiStateJSON": { + "vis": { + "colors": { + "green": "#7EB26D", + "white": "#E0F9D7" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Indicator Marking TLP", + "field": "threatintel.indicator.marking.tlp", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "threatintel.indicator.marking.tlp", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Indicator TLP [Filebeat Threat Intel]", + "type": "histogram" + } + }, + "id": "aebde030-72d2-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMzksMl0=" + }, + { + "attributes": { + "description": "Timeline of indicators by type ingested by the threat intel Filebeat module.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "threatintel.indicator.type" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "threatintel.indicator.type", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Indicator Ingest Timeline per Type [Filebeat Threat Intel]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count of Indicator by Type" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Ingest Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "threatintel.indicator.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count of Indicator by Type" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count of Indicator by Type" + }, + "type": "value" + } + ] + }, + "title": "Indicator Ingest Timeline per Type [Filebeat Threat Intel]", + "type": "area" + } + }, + "id": "c813c5d0-72dd-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "visualization": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "name": "search_0", + "type": "search" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyNDAsMl0=" + }, + { + "attributes": { + "color": "#a548ae", + "description": "Tag for indicators ingested by the Threat Intel Filebeat module.", + "name": "threat intel" + }, + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "namespaces": [ + "default" + ], + "references": [], + "type": "tag", + "updated_at": "2021-03-10T19:01:18.125Z", + "version": "WzIyMTcsMl0=" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.module", + "negate": false, + "params": { + "query": "threatintel" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "threatintel" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "threat" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "threat" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "event.kind", + "negate": false, + "params": { + "query": "enrichment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.kind": "enrichment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "key": "event.type", + "negate": false, + "params": { + "query": "indicator" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "indicator" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "All Logs [Filebeat Threat Intel] ECS", + "version": 1 + }, + "id": "6acbb070-72d0-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-10T19:01:19.048Z", + "version": "WzIyMTksMl0=" + } + ], + "version": "7.11.1" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/tomcat/_meta/docs.asciidoc b/x-pack/filebeat/module/tomcat/_meta/docs.asciidoc index 985a8925a84..dad025f1daf 100644 --- a/x-pack/filebeat/module/tomcat/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/tomcat/_meta/docs.asciidoc @@ -7,7 +7,7 @@ experimental[] -This is a module for receiving Apache Tomcat logs over Syslog or a file. +This is a module for receiving Apache Tomcat access logs over Syslog or a file. include::../include/gs-link.asciidoc[] diff --git a/x-pack/heartbeat/monitors/browser/config.go b/x-pack/heartbeat/monitors/browser/config.go index 0cbb699da88..c29b28089e8 100644 --- a/x-pack/heartbeat/monitors/browser/config.go +++ b/x-pack/heartbeat/monitors/browser/config.go @@ -24,6 +24,7 @@ type Config struct { var ErrNameRequired = fmt.Errorf("config 'name' must be specified for this monitor") var ErrIdRequired = fmt.Errorf("config 'id' must be specified for this monitor") +var ErrSourceRequired = fmt.Errorf("config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs") func (c *Config) Validate() error { if c.Name == "" { @@ -33,5 +34,9 @@ func (c *Config) Validate() error { return ErrIdRequired } + if c.Source == nil { + return ErrSourceRequired + } + return nil } diff --git a/x-pack/heartbeat/monitors/browser/config_test.go b/x-pack/heartbeat/monitors/browser/config_test.go new file mode 100644 index 00000000000..f1a8cab8565 --- /dev/null +++ b/x-pack/heartbeat/monitors/browser/config_test.go @@ -0,0 +1,55 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package browser + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/x-pack/heartbeat/monitors/browser/source" +) + +func TestConfig_Validate(t *testing.T) { + testSource := source.Source{Inline: &source.InlineSource{Script: "//something"}} + + tests := []struct { + name string + cfg *Config + wantErr error + }{ + { + "no error", + &Config{Id: "myid", Name: "myname", Source: &testSource}, + nil, + }, + { + "no id", + &Config{Name: "myname", Source: &testSource}, + ErrIdRequired, + }, + { + "no name", + &Config{Id: "myid", Source: &testSource}, + ErrNameRequired, + }, + { + "no source", + &Config{Id: "myid", Name: "myname"}, + ErrSourceRequired, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.cfg.Validate() + + if tt.wantErr != nil { + require.Equal(t, tt.wantErr, err) + } else { + require.NoError(t, err) + } + }) + } +} diff --git a/x-pack/heartbeat/monitors/browser/source/inline.go b/x-pack/heartbeat/monitors/browser/source/inline.go index d3ef2c452e5..abdce2a87e9 100644 --- a/x-pack/heartbeat/monitors/browser/source/inline.go +++ b/x-pack/heartbeat/monitors/browser/source/inline.go @@ -14,9 +14,11 @@ type InlineSource struct { BaseSource } +var ErrNoInlineScript = fmt.Errorf("no 'script' value specified for inline source") + func (s *InlineSource) Validate() error { if !regexp.MustCompile("\\S").MatchString(s.Script) { - return fmt.Errorf("no 'script' value specified for inline source") + return ErrNoInlineScript } return nil diff --git a/x-pack/heartbeat/monitors/browser/source/inline_test.go b/x-pack/heartbeat/monitors/browser/source/inline_test.go new file mode 100644 index 00000000000..d97dbd8a120 --- /dev/null +++ b/x-pack/heartbeat/monitors/browser/source/inline_test.go @@ -0,0 +1,42 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package source + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestInlineSourceValidation(t *testing.T) { + type testCase struct { + name string + source *InlineSource + wantErr error + } + testCases := []testCase{ + { + "no error", + &InlineSource{Script: "a script"}, + nil, + }, + { + "no script", + &InlineSource{}, + ErrNoInlineScript, + }, + } + + for _, tt := range testCases { + t.Run(tt.name, func(t *testing.T) { + err := tt.source.Validate() + if tt.wantErr != nil { + require.Equal(t, tt.wantErr, err) + } else { + require.NoError(t, err) + } + }) + } +} diff --git a/x-pack/heartbeat/monitors/browser/source/source.go b/x-pack/heartbeat/monitors/browser/source/source.go index 62c7ce03e9e..c92b0c3792b 100644 --- a/x-pack/heartbeat/monitors/browser/source/source.go +++ b/x-pack/heartbeat/monitors/browser/source/source.go @@ -28,7 +28,7 @@ func (s *Source) Active() ISource { return s.ActiveMemo } -var ErrInvalidSource = fmt.Errorf("no or unknown source type specified for synthetic monitor") +var ErrInvalidSource = fmt.Errorf("no or unknown source type specified for synthetic monitor.") func (s *Source) Validate() error { if s.Active() == nil { diff --git a/x-pack/heartbeat/monitors/browser/source/source_test.go b/x-pack/heartbeat/monitors/browser/source/source_test.go new file mode 100644 index 00000000000..f8e9e687915 --- /dev/null +++ b/x-pack/heartbeat/monitors/browser/source/source_test.go @@ -0,0 +1,42 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package source + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestSourceValidation(t *testing.T) { + type testCase struct { + name string + source Source + wantErr error + } + testCases := []testCase{ + { + "no error", + Source{Inline: &InlineSource{}}, + nil, + }, + { + "no concrete source", + Source{}, + ErrInvalidSource, + }, + } + + for _, tt := range testCases { + t.Run(tt.name, func(t *testing.T) { + err := tt.source.Validate() + if tt.wantErr != nil { + require.Equal(t, tt.wantErr, err) + } else { + require.NoError(t, err) + } + }) + } +} diff --git a/x-pack/libbeat/autodiscover/providers/nomad/config.go b/x-pack/libbeat/autodiscover/providers/nomad/config.go index 7108bf87943..1a611aceee3 100644 --- a/x-pack/libbeat/autodiscover/providers/nomad/config.go +++ b/x-pack/libbeat/autodiscover/providers/nomad/config.go @@ -64,7 +64,7 @@ func (c *Config) Validate() error { case ScopeNode: case ScopeCluster: default: - return fmt.Errorf("invalid value for `scope`, select `%s` or `%s`", ScopeNode, ScopeCluster) + return fmt.Errorf("invalid value for `scope`: %s, select `%s` or `%s`", c.Scope, ScopeNode, ScopeCluster) } return nil } diff --git a/x-pack/libbeat/processors/add_nomad_metadata/config.go b/x-pack/libbeat/processors/add_nomad_metadata/config.go index 6425f05550c..daeeccc6513 100644 --- a/x-pack/libbeat/processors/add_nomad_metadata/config.go +++ b/x-pack/libbeat/processors/add_nomad_metadata/config.go @@ -40,7 +40,7 @@ func (c *nomadAnnotatorConfig) Validate() error { case ScopeNode: case ScopeCluster: default: - return fmt.Errorf("invalid value for `scope`, select `local` or `global`") + return fmt.Errorf("invalid value for `scope`: %s, select `%s` or `%s`", c.Scope, ScopeNode, ScopeCluster) } return nil } @@ -57,7 +57,7 @@ func defaultNomadAnnotatorConfig() nomadAnnotatorConfig { Region: "", Namespace: "", SecretID: "", - Scope: "local", + Scope: ScopeNode, syncPeriod: 5 * time.Second, CleanupTimeout: 60 * time.Second, DefaultMatchers: Enabled{true},